Security Taxonomy - Anne & Lynn Wheeler

Concepts

access control, assurance, attack, audit, authentication, authorization, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, evaluation, identity, key management, privacy, requirements, risk, risk management, security, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, users,

Terms

*-property: IncludedBy:Bell-LaPadula security model, property,; PreferredFor:star (*) property,; Related:access control, model,; Synonym:confinement property,
2-factor authentication: IncludedBy:3-factor authentication,; Related:process,
3-factor authentication: IncludedBy:authentication,; Includes:2-factor authentication, authentication information,; Related:biometric authentication, challenge/response, passwords, personal identification number, personal identity verification, process, proof of possession protocol, tokens,
ABA Guidelines: Related:association, certificate, digital signature, signature,
abend: Related:control, failure, process, program, test,
abort: Related:computer, failure, program,
Abrams, Jojodia, Podell essays: Related:computer, information, information security, security,
Abstract Syntax Notation One: Includes:Basic Encoding Rules, Distinguished Encoding Rules, object identifier,; Related:certificate, computer, function, information, object, protocols, public-key infrastructure, revocation, standard,
abuse of privilege: IncludedBy:threat,; Related:insider threat, policy, users,
acceptable level of risk: IncludedBy:threat,; Related:analysis, application, assessment, authority, control, countermeasures, critical, network, operation, requirements, vulnerability,
acceptable risk: IncludedBy:risk,; Related:control, system,
acceptable use policy: IncludedBy:policy,; Related:network, system, users,
acceptance criteria: IncludedBy:acceptance procedure, criteria,; Related:authorized, entity, system, users,
acceptance inspection: IncludedBy:acceptance procedure,; Related:information, security testing, software, standard, system, test,
acceptance procedure: IncludedBy:software development, target of evaluation,; Includes:acceptance criteria, acceptance inspection, acceptance testing, object,; Related:control, control systems, process, system, target,
acceptance testing: IncludedBy:acceptance procedure, security testing, test,; Related:criteria, requirements, system, users,
access: Includes:Directory Access Protocol, Internet Message Access Protocol, version 4, Law Enforcement Access Field, Lightweight Directory Access Protocol, Terminal Access Controller Access Control System, access approval, access approval authority, access category, access control, access control center, access control list, access control mechanisms, access control officer, access control service, access control system, access eligibility determination, access evaluation, access level, access list, access mediation, access mode, access national agency check and inquiries, access period, access port, access profile, access roster, access termination, access type, access with limited privileges, accesses, accessibility, accessioned records, acknowledged special access program, acquisition special access program, administrative access, approved access control device, browse access protection, code division multiple access, context-dependent access control, controlled access area, controlled access program coordination office, controlled access program oversight committee, controlled access programs, controlled access protection, delete access, demand assigned multiple access, direct access storage device, direct memory access, discretionary access control, execute access, failure access, ferroelectric random access memory, file transfer access management, formal access approval, frequency division multiple access, handle via special access control channels only, identity based access control, intelligence special access program, interim access authorization, last mile broadband access, limited access authorization, logical access, logical access control, mandatory access control, media access control address, merge access, multiple access rights terminal, need for access, non-discretionary access control, non-volatile random access memory, object, on-access scanning, one-time access, partition rule base access control, peer access approval, peer access enforcement, physical access control, privileged access, program access request, random access memory, read access, remote access, remote access software, role-based access control, special access office, special access program, special access program facility, special access program/special access required, special access programs central office, special access programs coordination office, special access required programs oversight committee, subject, surrogate access, tactical special access program facility, temporary access eligibility, time division multiple access, umbrella special access program, unacknowledged special access program, unauthorized access, update access, waived special access program, write access,; Related:ACL-based authorization, Automated Information System security, Bell-LaPadula security model, Clark Wilson integrity model, Defense Central Security Index, Defensive Information Operations, Department of Defense National Agency Check Plus Written Inquiries, Escrowed Encryption Standard, Freedom of Information Act, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, Network File System, PHF, PIV issuer, POSIX, Post Office Protocol, version 3, RA domains, SOCKS, SSO PIN, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, USENET, accreditation range, accredited security parameter, acoustic security, active wiretapping, adequate security, adjudication, adjudication authority, adversary, adverse information, alternative compensatory control measures, anonymous and guest login, anonymous login, appeal, applicant, application, application program interface, application proxy, application server attack, archiving, associated markings, attack, audit, audit trail, authenticate, authentication, authority, authorization, authorized, authorized adjudicative agency, authorized investigative agency, authorized person, authorized user, automated information system media control system, availability, availability service, backdoor, balanced magnetic switch, base station, bastion host, benign, between-the-lines-entry, billets, boundary, buffer overflow, call back, capability, carve-out, category, central office, centralized authorization, classified, classified contract, classified information procedures act, classified visit, clearance, clearance certification, clearance level, cleared escort, client, client server, closed storage, co-utilization, collateral information, common gateway interface, communications, compartment, compartmentalization, compartmentation, compartmented intelligence, compartmented mode, compelling need, component reference monitor, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, console logon, continuous operation, contractor/command program security officer, control, controlled security mode, controlled sharing, controlled space, cookies, covert channel, covert channel analysis, cracker, credentials, critical, critical program information, critical system, cross domain solution, cryptographic application programming interface, data compromise, data integrity service, data management, debriefing, dedicated mode, default account, default file protection, demilitarized zone, demon dialer, denial-of-service, determination authority, dictionary attack, directory service, disclosure of information, disclosure record, diskette, distributed plant, domain, domain name system, domain parameter, dominated by, dual control, eligibility, encapsulation, entry control, exception, exploit, exploitation, external security controls, external system exposure, extranet, extraordinary security measures, facility security clearance, failed logon, federated identity, federation, fedline, fetch protection, file encryption, file protection, file security, file series, firewall, flooding, flow, foreign disclosure, foreign ownership, control, or influence, foreign travel briefing, foreign visit, formulary, full disk encryption, government-approved facility, granularity, guard, guest system, hackers, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, immediate family member, impersonation, inadvertent disclosure, inadvertent disclosure incident, incident of security concern, individual accountability, individual electronic accountability, indoctrination, inference, information, information assurance, information assurance product, information category, information security, information systems security, insider, integrity, intercept, interception, interface, internal security controls, internal system exposure, internal vulnerability, internet protocol security, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection and prevention system, intrusion detection system, intrusion detection tools, isolator, joint personnel adjudication system, kerberos, key recovery, key-escrow, kiosk, labeled security protections, letter of compelling need, list-oriented, local logon, lock-and-key protection system, lockout, logged in, logic bombs, logical completeness measure, login, logoff, logon, maintenance hook, major application, malicious intruder, malicious logic, masquerade, masquerading, mission critical, mode of operation, modes of operation, motivation, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, need-to-know, need-to-know determination, network component, network reference monitor, network security, network weaving, nicknames, no-lone zone, non-disclosure agreement, non-discretionary security, non-discussion area, noncomputing security methods, office of personnel management, online attack, open storage area, operations and support, operations manager, operator, overwriting, packet filtering, partitioned security mode, password system, passwords, peer-to-peer communication, penetration, penetration testing, perimeter-based security, permanent records, permissions, personal computer system, personal identification number, personnel security, personnel security - issue information, personnel security clearance, personnel security exceptions, personnel security interview, personnel security investigation, personnel security program, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, platform it interconnection, point-to-point tunneling protocol, policy, pop-up box, privacy, privileged user, probe, procedural security, process, program channels or program security channels, program material, program office, program security officer, programmable read-only memory, protected network, protection ring, protection-critical portions of the TCB, protective security service, proximity, proxy server, public-key certificate, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, reinstatement, relying party, remote administration tool, remote authentication dial-in user service, remote login, repository, requirements, resource, resource encapsulation, response force, restricted area, revocation, risk avoidance, rootkit, routine changes, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, sandboxed environment, scattered castles, scoping guidance, screen scraping, secure data device, secure single sign-on, secure state, secure working area, security, security assurance, security clearance, security compromise, security controls, security director, security domain, security incident, security intrusion, security kernel, security label, security level, security management, security management infrastructure, security policy, security safeguards, security violation, security-relevant event, segregation of duties, senior foreign official, senior review group, sensitive activities, sensitive compartmented information, sensitive compartmented information courier, sensitive information, sensitivity label, service, signature, simple network management protocol, simple security condition, simple security property, single scope background investigation - periodic reinvestigation, single sign-on, social engineering, software, source program, special program review group, sponsoring agency, spoof, spoofing, storage object, store, subcontract, subject security level, subset-domain, suspicious contact, system, system entry, system high mode, system resources, system software, system-high security mode, target vulnerability validation techniques, tcpwrapper, technical countermeasures, technical policy, technological attack, technology, technology control plan, temporary help/job shopper, term rule-based security policy, theft, threat, ticket, ticket-oriented, timing attacks, tokens, transaction, trapdoor, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, unauthorized person, unclassified internet protocol router network, unclassified sensitive, unfavorable personnel security determination, uniform resource locator, unprotected network, user PIN, users, vault, verification, virus, vulnerability, war driving, web browser cache, web content filtering software, website, wide-area network, wimax, wireless gateway server, wiretapping, workstation, world wide web,
access approval: IncludedBy:access,; Related:authorization, classified, security clearance,
access approval authority: IncludedBy:access,
access category: IncludedBy:access,; Related:authorized, process, program, resource, users,
access control: IncludedBy:Automated Information System security, access, authorization, control, risk management, security, security-relevant event, trusted computing base, users,; Includes:IT default file protection parameters, centralized authorization, classified information, component reference monitor, controlled sharing, cookies, default file protection, entry control, fetch protection, file protection, file security, granularity, logged in, login, logoff, logon, need-to-know, network reference monitor, privileged, sandboxed environment, secure state, security kernel, security perimeter, sensitivity label, system entry, technical policy,; Related:*-property, Bell-LaPadula security model, Clark Wilson integrity model, Defensive Information Operations, Escrowed Encryption Standard, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, Network File System, PIV issuer, POSIX, RA domains, SOCKS, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, accreditation range, active wiretapping, adequate security, adversary, application, application program interface, application proxy, archiving, attack, audit, audit trail, authenticate, authentication, authorized, availability, availability service, backdoor, bastion host, benign, between-the-lines-entry, boundary, boundary host, breach, buffer overflow, call back, capability, category, classified, clearance level, client, client server, common gateway interface, communications, compartment, compartmentalization, compartmented mode, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, controlled security mode, controlled space, covert channel, covert channel analysis, cracker, credentials, critical, critical system, cryptographic application programming interface, cryptographic equipment room, data compromise, data integrity service, data management, dedicated mode, default account, demilitarized zone, demon dialer, denial-of-service, dictionary attack, directory service, disclosure of information, domain, domain name system, domain parameter, dominated by, dual control, encapsulation, exploit, exploitation, external security controls, external system exposure, extranet, federated identity, federation, fedline, firewall, flooding, formulary, function, guard, hackers, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, impersonation, inadvertent disclosure, individual accountability, individual electronic accountability, inference, information, information assurance product, information category, information security, information systems security, integrity, interception, interface, internal security controls, internal system exposure, internet protocol security, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection tools, kerberos, key recovery, key-escrow, kiosk, labeled security protections, list-oriented, lock-and-key protection system, lockout, logic bombs, logical completeness measure, maintenance hook, major application, malicious intruder, malicious logic, masquerade, masquerading, minimum essential infrastructure, mode of operation, modes of operation, motivation, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, network, network component, network security, network weaving, no-lone zone, non-discretionary security, noncomputing security methods, operations manager, operator, packet filtering, partitioned security mode, password system, passwords, peer-to-peer communication, penetration, permissions, personal identification number, personnel security, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, policy, pop-up box, privacy, probe, procedural security, process, program, protected network, protection ring, protection-critical portions of the TCB, proximity, proxy server, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, remote administration tool, remote authentication dial-in user service, repository, resource, resource encapsulation, restricted area, rootkit, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, scoping guidance, screen scraping, secure single sign-on, security clearance, security compromise, security controls, security domain, security incident, security intrusion, security label, security management, security management infrastructure, security policy, security safeguards, security violation, segregation of duties, sensitive compartmented information, sensitive information, signature, simple network management protocol, simple security condition, simple security property, single sign-on, social engineering, software, source program, spoof, spoofing, storage object, subject security level, subset-domain, system, system high mode, system resources, system software, system-high security mode, tcpwrapper, technological attack, technology, term rule-based security policy, theft, threat, threat consequence, ticket, ticket-oriented, timing attacks, tokens, transaction, trapdoor, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, uniform resource locator, unprotected network, user PIN, verification, virus, vulnerability, web browser cache, website, wide-area network, wireless gateway server, wiretapping, workstation, world wide web,
access control center: IncludedBy:access, control,; Related:computer, cryptography, key, policy, security, system,
access control list: IncludedBy:access, control,; Includes:ACL-based authorization,; PreferredFor:access list,; Related:authorized, communications security, computer, object, process, program, resource, subject, system, users,
access control mechanisms: IncludedBy:access, control,; Related:authorized, security, software, system, unauthorized access,
access control officer: IncludedBy:access, control,
access control service: IncludedBy:access, control,; Related:authorized, entity, policy, resource, security, system, unauthorized access,
access control system: IncludedBy:access,; Related:security,
access eligibility determination: IncludedBy:access,; Related:classified, requirements, security,
access evaluation: IncludedBy:access, evaluation,; Related:security,
access level: IncludedBy:access, security level,; Related:authorization, identify, object, users,
access list: HasPreferred:access control list,; IncludedBy:access,
access mediation: IncludedBy:access,; Related:authorized, control, policy, process, resource,
access mode: IncludedBy:access, automated information system,; Related:object, operation, process, subject, system,
access national agency check and inquiries: IncludedBy:access,; Related:classified, security,
access period: IncludedBy:access,
access port: IncludedBy:access,; Related:computer,
access profile: IncludedBy:access, file, profile,; Related:object, users,
access roster: IncludedBy:access,
access termination: IncludedBy:access,
access type: IncludedBy:access,; Related:file, object, program,
access with limited privileges: IncludedBy:access,; Related:application, control, domain, process, security, system, users,
accesses: IncludedBy:access,; Related:classified, critical, requirements, security,
accessibility: IncludedBy:access,; Related:computer, resource, system,
accessioned records: IncludedBy:access,
account aggregation: Related:entity, information, target,
account authority digital signature: IncludedBy:authority, public-key infrastructure, signature,; Related:authentication, key, public-key,
account fraud: IncludedBy:fraud, identity theft,; PreferredFor:account hijacking, account takeover,; Related:entity, theft,
account hijacking: HasPreferred:account fraud,
account management: Related:information,
account takeover: HasPreferred:account fraud,
accountability: IncludedBy:security goals,; Includes:automated information system, identification, object, users,; Related:audit, authority, communications security, computer, control, deterrence, entity, failure, fault isolation, identify, information, intrusion, intrusion detection, intrusion prevention, key, minimum essential infrastructure, non-repudiation, owner, policy, process, property, quality, recovery, resource, security objectives, system, trust,
accounting legend code: IncludedBy:code,; Related:communications security, control, control systems, system,
accounting number: Related:communications security, control,
accreditation: IncludedBy:certification,; Includes:DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation boundary, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, identification and accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation,; PreferredFor:accredited,; Related:Common Criteria Testing Laboratory, approved technologies list, approved test methods list, assessment, association, authority, authorization, cascading, certificate, certificate revocation list, certification phase, certifier, classified, computer, control, controlled security mode, criteria, dedicated security mode, evaluation, external security controls, function, information, intelligence, multilevel security mode, national information assurance partnership, network, operation, partitioned security mode, pre-certification phase, process, requirements, risk, security evaluation, security testing, site certification, standard, system, system-high security mode, test, trust, trusted computer system, type certification,
accreditation authority: IncludedBy:accreditation, authority,; Related:entity, information, trust,
accreditation body: IncludedBy:accreditation, national information assurance partnership,; Related:standard,
accreditation boundary: IncludedBy:accreditation, boundary,; Related:information, resource, security, system, users,; Synonym:security perimeter,
accreditation disapproval: IncludedBy:accreditation,; Related:control, critical, operation, requirements, risk, security, system,
accreditation multiplicity parameter: IncludedBy:accreditation,; Related:authority, entity, information,
accreditation package: IncludedBy:accreditation,; Related:security, system,
accreditation phase: IncludedBy:accreditation,; Related:assessment, process, risk, security, system, update,
accreditation range: IncludedBy:accreditation,; Related:access, access control, authority, computer, computer security, control, criteria, evaluation, network, operation, process, requirements, risk, security, system, trust, trusted computer system,
accredited: HasPreferred:accreditation,
accredited security parameter: IncludedBy:security,; Related:access,
accrediting authority: IncludedBy:authority,; Related:security,
accuracy: Related:assessment,
ACH debit fraud: IncludedBy:fraud, identity theft,; Related:authorized,
acknowledged special access program: IncludedBy:access,; Related:authorized, classified, compromise, risk, vulnerability,
ACL-based authorization: IncludedBy:access control list, authorization,; Includes:distributed computing environment,; Related:access,
acoustic intelligence: IncludedBy:intelligence,; Related:acoustic security, analysis,
acoustic security: IncludedBy:security,; Related:access, acoustic intelligence, classified,
acoustic warfare: IncludedBy:warfare,
acquirer: IncludedBy:Secure Electronic Transaction,; Related:authorization, process, system,
acquisition plan: Related:analysis, requirements,
acquisition program
acquisition special access program: IncludedBy:access,; Related:evaluation, intelligence, requirements,
acquisition strategy: Related:control, object, system,
acquisition systems protection: Related:authorized, compromise, foreign, intelligence, security,
active attack: IncludedBy:attack,; Related:authentication, impersonation, protocols,
active content: Related:program,
active security testing: IncludedBy:security testing, test,; Related:system, target, vulnerability,
active state: Antonym:deactivated state,; IncludedBy:key lifecycle state,; Related:algorithm, application, cryptographic, key, lifecycle, security,
active wiretapping: IncludedBy:wiretapping,; Related:access, access control, authorized, communications, computer, control, message, users,
activity
activity analysis: IncludedBy:analysis, security software,; Related:process,
activity security manager: IncludedBy:security,; Related:classified, information security, security incident,
activity-based costing: IncludedBy:business process,
actuator
ad hoc
ad hoc testing: IncludedBy:security testing, test,
ad-lib test: IncludedBy:test,
adaptive predictive coding
add-on security: IncludedBy:security,; Related:computer, operation, process, software, system,
address
address indicator group
address of record
address spoofing: IncludedBy:masquerade, spoof, spoofing,; Includes:ip spoofing,; Related:impersonation, network, system,
adequate security: IncludedBy:security,; Related:access, access control, authorized, availability, control, information, integrity, operation, risk, system, unauthorized access,
adjudication: Related:access, classified, evaluation, security, trust,
adjudication authority: Related:access,
adjudicative process: Related:risk, security,
adjudicator: Related:security,
administration documentation: IncludedBy:target of evaluation,; Related:information, target,
administrative access: IncludedBy:access,; Related:authorized, function, system,
administrative account: Related:computer, users,
administrative security: HasPreferred:procedural security,; IncludedBy:security,
administrator: IncludedBy:target of evaluation,; Related:operation, target,
advanced development model: IncludedBy:software development,
advanced encryption standard: IncludedBy:National Institute of Standards and Technology, encryption, standard, symmetric cryptography,; Related:algorithm, classified, cryptographic, key,
advanced intelligence network: IncludedBy:intelligence, network,
advanced intelligent network: IncludedBy:network,
Advanced Mobile Phone Service: Related:standard, system, update, users,
advanced narrowband digital voice terminal
Advanced Research Projects Agency Network: IncludedBy:network,
advanced self-protection jammer: IncludedBy:communications security, jamming,; Related:assurance,
