All > Technology > Security
Ability to make use of any information system (IS) resource.
- Browse Related Terms: access, application, Baselining, chain of custody, Computer Security Object (CSO), Computer Security Objects Register, Control Information, Denial of Service (DoS), Information Resources, information system, Metrics, records, security label, System, System Interconnection
Also listed in:
All > Technology > Security
An entity responsible for monitoring and granting access privileges for other authorized entities.
- Browse Related Terms: Access Authority, Attack Signature, Brute Force Password Attack, Confidentiality, Distributed Denial of Service (DDoS), Inside Threat, Integrity, Outside Threat, Sandboxing, Software-Based Fault Isolation, unauthorized disclosure
All > Technology > Security
The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).
- Browse Related Terms: access control, Audit Data, Audit Reduction Tools, cold site, Disaster Recovery Plan (DRP), Disruption, Executive Agency, hot site, National Security Emergency Preparedness Telecommunications Services, Security Policy
Also listed in:
- All > Technology > Collaboration > SharePoint
- All > Technology > E-mail > Lotus Domino
- All > Technology > E-mail > Microsoft Email > Microsoft Exchange > Microsoft Exchange 2003
- All > Technology > E-mail > Microsoft Email > Microsoft Exchange > Microsoft Exchange 2007
- All > Technology > Operating System > Microsoft Windows > Microsoft Windows Server > Microsoft Active Directory
- All > Technology > Programming > Java
- All > Technology > Telecommunications
All > Technology > Security
A register of:
- 1) users (including groups, machines, processes) who have been given permission to use a particular system resource, and
- 2) the types of access they have been permitted.
- Browse Related Terms: Access Control Lists (ACLs), Account Management, User, Audit Trail, Authentication Mechanism, availability, Client (Application), Discretionary Access Control, Honeypot, Identity-Based Security Policy, Least Privilege, Mandatory Access Control, Privileged Accounts, remote access, rule-based security policy, Unauthorized Access, user
All > Technology > Security
Involves
- the process of requesting, establishing, issuing, and closing user accounts;
- 2) tracking users and their respective access authorizations; and
- 3) managing these functions.
- Browse Related Terms: Access Control Lists (ACLs), Account Management, User, Audit Trail, Authentication Mechanism, availability, Client (Application), Discretionary Access Control, Honeypot, Identity-Based Security Policy, Least Privilege, Mandatory Access Control, Privileged Accounts, remote access, rule-based security policy, Unauthorized Access, user
All > Technology > Security
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.
- Browse Related Terms: Accountability, Certificate Policy (CP), Examination, exculpatory evidence, Inculpatory Evidence, Intellectual Property, IT Security Investment, label, reference monitor, Security Control Enhancements, security service, SSL, system administrator, Technical non-repudiation, Trusted Path
Also listed in:
All > Technology > Security
The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
- Browse Related Terms: Accreditation, Accrediting Authority, authorization, Authorize Processing, Authorizing Official, Certification and Accreditation (C&A), Cyber warriors, Identity, Risk, Risk Assessment, Security Accreditation, Security Authorization
Also listed in:
All > Technology > Security
- Browse Related Terms: Accreditation Authority, Accreditation Boundary, Accreditation Package, Authorizing Official Designated Representative, Common Security Control, Credential, Designated Approving (Accrediting) Authority (DAA), Information Owner, Security Impact Analysis, Senior Agency Information Security Officer
All > Technology > Security
All components of an information system to be accredited by an authorizing official and excludes separately accredited systems, to which the information system is connected.
- Browse Related Terms: Accreditation Authority, Accreditation Boundary, Accreditation Package, Authorizing Official Designated Representative, Common Security Control, Credential, Designated Approving (Accrediting) Authority (DAA), Information Owner, Security Impact Analysis, Senior Agency Information Security Officer
All > Technology > Security
The evidence provided to the authorizing official to be used in the security accreditation decision process. Evidence includes, but is not limited to: 1) the system security plan; 2) the assessment results from the security certification; and 3) the plan of action and milestones.
- Browse Related Terms: Accreditation Authority, Accreditation Boundary, Accreditation Package, Authorizing Official Designated Representative, Common Security Control, Credential, Designated Approving (Accrediting) Authority (DAA), Information Owner, Security Impact Analysis, Senior Agency Information Security Officer
All > Technology > Security
Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.
