The final inspection to determine whether a facility or system meets specified technical and performance standards.Note: This inspection is held immediately after facility and software testing and is the basis for commissioning or accepting the information system.
A type of testing used to determine whether the network is acceptable to the actual users.
A specific type of interaction between a subject and an object that results in the flow of information from one to the other.
The process of limiting access to system resources only to authorized programs, processes, or other systems (on a network). This term is synonymous with controlled access and limited access.
Access Control List (ACL)
A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource.
access control mechanism
Hardware or software features, operating procedures, management procedures, and various combinations thereof that are designed to detect and prevent unauthorized access and to permit authorized access in an automated system.
Access Control Service
A security service that provides protection of system resources against unauthorized access. The two basic mechanisms for implementing this service are ACLs and tickets.
The hierarchical portion of the security level that is used to identify the sensitivity of data and the clearance or authorization of users. Note: The access level, in conjunction with the non-hierarchical categories, forms the sensitivity label of an object. See category, security level, and sensitivity label.
A list of users, programs, and/or processes and the specifications of access categories to which each is assigned; a list denoting which users have what privileges to a particular resource.
Access Management Access
Management is the maintenance of access information which consists of four tasks: account administration, maintenance, monitoring, and revocation.
An Access Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell.
A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail.
access point (AP)
A wireless LAN transceiver interface between the wireless network and a wired network. Access points forward frames between wireless devices and hosts on the LAN.
A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams.
The nature of an access right to a particular device, program, or file (for example, read, write, execute, append, modify, delete, or create).
Account Harvesting is the process of collecting all the legitimate account names on a system.
Property that allows auditing of IT system activities to be traced to persons or processes that may then be held responsible for their actions. Accountability includes authenticity and nonrepudiation.
A formal declaration by the designated approving authoring (DAA) that the AIS is approved to operate in a particular security mode by using a prescribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security.
Synonymous with designated approving authority (DAA).
Acknowledgment; a short-return indication of the successful receipt of a message.
ACK piggybacking is the practice of sending an ACK inside another packet going to the same destination.
acknowledged connectionless service
A datagram-style service that includes error-control and flow-control mechanisms.
Authenticated ciphering offset.
The government organization that is responsible for developing a system.
Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Ex. Java, ActiveX (MS)
Activity monitors aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.
A form of network routing whereby the path data packets traverse from a source to a destination node, depending upon the current state of the network, by calculating the best path through the network.
on security - The retrofitting of protection mechanisms implemented by hardware or software.
The retrofitting of protection mechanisms implemented by hardware or software.
Address Resolution Protocol (ARP)
A TCP/IP protocol that binds logical (IP) addresses to physical addresses.
The management constraints and supplemental controls established to provide an acceptable level of protection for data. Synonymous with procedural security.
Advanced Encryption Standard (AES)
An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm.
Advanced Encryption Standard (AES) (Rijndael)
A symmetric block cipher with a block size of 128 bits in which the key can be 128, 192, or 256 bits. The Advanced Encryption Standard replaces the Date Encryption Standard (DES) and was announced on November 26, 2001, as Federal Information Processing Standard Publication (FIPS PUB 197).
Automated information system.
A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.
An electrical signal with an amplitude that varies continuously.
Java programs; an application program that uses the client's web browser to provide a user interface.
The top layer of the OSI reference model, which is concerned with application programs. It provides services such as file transfer and e-mail to the network?s end users.
An entity, either human or software, that uses the services offered by the Application Layer of the OSI reference model.
application program interface
A software interface provided between a specialized communications program and an end-user application.
Software that accomplishes functions such as database access, electronic mail, and menu prompts.
As refers to a computer system, an architecture describes the type of components, interfaces, and protocols the system uses and how they fit together. The configuration of any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition,
Advanced Research Projects Agency Network, a pioneer packet-switched network that was built in the early 1970s under contract to the US Government, led to the development of today's Internet, and was decommissioned in June 1990.
storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information; includes computers, ancillary equipment, and services, including support services and related resources.
asymmetric (public) key encryption
Cryptographic system that employs two keys, a public key and a private key. The public key is made available to anyone wishing to send an encrypted message to an individual holding the corresponding private key of the public-private key pair. Any message encrypted with one of these keys can be decrypted with the other. The private key is always kept private. It should not be possible to derive the private key from the public key.
Public-key cryptography; A modern branch of cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.
Asymmetric warfare is the fact that a small investment, properly leveraged, can yield incredible results.
Asynchronous Transfer Mode
A cell-based connection-oriented data service offering high-speed data communications. ATM integrates circuit and packet switching to handle both constant and burst information at rates up to 2.488 Gbps. Also called cell relay.
Type of communications data synchronization with no defined time relationship between transmission of data frames. See synchronous transmission.
attachment unit interface (AUI)
A 15-pin interface between an Ethernet Network Interface Card and a transceiver.
The act of trying to bypass security controls on a system. An attack can be active, resulting in data modification, or passive, resulting in the release of data. Note: The fact that an attack is made does not necessarily mean that it will succeed. The degree of success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures.
A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to its final result.
Auditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.
(1) To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to system resources.
Generically, the process of verifying ?who? is at the other end of a transmission.
A device whose identity has been verified during the lifetime of the current link based on the authentication procedure.
The means used to confirm the identity or verify the eligibility of a station, originator, or individual.
The property that allows the ability to validate the claimed identity of a system entity.
The granting of access rights to a user, program, or process.
automated data processing security
Synonymous with automated information systems security.
automated information system (AIS)
An assembly of computer hardware, software, and/or firmware that is configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information.
automated information system security
Measures and controls that protect an AIS against Denial of Service (DoS) and unauthorized (accidental or intentional) disclosure, modification, or destruction of AISs and data. AIS security includes consideration of all hardware and/or software functions, characteristics, and/or features; operational procedures, accountability procedures, and access controls at the central computer facility, remote computers and terminal facilities; management constraints; physical structures and devices; and personnel and communication controls that are needed to provide an acceptable level of risk for the AIS and the data and information contained in the AIS. It includes the totality of security
automated security monitoring
The use of automated procedures to ensure that security controls are not circumvented.
One network or series of networks that are all under one administrative control. An autonomous system is also sometimes referred to as a routing domain. An autonomous system is assigned a globally unique number, sometimes called an Autonomous System Number (ASN).
Timely, reliable access to data and information services for authorized users.
availability of data
The condition in which data is in the place needed by the user, at the time the user needs it, and in the form needed by the user.