adversary: IncludedBy:security,; Includes:adversary collection methodology, adversary threat strategy,; Related:C2-attack, C2-protect, access, access control, advisory, attack, camouflage, command and control warfare, communications cover, communications deception, compromise, counterintelligence, countermeasures, cover, critical, cryptographic key, damage, data aggregation, deception, eavesdropping, entity, imitative communications deception, indicator, information, information assurance, information operations, information superiority, information warfare, intelligence, intelligent threat, malware, man-in-the-middle attack, motivation, national information infrastructure, non-technical countermeasure, operations security, operations security indicator, perceived collection threat, radio frequency jamming, random, red team, replay attack, risk, security environment threat list, security threat, social engineering, system, target, threat, threat analysis, traffic analysis, vulnerability, vulnerability analysis, vulnerability assessment,
adversary collection methodology: IncludedBy:adversary,; Related:critical,
adversary threat strategy: IncludedBy:adversary, threat,
adverse action
adverse information: Related:access, classified, security,
advisory: Includes:Computer Incident Advisory Capability, National COMSEC Advisory Memorandum, National Industrial Security Advisory Committee, National Security Telecommunications Advisory Committee, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, TEMPEST advisory group,; Related:Internet Architecture Board, adversary, computer emergency response team, target, threat,
affiliate
agency: Related:classified,
agent: Related:attack, intrusion, intrusion detection, malicious, program,
agent of the government: Related:authorized,
aggregation: Related:classified, information, security,
aggressive mode: Related:establishment, internet protocol security, internet security protocol, message,
alarm: Related:countermeasures, function,; Synonym:alert,
alarm reporting: Related:fault, identification, information, network, resource, security software,
alarm surveillance: Related:analysis, communications, control, fault, function, information, network, operation, resource, security software,
alert: Related:anomaly, attack, audit, communications security, critical, identify, message, network, process, resource, security,; Synonym:alarm,
algorithm: Includes:Data Authentication Algorithm, Data Encryption Algorithm, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, International Data Encryption Algorithm, Key Exchange Algorithm, MAC algorithm key, NULL encryption algorithm, RSA algorithm, Rivest-Shamir-Adleman algorithm, algorithm transition, asymmetric algorithm, asymmetric cryptographic algorithm, asymmetric encryption algorithm, control algorithm, crypto-algorithm, cryptographic algorithm, cryptographic algorithm for confidentiality, digital signature algorithm, encipherment algorithm, encryption algorithm, hash algorithm, keyed hash algorithm, message authentication code algorithm, message digest algorithm 5, public-key algorithm, secure hash algorithm, symmetric algorithm, symmetric encipherment algorithm, symmetric encryption algorithm,; Related:CAST, Clipper chip, Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security, Computer Security Objects Register, Data Encryption Standard, Diffie-Hellman, Digital Signature Standard, Escrowed Encryption Standard, FIPS PUB 140-1, FIPS approved security method, Fortezza, Internet Security Association and Key Management Protocol, OAKLEY, Rivest Cipher 2, Rivest Cipher 4, SET qualifier, Simple Key-management for Internet Protocols, Skipjack, Type 4 product, Type I cryptography, Type II cryptography, Type III cryptography, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, active state, advanced encryption standard, approved, asymmetric cryptography, asymmetric encipherment system, biometric template, block cipher, break, brute force attack, certification request, checksum, cipher, cipher block chaining, cipher feedback, cipher suite, ciphertext, ciphertext-only attack, code, communications security, computer, computer cryptography, cryptanalysis, cryptographic, cryptographic functions, cryptographic key, cryptographic logic, cryptographic module, cryptographic system, cryptographic token, cryptography, cryptonet, cryptoperiod, cycle time, cyclic redundancy check, data authentication code, data authentication code vs. Data Authentication Code, decrypt, digital envelope, digital signature, domain of interpretation, effective key length, electronically generated key, elliptic curve cryptography, encipherment, encrypt, encryption, encryption strength, frequency hopping, hash, hash function, hybrid encryption, indistinguishability, initial transformation, initialization value, initialization vector, intelligent threat, internet protocol security, key, key agreement, key distribution, key generating function, key generator, key pair, key recovery, key space, key transport, key-escrow system, keyed hash, known-plaintext attack, link encryption, man-in-the-middle attack, message, message authentication code, message authentication code vs. Message Authentication Code, message digest, metric, mode of operation, one-time pad, out-of-band, output transformation, parameters, pretty good privacy, private key, process controller, protection suite, pseudo-random, public-key, public-key cryptography standards, public-key forward secrecy, public-key information, secret key, secret-key cryptography, secure hash standard, secure hypertext transfer protocol, secure socket layer, security mechanism, security strength, semantic security, signature generation, signature verification, stream cipher, strength of mechanisms, symmetric cryptography, symmetric key, trapdoor, triple DES, trust, tunnel, type 1 products, type 2 product, type 3 product, validate, virus definitions,
algorithm transition: IncludedBy:algorithm,; Related:cryptographic, process,
alias: Related:anonymous, entity, masquerade,
alien: Related:United States citizen,
alignment: Related:process, system,
all-hazards
allowed traffic: Related:bit forwarding rate, ruleset, system, test,
alternate COMSEC custodian: IncludedBy:communications security,; Related:authority,
alternative compensatory control measures: Related:access, intelligence,
alternative work site: Related:program,
American institute of certified public accountants
American National Standards Institute: IncludedBy:standard,; Related:association, automated information system, communications, computer, users,
American Standard Code for Information Interchange: IncludedBy:code, information, standard,; Related:automated information system,
analog signal
analysis: Includes:SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit, cost/benefit analysis, cost/benefit estimate, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, gap analysis, information sharing and analysis center, mutation analysis, network behavior analysis system, requirements analysis, risk analysis, risk reduction analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, stateful protocol analysis, static analysis, target identification and analysis techniques, technical threat analysis, threat analysis, traffic analysis, value analysis, vulnerability analysis,; Related:Federal Standard 1027, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acceptable level of risk, acoustic intelligence, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, counterintelligence assessment, countermeasures, cryptology, cryptoperiod, damage assessment, data historian, diagnostics, digital forensics, electronic security, elliptic curve cryptography, emanations security, emission security, emissions security, error seeding, evaluation assurance, fault injection, financial crimes enforcement network, flaw hypothesis methodology, flooding, formal language, functional test case design, global requirements, hashed message authentication code, independent validation and verification, instrumentation, intelligence, intelligence sources and methods, judgment sample, known-plaintext attack, limited network analyzer, local requirements, measurement and signature intelligence, model, national computer security assessment program, network sniffing, one-time pad, operations security, operations security process, operations security survey, personal computer system, portfolio, privacy impact assessment, reference monitor, reference validation mechanism, remote maintenance, risk assessment, risk identification, risk management, robustness, sanitization, sanitizing, security test and evaluation, significant change, symbolic execution, system development, system development methodologies, target vulnerability validation techniques, telemetry, telemetry intelligence, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, verification, vulnerability, vulnerability assessment,; Synonym:evaluation, test,
analysis of alternatives: IncludedBy:analysis,; Related:information, process,
ankle-biter: IncludedBy:threat,; Related:internet, malicious, program,
anomaly: Includes:anomaly detection, anomaly detection model,; Related:alert, bug, failure, fault, operation, problem, requirements, software, users,
anomaly detection: IncludedBy:anomaly, security software,; Related:countermeasures, intrusion, system, users,
anomaly detection model: IncludedBy:anomaly, model, security policy model,; Related:intrusion, system, users,
anonymity: Related:identification, information, security, users,
anonymous: Related:alias, application, attack, authorized, entity, privacy, security, system, users,
anonymous and guest login: IncludedBy:login,; Related:access, authentication, protocols, system,
anonymous login: IncludedBy:internet, login,; Related:access, control, file, passwords, protocols, resource, system, threat, users,
anti-jam: IncludedBy:communications security,; Related:information, jamming,
anti-jamming: IncludedBy:communications security,; Related:jamming,
anti-spoof: Antonym:spoofing,; IncludedBy:spoof,; Related:attack, authentication, authorized, identification, security software, subject,
anti-tamper: IncludedBy:tamper,; Related:critical,
anti-tamper executive agent: IncludedBy:tamper,
antispyware software: IncludedBy:software,; Related:malware, program,
antisubmarine warfare: IncludedBy:warfare,
antivirus software: IncludedBy:security software, software, virus,; Related:application, computer, countermeasures, file, identify, incident, integrity, intrusion, intrusion detection, malware, program, system,
antivirus tools: IncludedBy:virus,; Related:code, countermeasures, malicious, software, system, technology,
appeal: Related:access,
appendix: Related:signature,
applet: Related:application, program, world wide web,
applicant: Related:access, authorized, certificate, classified, entity, key,
applicant assertion: Related:entity, identity, information, process, registration,
application: IncludedBy:software,; Includes:Cryptographic Application Program Interface, Generic Security Service Application Program Interface, application controls, application data backup/recovery, application entity, application gateway firewall, application generator, application level gateway, application program interface, application programming interface, application proxy, application server attack, application software, application system, application-level firewall, cryptographic application programming interface, key management application service element, major application, rapid application development, wireless application protocol,; Related:COMSEC end-item, Common Criteria for Information Technology Security, Defense Information Infrastructure, Distinguished Encoding Rules, Europay, MasterCard, Visa, FIPS PUB 140-1, Federal Public-key Infrastructure, Generic Upper Layer Security, IT security certification, IT security support functions, Java, Lightweight Directory Access Protocol, Network File System, OSI architecture, Open Systems Interconnection Reference model, PIV issuer, PKIX, POSIX, S/Key, SOCKS, TOE security functions interface, X.500 Directory, acceptable level of risk, access, access control, access with limited privileges, active state, anonymous, antivirus software, applet, archive, asynchronous transfer mode, automated information system, backup, backup generations, banner grabbing, baseline management, bastion host, bill payment, blacklist, certificate policy, certification, certification authority workstation, certification phase, certification practice statement, circuit proxy, clean system, closed security environment, collaborative computing, command and control warfare, common security, communications, component operations, computer, computer architecture, computer fraud, computer related controls, computing environment, control, control server, cookies, critical system files, cryptographic system, cybersecurity, data dictionary, data encryption key, decrypt, defense-in-depth, degauss, denial-of-service, designation policy, digital forensics, directly trusted CA, disaster recovery plan, distributed computing environment, documentation, dual-homed gateway firewall, email, emanations security, encryption, end entity, end-user, extensible markup language, extension, extranet, fail soft, file infector virus, file transfer protocol, firewall, firmware, formal language, function, general controls, general support system, global information grid, hash function, hijacking, host, host-based firewall, hybrid encryption, hypertext markup language, hypertext transfer protocol, identity management systems, interface, internet vs. Internet, interpretation, interpreted virus, kerberos, key generating function, key management, key-encrypting key, least privilege, legacy systems, line managers, link encryption, lockout, macro virus, malicious applets, malicious code, malicious program, malware, management server, meta-language, middleware, mode of operation, modem, motion control network, multipurpose internet mail extensions, national security system, naval special warfare, network protocol stack, network service worm, on-line system, online certificate status protocol, open security, open security environment, open system interconnection model, operating system, operations security, outcome, packet filter, passive fingerprinting, password cracker, patch, penetration testing, personal identification number, personality label, physical security, platform, portability, pretty good privacy, process, program, protocol analyzer, prototyping, proxy, proxy server, public-key cryptography standards, public-key infrastructure, purge, random, realm, registration authority, rekey, relying party, repair action, reusability, review techniques, risk analysis, routing control, run manual, scalability, scope of a requirement, screened host firewall, secure socket layer, security assertion markup language, security evaluation, security requirements, security support programming interface, security testing, session key, significant change, simple mail transfer protocol, simple network management protocol, single sign-on, site accreditation, smartcards, software security, source code generator, starting variable, statistical process control, support software, system, system accreditation, system software, systems engineering, systems software, target identification and analysis techniques, technical controls, technology area, teleprocessing, telnet, test bed, test facility, transmission control protocol, transmission security, transport layer security, trust-file PKI, trusted gateway, type accreditation, unauthorized access, unit of transfer, user data protocol, user partnership program, users, validate, validation, verification, version scanning, virus, virus signature, vulnerability, vulnerability assessment, water supply system, whitelist, workgroup computing, workstation, world wide web,
application controls: IncludedBy:application, control,; Related:authorized, encryption, process, program, security controls, system, validation,
application data backup/recovery: IncludedBy:application, availability, backup,; Related:damage, information, process, software,
application entity: IncludedBy:application, entity,
application gateway firewall: IncludedBy:application, firewall, gateway,; Related:internet, protocols, system,
application generator: IncludedBy:application,; Related:code, control, program, requirements, software,
application level gateway: IncludedBy:application, gateway,; Related:connection, firewall, process, system,; Synonym:application proxy,
application program interface: IncludedBy:application, interface, program, security, software,; Related:access, access control, code, communications, function, network, standard, system, users,
application programming interface: IncludedBy:application, interface, program,; Related:interoperability, software, system,
application proxy: IncludedBy:application, firewall, proxy,; Includes:gateway,; Related:access, access control, audit, connection, control, protocols, response,; Synonym:application level gateway,
application server attack: IncludedBy:application, attack,; Related:access, authorized, availability, compromise, computer, information, integrity, resource, system, users,
application software: IncludedBy:application, software,; Related:process, program, system,
application system: IncludedBy:application, system,; Related:automated information system, computer, function, process, program, resource,
application-level firewall: IncludedBy:application, firewall, security,; Related:connection, process, protocols, system,
approach
approval for service use
approval/accreditation: IncludedBy:accreditation,; Related:TEMPEST, authorization, communications, communications security, computer, control, evaluation, information, operation, process, security, software, system,
approved: Related:algorithm, function, security,
approved access control device: IncludedBy:access,; Related:requirements, security,
approved built-in combination lock
approved combination padlock: Related:requirements,
approved electronic, mechanical, or electromechanical device: Related:requirements, security,
approved key-operated padlock: Related:requirements,
approved security container: IncludedBy:security,; Related:certification,
approved technologies list: IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership,; Related:IT security, accreditation, computer security, evaluation, information, security, technology, test,
approved test methods list: IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership, test,; Related:IT security, accreditation, authorized, computer security, evaluation, security,
approved vault
approved vault door
architectural design: IncludedBy:software development, target of evaluation,; Related:process, target,
architecture: Related:function, information, interface, system, users,
archive: IncludedBy:recovery,; Related:application, audit, backup, certificate, cryptographic, digital signature, information, integrity, key, non-repudiation service, operation, public-key, public-key infrastructure, redundancy, retrieval, signature, software, software library, system, technology, uniform resource locator,; Synonym:archiving,
archiving: Related:access, access control, backup, file,; Synonym:archive,
area interswitch rekeying key: IncludedBy:key, rekey,
areas of control: IncludedBy:control,; Related:assurance, object,
areas of potential compromise: IncludedBy:compromise, vulnerability,; Related:minimum essential infrastructure,
ARPANET: IncludedBy:internet, network,
as-is process model: IncludedBy:model, process,; Related:baseline, business process,
assessment: Includes:computer incident assessment capability, counterintelligence assessment, criticality assessment, damage assessment, independent assessment, national computer security assessment program, operations security assessment, privacy impact assessment, qualitative risk assessment, risk assessment, threat assessment, vulnerability assessment, web risk assessment,; Related:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, acceptable level of risk, accreditation, accreditation phase, accuracy, analysis, assurance, authorize processing, binding of functionality, certification, certification package, certification phase, cost-risk analysis, deliverable, ease of use, evaluation, evaluation pass statement, evaluator, information, management countermeasure, metric, monitoring and evaluation, operations security, operations security process, portfolio, pre-certification phase, process, process assurance, rating, resource, risk analysis, risk avoidance, risk management, scheme, security, security category, security fault analysis, site certification, standard, strength of mechanisms, suitability of functionality, system, threat monitoring, verification, vulnerability,
asset: IncludedBy:target of evaluation,; Related:countermeasures, information, intelligence, operation, resource,
assignment: IncludedBy:protection profile,; Related:file, function, message, profile, signature,
associated markings: Related:access, classified,
association: Includes:Internet Security Association and Key Management Protocol, information systems audit and control association, information systems security association, personal computer memory card international association, security association identifier, security association lifetime, security association:, symmetric measure of association,; Related:ABA Guidelines, American National Standards Institute, IPsec Key Exchange, PCMCIA, U.S. person, accreditation, authentication header, binding, certification authority, cookies, data integrity service, data origin authentication service, dynamic binding, encapsulating security payload, hijack attack, information, internet key exchange protocol, internet protocol security, key establishment, key recovery, key transport, keying material, man-in-the-middle attack, on-line cryptosystem, peer entity authentication, peer entity authentication service, primary account number, protocols, proxy server, repudiation, risk, security parameters index, security situation, spam, static binding, system, transport mode vs. tunnel mode, unit of transfer,
assurance: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, security goals, target of evaluation,; Includes:assurance approach, assurance authority, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, assure, automated information system, confidence, configuration management, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, evidence, high assurance guard, identification and authentication, information assurance, infrastructure assurance, integrity, mission assurance category, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, security assurance, site information assurance manager, software assurance, software quality assurance, supporting information assurance infrastructures, test,; Related:Common Criteria, Common Criteria for Information Technology Security, Defensive Information Operations, Information Technology Security Evaluation Criteria, Trusted Computer System Evaluation Criteria, advanced self-protection jammer, areas of control, assessment, augmentation, authentication, availability, bebugging, beyond A1, cardholder certificate, certification, class 2, 3, 4, or 5, closed security environment, communications deception, component dependencies, component extensibility, component hierarchy, computer, computer security, computer security toolbox, computing security methods, confidentiality, controlled access protection, criteria, cross domain solution, cybersecurity, data privacy, defense-in-depth, deliverable, demilitarized zone, electronic protection, enclave, entity, entity authentication of A to B, environmental failure protection, error seeding, explicit key authentication from A to B, exploit, extension, fetch protection, file protection, function, functional protection requirements, hardening, identity, implicit key authentication from A to B, information, information protection policy, information systems security manager, infrastructure protection, internal system exposure, key authentication, key confirmation, key confirmation from A to B, level of protection, levels of concern, lock-and-key protection system, minimum level of protection, mutual authentication, mutual entity authentication, network security, non-repudiation, notarization, object, open security, open security environment, outsourced information technology based process, package, physical protection, platform it interconnection, policy, port protection device, privacy protection, privileged user, process, product rationale, property, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, public-key infrastructure, purge, quality of protection, questions on controls, requirements, security evaluation, security objectives, security target, software, suspicious activity report, system, target, technology, trusted computer system, trusted computing system, trusted foundry, trusted network interpretation, type 3 product, unilateral authentication, users, validation,
assurance approach: IncludedBy:assurance,
assurance authority: IncludedBy:assurance, authority,
assurance component: IncludedBy:Common Criteria for Information Technology Security Evaluation, assurance, component,; Related:requirements,
assurance element: IncludedBy:assurance,; Related:process,
assurance level: IncludedBy:assurance,; Related:confidence, criteria, federation, quality, requirements, target,
assurance method: IncludedBy:assurance,
assurance profile: IncludedBy:assurance, file, profile,; Related:confidence, function,
assurance results: IncludedBy:assurance,
assurance scheme: IncludedBy:assurance,; Related:authority,
assurance stage: IncludedBy:assurance,
assure: IncludedBy:assurance,; Related:IT security, ensure, process, program,
assured software: IncludedBy:software,; Related:process, test, trust,
astragal strip: Related:authorized,
asymmetric algorithm: IncludedBy:algorithm, asymmetric cryptography,; Includes:Diffie-Hellman, Rivest-Shamir-Adleman algorithm, elliptic curve cryptosystem, private key, public-key, public-key cryptography standards,; Related:encryption, key, message,
asymmetric cipher: IncludedBy:asymmetric cryptography, cipher,; Related:encipherment, system,
asymmetric cryptographic algorithm: IncludedBy:algorithm, cryptographic, encryption, key,; Related:message,
asymmetric cryptographic technique: IncludedBy:asymmetric cryptography, cryptographic,; Related:cipher, cryptographic system, encipherment, entity, function, key, message, property, public-key, signature, system, verification,
asymmetric cryptography: IncludedBy:cryptography,; Includes:asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public-key derivation function, public-key information, public-key system,; Related:algorithm, authentication, confidentiality, digital signature, encryption, integrity, key, key management, owner, public-key, signature,
asymmetric encipherment system: IncludedBy:asymmetric cryptography, cipher, encipherment, system,; Related:algorithm, cryptographic, encryption,
asymmetric encryption algorithm: IncludedBy:algorithm, asymmetric cryptography, encryption,; Related:cipher, encipherment, system,
asymmetric key pair: IncludedBy:asymmetric cryptography, key,; Related:public-key,
asymmetric keys: IncludedBy:key,; Related:encryption, operation, public-key, signature, verification,