- Browse Related Terms: Accreditation, Accrediting Authority, authorization, Authorize Processing, Authorizing Official, Certification and Accreditation (C&A), Cyber warriors, Identity, Risk, Risk Assessment, Security Accreditation, Security Authorization
Also listed in:
All > Technology > Security > Biometrics
A catch-all phrase for describing how well a biometric system performs. The actual statistic for performance will vary by task (verification, open-set identification (watchlist), and closed-set identification). See www.biometricscatalog.org/biometrics/biometrics_101.pdf for further explanation. See also d prime, detection error trade-off (DET), detect and identification rate, equal error rate, false acceptance rate (FAR), false alarm rate (FAR), false match rate, false non-match rate, false reject rate, identification rate, performance, verification rate.
Also listed in:
- All > Law > E-Discovery
- All > Law > Forensic Science
- All > Science > Water
- All > Science > Weather
- All > Science > Weather > Climate Change
- All > Technology > Telecommunications
All > Technology > Security
Private data, other than keys, that are required to access cryptographic modules.
- Browse Related Terms: Activation Data, Automated Key Transport, Critical Security Parameter, Cryptographic Boundary, Differential Power Analysis (DPA), Electronic Key Entry, firmware, IP Security (IPsec), Key Escrow, Key Escrow System, Key Establishment, Key Loader, Key Transport, Manual Key Transport, port, Split Knowledge, Zeroization
All > Technology > Security
Active content refers to electronic documents that are able to automatically carry out or trigger actions on a computer platform without the intervention of a user.
- Browse Related Terms: Active Content, Application Content Filtering, File Name Anomaly, MIME, Mobile Code Technologies, Multi-Hop Problem, Multipurpose Internet Mail Extensions (MIME), Path Histories, Single-Hop Problem
All > Technology > Security
Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information.
- Browse Related Terms: Adequate Security, Asset, Classified Information, Criticality Level, Impact, Major Application, Minor Application, Mission Critical
All > Technology > Security
Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic health information and to manage the conduct of the covered entity's workforce in relation to protecting that information.
- Browse Related Terms: Administrative Safeguards, Assessment Method, Assessment Procedure, Audit, Countermeasures, Cryptanalysis, Incident Handling, Risk Analysis, Risk Mitigation
All > Technology > Security
This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.
- Browse Related Terms: Advanced Encryption Standard (AES), Approved Mode of Operation, Authentication Mode, Block Cipher, CBC/MAC, CCM, Cipher Block Chaining-Message Authentication Code (CBC-MAC), Cipher Suite, Counter with Cipher Block Chaining-Message Authentication Code (CCM), Egress Filtering, Formatting Function, Forward Cipher, Ingress Filtering, mode of operation
All > Technology > Security
Any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include: 1) the General Accounting Office; 2) the Federal Election Commission; 3) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or 4) government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.
- Browse Related Terms: Agency, Cryptographic Module Validation Program (CMVP), Cyber Command, Federal Information Processing Standard (FIPS), Federal Information Systems Security Educators Association (FISSEA), Individual, National Information Assurance Partnership (NIAP), Privacy
Also listed in:
- All > Business > Finance > Insurance > Auto Insurance
- All > Business > Finance > Insurance > Homeowners Insurance
- All > Business > Finance > Personal Finance
- All > Technology > Records Management
All > Technology > Security
A CA that acts on behalf of an Agency, and is under the operational control of an Agency.
- Browse Related Terms: Agency Certification Authority (CA), Chief Information Officer (CIO), Chief Information Security Officer, Clinger-Cohen Act of 1996, Crypto Officer, Federal Agency, Federal Information System, FISMA, Information System Security Officer (ISSO), IT Security Awareness and Training Program, Major Information System, Personal Identity Verification Authorizing Official, Personal Identity Verification Requesting Official
All > Technology > Security
A program used in distributed denial of service (DDoS) attacks that sends malicious traffic to hosts based on the instructions of a handler.
Also listed in:
- All > Business > Banking
- All > Business > Finance > Insurance > Auto Insurance
- All > Business > Finance > Insurance > Homeowners Insurance
- All > Business > Finance > Personal Finance
- All > Business > Finance > Personal Finance > Mortgage
- All > Healthcare > Health Insurance
- All > Law > Bankruptcy
- All > Technology > E-mail > Lotus Domino
- All > Technology > E-mail > Microsoft Email > Microsoft Exchange > Microsoft Exchange 2007
- All > Technology > Programming > Java
- All > Technology > Storage
- All > Technology > Telecommunications
- All > Travel > Visa