asymmetric signature system: IncludedBy:asymmetric cryptography, signature, system,; Related:cryptographic, verification,
asynchronous attacks: IncludedBy:attack,; Related:system,
asynchronous communication: IncludedBy:communications,; Related:information,
asynchronous transfer mode: IncludedBy:security,; Related:application, connection, network, process, technology,
attack: Antonym:security software,; IncludedBy:incident, risk, security, threat,; Includes:Attack Sensing and Warning, C2-attack, ICMP flood, IP splicing/hijacking, Star Trek attack, TTY watcher, active attack, application server attack, asynchronous attacks, attack potential, attack signature recognition, attackers, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial-of-service, dictionary attack, eavesdropping, eavesdropping attack, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, key logger, keystroke monitoring, killer packets, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle attack, masquerade attack, masquerading, mimicking, nak attack, off-line attack, online attack, online guessing attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attack, rootkit, scanning, scavenging, session hijack attack, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, synchronous flood, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping,; Related:Diffie-Hellman, POP3 APOP, SOF-basic, SOF-high, SOF-medium, access, access control, adversary, agent, alert, anonymous, anti-spoof, authentication header, authorization, authorized, availability, availability service, bastion host, blinding, bot-network operators, challenge-response protocol, checksum, code red, compromise, computer, computer emergency response team, computer emergency response teams' coordination center, computer network operations, control, cookies, countermeasures, cracker, criminal, criminal groups, critical, cryptanalysis, defense-in-depth, demilitarized zone, electronic warfare, elliptic curve cryptography, emergency action plan, entity, entropy, evasion, exploit, firewall, flaw hypothesis methodology, guessing entropy, hackers, handler, hash function, hijacking, honeypot, host-based security, impact, incident of security concern, indicator, information, information security, insider, integrity, internet, intrusion, jamming, kerberos, key validation, keyed hash, layered solution, mailbomb, malicious, man-in-the-middle attack, management message, manipulation detection code, min-entropy, misappropriation, motivation, network, nonce, one-time passwords, operation, pharming, physical security, policy, precursor, privacy system, protected checksum, radio frequency jamming, remote administration tool, resource, risk plane, risk value, salt, scenario, scrambling, secret key, security audit, security environment threat list, security management infrastructure, signature, spammers, strength of a requirement, strength of function, strength of mechanisms, survivability, system, target, threat action, threat consequence, tiger team, traceability, trapdoor, tri-homed, trojan horse, trusted process, unilateral authentication, users, victim, virus, vulnerability, vulnerability assessment, zombie,
attack potential: IncludedBy:attack,; Related:resource,
Attack Sensing and Warning: IncludedBy:attack,; Related:authorized, identification, response,
attack signature: IncludedBy:signature,; Related:audit,
attack signature recognition: IncludedBy:attack, security software, signature,; Includes:virus signature,; Related:file, profile,
attackers: IncludedBy:attack,; Related:computer, information, malicious, min-entropy, system,
attribute: Related:entity, object, quality,
attribute authority: IncludedBy:authority, public-key infrastructure,; Related:certificate, entity, trust,
attribute certificate: IncludedBy:certificate,; Related:authority, backup, cryptographic, cryptography, digital signature, function, identification, information, key, owner, public-key, security, signature, subject, users,
attribute sampling
audit: IncludedBy:security,; Includes:COMSEC account audit, audit charter, audit data, audit plan, audit program, audit record, audit service, audit software, audit trail, audit/review, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, institute of internal auditors, multihost based auditing, security audit, test, vulnerability audit,; Related:Government Accountability Office, IT security, Identification Protocol, POSIX, access, access control, accountability, alert, application proxy, archive, attack signature, confidence, control, controlled access program oversight committee, controlled access protection, criteria, critical, distributed computing environment, file, fraudulent financial reporting, function, functional component, gap analysis, host based, identify, independence, intrusion detection, intrusion detection system, key management, key-escrow, keystroke monitoring, login, network based, network component, object, operation, policy, population, resource encapsulation, sas 70 report, secure single sign-on, security controls, security features, security software, sniffer, standard, system, system administrator, system security officer, technical countermeasures, threat monitoring, trust, verification, vulnerability, vulnerability analysis, work program,
audit charter: IncludedBy:audit,; Related:authority, function,
audit data: IncludedBy:audit,; Related:system,
audit plan: IncludedBy:audit,; Related:object, resource,
audit program: IncludedBy:audit, program,; Related:function,
audit record: IncludedBy:audit,; Related:information,
audit service: IncludedBy:audit,; Related:information, system,
audit software: IncludedBy:audit, software,; Related:computer, file, program,
audit trail: IncludedBy:audit, threat monitoring,; Includes:automated information system, console logs, security audit trail,; Related:access, access control, authorized, communications, communications security, computer, computer security, evidence, file, information, login, message, operation, process, resource, system, users,; Synonym:logging,
audit/review: IncludedBy:audit,; Related:certification, control, function, identify, system, vulnerability,
auditing tool: IncludedBy:audit,; Related:computer, network, passwords, system,
augmentation: Related:assurance,
authentic signature: IncludedBy:signature,; Related:digital signature, trust,
authenticate: IncludedBy:authentication,; Related:access, access control, authorized, certificate, communications, digital signature, entity, identity, integrity, network, object, public-key infrastructure, resource, signature, system, users, validate,
authentication: IncludedBy:quality of protection, security,; Includes:3-factor authentication, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, SAML authentication assertion, Simple Authentication and Security Layer, authenticate, authentication code, authentication data, authentication exchange, authentication header, authentication header protocol, authentication protocol, authentication service, authentication system, authentication token, authentication tools, biometric authentication, challenge and reply authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, electronic authentication, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification, implicit key authentication from A to B, key authentication, logon, low-cost encryption/authentication device, message authentication code, message authentication key, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication,; Related:COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Security Association and Key Management Protocol, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman algorithm, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access, access control, account authority digital signature, active attack, anonymous and guest login, anti-spoof, assurance, asymmetric cryptography, authenticity, authorization, authorized, backup, biometric measurement, biometrics, call back, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge-response protocol, challenge/response, claimant, code, common data security architecture, communications security, computer, computer cryptography, computer network, confidence, control, credentials, criteria, critical, critical security parameters, crypto-algorithm, cryptographic key, cryptography, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distributed computing environment, domain name system, dongle, eavesdropping attack, electronic credentials, encapsulating security payload, entity, exchange multiplicity parameter, file, file encryption, fingerprint, fraud, full disk encryption, handshaking procedures, hash function, impersonation, individual electronic accountability, information, information assurance, information assurance product, information systems security, information systems security equipment modification, integrity, interleaving attack, internet protocol security, keyed hash, keyed hash algorithm, keying material, man-in-the-middle attack, masquerading, message, message integrity code, network component, non-repudiation, non-repudiation service, nonce, object, off-line attack, one-time passwords, online attack, origin authenticity, passive attack, password system, passwords, point-to-point protocol, practice statement, pretty good privacy, privacy enhanced mail, process, proof of possession protocol, protection suite, protocol run, proxy, proxy server, public-key forward secrecy, public-key infrastructure, realm, registration, registration authority, replay attack, resource, sandboxed environment, secret, secure DNS, secure hash standard, secure shell, secure socket layer, security assertion markup language, security association identifier, security association:, security controls, security mechanism, session hijack attack, shared secret, signature, simple network management protocol, single sign-on, software, spoof, spoofing, subject, symmetric key, system, system entity, system entry, technical countermeasures, test, third party trusted host model, tokens, transport layer security, trust, trusted third party, user identifier, users, validate vs. verify, validation, verification, verifier, verifier impersonation attack, virtual private network, vulnerability, zero-knowledge password protocol,
authentication code: IncludedBy:authentication, code,; Related:computer, cryptographic, cryptography, encryption, function, information, integrity, process, software, system, users,
authentication data: IncludedBy:authentication,; Related:entity, identity, information, users,
authentication exchange: IncludedBy:authentication,; Related:entity, identity, information,
authentication header: IncludedBy:authentication, internet protocol security, security protocol,; Related:association, attack, confidentiality, connection, gateway, integrity, internet, internet security protocol, protocols, tunnel,; Synonym:authentication header protocol,
authentication header protocol: IncludedBy:authentication, protocols,; Related:integrity, internet protocol security, internet security protocol,; Synonym:authentication header,
authentication information: IncludedBy:3-factor authentication, information,; Related:entity, identity,
authentication protocol: IncludedBy:authentication, protocols,; Related:control, cryptographic, entity, identity, key, message, process,
authentication service: IncludedBy:authentication,; Related:entity, identity, network,
authentication system: IncludedBy:authentication, system,; Related:cryptographic system, cryptography, process,
authentication token: IncludedBy:authentication, tokens,; Related:code, response,
authentication tools: IncludedBy:authentication, security software,
authenticator: Related:backup, entity, identity,
authenticity: IncludedBy:integrity,; Related:authentication, confidence, entity, identity, information, message, process, property, resource, subject, system, trust, users,
authority: Includes:Internet Assigned Numbers Authority, Internet Policy Registration Authority, JTC1 Registration Authority, X.509 authority revocation list, account authority digital signature, accreditation authority, accrediting authority, assurance authority, attribute authority, authority certificate, authority revocation list, brand certification authority, cardholder certification authority, certificate authority workstation, certification authority, certification authority digital signature, certification authority workstation, certificaton authority, certified TEMPEST technical authority, command authority, controlling authority, delegated accrediting authority, delivery authority, designated accrediting authority, designated approval authority, designated approving authority, designating authority, evaluation authority, geopolitical certificate authority, issuing authority, judicial authority, local authority, merchant certification authority, organizational registration authority, payment gateway certification authority, policy approving authority, policy certification authority, policy creation authority, policy management authority, principal accrediting authority, registration authority, security authority, sub-registration authority, subordinate certification authority, time-stamping authority, trusted time stamping authority,; Related:COMSEC custodian, International Traffic in Arms Regulations, Internet Protocol Security Option, NRS token, NRT token, National Voluntary Laboratory Accreditation Program, SSO PIN, acceptable level of risk, access, accountability, accreditation, accreditation multiplicity parameter, accreditation range, alternate COMSEC custodian, assurance scheme, attribute certificate, audit charter, authorizing official, binding, certificate, certificate domain, certificate rekey, certificate revocation list, certification, certification hierarchy, certification practice statement, command and control, conformant validation certificate, credentials, cryptosystem review, data storage, designer, digital certificate, distribution point, enclave, entity, evaluation and validation scheme, evaluation scheme, identity proofing, information owner, information system security officer, inspectable space, national telecommunications and information system security directives, network security officer, non-repudiation of submission, non-repudiation of transport, notarization, operational waiver, personnel security, policy, policy mapping, primary account number, private accreditation exponent, private accreditation information, process, public-key certificate, public-key cryptography standards, public-key information, public-key infrastructure, realm, registration, review board, risk management, root, root CA, root registry, rules of engagement, security policy, sensitive information, special access program, system security officer, time-stamp requester, trust, trusted third party, trusted time stamp, users, validated products list, validation service,
authority certificate: IncludedBy:authority, certificate,; Related:certification,
authority revocation list: IncludedBy:authority, revocation,; Related:certificate, key, public-key, validate,
authorization: IncludedBy:users,; Includes:ACL-based authorization, access control, authorization key, authorization to process, authorize processing, authorized, delegation, interim access authorization, limited access authorization, list-oriented, multilevel security, need-to-know determination, permissions, pre-authorization, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented,; Related:Bell-LaPadula security model, Identification Protocol, Interim approval to test, RA domains, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, access, access approval, access level, accreditation, acquirer, approval/accreditation, attack, authentication, case-by-case basis, category, certificate update, closed security environment, computer, connection approval, control, covert channel, cracker, credentials, dedicated security mode, discretionary access control, eavesdropping, entity, export license, file, firewall, hackers, identity, insider, intelligence sources and methods, interconnection security agreements, interface control document, interim accreditation, interim approval to operate, internal system exposure, intruder, intrusion, intrusion detection, kerberos, key-encryption-key, key-escrow system, malicious intruder, management controls, mandatory access control, mode of operation, modes of operation, multilevel secure, multilevel security mode, open security environment, partitioned security mode, passwords, payment gateway, periods processing, personality label, personnel security, privilege management infrastructure, process, program, registration, reinstatement, remote authentication dial-in user service, resource, risk index, risk management, role, security, security assertion markup language, security clearance, security intrusion, security management infrastructure, sensitive compartmented information facility accreditation, simple network management protocol, skimming, system, system-high security mode, trojan horse, trust, unfavorable personnel security determination, user partnership program, vulnerability,
authorization key: IncludedBy:authorization,
authorization to process: IncludedBy:authorization, process,; Related:system,
authorize processing: IncludedBy:authorization, process,; Related:assessment, control, operation, risk, system,
authorized: IncludedBy:authorization,; Includes:authorized adjudicative agency, authorized classification and control markings register, authorized data security association list, authorized investigative agency, authorized person, authorized user, authorized vendor, authorized vendor program, unauthorized access, unauthorized disclosure, unauthorized person,; Related:ACH debit fraud, Attack Sensing and Warning, Automated Information System security, Bell-LaPadula security model, COMSEC equipment, COMSEC facility, DD 254 - Final, Defense Central Security Index, Escrowed Encryption Standard, FIPS PUB 140-1, IP splicing/hijacking, IS related risk, IT security database, IT security incident, IT-related risk, PIV issuer, SOCKS, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, TOP SECRET, U.S.-controlled facility, U.S.-controlled space, acceptance criteria, access, access category, access control, access control list, access control mechanisms, access control service, access mediation, acknowledged special access program, acquisition systems protection, active wiretapping, adequate security, administrative access, agent of the government, anonymous, anti-spoof, applicant, application controls, application server attack, approved test methods list, astragal strip, attack, audit trail, authenticate, authentication, automated information system media control system, automated security incident measurement, availability, between-the-lines-entry, bound metadata, browse access protection, call back, call back security, capability, carve-out, certification, certification authority, change control and life cycle management, classification, classification levels, classification markings and implementation working group, classified, classified information, clearance, cleared commercial carrier, client server, communications security, compromise, compromised key list, computer abuse, computer intrusion, computer network defense, computer security intrusion, confidential, confidentiality, configuration control, control zone, controlled access area, controlled space, controlled unclassified information, courier, covert channel, covert channel analysis, critical system, cryptographic key, cryptographic officer, cryptography, cryptoperiod, damage assessment, damage to the national security, data compromise, data confidentiality, data confidentiality service, data integrity, data integrity service, data security, deception, declassification, delegation of disclosure authority letter, deliberate compromise of classified information, deliberate exposure, demon dialer, denial-of-service, designated, designated laboratories list, disaster plan, disclosure of information, discretionary access control, downgrade, eavesdropping, egress point, electronic security, emanations security, emission security, emissions security, encryption, entity, entry control, exposure, extranet, extraordinary security measures, failure access, false acceptance rate, falsification, fetch protection, file protection, file security, firewall, fishbowl, forced entry, foreign disclosure, foreign liaison officer, foreign military sales, foreign ownership, control, or influence, fraud, frequency hopping, guard, hackers, hacking, handcarrier, honeypot, human error, identity, illegal drug use, impact, impersonation, implant, inadvertent disclosure, inadvertent disclosure incident, incident of security concern, inference, information assurance, information assurance product, information security, information systems security, insertion, insider, integrity, integrity policy, intelligence activities, intelligence activity, intelligence community classification and control markings implementation, interception, internal security controls, intranet, intrusion, intrusion detection, intrusion detection system, intrusion detection tools, issuer, joint personnel adjudication system, key distribution service, key owner, key recovery, leakage, least privilege, level of concern, list-oriented, logic bombs, logical access, logical access control, logoff, logon, major application, malicious applets, malicious code, malicious logic, malicious program, malware, masquerade, masquerading, media protection, misappropriation, mission critical, mode of operation, modes of operation, motivation, national security information, national security system, need for access, need-to-know, need-to-know determination, network security, no-lone zone, non-disclosure agreement, non-discussion area, open storage, operational data security, original classification, original classification authority, overt channel, passive, passive attack, passive threat, passwords, penetration, permissions, personal firewall, phage, physical and environmental protection, physical security, piggyback, piggyback entry, pre-activation state, principal disclosure authority, privacy, privileged access, privileged process, probe, procedural security, process, program channels or program security channels, program protection plan, protected network, protection ring, protective security service, proxy, random selection, red team, regrade, remote access, resource, risk, rogue device, safeguarding statement, scavenging, secrecy policy, secret, secure state, security, security clearance, security compromise, security in-depth, security incident, security violation, segregation of duties, sensitive information, session hijack attack, signature, skimming, social engineering, special access program/special access required, split knowledge, sponsor, spoof, spoofing, store, subcommittee on Automated Information System security, subcommittee on telecommunications security, subject, substitution, superuser, surreptitious entry, suspicious contact, system, system integrity, system integrity service, system security officer, system-high security mode, tamper, tamper resisting, tampering, tcpwrapper, theft of data, theft of functionality, theft of service, threat, ticket-oriented, time bomb, traditional INFOSEC program, transmission, trapdoor, trespass, trojan horse, trusted agent, trusted computing base, trusted identification forwarding, two-person control, two-person integrity, unclassified, unclassified controlled nuclear information, unclassified sensitive, unforgeable, upgrade, user representative, usurpation, vault, violation of permissions, vulnerability, war driving,
authorized adjudicative agency: IncludedBy:authorized,; Related:access, classified, intelligence,
authorized classification and control markings register: IncludedBy:authorized,; Related:classified, intelligence, security,
authorized data security association list: IncludedBy:authorized, security,
authorized investigative agency: IncludedBy:authorized,; Related:access, classified, intelligence,
authorized person: IncludedBy:authorized,; Related:access, classified, information,; Synonym:authorized user,
authorized user: IncludedBy:authorized, users,; Related:access, operation,; Synonym:authorized person,
authorized vendor: IncludedBy:authorized,; Related:cryptography, requirements,
authorized vendor program: IncludedBy:authorized, program,; Related:cryptographic, requirements,
authorizing official: Related:authority, function, information, operation, risk, system,
auto-manual system: IncludedBy:system,
automated clearing house: Related:computer,
automated data processing: HasPreferred:automated information system,
automated data processing security: HasPreferred:Automated Information System security,; IncludedBy:security,
automated data processing system: IncludedBy:automated information system, process, system,; Related:computer, software,
automated information system: IncludedBy:accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, information, modes of operation, process, security, system,; Includes:Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed dataprocessing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, lifecycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, network, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation,; PreferredFor:IT system, automated data processing,; Related:American National Standards Institute, American Standard Code for Information Interchange, Backus-Naur form, PCMCIA, application, application system, computer, control, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, function, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, network protocol stack, nibble, object code, object-oriented programming, operation, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, resource, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload,
automated information system media control system: Related:access, authorized, classified, identity, security,
Automated Information System security: IncludedBy:automated information system, information, process, risk management, subcommittee on Automated Information System security, system,; Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards,; PreferredFor:automated data processing security,; Related:access, authorized, computer, control, denial-of-service, function, operation, security software, software,; Synonym:computer security,
automated key distribution: IncludedBy:key, key management,; Related:computer, computer network, cryptographic, network, protocols,
automated key management center: IncludedBy:key, key management,
automated key management system: IncludedBy:key, key management, system,
automated logon sequences: IncludedBy:logon,; Related:computer, connection, program, users,
automated office support systems: IncludedBy:system,
automated security incident measurement: IncludedBy:incident, security incident, security software,; Related:authorized, information, network, target,
automated security monitoring: IncludedBy:risk management, security software,; Related:classified, control, critical, process, software, subject, system,
automatic declassification
automatic digital network: IncludedBy:network,
automatic key distribution center: IncludedBy:key,
automatic key distribution/rekeying control unit: IncludedBy:control, key, rekey,
automatic log-on: Related:users,
automatic remote rekeying: IncludedBy:key, rekey,
autonomous message switch: IncludedBy:message,
autonomous system: IncludedBy:system,; Related:policy, router,
auxiliary power unit
auxiliary vector
availability: IncludedBy:risk management, security, security goals,; Includes:application data backup/recovery, availability of data, availability service, business continuity plan, business impact analysis, contingency planning, continuity of operations, environmentally controlled area, fire barrier, fire suppression system, high availability, object, privacy, authentication, integrity, non-repudiation, recovery, system retention/backup, token backup,; Related:Common Criteria for Information Technology Security, IT security, IT security controls, IT security incident, National Computer Security Center, access, access control, adequate security, application server attack, assurance, attack, authorized, communications, computer, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial-of-service, entity, entry-level certification, failure, fault tolerant, hardening, high-impact system, impact, incident, information, information assurance, information security, information system and network security, intrusion, level of concern, levels of concern, line managers, low-impact system, maintainability, malicious code, malware, mid-level certification, minimum essential infrastructure, mirroring, mission assurance category, moderate-impact system, post-accreditation phase, potential impact, process, property, redundant control server, reliability, remediation, requirements for procedures and standards, resource, resource starvation, retro-virus, security category, security controls, security event, security policy, security requirements, simple network management protocol, software, system, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, users, vaulting, vulnerability,
availability of data: IncludedBy:availability,; Related:users,
availability service: IncludedBy:availability,; Related:access, access control, attack, control, denial-of-service, resource, system,
back up vs. backup: IncludedBy:backup, contingency plan,; Related:damage, function, resource, system,
backdoor: IncludedBy:malicious code,; Related:access, access control, computer, control, login, malicious, privileged, program, protocols, resource, risk, security, software, system, users,; Synonym:trapdoor,
background investigation: Related:security,
backhaul
backup: IncludedBy:recovery,; Includes:application data backup/recovery, back up vs. backup, backup generations, backup operations, backup plan, backup procedures, binding of functionality, binding of security functionality, card backup, dynamic binding, static binding, system retention/backup, token backup,; Related:X.509 certificate revocation list, application, archive, archiving, attribute certificate, authentication, authenticator, certificate renewal, certification, certification authority, certify, contingency plan, contingency planning, cryptographic key management system, digital certificate, digital signature, fallback procedures, file, key, key recovery, logic bombs, mirroring, national telecommunications and information system security directives, operations manager, process, program, public-key infrastructure, redundancy, redundant control server, registration, remediation, retrieval, retro-virus, security event, system, system administrator, time-stamp token, token management, valid certificate, validate vs. verify, validity period, vaulting,
backup generations: IncludedBy:backup, contingency plan,; Related:application, file,
backup operations: IncludedBy:backup, contingency plan, operation,; Related:business process, computer,
backup plan: IncludedBy:backup, contingency plan,
backup procedures: IncludedBy:backup, recovery,; Related:computer, failure, file, program, system,
Backus-Naur form: Related:automated information system,
baggage: IncludedBy:Secure Electronic Transaction,; Related:encryption, message,
balanced magnetic switch: Related:access, intrusion,
bandwidth: IncludedBy:information,; PreferredFor:information rate,; Related:channel capacity, communications, computer, computer network, covert, network, standard,
bank identification number: IncludedBy:Secure Electronic Transaction, identification,; Related:identify,
banking and finance: IncludedBy:critical infrastructures,; Related:critical, operation, system,
banner: Related:system,
banner grabbing: Related:application, connection, information, process, version,
bar code: IncludedBy:code,; Related:identification, information,
barograph
barometer
base station: Related:access,
baseline: IncludedBy:security,; Includes:baseline architecture, baseline controls, baseline management, baselining, security requirements baseline,; Related:as-is process model, control, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version,
baseline architecture: IncludedBy:baseline,
baseline controls: IncludedBy:baseline, control,; Related:security controls, system,
baseline management: IncludedBy:baseline, configuration management,; Related:application, identify,
baselining: IncludedBy:baseline,; Related:process, resource,
basic component: IncludedBy:component,
Basic Encoding Rules: IncludedBy:Abstract Syntax Notation One,; Includes:Distinguished Encoding Rules,; Related:standard,
bastion host: IncludedBy:automated information system, firewall,; Related:access, access control, application, attack, computer, gateway, network, protocols, resource, router, software, system, users,
batch mode: IncludedBy:automated information system,; Related:file, process,
batch process: IncludedBy:process,; Related:subject,
batch processing: IncludedBy:automated information system, process,
bebugging: Related:assurance, computer, program, test,; Synonym:error seeding,
Bell-LaPadula model: HasPreferred:Bell-LaPadula security model,
Bell-LaPadula security model: IncludedBy:formal security policy model, model, security model,; Includes:*-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject,; PreferredFor:Bell-LaPadula model, tranquility property,; Related:access, access control, authorization, authorized, classification levels, classified, computer, computer security, confinement property, control, flow, information, operation, policy, process, system,
benchmark: Related:business process, computer, evaluation, process, program, requirements, software, standard, system, test, users,
benchmarking: Related:identify, operation, process, quality,
benign: Related:access, access control, compromise, countermeasures, cryptographic, cryptography,
benign environment: Related:countermeasures, security,
best practices: IncludedBy:risk management,; Related:business process, function, identify, process, recommended practices, system,
beta i: Related:certification, security,
beta ii: Related:certification, security,
between-the-lines-entry: IncludedBy:attack,; Includes:piggyback,; Related:access, access control, authorized, communications, unauthorized access, users,
beyond A1: IncludedBy:trusted computer system,; Related:assurance, computer, criteria, evaluation, security, system, technology,
bias: Related:process, system,
Biba Integrity model: IncludedBy:formal security policy model, integrity, model,; Related:object, subject, system,; Synonym:Biba model,
Biba model: IncludedBy:model,; Related:integrity, object, subject, trust,; Synonym:Biba Integrity model,
big-endian: IncludedBy:automated information system,
bilateral trust: IncludedBy:public-key infrastructure, trust,; Related:business process,
bill payment: Related:application, internet,
bill presentment: Related:internet,
billets: Related:access, security,
bind: Related:certificate, digital signature, key, public-key, public-key infrastructure, signature, subject,
binding: Related:association, authority, certificate, certification, communications, cryptographic, cryptography, entity, identity, information, key, officer, operation, process, public-key, registration, security, trust, verification,
binding of functionality: IncludedBy:backup, function, target of evaluation,; Related:assessment, security, target,
binding of security functionality: IncludedBy:backup, function, security,
biological warfare: IncludedBy:warfare,; Related:damage,
biometric authentication: IncludedBy:authentication, biometrics,; Includes:thumbprint,; Related:3-factor authentication, information,
biometric information: IncludedBy:biometrics, information,
biometric measurement: IncludedBy:biometrics,; Related:authentication, entity, identity, users,
biometric system: IncludedBy:biometrics, system,; Related:entity, identification, identity, users, verification,
biometric template: IncludedBy:biometrics,; Related:algorithm,
biometrics: IncludedBy:security,; Includes:biometric authentication, biometric information, biometric measurement, biometric system, biometric template, capture, comparisons, false acceptance rate, match, minutiae,; Related:authentication, entity, identify, identity, key, registration, signature,
bit: IncludedBy:automated information system,; Related:information, key,
bit error rate: Related:communications, system, telecommunications,
bit forwarding rate: Related:allowed traffic, goodput, illegal traffic, interface, rejected traffic, response, test, unit of transfer,
BLACK: Related:RED/BLACK concept, cipher, classified, communications security, cryptography, information, process, security, system,
black-box testing: IncludedBy:security testing, test,; Related:analysis, function, functional test case design, functional testing, program, software, stress testing,
blacklist: Related:application, malicious, threat, users,
blended attack: IncludedBy:attack,; Related:code, malicious, malware,
blinding: Related:attack,
block: Related:function,
block chaining: Related:cipher, cryptographic, encipherment, information,; Synonym:cipher block chaining,
block cipher: IncludedBy:cipher,; Related:algorithm, encryption, interface, key, operation, process, property,
block cipher key: IncludedBy:cipher, key,; Related:control, operation,
Blowfish: IncludedBy:symmetric cryptography,; Related:cipher, key,
blue box devices: IncludedBy:threat,; Related:system,
blue team: Related:security, security testing, test,
bomb: IncludedBy:threat,; Related:failure, software, system,
boot sector virus: IncludedBy:virus,; Related:system,
bot-network operators: IncludedBy:threat,; Related:attack, control, denial-of-service, system,
bounce: Related:email, message,
bound metadata: IncludedBy:metadata,; Related:authorized, key,
boundary: Includes:COMSEC boundary, accreditation boundary, boundary host, boundary value, boundary value analysis, boundary value coverage, boundary value testing, cryptographic boundary, enclave boundary, specialized boundary host, system boundary,; Related:access, access control, cryptographic module, evaluation assurance level, external security controls, firewall, interface, remote access, security perimeter, software, system, users,
boundary host: IncludedBy:boundary,; Related:access control, control, flow, information, system,
boundary value: IncludedBy:boundary,; Includes:boundary value analysis, boundary value coverage, boundary value testing,; Related:stress testing, system,
boundary value analysis: IncludedBy:analysis, boundary, boundary value,; Related:domain, security testing, test,
boundary value coverage: IncludedBy:boundary, boundary value,; Related:test,
boundary value testing: IncludedBy:boundary, boundary value, security testing, test,; Related:domain,
branch coverage: Related:program, test,
brand: IncludedBy:Secure Electronic Transaction,; Related:entity, network, role,
brand certification authority: IncludedBy:Secure Electronic Transaction, authority, certification, public-key infrastructure,
brand CRL identifier: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:digital signature, message, process, signature,
breach: IncludedBy:threat,; Related:access control, control, information, penetration, security, system,
break: Related:algorithm, analysis, computer, cryptographic, cryptography, encryption, function, gateway, key, network, system,
break-wire detector: Related:intrusion,
brevity list: Related:message,
bridge: Related:protocols, router,
British Standard 7799: IncludedBy:standard,; Related:certification, code, control, criteria, information, information security, object, requirements, security, system,
broadband network: IncludedBy:network,; Related:operation, technology,
broadcast
brouters: IncludedBy:router,; Related:network, protocols,
browse access protection: IncludedBy:access,; Related:authorized, file, owner, security, software, system, users,
browser: IncludedBy:world wide web,; Related:computer, information, program,
browsing: IncludedBy:attack,; Related:information,
brute force: HasPreferred:brute force attack,; IncludedBy:attack,
brute force attack: IncludedBy:attack,; PreferredFor:brute force,; Related:algorithm, analysis, cipher, computer, cryptography, intelligence, key, message, process, program,
buffer overflow: IncludedBy:flow, threat,; Related:access, access control, code, computer, control, information, interface, process, system,
bug: IncludedBy:threat,; Related:anomaly, defect, error, exception, fault, function, program, property,
bulk encryption: IncludedBy:encryption,; Related:communications, telecommunications,
bulletin board services (systems): IncludedBy:system,
burn bag: Related:classified,
burn-in
business areas: Related:function, information, operation, resource, version,
business case: IncludedBy:business process,; Related:analysis, function, process, risk,
business continuity
business continuity plan: IncludedBy:availability, business process,; Related:risk,
business disruption and system failures: IncludedBy:operational risk loss, system,
business impact analysis: IncludedBy:analysis, availability, business process, risk analysis,; Related:control, identify, process,
business process: IncludedBy:process,; Includes:activity-based costing, business case, business continuity plan, business impact analysis, business process improvement, business process reengineering, constructive cost model, cost reimbursement contract, cost-risk analysis, cost/benefit, cost/benefit analysis, rolling cost forecasting technique,; Related:as-is process model, backup operations, benchmark, best practices, bilateral trust, change management, contingency plan, continuity of services and operations, core or key process, hardening, integrity, legacy systems, mission critical system, process management approach, recovery site, remediation, simulation modeling, to-be-process model, total quality management, workload, world class organizations,
business process improvement: IncludedBy:business process, process, quality,
business process reengineering: IncludedBy:business process, process,; Related:critical, quality, system,
BUSTER: Related:security,
bypass label processing: IncludedBy:process,
byte: IncludedBy:automated information system,; Related:computer, information,
C2-attack: IncludedBy:attack,; Related:C2-protect, adversary, information, system,
C2-protect: IncludedBy:Orange book, security,; Related:C2-attack, adversary, command and control, control, information, system,
CA certificate: IncludedBy:certificate,; Related:X.509, digital signature, key, public-key, signature,
call back: IncludedBy:security,; Related:access, access control, authentication, authorized, computer, connection, identify, system,
call back security: IncludedBy:security,; Related:authorized, connection, identify, system,
camouflage: Related:adversary, case officer, object,
Canadian Trusted Computer Product Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer, criteria, trust,
candidate TCB subset: IncludedBy:trusted computing base,; Includes:object, subject,; Related:evaluation, identification, software,
canister: Related:key,
capability: Includes:object,; Related:access, access control, authorized, certificate, communications, critical, critical infrastructures, entity, file, information, public-key infrastructure, resource, risk, system, tokens,
capacity: Related:message, signature,
CAPSTONE chip: IncludedBy:National Security Agency,; Related:Fortezza, cryptographic, cryptography, escrow, function, key, process,
capture: IncludedBy:biometrics,; Related:users,
card backup: HasPreferred:token backup,; IncludedBy:backup,
card initialization: Related:file, process, tokens,
card personalization: Related:code, signature, tokens,
cardholder: IncludedBy:Secure Electronic Transaction,; Related:entity, information, software, users,
cardholder certificate: IncludedBy:Secure Electronic Transaction, certificate,; Related:assurance, encryption, tokens, validate,
cardholder certification authority: IncludedBy:Secure Electronic Transaction, authority, certification, public-key infrastructure,; Related:certificate, gateway, tokens, verification,
carve-out: Related:access, authorized, classified,
cascading: Related:accreditation, flow, information, network, security, system,
case officer: Related:camouflage, deception, intelligence,
CASE tools: Related:code, function, information, model, program, requirements, security testing, software, test,
case-by-case basis: Related:authorization,
CAST: IncludedBy:symmetric cryptography,; Related:algorithm, encryption,
category: Includes:object,; Related:access, access control, authorization, classified, information, privileged, security, subject,
cause and effect diagram: HasPreferred:fishbone diagram,
caveat: Related:foreign, security,
CCI assembly: Related:communications security, control, cryptographic, cryptography, function,
CCI component: Related:communications security, control, cryptographic, cryptography, function,
CCI equipment: Related:communications, communications security, control, cryptographic, cryptography, function, information, telecommunications,
CCITT: IncludedBy:ITU-T,
cell: Related:communications, system,
cellular telephone
cellular transmission: Related:communications, network, technology,
center for information technology excellence: IncludedBy:information, technology,; Related:IT security, security, standard,
central adjudication facility: Related:security,
central office: Related:access,
central office of record: Related:communications security, subject,
central processing unit: IncludedBy:automated information system, process,
Central United States Registry for North Atlantic Treaty Organization: Related:classified,
centralized authorization: IncludedBy:access control,; Related:access, control,
centralized data processing: IncludedBy:automated information system, process,
centralized operations: IncludedBy:operation,; Related:certification, computer, control, function, process, quality,
centrally-administered network: IncludedBy:network,; Related:system,
certificate: IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative, pretty good privacy, privacy enhanced mail, web of trust,; Includes:CA certificate, Validation Certificate, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate, attribute certificate, authority certificate, cardholder certificate, certificate authority workstation, certificate chain, certificate chain validation, certificate creation, certificate directory, certificate domain, certificate domain parameters, certificate expiration, certificate holder, certificate management, certificate management services, certificate owner, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate revocation list, certificate revocation tree, certificate serial number, certificate status responder, certificate update, certificate user, certificate validation, conformant validation certificate, cross-certificate, digital certificate, encryption certificate, geopolitical certificate authority, indirect certificate revocation list, merchant certificate, mutual recognition of certificates, online certificate status protocol, organizational certificate, public-key certificate, root certificate, security certificate, self-signed certificate, signature certificate, software publisher certificate, trusted certificate, v1 certificate, v2 certificate, v3 certificate, valid certificate,; Related:ABA Guidelines, Abstract Syntax Notation One, Cryptographic Message Syntax, Distinguished Encoding Rules, Federal Public-key Infrastructure, IT security certification, MISSI user, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, RA domains, SET private extension, SET qualifier, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, X.500 Directory, X.509, X.509 authority revocation list, accreditation, applicant, archive, attribute authority, authenticate, authority, authority revocation list, bind, binding, capability, cardholder certification authority, certification, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, certification service, certify, common name, common security, compromised key list, credentials, critical, cross-certification, cryptoperiod, delta CRL, digital id, digital signature, directly trusted CA key, directory service, directory vs. Directory, distinguished name, distribution point, domain, end entity, enrollment service, entity, evaluation, extension, hierarchy management, identification, identity, information, invalidity date, issue, issuer, key, key lifetime, key management infrastructure, key material identifier, local authority, merchant certification authority, mesh PKI, message, operation, organizational registration authority, owner, party, path discovery, path validation, payment gateway certification authority, personal identity verification card, personality label, policy, policy approving authority, policy certification authority, policy creation authority, policy mapping, privilege management infrastructure, process, program, public-key, public-key infrastructure, registration, registration authority, registration service, relying party, repository, requirements, revocation, revocation date, root, root CA, secure hypertext transfer protocol, security event, security management infrastructure, security testing, signature, slot, sponsor, standard, strong authentication, subject, subordinate certification authority, system, test, ticket, token management, tokens, trust-file PKI, trusted key, tunneled password protocol, unforgeable, users, v1 CRL, v2 CRL, valid signature, validate, validate vs. verify, validated products list, validation, validity period, world wide web,
certificate authority: HasPreferred:certification authority,
certificate authority workstation: IncludedBy:authority, certificate,
certificate chain: IncludedBy:certificate,; Related:certification, public-key infrastructure, standard,
certificate chain validation: IncludedBy:certificate, validation,; Related:public-key infrastructure, standard,
certificate creation: IncludedBy:certificate, public-key infrastructure,; Related:process,
certificate directory: IncludedBy:certificate, public-key infrastructure,; Related:certification, key, public-key,
certificate domain: IncludedBy:certificate, domain,; Related:authority, certification, key, policy, public-key, security,
certificate domain parameters: IncludedBy:certificate, domain,; Related:cryptographic, cryptography, public-key infrastructure,
certificate expiration: IncludedBy:certificate,; PreferredFor:expire,; Related:public-key infrastructure,
certificate holder: IncludedBy:certificate,; Related:entity, subject, system,
certificate management: IncludedBy:certificate, public-key infrastructure,; Related:code, destruction, function, key, process, rekey, update,
certificate management services: IncludedBy:certificate,; Related:certification, lifecycle, public-key infrastructure, registration, revocation,
certificate owner: IncludedBy:certificate, owner,; Related:entity, subject, system, world wide web,
certificate policy: IncludedBy:Secure Electronic Transaction, certificate, policy, public-key infrastructure,; Related:X.509, application, authentication, key, object, public-key, requirements, security, trust, users,
certificate policy qualifier: IncludedBy:certificate, policy, public-key infrastructure,; Related:X.509, information, key, public-key,
certificate reactivation: IncludedBy:certificate, public-key infrastructure,; Related:process, revocation,
certificate rekey: IncludedBy:certificate, key, multilevel information systems security initiative, public-key infrastructure, rekey,; Related:X.509, authority, process, public-key, revoked state, subject, update,
certificate renewal: IncludedBy:certificate, public-key infrastructure, renewal,; PreferredFor:renew,; Related:X.509, backup, key, process, public-key, rekey, revoked state, subject, update,
certificate request: IncludedBy:certificate, public-key infrastructure,; Related:certification, standard,
certificate revocation: IncludedBy:certificate, public-key infrastructure,; PreferredFor:revoke,; Related:X.509, users,
certificate revocation list: IncludedBy:certificate, certification authority, revocation,; Related:accreditation, authentication, authority, encryption, evaluation, identify, key, process, public-key, revoked state, users, validate,
certificate revocation tree: IncludedBy:certificate, revocation,; Related:X.509, hash,
certificate serial number: IncludedBy:certificate,; PreferredFor:serial number,
certificate status responder: IncludedBy:certificate, public-key infrastructure,; Related:X.509, authentication, information, trust, users,
certificate update: IncludedBy:certificate, public-key infrastructure, update,; Related:X.509, authorization, key, process, public-key, rekey, renewal, subject,
certificate user: IncludedBy:certificate, users,; Related:control, entity, information, key, process, public-key, subject, system,
certificate validation: IncludedBy:certificate, public-key infrastructure, validation,; Related:X.509, certification, critical, digital signature, key, process, public-key, revocation, revoked state, semantics, signature, trust, users, validate,
certification: IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative,; Includes:IT security certification, accreditation, automated information system, brand certification authority, cardholder certification authority, certification agent or certifier, certification authority, certification authority digital signature, certification authority workstation, certification body, certification hierarchy, certification package, certification path, certification phase, certification policy, certification practice statement, certification request, certification service, clearance certification, decertification, digital certification, entry-level certification, evaluation, facilities certification, merchant certification authority, mid-level certification, payment gateway certification authority, policy certification authority, pre-certification phase, requirements, security certification level, site certification, subordinate certification authority, top-level certification, type certification,; Related:British Standard 7799, For Official Use Only Certified TEMPEST Technical Authority, IT security, Internet Policy Registration Authority, MISSI user, PIV registrar, RA domains, SET qualifier, SSO PIN, application, approved security container, assessment, assurance, audit/review, authority, authority certificate, authorized, backup, beta i, beta ii, binding, centralized operations, certificate, certificate chain, certificate directory, certificate domain, certificate management services, certificate request, certificate validation, certified TEMPEST technical authority, certifier, component extensibility, computer, computer security, control, criteria, digital certificate, entity, extension, external security controls, geopolitical certificate authority, hierarchical PKI, hierarchy management, hierarchy of trust, information, information assurance, key, key management, line supervision, operation, owner, path discovery, path validation, penetration test, policy approving authority, policy creation authority, pre-authorization, privacy enhanced mail, process, protocols, public-key, public-key certificate, public-key information, public-key infrastructure, root, root certificate, security event, security program manager, security testing, system, test, top CA, trust, trust chain, trust hierarchy, trust-file PKI, trusted certificate, trusted key, users, validate vs. verify,
certification agent or certifier: IncludedBy:certification,; Related:control, evaluation, requirements, risk, security, system, vulnerability,
certification and accreditation: IncludedBy:accreditation, evaluation, requirements, risk,; Related:process,
certification authority: IncludedBy:authority, certification, public-key infrastructure, trust,; Includes:certificate revocation list, credentials, cross-certification, non-repudiation, root CA,; PreferredFor:certificate authority,; Related:PIV issuer, X.509, association, authorized, backup, entity, evaluation, identity, identity credential issuer, information, key, message, public-key, requirements, security, standard, system, test, users, validate,
certification authority digital signature: IncludedBy:authority, certification, public-key infrastructure, signature,; Related:authentication, certificate, key, public-key,
certification authority workstation: IncludedBy:authority, certification, public-key infrastructure,; Related:application, certificate, computer, function, software, system, trust,
certification body: IncludedBy:certification,
certification hierarchy: IncludedBy:Secure Electronic Transaction, certification, multilevel information systems security initiative, public-key infrastructure,; Related:authority, certificate, gateway, internet, key, policy, public-key, registration, users, validation,
certification package: IncludedBy:certification,; Related:assessment, operation, risk, security,
certification path: IncludedBy:certification, public-key infrastructure,; Related:X.509, certificate, digital signature, entity, information, key, object, process, public-key, signature, subject, trust, users, validate,
certification phase: IncludedBy:certification,; Related:accreditation, application, assessment, control, process, security, system, verification,
certification policy: IncludedBy:certification, policy,; Related:certificate, public-key infrastructure,
certification practice statement: IncludedBy:certification, public-key infrastructure,; Related:application, authority, certificate, computer, entity, operation, policy, security, system, trust, users,
certification request: IncludedBy:certification, public-key infrastructure,; Related:X.509, algorithm, certificate, entity, key, public-key,
certification service: IncludedBy:certification, public-key infrastructure,; Related:certificate,
certification test and evaluation: IncludedBy:evaluation, test,; Related:security, software,
certificaton authority: IncludedBy:authority, public-key infrastructure,
certified information systems security professional: IncludedBy:computer security, information, system,
certified TEMPEST technical authority: IncludedBy:TEMPEST, authority,; Related:certification, criteria, requirements,
certifier: Related:accreditation, certification, identify, requirements, risk, system,
certify: Related:backup, certificate, entity, identity, key, owner, public-key, public-key infrastructure, subject, verification,
CGI scripts: IncludedBy:common gateway interface, software, threat, world wide web,; Related:security,
chain letter: IncludedBy:threat,; Related:users,
challenge: IncludedBy:challenge/response,; Related:information, random, response,
challenge and reply authentication: IncludedBy:authentication,; Related:subject,
Challenge Handshake Authentication Protocol: IncludedBy:authentication, challenge/response, protocols, security protocol,; Related:cryptographic, cryptography, entity, hash, key, random, response,
Challenge-Response Authentication Mechanism: IncludedBy:authentication, challenge/response, response,; Related:hash, key, shared secret,
challenge-response protocol: IncludedBy:protocols, response,; Related:attack, authentication, control, cryptographic, hash, key, operation, public-key, random,
challenge/response: IncludedBy:response,; Includes:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, challenge,; Related:3-factor authentication, Extensible Authentication Protocol, IMAP4 AUTHENTICATE, POP3 AUTH, authentication, entity, identity, information, key, process, system, tokens, users,
change control and life cycle management: IncludedBy:control, software development,; Related:authorized, program,
change management: Related:business process, process, security testing, test,
channel: Includes:communication channel, covert channel, covert storage channel, covert timing channel, exploitable channel, internal communication channel, overt channel, security-compliant channel, trusted channel,; Related:information, system,
channel capacity: Related:bandwidth, communications, information,
channel scanning: Related:intrusion, intrusion detection, system,
check character: IncludedBy:error detection code,; Includes:check character system,
check character system: IncludedBy:check character, system,
check digits
check word: Related:cipher, cryptographic, cryptography, check_password
check_password: IncludedBy:attack,; Related:passwords, program,
checksum: IncludedBy:integrity,; Related:algorithm, attack, computer, confidence, countermeasures, cryptographic, cryptography, entity, function, hash, information, network, object, system,
chemical warfare: IncludedBy:warfare,; Related:control,
Chernobyl packet: IncludedBy:threat,; Related:gateway, network,
chief information agency officer: IncludedBy:information, officer,; Related:operation, process, resource, technology,
chief information officer: IncludedBy:information, officer,; Related:resource, technology,
chosen-ciphertext attack: IncludedBy:attack, cipher,; Related:analysis, key,
chosen-plaintext attack: IncludedBy:attack,; Related:analysis, cipher, cryptography, key,
cipher: IncludedBy:encryption,; Includes:Rivest Cipher 2, Rivest Cipher 4, asymmetric cipher, asymmetric encipherment system, block cipher, block cipher key, chosen-ciphertext attack, cipher block chaining, cipher feedback, cipher suite, cipher text auto-key, ciphertext, ciphertext-only attack, decipher, decipherment, encipher, encipherment, encipherment algorithm, encrypt, encrypted key, n-bit block cipher, private decipherment key, private decipherment transformation, public encipherment key, public encipherment transformation, stream cipher, symmetric encipherment algorithm,; Related:BLACK, Blowfish, Data Authentication Algorithm, Data Encryption Algorithm, El Gamal algorithm, RED/BLACK separation, Rivest-Shamir-Adleman algorithm, Skipjack, algorithm, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, brute force attack, check word, chosen-plaintext attack, ciphony, cleartext, code, controlled access area, cryptanalysis, crypto-algorithm, cryptographic, cryptographic key, cryptographic synchronization, cryptographic system, cryptography, cut-and-paste attack, data encryption key, decrypt, decryption, encode, encryption algorithm, feedback buffer, initialization value, initialization vector, initializing value, intelligent threat, key, key generator, key stream, known-plaintext attack, message authentication code vs. Message Authentication Code, mode of operation, one-time pad, one-way encryption, out-of-band, private key, public-key, public-key certificate, public-key cryptography, secret-key cryptography, security strength, semantic security, superencryption, system, traffic analysis, traffic encryption key, triple DES,
cipher block chaining: IncludedBy:cipher,; Related:algorithm, code,; Synonym:block chaining,
cipher feedback: IncludedBy:cipher, cryptography,; Related:algorithm, code,
cipher suite: IncludedBy:cipher,; Related:algorithm, code,
cipher text auto-key: IncludedBy:cipher, key,; Related:cryptographic,
ciphertext: IncludedBy:cipher,; Related:algorithm, encipherment, encryption, information, message,
ciphertext key: HasPreferred:encrypted key,
ciphertext-only attack: IncludedBy:attack, cipher,; Related:algorithm, analysis, cryptographic, key, subject,
ciphony: Related:cipher, information, process,
circuit control officer: IncludedBy:control,
circuit level gateway: IncludedBy:gateway,; Related:connection, firewall, validate,; Synonym:circuit proxy,
circuit proxy: IncludedBy:firewall, proxy,; Related:application, connection, control, key,; Synonym:circuit level gateway,
circuit switching: Related:communications, connection, network, system,
civil liberties
CKMS: Related:cryptographic, key, metadata,
CKMS component: Related:policy, software,
CKMS profile: IncludedBy:file, profile,; Related:requirements, security,
claimant: Related:authentication, entity, function, identity, man-in-the-middle attack, protocols,
clandestine operation: Related:covert operation, overt operation,
Clark Wilson integrity model: IncludedBy:integrity, model,; Related:access, access control, control, software,
class 2, 3, 4, or 5: IncludedBy:public-key infrastructure,; Related:assurance, classified, critical, cryptographic, entity, identification, information, key, risk, system, tokens,
class: Related:object,
class hierarchy: Related:network,
class object: IncludedBy:object,
classification: Related:authorized, classified, object, security,
classification guidance
classification guide: Related:classified, subject,
classification levels: IncludedBy:classified,; Includes:TOP SECRET, confidential, default classification, secret, sensitive, sensitive but unclassified, trust level,; Related:Bell-LaPadula security model, Internet Protocol Security Option, authorized, classified information, clearance level, compartment, confinement property, controlled security mode, damage, dedicated security mode, dominated by, dominates, downgrade, information, lattice model, mode of operation, modes of operation, multilevel security, multilevel security mode, non-discretionary security, object, regrade, risk index, sanitize, security label, security level, security situation, sensitivity label, system-high security mode, users,
classification markings and implementation working group: Related:authorized, intelligence,
classified: IncludedBy:security,; Includes:classification levels, classified contract, classified information, classified information procedures act, classified information spillage, classified military information, classified national security information, classified visit, controlled unclassified information, default classification, deliberate compromise of classified information, endorsed for unclassified cryptographic information, endorsed for unclassified cryptographic item, north atlantic treaty organization classified information, sensitive but unclassified, sensitive but unclassified information, unclassified, unclassified controlled nuclear information, unclassified internet protocol router network, unclassified sensitive,; Related:BLACK, Bell-LaPadula security model, COMSEC demilitarization, CRYPTO, Central United States Registry for North Atlantic Treaty Organization, DD 254 - Final, DD 254 - Original, Data Encryption Standard, Defense Central Security Index, Defense Information Systems Network, Escrowed Encryption Standard, FIPS PUB 140-1, Federal Public-key Infrastructure, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, National Institute of Standards and Technology, National Security Agency, RED, RED/BLACK concept, Secure Telephone Unit III, Skipjack, Trusted Computer System Evaluation Criteria, Type 1 key, Type 2 key, Type I cryptography, Type II cryptography, access, access approval, access control, access eligibility determination, access national agency check and inquiries, accesses, accreditation, acknowledged special access program, acoustic security, activity security manager, adjudication, advanced encryption standard, adverse information, agency, aggregation, applicant, associated markings, authorized, authorized adjudicative agency, authorized classification and control markings register, authorized investigative agency, authorized person, automated information system media control system, automated security monitoring, burn bag, carve-out, category, class 2, 3, 4, or 5, classification, classification guide, classifier, clearance, clearance certification, cleared escort, clearing, closed area, code word, cognizant security agency, compartment, compartmentalization, compromise, confidentiality, confinement property, contamination, controlled cryptographic item, controlled security mode, courier, custodian, damage assessment, data aggregation, declassification, declassification authority, dedicated mode, dedicated security mode, derivative classification, designated disclosure authority, dominated by, dominates, downgrade, downgrading, equity, escort, exception, facilities accreditation, facilities certification, facility security clearance, false positive, for official use only, foreign disclosure, foreign disclosure point of contact, foreign ownership, control, or influence, foreign relations of the united states, foreign travel briefing, foreign visit, formal access approval, formerly restricted data, government-to-government transfer, guard, handcarrier, handle via special access control channels only, high assurance guard, inadvertent disclosure incident, incident of security concern, industrial security, information, information category, information security oversight office, inspectable space, interim approval to operate, internal vulnerability, invalidation, key-escrow system, lattice model, law enforcement sensitive, mandatory access control, mandatory declassification review, mission critical, mode of operation, modes of operation, multilevel security, multilevel security mode, multiuser mode of operation, national security information, national security system, national security-related information, naval nuclear propulsion information, need for access, need-to-know, nicknames, non-disclosure agreement, non-discretionary security, non-discussion area, one-time access, open storage, operations security, operations security survey, originating agency determination required, pass/fail, periods processing, personnel security, personnel security - issue information, personnel security clearance, personnel security determination, personnel security interview, personnel security investigation, personnel security program, policy, program channels or program security channels, program protection plan, program sensitive information, protected distribution systems, protected information, public law 100-235, purge, radio frequency jamming, reference material, regrade, reinstatement, release, restricted area, restricted data, revocation, revocation of facility security clearance, risk index, safeguarding and safeguarding measures, safeguarding statement, sanitize, sanitizing, secret, secret key, secure data device, secure operating system, security assurance, security classification guides, security clearance, security compromise, security domain, security incident, security infraction, security label, security level, security policy automation network, security situation, security violation, senior agency official, sensitive compartmented information, sensitive information, sensitivity label, single scope background investigation - periodic reinvestigation, source document, special access program facility, spillage, sponsoring agency, stand-alone automated information system, standard practice procedures, stratified random sample, subcontract, suspicious contact, system-high security mode, systematic declassification review, tear line, technical data, temporary help/job shopper, transmission, transportation plan, trusted computer system, trusted foundry, type 1 products, type 2 product, type 3 key, type 3 product, unacknowledged special access program, unauthorized disclosure, unauthorized person, unfavorable personnel security determination, upgrade, working papers,
classified contract: IncludedBy:classified,; Related:access, requirements,
classified data: HasPreferred:classified information,
classified information: IncludedBy:access control, classified, information,; Includes:classified military information, classified national security information,; PreferredFor:classified data,; Related:authorized, classification levels, classified information procedures act, classified information spillage,
classified information procedures act: IncludedBy:classified,; Related:access, classified information,
classified information spillage: IncludedBy:classified, information, threat,; Related:classified information, incident, security incident,
classified military information: IncludedBy:classified, classified information,
classified national security information: IncludedBy:classified, classified information,
classified visit: IncludedBy:classified,; Related:access,
classifier: Related:classified, security,
clean system: IncludedBy:system,; Related:application, compromise, computer, file, risk, security, software, trust, virus,
clearance: Related:access, authorized, classified, security, trust,
clearance certification: IncludedBy:certification,; Related:access, classified, security,
clearance level: Related:access, access control, classification levels, information, security, security clearance,
cleared commercial carrier: Related:authorized, security,
cleared employees: Related:security,
cleared escort: Related:United States citizen, access, classified,
clearing: Related:classified, key, system,
cleartext: Antonym:encryption,; PreferredFor:plain text,; Related:cipher, cryptography, information, operation, process,
client: Related:access, access control, computer, entity, process, program, system, users,
client server: IncludedBy:automated information system,; Related:access, access control, authorized, communications, computer, model, process, program, system, users,
clients, products, and business practices: IncludedBy:operational risk loss,; Related:requirements,
Clipper chip: IncludedBy:National Institute of Standards and Technology, National Security Agency,; Includes:Law Enforcement Access Field,; Related:algorithm, communications, cryptographic, cryptography, encryption, escrow, key, process, standard, tamper,
closed area: Related:classified, requirements,
closed security environment: IncludedBy:security, software development,; Related:application, assurance, authorization, control, malicious, operation, system,
closed storage: Related:access, security,
closed user group: IncludedBy:users,; Related:communications,
cluster controller: IncludedBy:control,
cluster sample: Related:random,
co-utilization: Related:access,
coalition
coaxial cable
code: Includes:American Standard Code for Information Interchange, accounting legend code, authentication code, bar code, code amber, code book, code coverage, code division multiple access, code green, code group, code red, code vocabulary, coded switch system, country code, data authentication code, data authentication code vs. Data Authentication Code, decode, electronic codebook, encode, error detection code, executable code, hash code, hashed message authentication code, malicious code, manipulation detection code, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message integrity code, microcode, mobile code, object code, one-part code, operations code, source code, source code generator, two-part code,; Related:British Standard 7799, CASE tools, Distinguished Encoding Rules, El Gamal algorithm, Generic Security Service Application Program Interface, Integrated CASE tools, POSIX, Type II cryptography, algorithm, antivirus tools, application generator, application program interface, authentication, authentication token, blended attack, buffer overflow, card personalization, certificate management, cipher, cipher block chaining, cipher feedback, cipher suite, coding, communications security, compiled viruses, compiler, completeness, computer, crack, cryptographic, cryptographic application programming interface, cryptographic key, cryptography, cyclic redundancy check, data driven attack, dc servo drive, decrypt, domain name, dynamic analysis, encrypt, encryption, exploit, fault injection, fork bomb, gateway, hash, hash token, identification authentication, imprint, information, instrumentation, interface, interpreted virus, keyed hash algorithm, keying material, killer packets, logic bombs, maintenance hook, malicious program, malware, message, national security system, network sniffing, null, object, out-of-band, output transformation, passive security testing, patch, payload, penetration test, penetration testing, personal identification number, polymorphism, portability, positive control material, primary account number, program, protocols, reduction-function, reverse engineering, revoked state, scalability, secure hash standard, security perimeter, sensitive information, shim, simple network management protocol, spyware, state delta verification system, syllabary, symmetric key, synchronous flood, system, technical vulnerability information, test case generator, test cycle, time bomb, trapdoor, trojan horse, trust, unit, untrusted process, variant, verification, virus, worm,
code amber: IncludedBy:code, critical infrastructures, threat,; Related:critical, function, security,
code book: IncludedBy:code,; Related:encryption, system,
code coverage: IncludedBy:code,; Related:analysis, software, test,
code division multiple access: IncludedBy:access, code, security,; Related:cryptography, technology,
code green: IncludedBy:code, critical infrastructures,
code group: IncludedBy:code,; Related:system,
code red: IncludedBy:code, critical infrastructures, threat,; Related:attack, critical, function, security,
code vocabulary: IncludedBy:code,; Related:system,
code word: Related:classified, security,
coded switch system: IncludedBy:code, system,
coding: Related:code, computer, flow, program, software,
coefficient of variation: Related:standard,
coercive force
coercivity
cognizant security agency: IncludedBy:security,; Related:classified, intelligence,
cognizant security office: IncludedBy:security,
cohabitant
cold site: IncludedBy:disaster recovery,; Related:communications, computer, connection, hot site, system,
cold start: Related:cryptography, key, users,
collaborative computing: Related:application, information, technology,
collateral information: Related:access, security, security clearance, subject,
collision-resistant hash function: IncludedBy:function, hash,; Related:property, requirements,
color change: Related:information, process, system,
command and control: IncludedBy:control,; Includes:command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, global command and control system, nuclear command and control document,; Related:C2-protect, Defense Information Infrastructure, authority, communications, function, operation,
command and control warfare: IncludedBy:command and control, control, warfare,; Related:adversary, application, information, intelligence, operation, security,
command authority: IncludedBy:authority,; Related:key, users,
command, control, and communications: IncludedBy:command and control, communications, control,
command, control, communications and computers: IncludedBy:command and control, communications, computer, control,
command, control, communications and intelligence: IncludedBy:command and control, communications, control, intelligence,
Commercial COMSEC Endorsement Program: IncludedBy:communications security, program,
Commercial COMSEC Evaluation Program: IncludedBy:communications security, evaluation, program,; Related:algorithm, module, standard, system,
commercial off-the-shelf software: IncludedBy:software,; Related:test,; Synonym:COTS software,
commercial software: IncludedBy:software,; Related:owner,
commercial-off-the-shelf: Includes:COTS software,
Committee of sponsoring organizations (of the Treadway Commission)
Common Criteria: IncludedBy:criteria,; Related:assurance, computer security, evaluation, function, information, information assurance, program, requirements, role, security, standard, system, technology,; Synonym:Common Criteria for Information Technology Security,
Common Criteria for Information Technology Security: IncludedBy:National Institute of Standards and Technology, computer security, criteria, information, security, technology,; Includes:Common Criteria for Information Technology Security Evaluation, national information assurance partnership,; Related:National Security Agency, algorithm, application, assessment, assurance, availability, computer, computer network, confidentiality, control, cryptographic, cryptography, emanation, emanations security, evaluation, function, integrity, malicious, network, operation, requirements, software, standard, system, threat, trust, version,; Synonym:Common Criteria,
Common Criteria for Information Technology Security Evaluation: IncludedBy:Common Criteria for Information Technology Security, computer security, criteria, evaluation, information, technology,; Includes:Canadian Trusted Computer Product Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria, assurance component, common criteria version 1.0, common criteria version 2.0, component dependencies, component extensibility, component hierarchy, component operations, evaluation assurance level, functional component, protection profile, security target, trusted gateway,; Related:IT security, assessment, requirements, risk,
Common Criteria Testing Laboratory: IncludedBy:criteria, national information assurance partnership, security testing, test,; Includes:Monitoring of Evaluations, Scope of Accreditation, Validation Certificate, approved technologies list, approved test methods list, deliverables list, designated laboratories list, designating authority, designation policy, evaluation technical report, evaluation work plan, observation reports,; Related:IT security, accreditation, computer security, evaluation, program, validation,
Common Criteria Testing Program: IncludedBy:criteria, national information assurance partnership, program, security testing, test,; Related:evaluation, validation,
common criteria version 1.0: IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, version,; Related:computer security, information, technology,
common criteria version 2.0: IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, version,; Related:computer security, information, technology,
common data security: IncludedBy:common data security architecture,; Related:communications, module, system,
common data security architecture: IncludedBy:security,; Includes:common data security, common security, common security services manager, cryptographic service, cryptographic service providers,; PreferredFor:communication and data security architecture,; Related:authentication, encryption,
Common Evaluation Methodology: IncludedBy:evaluation, national information assurance partnership,
common fill device: Related:key,
common gateway interface: IncludedBy:gateway, interface, world wide web,; Includes:CGI scripts,; Related:access, access control, program, resource,
common interswitch rekeying key: IncludedBy:key, rekey,
Common IP Security Option: IncludedBy:security,
common name: IncludedBy:public-key infrastructure,; Related:X.509, certificate, key, object, public-key,
common security: IncludedBy:common data security architecture,; Related:application, certificate, cryptographic, integrity, key, policy, protocols, public-key infrastructure, trust,
common security services manager: IncludedBy:common data security architecture,
common vulnerabilities and exposures: IncludedBy:exposure, vulnerability,; Related:risk,
communication and data security architecture: HasPreferred:common data security architecture,; IncludedBy:security,
communication channel: IncludedBy:channel, communications,; Includes:internal communication channel,; Related:information, network,
communication equipment room: IncludedBy:communications,
communication link: IncludedBy:communications,
communications: IncludedBy:network,; Includes:National Communications System, National Security Telecommunications Advisory Committee, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Administration, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, asynchronous communication, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, communication channel, communication equipment room, communication link, communications cover, communications deception, communications electronics operating instruction, communications profile, communications protocol, communications security element, data communications, defense communications system, diplomatic telecommunications service, federal telecommunications system, global telecommunications service, government emergency telecommunications service, imitative communications, information and communications, internal communication channel, manipulative communications deception, minimum essential emergency communications network, national telecommunications and information system security directives, personal communications network, private communication technology, protected communications, protected communications zone, secure communications, subcommittee on telecommunications security, telecommunications, telecommunications security, tri-service tactical communications system,; Related:American National Standards Institute, CCI equipment, COMSEC aid, COMSEC equipment, COMSEC material, COMSEC module, COMSEC monitoring, COMSEC survey, CRYPTO, Clipper chip, Defense Information Infrastructure, Escrowed Encryption Standard, IT resources, ITU-T, Integrated services digital network, National Security Decision Directive 145, OSI architecture, Rivest-Shamir-Adleman algorithm, TEMPEST, access, access control, active wiretapping, alarm surveillance, application, application program interface, approval/accreditation, audit trail, authenticate, availability, bandwidth, between-the-lines-entry, binding, bit error rate, bulk encryption, capability, cell, cellular transmission, channel capacity, circuit switching, client server, closed user group, cold site, command and control, common data security, component, computer fraud, content filtering, control, controlled cryptographic item, covert channel, covert timing channel, cracker, cross-talk, cryptography, cryptology, cybersecurity, cyberspace, deception, delegated development program, dial-up, dial-up line, digital telephony, distributed processing, electronic commerce, electronic data interchange, electronic key management system, electronic security, email, encryption, end-to-end encryption, exercise key, extraction resistance, fault, field device, field site, frequency hopping, front-end processor, full-duplex, gateway, general support system, global information grid, global information infrastructure, help desk, host, inference, information processing standard, information superhighway, information systems security engineering, information technology, information technology system, interface, interference, internet, internet control message protocol, internet protocol, internetwork, intranet, key exchange, key management/exchange, key recovery, line conditioning, line conduction, link, link encryption, local loop, local-area network, major application, message indicator, mission critical, multicast, multilevel security, national information infrastructure, national security system, nations, network architecture, network configuration, network device, network layer security, network management, network management architecture, network management protocol, network weaving, online certificate status protocol, open system interconnection model, operations code, outage, over-the-air key transfer, over-the-air rekeying, overt channel, packet filtering, passive wiretapping, peer-to-peer communication, per-call key, personal firewall, platform, port, privacy system, protocol suite, protocols, public-key infrastructure, reliability, remote access, remote terminal emulation, remote terminal unit, replay attack, secure hypertext transfer protocol, secure socket layer, security, security controls, security perimeter, session hijack attack, signaling, simple network management protocol, software, spread spectrum, subcommittee on Automated Information System security, subnetwork, superencryption, system, system assets, systems security steering group, systems software, technology area, telecommuting, teleprocessing, traffic analysis, traffic padding, traffic-flow security, transmission security, transport mode vs. tunnel mode, trusted gateway, tunnel, user data protocol, virtual private network, war dialer, wide-area network, wiretapping, worm,
communications cover: IncludedBy:communications,; Related:adversary, information,
communications deception: IncludedBy:communications, security,; Related:adversary, assurance,
communications electronics operating instruction: IncludedBy:communications,
communications intelligence: IncludedBy:intelligence,; Related:foreign,
communications profile: IncludedBy:communications, file, profile,; Related:communications security, function, security, system,
communications protocol: IncludedBy:communications, protocols,; Related:computer, information, standard,
communications security: IncludedBy:Automated Information System security,; Includes:COMSEC Material Control System, COMSEC Parent Switch, COMSEC Resources Program, COMSEC Subordinate Switch, COMSEC Utility Program, COMSEC account, COMSEC account audit, COMSEC aid, COMSEC boundary, COMSEC chip set, COMSEC control program, COMSEC custodian, COMSEC end-item, COMSEC equipment, COMSEC facility, COMSEC incident, COMSEC insecurity, COMSEC manager, COMSEC material, COMSEC modification, COMSEC module, COMSEC monitoring, COMSEC profile, COMSEC survey, COMSEC system data, COMSEC training, Commercial COMSEC Endorsement Program, Commercial COMSEC Evaluation Program, National COMSEC Advisory Memorandum, National COMSEC Information Memorandum, National COMSEC Instruction, advanced self-protection jammer, alternate COMSEC custodian, anti-jam, anti-jamming, communications security element, crypto-security, emissions security, internet protocol security, meaconing, intrusion, jamming, and interference, network security, network security architecture, network security architecture and design, network security officer, subcommittee on telecommunications security, telecommunications security,; Related:BLACK, CCI assembly, CCI component, CCI equipment, CRYPTO, FIPS PUB 140-1, Federal Public-key Infrastructure, RED, RED/BLACK separation, Secure Data Exchange, TSEC nomenclature, access control list, accountability, accounting legend code, accounting number, alert, algorithm, approval/accreditation, audit trail, authentication, authorized, central office of record, code, communications profile, computer emergency response team, confidentiality, control, cryptographic, cryptography, data transfer device, design controlled spare parts, direct shipment, drop accountability, electronic attack, electronic key management system, electronically generated key, element, encryption algorithm, entity, fill device, fixed COMSEC facility, frequency hopping, incident, information, information security, integrity, key, key distribution center, key management, limited maintenance, local management device/key processor, long title, mandatory modification, network sponsor, optional modification, procedural security, process, protective packaging, repair action, security architecture, security incident, security net control station, short title, supersession, system, systems security steering group, telecommunications, test key, time-compliance date, transmission security, trusted path, two-person integrity, updating, user representative,
communications security element: IncludedBy:communications, communications security,
communications security monitoring: IncludedBy:security,
community of interest: Related:security, users,
community risk: IncludedBy:risk,; Related:vulnerability,
community string: Related:passwords, version,
company
comparisons: IncludedBy:biometrics,; Related:entity, identification, identity, process, verification,
compartment: Related:access, access control, classification levels, classified, control, information,
compartment key: IncludedBy:key,
compartmentalization: Related:access, access control, classified, control, information, security,
compartmentation: Related:access,
compartmented intelligence: IncludedBy:intelligence,; Related:access,
compartmented mode: Related:access, access control, information, operation, process, security, system, users,
compelling need: Related:access,
compensating security controls: IncludedBy:control, security,; Related:countermeasures, information, operation, system,
competition: Related:object,
compiled viruses: IncludedBy:virus,; Related:code, program, system,
compiler: IncludedBy:software development,; Related:code, computer, object, program, source code,
completeness: Related:code, function, requirements, software,
compliance-based: Related:IT security, program, security, standard, system,
component: IncludedBy:component dependencies, component extensibility, component hierarchy, component operations, component reference monitor, construction of TOE requirements, target of evaluation,; Includes:assurance component, basic component, development assurance component, evaluation assurance component, functional component, functional unit, network component,; Related:communications, computer, control, entity, file, function, gateway, identity, message, network, object, operation, profile, security, security testing, software, subject, system, target, telecommunications, test, trust, verification,
component dependencies: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component,; Related:assurance, function,
component extensibility: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component, security target,; Related:assurance, certification, criteria, function,
component hierarchy: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component,; Related:assurance, criteria, function, requirements,
component operations: IncludedBy:Common Criteria for Information Technology Security Evaluation, operation,; Includes:component, security policy, threat,; Related:application, criteria, policy,
component reference monitor: IncludedBy:access control,; Includes:component, object, subject,; Related:access, control,
compromise: IncludedBy:incident,; Includes:areas of potential compromise, compromised key list, compromised state, compromising emanation performance requirement, compromising emanations, data compromise, deliberate compromise of classified information, destroyed compromised state, security compromise,; Related:DNS spoofing, TEMPEST, TEMPEST shielded, TEMPEST test, acknowledged special access program, acquisition systems protection, adversary, application server attack, attack, authorized, benign, classified, clean system, computer, control, control zone, core secrets, cost-risk analysis, counterintelligence assessment, critical, critical program information, critical security parameters, cryptographic, cryptography, emanations security, emissions security, entity, environmental failure protection, environmental failure testing, file integrity checking, flaw hypothesis methodology, forward secrecy, information, insider, intrusion, invalidity date, key, key lifecycle state, leapfrog attack, line supervision, malware, metadata, multilevel device, object, ohnosecond, payment gateway certification authority, policy, privacy, protective technologies, public-key forward secrecy, revocation, revocation date, risk analysis, robustness, rootkit, security, security audit, security environment threat list, security event, security incident, security infraction, security management infrastructure, security violation, suppression measure, suspicious contact, system, tri-homed, trust, trusted recovery, unacknowledged special access program, version, vulnerability, vulnerability assessment, warehouse attack,
compromised key list: IncludedBy:compromise, key, multilevel information systems security initiative, public-key infrastructure, threat,; Related:authorized, certificate, computer, control, identification, subject, system, users,
compromised state: IncludedBy:compromise, key lifecycle state,; Related:cryptographic, key, lifecycle, process,
compromising emanation performance requirement: IncludedBy:compromise, emanations security, risk,
compromising emanations: IncludedBy:TEMPEST, compromise, emanations security, threat,; Related:information, intelligence, process, system,
computer: Includes:Canadian Trusted Computer Product Evaluation Criteria, Computer Incident Advisory Capability, Computer Security Objects Register, DoD Trusted Computer System Evaluation Criteria, National Computer Security Center, National Computer Security Center glossary, Trusted Computer System Evaluation Criteria, command, control, communications and computers, computer abuse, computer architecture, computer cryptography, computer emergency response team, computer emergency response teams' coordination center, computer forensics, computer fraud, computer incident assessment capability, computer intrusion, computer network, computer network attack, computer network defense, computer network exploitation, computer network operations, computer operations, audit, and security technology, computer oracle and password system, computer related controls, computer related crime, computer security, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computer-aided software engineering, computer-assisted audit technique, embedded computer, energy-efficient computer equipment, joint task force-computer network defense, laptop computer, national computer security assessment program, organization computer security representative, personal computer, personal computer memory card international association, trusted computer system,; Related:Abrams, Jojodia, Podell essays, Abstract Syntax Notation One, American National Standards Institute, Automated Information System security, Bell-LaPadula security model, COMSEC control program, Common Criteria for Information Technology Security, Cryptographic Application Program Interface, Data Encryption Standard, Defense Information Infrastructure, Estelle, FIPS PUB 140-1, Federal Information Processing Standards, Forum of Incident Response and Security Teams, IP address, IT resources, IT security incident, Integrated services digital network, Internet worm, Open Systems Interconnection Reference model, Orange book, PC card, PCMCIA, PHF, POSIX, Red book, SOCKS, TEMPEST, Terminal Access Controller Access Control System, Trusted Systems Interoperability Group, Yellow book, abort, access control center, access control list, access port, accessibility, accountability, accreditation, accreditation range, active wiretapping, add-on security, administrative account, algorithm, antivirus software, application, application server attack, application system, approval/accreditation, assurance, attack, attackers, audit software, audit trail, auditing tool, authentication, authentication code, authorization, automated clearing house, automated data processing system, automated information system, automated key distribution, automated logon sequences, availability, backdoor, backup operations, backup procedures, bandwidth, bastion host, bebugging, benchmark, beyond A1, break, browser, brute force attack, buffer overflow, byte, call back, centralized operations, certification, certification authority workstation, certification practice statement, checksum, clean system, client, client server, code, coding, cold site, communications protocol, compiler, component, compromise, compromised key list, confidentiality, configuration control, configuration item, configuration management, console logon, console logs, continuity of services and operations, cracker, cracking, crash, criteria, cyberspace, cyberspace operations, data, data integrity, data management, data processing, database management system, debug, default account, demilitarized zone, denial-of-service, descriptive top-level specification, dial back, dial-up, dial-up line, dial-up security, digital certificate, digital signature, discrete event simulation, distributed data, distributed database, distributed denial-of-service, distributed processing, domain name service server, dongle, download, dump, dumpster diving, e-mail server, electronic commerce, electronic data interchange, email, emergency response, emergency shutdown controls, end system, end-to-end encryption, end-user, endorsed tools list, error seeding, evaluated products list, executable code, exploitable channel, extensible markup language, extranet, fault, field, file, file infector virus, file security, file transfer, file transfer protocol, firewall, firmware, flaw hypothesis methodology, flooding, formal language, formal proof, formal security policy model, formal specification, formal top-level specification, format, framework, front-end processor, front-end security filter, full disk encryption, functional testing, gateway, gateway server, general controls, general-purpose system, gopher, graphical-user interface, guard, hackers, handshaking procedures, hardening, hardware, help desk, host, host-based firewall, hypertext, identification authentication, imaging system, impersonation, incident, individual accountability, information flow, information security, information system, information technology, information technology system, insider, integrity, interactive mode, interface, internet, internet protocol, internet vs. Internet, interoperability, interoperability standards/protocols, intranet, intrusion, intrusion detection, intrusion detection and prevention, intrusion detection system, intrusion detection tools, intrusion prevention, key center, key logger, kiosk, language of temporal ordering specification, leakage, legacy systems, link, list-oriented, local-area network, logic bombs, loop, malicious applets, malicious intruder, malicious logic, malware, memory, message authentication code vs. Message Authentication Code, message integrity code, meta-language, microcode, middleware, mirroring, mockingbird, modem, multiuser mode of operation, national information infrastructure, network, network component, network device, network front-end, network services, node, object, on-demand scanning, on-line system, operating system, optical scanner, output, overt channel, packet sniffer, packet switching, passive threat, password cracking, peer-to-peer communication, penetration test, penetration testing, peripheral equipment, persistent cookie, personal digital assistant, personal firewall, personal identity verification, phishing, phracker, piggyback entry, port, portability, pretty good privacy, privilege, privileged access, privileged instructions, privileged process, procedural security, process controller, program, proprietary information, protocol suite, protocols, prototyping, proxy server, public law 100-235, push technology, read-only memory, real-time processing, real-time system, reciprocal agreement, recovery site, reliability, remote access, remote access software, remote terminal emulation, remote terminal unit, requirements, requirements traceability matrix, resource starvation, response time, restart, reusability, reverse engineering, risk, rootkit, router, run, safeguarding statement, scan, screen scraping, script, script bunny, secure configuration management, security architecture, security audit, security evaluation, security event, security incident, security kernel, security label, security policy model, security service, security test and evaluation, security-relevant event, segregation of duties, sensitive information, server, session key, shrink-wrapped software, simple mail transfer protocol, simulation modeling, single sign-on, smartcards, sniffer, social engineering, soft TEMPEST, software, software development methodologies, software product, source code, source data entry, source program, spoofing, spyware detection and removal utility, stand-alone, shared system, stand-alone, single-user system, state variable, stovepipe systems, supervisory control, supervisory control and data acquisition, support software, suspicious event, system, system development life cycle, system files, system integrity, system life cycle, system parameter, system security officer, system software, systems software, technical policy, technical vulnerability, telecommuting, teleprocessing, telnet, testability, thrashing, threat, ticket-oriented, tiger team, time bomb, timing attacks, tokens, traceroute, tracking cookie, transaction, transmission control protocol, trapdoor, trojan horse, trust level, trusted computing base, trusted network interpretation, trusted path, trusted platform module chip, trustworthy system, tunnel, type time, unit, upload, user data protocol, user id, user interface, users, utility programs, value-added network, vaulting, vendor, virtual private network, virus, virus-detection tool, vulnerability, war dialer, war driving, web server, website hosting, white-box testing, wireless gateway server, workstation, worm,
computer abuse: IncludedBy:automated information system, computer, threat,; Related:authorized, availability, confidentiality, damage, denial-of-service, fraud, information, integrity, key, malicious, process, resource, theft,
computer architecture: IncludedBy:computer, security architecture,; Includes:object,; Related:application, process, program, protocols, software, standard, system,
computer cryptography: IncludedBy:computer, cryptography,; Related:algorithm, authentication, encryption, information, process, program, users,
computer emergency response team: IncludedBy:computer, response, security,; Includes:Forum of Incident Response and Security Teams, computer emergency response teams' coordination center,; Related:Computer Incident Advisory Capability, advisory, attack, availability, communications security, computer security, computer security incident response team, incident, information, integrity, internet, network, owner, system, threat, vulnerability,
computer emergency response teams' coordination center: IncludedBy:computer, computer emergency response team, response,; Related:attack, internet, program, software, system,
computer forensics: IncludedBy:computer,; PreferredFor:Forensics,; Related:integrity,
computer fraud: IncludedBy:computer, fraud,; Related:application, communications, file, operation, program, software, system,
Computer Incident Advisory Capability: IncludedBy:advisory, computer, incident,; Related:computer emergency response team, response,
computer incident assessment capability: IncludedBy:assessment, computer, incident,
computer intrusion: IncludedBy:attack, computer, incident, intrusion,; Related:access, access control, authorized, information, system, unauthorized access,
computer network: IncludedBy:computer, network,; Includes:computer network attack, computer network defense, computer network exploitation, computer network operations, joint task force-computer network defense,; Related:Common Criteria for Information Technology Security, Estelle, authentication, automated key distribution, bandwidth, computer oracle and password system, cyberspace operations, distributed dataprocessing, extranet, firewall, gateway, hackers, host, internet, internet vs. Internet, intranet, language of temporal ordering specification, mirroring, packet switching, protocol suite, remote access, security policy automation network, sniffer, system, transmission control protocol, tunnel, value-added network, vaulting, virtual private network, war driving, wide-area network, wireless gateway server,
computer network attack: IncludedBy:attack, computer, computer network, network,; Related:information, operation,
computer network defense: IncludedBy:computer, computer network, network,; Related:authorized, information, system,
computer network exploitation: IncludedBy:computer, computer network,; Related:information, intelligence, system,
computer network operations: IncludedBy:computer, computer network,; Related:attack,
computer operations, audit, and security technology: IncludedBy:audit, computer, operation, technology,; Related:computer security, function, system,
computer oracle and password system: IncludedBy:computer, security software, system,; Related:computer network, network, passwords, program, software,
computer related controls: IncludedBy:computer, control,; Related:application, availability, confidentiality, integrity, security controls,
computer related crime: IncludedBy:computer, threat,; Related:illegal, technology,
computer security: IncludedBy:computer, security,; Includes:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Computer Security Objects Register, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IS security architecture, IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security certification, IT security policy, IT security product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, National Computer Security Center, National Computer Security Center glossary, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, certified information systems security professional, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computing security methods, emissions security, information system security officer, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, multilevel information systems security initiative, national computer security assessment program, national telecommunications and information system security directives, program automated information system security incident support team, subcommittee on Automated Information System security,; Related:Bell-LaPadula security model, Common Criteria, Common Criteria Testing Laboratory, Federal Criteria Vol. I, Federal Information Processing Standards, Forum of Incident Response and Security Teams, National Security Decision Directive 145, National Voluntary Laboratory Accreditation Program, Orange book, Scope of Accreditation, Trusted Computer System Evaluation Criteria, Yellow book, access, access control, accreditation range, approved technologies list, approved test methods list, assurance, audit trail, availability, certification, common criteria version 1.0, common criteria version 2.0, computer emergency response team, computer operations, audit, and security technology, confidentiality, conformant validation certificate, control, correctness, covert channel, criteria, dedicated mode, degausser, degausser products list, deliverables list, designated, designated laboratories list, dominates, endorsed tools list, evaluated products list, evaluation, evaluation work plan, function, information, integrity, observation reports, partitioned security mode, party, preferred products list, procedural security, process, protection profile, public law 100-235, residual risk, risk treatment, security architecture, security purpose, security requirements, security target, security-compliant channel, sensitive information, software, subcommittee on telecommunications security, suspicious event, system, system high mode, systems security steering group, tamper, technology area, trusted network interpretation,; Synonym:Automated Information System security, IT security, information systems security,
computer security emergency response team: IncludedBy:computer, computer security, response,
computer security incident: IncludedBy:computer, computer security, incident, security incident,; Related:information, intrusion, system,
computer security incident response capability: IncludedBy:computer, computer security, incident, response, security incident,
computer security incident response team: IncludedBy:computer, computer security, incident, response, security incident,; Related:computer emergency response team, information,
computer security intrusion: IncludedBy:computer, computer security, intrusion,; Related:access, access control, authorized, information, penetration, system, unauthorized access,
computer security object: IncludedBy:computer, computer security, object,; Related:security software,
Computer Security Objects Register: IncludedBy:National Institute of Standards and Technology, computer, computer security, object,; Related:algorithm, registration, standard,
computer security subsystem: IncludedBy:computer, computer security, system,; Related:software,
computer security technical vulnerability reporting program: IncludedBy:computer, computer security, program, vulnerability,; Related:information, login, software,
computer security toolbox: IncludedBy:security,; Related:assurance,
computer-aided software engineering: IncludedBy:computer, software,
computer-assisted audit technique: IncludedBy:audit, computer,; Related:program, software, test,
computerized telephone system
computing environment: Related:application, system,
computing security methods: IncludedBy:computer security,; Related:assurance, function, network, requirements, software, system, verification,
COMSEC account: IncludedBy:communications security,; Related:control, entity,
COMSEC account audit: IncludedBy:audit, communications security,
COMSEC aid: IncludedBy:communications security,; Related:communications, key, operation, system, telecommunications,
COMSEC assembly
COMSEC boundary: IncludedBy:boundary, communications security,; Related:critical, function, key, software,
COMSEC chip set: IncludedBy:communications security,
COMSEC control program: IncludedBy:communications security, control, program,; Related:authentication, computer, encryption, function, key, message,
COMSEC custodian: IncludedBy:communications security,; Related:authority,
COMSEC demilitarization: Related:classified, process,
COMSEC element
COMSEC end-item: IncludedBy:communications security,; Related:application,
COMSEC equipment: IncludedBy:communications security,; Related:authentication, authorized, communications, cryptography, information, process, telecommunications, version,
COMSEC facility: IncludedBy:communications security,; Related:authorized,
COMSEC incident: IncludedBy:communications security, incident,
COMSEC insecurity: IncludedBy:communications security,; Related:incident, information,
COMSEC manager: IncludedBy:communications security,; Related:resource,
COMSEC material: IncludedBy:communications security,; Related:communications, control systems, cryptographic, cryptography, function, key, software, telecommunications,
COMSEC Material Control System: IncludedBy:communications security, control, control systems, system,; Related:key,
COMSEC modification: IncludedBy:communications security, information systems security equipment modification,; Related:information, system,
COMSEC module: IncludedBy:communications security, module,; Related:communications, function, system, telecommunications,
COMSEC monitoring: IncludedBy:communications security,; Related:communications, telecommunications,
COMSEC Parent Switch: IncludedBy:communications security,
COMSEC profile: IncludedBy:communications security, file, profile,; Related:operation, system,
COMSEC Resources Program: IncludedBy:communications security, program, resource,
COMSEC Subordinate Switch: IncludedBy:communications security,
COMSEC survey: IncludedBy:communications security,; Related:communications, information, operation, system,
COMSEC system data: IncludedBy:communications security, system,; Related:control, information, key,
COMSEC training: IncludedBy:communications security,
COMSEC Utility Program: IncludedBy:communications security, program,
concealment
concealment system: IncludedBy:system,; Related:confidentiality, information, security,
concept of operations: IncludedBy:operation, security,; Related:internet, object, process, system,
concurrency control: IncludedBy:control,; Related:users,
concurrent connections: IncludedBy:connection,; Related:flow, test, users,
confidence: IncludedBy:assurance, trust,; Includes:confidence coefficient, confidence interval, confidence level, confidence limits, public confidence,; Related:IT Security Evaluation Criteria, IT Security Evaluation Methodology, Monitoring of Evaluations, assurance level, assurance profile, audit, authentication, authenticity, checksum, confidentiality, data confidentiality, data integrity, defense, defense-in-depth, infrastructure assurance, interval estimate, national information assurance partnership, policy, profile assurance, quality assurance, reference monitor, reliability, robustness, sampling error, software quality assurance, source integrity, state delta verification system, trusted channel, trusted computing system, trusted path,
confidence coefficient: IncludedBy:confidence,
confidence interval: IncludedBy:confidence,
confidence level: IncludedBy:confidence,; Related:random,
confidence limits: IncludedBy:confidence,
confidential: IncludedBy:classification levels,; Related:authorized, damage, security,
confidential source: Related:security,
confidentiality: IncludedBy:privacy, security goals,; Includes:cryptographic algorithm for confidentiality, data confidentiality, data confidentiality service, traffic flow confidentiality,; Related:Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, NULL encryption algorithm, Secure Electronic Transaction, access, access control, assurance, asymmetric cryptography, authentication header, authorized, classified, communications security, computer, computer abuse, computer related controls, computer security, concealment system, confidence, data privacy, data security, defense-in-depth, defense-wide information assurance program, digital envelope, encapsulating security payload, encryption algorithm, entry-level certification, flow, hybrid encryption, information, information assurance, information security, internet, internet protocol security, intrusion, key recovery, levels of concern, line managers, mid-level certification, network, object, passive, penetration, post-accreditation phase, privacy enhanced mail, privacy programs, privacy protection, process, property, public-key infrastructure, requirements for procedures and standards, secure shell, secure socket layer, security controls, security event, security objectives, security policy, simple network management protocol, subject, symmetric cryptography, system, top-level certification, transmission security, vulnerability, wrap,
configuration: IncludedBy:configuration management, target of evaluation,; Related:function, software, system, target,
configuration control: IncludedBy:configuration management, control, target of evaluation,; Includes:object,; Related:authorized, computer, establishment, identification, information, integrity, malicious, operation, process, software, system, target,
configuration identification: IncludedBy:configuration management, identification,; Related:function, system,
configuration item: IncludedBy:configuration management,; Related:computer, entity, function, process, program, software,
configuration management: IncludedBy:assurance, risk management, software development,; Includes:baseline management, configuration, configuration control, configuration identification, configuration item, secure configuration management,; Related:computer, control, function, identify, operation, process, requirements, software, system, test,
confinement: Includes:confinement channel, confinement property,; Related:program, risk,
confinement channel: IncludedBy:confinement,; Related:covert, covert channel, covert timing channel,
confinement property: IncludedBy:confinement,; Related:Bell-LaPadula security model, access, access control, classification levels, classified, object, subject,; Synonym:*-property,
conformance: Related:requirements, standard, test,
conformance testing: IncludedBy:security testing, test,; Related:process,
conformant validation certificate: IncludedBy:certificate, validation,; Related:IT security, authority, computer security, security,
congruence: Related:property,
connection: IncludedBy:firewall,; Includes:Open Systems Interconnection Reference model, concurrent connections, connection approval, connection establishment, connection establishment time, connection maintenance, connection overhead, connection teardown, connection teardown time, connectionless data integrity service, interconnection security agreements, network connection, open system interconnection, open system interconnection model, open systems interconnection, platform it interconnection, system interconnection,; Related:Identification Protocol, Internet Security Association and Key Management Protocol, Internet worm, OSI architecture, SOCKS, SYN flood, Security Protocol 3, Security Protocol 4, Simple Authentication and Security Layer, Terminal Access Controller Access Control System, USENET, application level gateway, application proxy, application-level firewall, asynchronous transfer mode, authentication header, automated logon sequences, banner grabbing, call back, call back security, circuit level gateway, circuit proxy, circuit switching, cold site, connectivity, control, cookies, data origin authentication service, data source, derogatory information, dial back, encapsulating security payload, external system exposure, file, firewall machine, foreign liaison officer, global information infrastructure, handcarrier, information, interface, internet, internet protocol security, internetwork private line interface, local-area network, long-haul telecommunications, malicious code screening, memorandum of understanding, national information infrastructure, network, network address translation, network configuration, network tap, on ramp, personal firewall, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, port, port scanner, port scanning, protective security service, protocols, proxy, proxy server, remote access, remote maintenance, router, rules of behavior, scan, secure shell, secure socket layer, security association:, security certificate, security controls, security domain, security parameters index, session key, signaling, stateful packet filtering, stealth probe, stovepipe systems, system security authorization agreement, tinkerbell program, transmission control protocol, trusted identification forwarding, tunneling, unit of transfer, users, war dialing, wireless technology, wiretapping, worm,
connection approval: IncludedBy:connection,; Related:authorization,
connection establishment: IncludedBy:connection, establishment,; Related:identify, protocols, security association:, test,
connection establishment time: IncludedBy:connection, establishment,; Related:interface, protocols,
connection maintenance: IncludedBy:connection,; Related:identify, protocols, users,
connection overhead: IncludedBy:connection,; Related:establishment,
connection teardown: IncludedBy:connection,; Related:identify, protocols, test,
connection teardown time: IncludedBy:connection,; Related:interface, protocols,
connectionless data integrity service: IncludedBy:connection, integrity,; Related:security,
connectivity: IncludedBy:target of evaluation,; Related:connection, property,
consequence
consequence management: IncludedBy:risk management,
consignee
consignor: Related:shipper,
consistency: IncludedBy:database management system,; Related:standard, system,
console: Related:interface, intrusion, intrusion detection, program, system, users,
console logon: IncludedBy:logon,; Related:access, computer, control, privileged, system, users,
console logs: IncludedBy:audit trail,; Related:computer, control, system,
constant surveillance service: Related:security,
construction: IncludedBy:target of evaluation,; Related:process, target,
construction of TOE requirements: IncludedBy:requirements, target of evaluation,; Includes:component, security target,; Related:object, security,
construction surveillance technician: Related:security,
constructive cost model: IncludedBy:business process,
consumers: Related:policy, requirements, security, system, users,
contact interface: IncludedBy:interface,; Related:flow,
contactless interface: IncludedBy:interface,; Related:flow,
contactless smart card: IncludedBy:smartcards,; Related:information,
container: Related:encryption, file, technology,
contamination: IncludedBy:fetch protection, file protection, incident, risk,; Related:classified,
content filtering: Related:communications, process, users,
context-dependent access control: IncludedBy:access, control,
continental united states
contingency key: IncludedBy:key,; Related:operation,
contingency plan: IncludedBy:contingency planning,; Includes:back up vs. backup, backup generations, backup operations, backup plan, disaster plan, disaster recovery, disaster recovery plan, emergency plan, recovery procedures, redundancy,; Related:IT security, backup, business process, critical, failure, operation, process, program, recovery, resource, response, security, system, test,
contingency planning: IncludedBy:availability,; Includes:contingency plan,; Related:backup, control, critical, operation, recovery, resource, response, system,
continuity of operations: IncludedBy:availability, operation,; Related:process,
continuity of operations plan: IncludedBy:operation,; Related:function,
continuity of services and operations: IncludedBy:operation, risk management,; Related:business process, computer, control, critical, minimum essential infrastructure, recovery,
continuous operation: Related:access,
continuous process: IncludedBy:process,; Related:flow, operation,
continuous process improvement: IncludedBy:process, quality,; Related:operation,
continuous sensitive compartmented information facility operation
continuous signature service: IncludedBy:signature,
contract: Related:subject,
contracting officer
contracting officer representative
contractor: Related:security,
contractor special security officer: IncludedBy:security,; Related:information security,
contractor/command program manager
contractor/command program security officer: IncludedBy:security,; Related:access,
control: Includes:COMSEC Material Control System, COMSEC control program, IT security controls, Office of Foreign Assets Control, TSF scope of control, Terminal Access Controller Access Control System, U.S.-controlled facility, U.S.-controlled space, access control, access control center, access control list, access control mechanisms, access control officer, access control service, application controls, areas of control, automatic key distribution/rekeying control unit, baseline controls, change control and life cycle management, circuit control officer, cluster controller, command and control, command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, compensating security controls, computer related controls, concurrency control, configuration control, context-dependent access control, control algorithm, control center, control class, control family, control identification list, control information, control loop, control network, control objectives, control objectives for information and related technology, control server, control systems, control zone, controlled access area, controlled access protection, controlled cryptographic item, controlled interface, controlled security mode, controlled sharing, controlled space, controlled variable, controller, controlling authority, criteria of control, cryptonet control station, data control language, data flow control, design controlled spare parts, discretionary access control, distributed control system, domain controller, dual control, emergency shutdown controls, entry control, environmentally controlled area, external security controls, failure control, foreign owned, controlled or influenced, general controls, global command and control system, identity based access control, information flow control, information systems audit and control association, information systems audit and control foundation, interface control document, interface control unit, internal control questionnaire, internal security controls, internet control message protocol, key control, logical access control, machine controller, management control processes, management controls, mandatory access control, master control switch, media access control address, modification/configuration control board, motion control network, net control station, non-discretionary access control, nuclear command and control document, operational controls, partition rule base access control, physical access control, physical controls, point of control and observation, positive control material, procedural controls, process controller, programmable logic controller, quality assurance/control, quality control, questions on controls, redundant control server, role-based access control, routing control, security controls, security net control station, single loop controller, statistical process control, supervisory control, supervisory control and data acquisition, technical controls, transfers outside TSF control, transmission control protocol, transmission control protocol/internet protocol, two-person control, zone of control,; Related:Automated Information System security, Bell-LaPadula security model, British Standard 7799, C2-protect, CCI assembly, CCI component, CCI equipment, COMSEC account, COMSEC system data, Clark Wilson integrity model, Common Criteria for Information Technology Security, Defense Information Infrastructure, IT security database, Identification Protocol, International Traffic in Arms Regulations, MAC algorithm key, PIV issuer, POSIX, RED signal, SSO PIN, TCB subset, TEMPEST, Trusted Computer System Evaluation Criteria, U.S. person, Wassenaar Arrangement, abend, acceptable level of risk, acceptable risk, acceptance procedure, access, access mediation, access with limited privileges, accountability, accounting legend code, accounting number, accreditation, accreditation disapproval, accreditation range, acquisition strategy, active wiretapping, adequate security, alarm surveillance, anonymous login, application, application generator, application proxy, approval/accreditation, attack, audit, audit/review, authentication, authentication protocol, authorization, authorize processing, automated information system, automated security monitoring, availability service, backdoor, baseline, block cipher key, bot-network operators, boundary host, breach, buffer overflow, business impact analysis, centralized authorization, centralized operations, certificate user, certification, certification agent or certifier, certification phase, challenge-response protocol, chemical warfare, circuit proxy, closed security environment, communications, communications security, compartment, compartmentalization, component, component reference monitor, compromise, compromised key list, computer security, configuration management, connection, console logon, console logs, contingency planning, continuity of services and operations, cookies, cost/benefit estimate, covert channel, credentials, critical elements, cryptographic key, cryptographic token, cryptosystem review, cyberattack, cyberspace, cycle time, data historian, data management, database management system, decrypt, dedicated mode, dedicated security mode, default file protection, defense-in-depth, developer security, digital watermarking, distributed database, distributed dataprocessing, disturbance, documentation, domain, domain name system, due care, electronic warfare, electronic warfare support, embedded cryptographic system, embedded system, enclave, encryption, encryption algorithm, entity-wide security, exploitation, extensible, fieldbus, filtering router, firewall, flaw hypothesis methodology, formal security policy model, formulary, full accreditation, general support system, granularity, handler, hardware and system software maintenance, hash token, hijack attack, host to front-end protocol, human-machine interface, identification and authentication, incident response capability, independent assessment, information, information assurance product, information category, information owner, information security, information security testing, information systems security equipment modification, information technology, inspectable space, intelligent electronic device, interconnection security agreements, interface testing, interference, interim accreditation action plan, internet, internet protocol, internet protocol security, isolation, kerberos, key, key management, key management infrastructure, key stream, key-escrow system, labeled security protections, lattice model, levels of concern, light tower, line conditioning, line conduction, local-area network, logical access, logical completeness measure, login, malicious logic, manipulated variable, media library, media protection, misappropriation, modes of operation, national security information, national security system, naval coastal warfare, network, network administrator, network analyzer, network component, network connection, network management, network reference monitor, network security, non-repudiation, noncomputing security methods, object, official information, open security environment, operating system, operations security, optional modification, packet, packet filtering, packet switching, pagejacking, penetration study, perimeter-based security, permissions, personnel security, photo eye, physical and environmental protection, physical security, point-to-point tunneling protocol, policy, pre-certification phase, pressure regulator, privacy, privileged instructions, privileged user, probe, procedural security, proof of possession protocol, protected distribution systems, protected network, protection philosophy, protection-critical portions of the TCB, protocol data unit, protocols, proximity, proxy server, public-key certificate, reference monitor, reference monitor concept, remote access, repair action, residual risk, restricted area, risk assessment, risk management, risk reduction analysis, ruleset, safeguarding statement, safety, salt, sandboxed environment, scoping guidance, secure configuration management, secure operating system, secure subsystem, security, security audit, security awareness, training, and education, security breach, security certification level, security kernel, security label, security management, security management infrastructure, security perimeter, security plan, security safeguards, security test & evaluation, security violation, security-relevant event, segregation of duties, sensitive compartmented information, sensitive information, sensitivity label, servo valve, session hijack attack, set point, short title, signaling, simple network management protocol, software library, special access program, split knowledge, spoofing, stateful packet filtering, superuser, surrogate access, system, system administrator, system and data integrity, system development and acquisition, system interconnection, system security plan, system software, systems software, tamper, technical security policy, technological attack, technology, terminal hijacking, thermostat, ticket, token authenticator, token management, tokens, topical areas, trace packet, trapdoor, under sea warfare, unprotected network, user PIN, user data protocol, users, usurpation, verification, verification techniques, virtual private network, vulnerability, vulnerability assessment, wireless device,
control algorithm: IncludedBy:algorithm, control,
control center: IncludedBy:control,; Related:process,
control class: IncludedBy:control,; Related:operation, security,
control family: IncludedBy:control,; Related:security,
control identification list: IncludedBy:control, identification,; Related:critical, security,
control information: IncludedBy:control, cryptographic module, information,; Related:cryptographic, module, operation,
control loop: IncludedBy:control,; Related:function, process,
control network: IncludedBy:control,; Related:critical, process,
control objectives: IncludedBy:control, object, risk management,; Related:information,
control objectives for information and related technology: IncludedBy:control, information, object, technology,
control server: IncludedBy:control,; Related:application, control systems, system,
control systems: IncludedBy:control, system,; Includes:COMSEC Material Control System, Terminal Access Controller Access Control System, distributed control system, global command and control system, supervisory control and data acquisition,; Related:COMSEC material, acceptance procedure, accounting legend code, control server, controlled variable, cookies, login, machine controller, national security information, physical access control, programmable logic controller, salt, sensitive compartmented information,
control zone: IncludedBy:control, security,; Related:authorized, compromise, information, process,
controlled access area: IncludedBy:access, control,; Related:authorized, cipher, entry control,
controlled access program coordination office: IncludedBy:access,; Related:intelligence,
controlled access program oversight committee: IncludedBy:access,; Related:audit, evaluation, intelligence,
controlled access programs: IncludedBy:access,; Related:intelligence, security clearance,
controlled access protection: IncludedBy:access, control,; Related:assurance, audit, evaluation, function, resource, security, trust, users,
controlled area/compound: Related:security, subject,
controlled building: Related:security, subject,
controlled cryptographic item: IncludedBy:control, cryptographic,; Related:classified, communications, information, requirements, telecommunications,
controlled information: Related:foreign, object, target,
controlled interface: IncludedBy:control, interface,; Related:flow, information, security, system,
controlled security mode: IncludedBy:control, multilevel security,; Related:access, access control, accreditation, classification levels, classified, information, operation, policy, requirements, risk, software, system, users, version, vulnerability,
controlled sharing: IncludedBy:access control, control,; Related:access, system,
controlled space: IncludedBy:control,; Related:access, access control, authorized,
controlled unclassified information: IncludedBy:classified,; Related:authorized,
controlled variable: IncludedBy:control,; Related:control systems, system,
controller: IncludedBy:control,; Related:program,
controlling authority: IncludedBy:authority, control,; Related:cryptography, key, operation,
conversion: IncludedBy:version,; Related:software,
cookies: IncludedBy:access control,; Related:access, application, association, attack, connection, control, control systems, denial-of-service, establishment, file, information, internet, internet protocol security, internet security protocol, message, privacy, profile, system, world wide web,
cooperative key generation: IncludedBy:key,; Related:encryption, function, random,
cooperative program personnel: Related:foreign,
cooperative remote rekeying: IncludedBy:key, rekey,
coordinated universal time: Related:GeneralizedTime, UTCTime,
core or key process: IncludedBy:key, process,; Related:business process,
core secrets: Related:compromise,
corporate family
corporate security policy: IncludedBy:policy, security policy,; Related:information, users,
corporation
correctness: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, integrity,; Includes:correctness integrity, correctness proof,; Related:analysis, computer security, criteria, evidence, fault, file, function, information, profile, program, property, requirements, security target, software, system, target, technology, users, verification,
correctness integrity: IncludedBy:correctness, integrity,; Related:information,
correctness proof: IncludedBy:correctness, security,; Related:system,
corroborate: IncludedBy:validate,
corruption: IncludedBy:threat consequence,; Related:function, operation, system,
cost reimbursement contract: IncludedBy:business process,
cost-risk analysis: IncludedBy:analysis, business process, risk analysis,; Related:assessment, compromise, cost/benefit analysis, system,
cost/benefit: IncludedBy:analysis, business process,; Related:cost/benefit analysis, cost/benefit estimate, function, program,
cost/benefit analysis: IncludedBy:analysis, business process,; Related:cost-risk analysis, cost/benefit, countermeasures, operation, process, risk, risk management, vulnerability,
cost/benefit estimate: IncludedBy:analysis,; Related:control, cost/benefit, process,
COTS software: IncludedBy:commercial-off-the-shelf, software,; Related:mass-market software, standard,; Synonym:commercial off-the-shelf software,
counter: Related:process,
counterintelligence: IncludedBy:intelligence,; Related:adversary, countermeasures, foreign, information, security, threat,
counterintelligence assessment: IncludedBy:assessment, intelligence,; Related:analysis, compromise, critical, foreign, risk, target, threat,
countermeasures: IncludedBy:risk management, threat,; Includes:electronic counter-countermeasures, electronic countermeasures, non-technical countermeasure, security countermeasures, technical countermeasures, technical surveillance countermeasures, technical surveillance countermeasures inspection, technical surveillance countermeasures surveys and evaluations,; Related:acceptable level of risk, adversary, alarm, analysis, anomaly detection, antivirus software, antivirus tools, asset, attack, benign, benign environment, checksum, compensating security controls, cost/benefit analysis, counterintelligence, firewall, function, information, information systems security engineering, internet, intrusion detection, intrusion prevention, key, layered solution, level of protection, management controls, object, operation, operational controls, operations security, operations security process, physical security, protective distribution system, protocols, residual risk, risk analysis, risk assessment, robustness, security audit, security controls, security safeguards, security software, security testing, system, system security authorization agreement, technical controls, technology, threat analysis, threat assessment, virus definitions, vulnerability, vulnerability assessment, work factor,
country code: IncludedBy:code,; Related:domain, standard,
courier: Related:authorized, classified,
cover: Related:adversary,
cover-coding: Related:information, risk,
coverage: Related:test,
covert: Includes:covert channel, covert channel analysis, covert operation, covert storage channel, covert testing, covert timing channel,; Related:bandwidth, confinement channel, espionage, exploitable channel, flooding, leakage, malware, overt channel, red team, rootkit, sniffer,
covert channel: Antonym:overt channel, security-compliant channel,; IncludedBy:channel, covert, exploitable channel,; Includes:covert storage channel, covert timing channel,; PreferredFor:storage channel, timing channel,; Related:access, access control, authorization, authorized, communications, computer security, confinement channel, control, entity, exploit, information, insider, policy, process, resource, response, security, system,
covert channel analysis: IncludedBy:analysis, covert,; Related:access, access control, authorized, information, policy, program, security, unauthorized access,
covert operation: IncludedBy:covert,; Related:clandestine operation, identity,
covert storage channel: IncludedBy:channel, covert, covert channel,; Includes:subject,; Related:process, resource, security,
covert testing: IncludedBy:covert, test,
covert timing channel: IncludedBy:channel, covert, covert channel,; Related:communications, confinement channel, information, policy, process, resource, response, security, system,
CPU time: IncludedBy:automated information system,; Related:process,
crack: IncludedBy:threat,; Includes:crack root, cracker, cracking,; Related:code, cryptography, passwords, security, system, users,
crack root: IncludedBy:crack,; Related:security, system,
cracker: IncludedBy:crack, hackers,; Related:access, access control, attack, authorization, communications, computer, information, intrusion, malicious, security, system, telecommunications,
cracking: IncludedBy:crack,; Related:computer, system,
crash: IncludedBy:threat,; Related:computer, failure, system,
credentials: IncludedBy:certification authority,; Includes:digital certificate, identity credential, identity credential issuer, ticket,; Related:access, access control, authentication, authority, authorization, certificate, control, entity, evidence, identity, information, model, object, security testing, standard, system, test,
credentials service provider: Related:entity, registration, trust,
credit check: Related:security, subject,
criminal: IncludedBy:illegal,; Includes:criminal activity, criminal groups,; Related:Defense Travel Briefing, attack, dark-side hacker, derogatory information, hybrid threat, hybrid warfare, local agency check, phishing, report of investigation, security environment threat list, threat, vishing,
criminal activity: IncludedBy:criminal,; Related:foreign,
criminal groups: IncludedBy:criminal, threat,; Related:attack, entity, fraud, identity, system, theft,
crisis management: IncludedBy:risk management,
criteria: Includes:Canadian Trusted Computer Product Evaluation Criteria, Common Criteria, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, DoD Trusted Computer System Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria Vol. I, Federal Criteria for Information Technology Security, IT Security Evaluation Criteria, Information Technology Security Evaluation Criteria, NIAP Common Criteria Evaluation and Validation Scheme, Trusted Computer System Evaluation Criteria, acceptance criteria, common criteria version 1.0, common criteria version 2.0, criteria of control, evaluation criteria,; Related:British Standard 7799, FIPS approved security method, Federal Standard 1027, IT Security Evaluation Methodology, IT security certification, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Orange book, Red book, Scope of Accreditation, Yellow book, acceptance testing, accreditation, accreditation range, assurance, assurance level, audit, authentication, beyond A1, certification, certified TEMPEST technical authority, component extensibility, component hierarchy, component operations, computer, computer security, correctness, descriptive top-level specification, designated, designated laboratories list, designating authority, designation policy, ethernet sniffing, evaluated products list, evaluated system, evaluation, evaluation assurance level, evaluation pass statement, evaluator actions, firewall, information, interpretation, national information assurance partnership, national security system, network component, non-repudiation policy, protection profile, rainbow series, requirements for content and presentation, requirements for evidence, requirements for procedures and standards, risk evaluation, scheme, security, security policy model, security target, sensitive information, target of evaluation, technology, technology area, test case generator, test method, test strategy, testability, trust, trusted functionality, trusted gateway, trusted network interpretation, validated products list, validation report,
criteria of control: IncludedBy:control, criteria,
critical: IncludedBy:risk,; Includes:Protected Critical Infrastructure Information (PCII), critical and sensitive information list, critical asset, critical design review, critical elements, critical financial markets, critical information, critical infrastructure information, critical infrastructures, critical mechanism, critical nuclear weapon design information, critical path method, critical program information, critical security parameters, critical system, critical system files, criticality, criticality assessment, criticality/sensitivity, mission critical, mission critical system, protection-critical portions of the TCB, safety-critical software, security-critical mechanisms, technology critical,; Related:COMSEC boundary, Defense Security Service, X.509, acceptable level of risk, access, access control, accesses, accreditation disapproval, adversary, adversary collection methodology, alert, anti-tamper, attack, audit, authentication, automated security monitoring, availability, banking and finance, business process reengineering, capability, certificate, certificate validation, class 2, 3, 4, or 5, code amber, code red, compromise, contingency plan, contingency planning, continuity of services and operations, control identification list, control network, counterintelligence assessment, data owner, denial-of-service, destruction, disaster recovery plan, electrical power systems, emergency services, essential secrecy, firewall, function, gas and oil production, storage and transportation, hackers, hot site, incapacitation, information and communications, information security, infrastructure assurance, infrastructure protection, intent, interim accreditation action plan, legacy systems, letter of compelling need, levels of concern, line managers, mandatory access control, national computer security assessment program, national information infrastructure, national security system, natural disaster, network security, non-repudiation service, operations security, operations security indicator, operations security process, partnership, physical protection, physical security, process, protected information, public confidence, public-key infrastructure, reconstitution, remediation, resource, risk analysis, risk assessment, scenario, sector coordinator, sector liaison, security environment threat list, security label, security policy, security strength, semantics, sensitive activities, sensitive position, significant change, single loop controller, single scope background investigation - periodic reinvestigation, special access program, spoofing, system, system retention/backup, terrorists, threat, transportation, users, vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit, water supply system, world class organizations,
critical and sensitive information list: IncludedBy:critical, sensitive information,
critical asset: IncludedBy:critical,; Related:security, vulnerability,
critical design review: IncludedBy:critical,; Related:requirements,
critical elements: IncludedBy:critical,; Related:control, security, system,
critical financial markets: IncludedBy:critical,; Related:foreign, operation,
critical information: IncludedBy:critical,; Related:object,
critical infrastructure information: IncludedBy:critical,
critical infrastructures: IncludedBy:critical, risk management,; Includes:banking and finance, code amber, code green, code red, electrical power systems, emergency services, gas and oil production, storage and transportation, information and communications, infrastructure protection, transportation, utility, water supply system,; Related:capability, destruction, government services, incapacitation, infrastructure assurance, natural disaster, operation, partnership, risk assessment, sector coordinator, sector liaison, system,
critical mechanism: IncludedBy:critical, target of evaluation,; Related:failure, security, target,
critical nuclear weapon design information: IncludedBy:critical,
critical path method: IncludedBy:critical,
critical program information: IncludedBy:critical,; Related:access, compromise,
critical security parameters: IncludedBy:critical, security policy,; Related:authentication, compromise, cryptographic, cryptography, information, key, module, passwords,
critical system: IncludedBy:critical, system,; Includes:critical system files,; Related:access, access control, authorized, information, security,
critical system files: IncludedBy:critical, critical system, file, system,; Related:application, damage, integrity, key, security, software,
criticality: IncludedBy:critical,; Related:function, information, system, threat,
criticality assessment: IncludedBy:assessment, critical,; Related:entity, function, operation, resource, risk assessment, security, system,
criticality/sensitivity: IncludedBy:critical,; Related:information, operation, process, system,
cross domain solution: IncludedBy:domain,; Related:access, assurance, information, security,
cross-certificate: IncludedBy:certificate,; Related:cross-certification,
cross-certification: IncludedBy:certification authority,; Related:certificate, cross-certificate, key, process, public-key, users, validate,
cross-talk: Related:communications,
cryptanalysis: IncludedBy:analysis, threat consequence,; Related:algorithm, attack, cipher, cryptographic, cryptography, encryption, key, key management, message, operation, process, system,
CRYPTO: Related:classified, communications, communications security, cryptographic, cryptography, identify, information, key, telecommunications,
crypto-alarm: IncludedBy:cryptography,; Related:operation,
crypto-algorithm: IncludedBy:algorithm,; Related:authentication, cipher, cryptographic, encryption, key, process, signature,
crypto-ancillary equipment: IncludedBy:cryptography,; Related:cryptographic, function, operation,
crypto-equipment: IncludedBy:cryptography,; Related:cryptographic,
crypto-ignition key: IncludedBy:key,
crypto-ignition plug: IncludedBy:cryptography,
crypto-security: IncludedBy:communications security,; Related:cryptographic system, system,
cryptographic: IncludedBy:cryptography,; Includes:Cryptographic Application Program Interface, Cryptographic Message Syntax, asymmetric cryptographic algorithm, asymmetric cryptographic technique, controlled cryptographic item, cryptographic algorithm, cryptographic algorithm for confidentiality, cryptographic application programming interface, cryptographic boundary, cryptographic card, cryptographic check function, cryptographic check value, cryptographic component, cryptographic device services, cryptographic equipment room, cryptographic functions, cryptographic hash function, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptographic key component, cryptographic key management system, cryptographic logic, cryptographic module, cryptographic module security policy, cryptographic officer, cryptographic randomization, cryptographic service, cryptographic service providers, cryptographic strength, cryptographic synchronization, cryptographic system, cryptographic token, embedded cryptographic system, endorsed cryptographic products list, endorsed for unclassified cryptographic information, endorsed for unclassified cryptographic item, rapid automatic cryptographic equipment, symmetric cryptographic technique,; Related:CAPSTONE chip, CCI assembly, CCI component, CCI equipment, CKMS, COMSEC material, CRYPTO, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Data Encryption Standard, Distributed Authentication Security Service, FIPS PUB 140-1, FIPS approved security method, Fortezza, International Traffic in Arms Regulations, MD2, MD4, MD5, PC card, PKCS #11, RED/BLACK separation, RSA algorithm, Rivest-Shamir-Adleman algorithm, S/Key, The Exponential Encryption System, Type 1 key, Type 2 key, Type 4 key, Type 4 product, Type I cryptography, Type II cryptography, Type III cryptography, active state, advanced encryption standard, algorithm, algorithm transition, archive, asymmetric encipherment system, asymmetric signature system, attribute certificate, authentication code, authentication protocol, authorized vendor program, automated key distribution, benign, binding, block chaining, break, certificate domain parameters, challenge-response protocol, check word, checksum, cipher, cipher text auto-key, ciphertext-only attack, class 2, 3, 4, or 5, code, common security, communications security, compromise, compromised state, control information, critical security parameters, cryptanalysis, crypto-algorithm, crypto-ancillary equipment, crypto-equipment, cryptonet, cryptoperiod, cryptosynchronization, cyclic redundancy check, data authentication code, data encryption key, data items' representation, data key, deactivated state, decipher, decrypt, digital key, digital signature, digital signature algorithm, domain of interpretation, effective key length, electronic key entry, embedded cryptography, encipher, encipherment, encrypt, encrypted key, encryption, encryption algorithm, encryption certificate, end-to-end encryption, end-to-end security, environmental failure protection, environmental failure testing, escrow, garbled, generation, hardware, hash, hash function, hash value, hashed message authentication code, initialization value, initialization vector, initialize, input data, integrity check, interface, internetwork private line interface, key, key distribution, key entry, key generation, key generator, key length, key lifecycle state, key loader, key management, key management infrastructure, key management/exchange, key output, key owner, key recovery, key space, key updating, key-auto-key, key-encrypting key, key-escrow, keyed hash, keying material, known-plaintext attack, manual cryptosystem, manual key distribution, manual key entry, message authentication code, message authentication code algorithm, message digest, message digest algorithm 5, metadata, mode of operation, non-repudiation, one-time passwords, one-way encryption, one-way function, operations manager, operator, output data, parameters, personal identity verification, personal identity verification card, personal security environment, personalization service, physical protection, plaintext key, port, pretty good privacy, private key, protected channel, public-key, public-key forward secrecy, public-key infrastructure, public-key system, random, recover, rekey, retrieval, revoked state, salt, scheme, secret key, secret-key cryptography, secure hash algorithm, secure hash standard, secure hypertext transfer protocol, security event, security strength, session key, shared secret, signature certificate, signature system, simple network management protocol, split key, split knowledge, status information, strong authentication, symmetric encryption algorithm, symmetric key, tamper, time-stamp token, tokens, transport, trapdoor, trusted path, trusted platform module chip, tunneled password protocol, type 1 products, type 2 product, type 3 key, type 3 product, unforgeable, updating, validate, validate vs. verify, verification key, work factor, zeroize,
cryptographic algorithm: IncludedBy:algorithm, cryptographic,; Related:digital signature, encryption, hash, key, signature,
cryptographic algorithm for confidentiality: IncludedBy:algorithm, confidentiality, cryptographic,; Related:information,
Cryptographic Application Program Interface: IncludedBy:application, cryptographic, encryption, interface, program, security,; Related:computer, function, standard,
cryptographic application programming interface: IncludedBy:application, cryptographic, interface, program, software,; Related:access, access control, code,
cryptographic boundary: IncludedBy:boundary, cryptographic, cryptographic module,; Includes:physical protection,; Related:module,
cryptographic card: IncludedBy:cryptographic, tokens,
cryptographic check function: IncludedBy:cryptographic, function,; Related:key,
cryptographic check value: IncludedBy:cryptographic,; Related:function, information,
cryptographic component: IncludedBy:cryptographic,; Related:hash, system,
cryptographic device services: IncludedBy:cryptographic,
cryptographic equipment room: IncludedBy:cryptographic,; Related:access control, cryptographic system,
cryptographic functions: IncludedBy:cryptographic, encryption, function, key,; Related:algorithm, message, random,
cryptographic hash function: IncludedBy:cryptographic, function, hash,; Related:domain, hash function, process,
cryptographic ignition key: IncludedBy:cryptographic, key,; Related:encryption, module, tokens,
cryptographic initialization: IncludedBy:cryptographic,; Related:encryption, function, key,
cryptographic key: IncludedBy:cryptographic, key,; Related:adversary, algorithm, authentication, authorized, cipher, code, control, encipherment, encryption, operation, process, random, requirements, signature, verification,
cryptographic key component: IncludedBy:cryptographic, key,; Related:operation,
cryptographic key management system: IncludedBy:cryptographic, key, key management, system,; Related:backup, metadata, revocation,
cryptographic logic: IncludedBy:cryptographic,; Related:algorithm, process,
Cryptographic Message Syntax: IncludedBy:cryptographic, message,; Related:certificate, digital signature, encryption, hash, key, key management, public-key infrastructure, signature,
cryptographic module: IncludedBy:cryptographic, module,; Includes:control information, cryptographic boundary, cryptographic module security policy, data path, firmware, hardware, input data, microcode, operator, output data,; Related:algorithm, boundary, establishment, function, key, process, security, software,
cryptographic module security policy: IncludedBy:cryptographic, cryptographic module, module, policy, security policy,; Related:requirements, standard,
cryptographic officer: IncludedBy:cryptographic, officer,; Related:authorized, function,
cryptographic randomization: IncludedBy:cryptographic, random,; Related:function,
cryptographic service: IncludedBy:common data security architecture, cryptographic,; Related:encryption, function, hash, key, module, random, software,
cryptographic service providers: IncludedBy:common data security architecture, cryptographic,
cryptographic strength: IncludedBy:cryptographic,; Related:operation,
cryptographic synchronization: IncludedBy:cryptographic,; Related:cipher, encipherment, process,
cryptographic system: IncludedBy:cryptographic, system,; Includes:cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, elliptic curve cryptosystem, embedded cryptographic system, manual cryptosystem, off-line cryptosystem, on-line cryptosystem, one-time cryptosystem,; PreferredFor:cryptosystem,; Related:algorithm, application, asymmetric cryptographic technique, authentication system, cipher, crypto-security, cryptographic equipment room, digital signature, encryption, encryption strength, hash, key, key management, key stream, message indicator, one-time pad, one-time tape, private key, process, public-key, signature, system indicator, traffic-flow security,
cryptographic token: IncludedBy:cryptographic, tokens,; Related:algorithm, control, function, information, key, key management, module, random, users,
cryptography: Includes:National Cryptologic School, Type I cryptography, Type II cryptography, Type III cryptography, asymmetric cryptography, cipher feedback, computer cryptography, crypto-alarm, crypto-ancillary equipment, crypto-equipment, crypto-ignition plug, cryptographic, cryptonet control station, cryptosynchronization, elliptic curve cryptography, embedded cryptography, encipherment algorithm, encrypt, manual cryptosystem, minimalist cryptography, private-key cryptography, public-key cryptography, public-key cryptography standards, secret-key cryptography, symmetric cryptography, synchronous crypto-operation,; Related:BLACK, CAPSTONE chip, CCI assembly, CCI component, CCI equipment, COMSEC equipment, COMSEC material, CRYPTO, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Diffie-Hellman, Digital Signature Standard, Distributed Authentication Security Service, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, FIPS PUB 140-1, FIREFLY, Generic Security Service Application Program Interface, IEEE P1363, International Traffic in Arms Regulations, Internet Security Association and Key Management Protocol, MD2, MD4, MD5, MIME Object Security Services, PC card, QUADRANT, RED/BLACK separation, The Exponential Encryption System, access control center, algorithm, attribute certificate, authentication, authentication code, authentication system, authorized, authorized vendor, benign, binding, break, brute force attack, certificate domain parameters, check word, checksum, chosen-plaintext attack, cipher, cleartext, code, code division multiple access, cold start, communications, communications security, compromise, controlling authority, crack, critical security parameters, cryptanalysis, cryptology, cut-and-paste attack, cyclic redundancy check, data driven attack, data items' representation, digital signature, domain of interpretation, emissions security, encipherment, encryption, end entity, end-to-end security, entity, environmental failure protection, environmental failure testing, extraction resistance, feedback buffer, fill device, hash, hash function, hashed message authentication code, hybrid encryption, identity, information, initialize, integrity check, intelligent threat, interface, kerberos, key, key agreement, key center, key distribution center, key management, key pair, key translation center, known-plaintext attack, message, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message indicator, modulus, national security system, non-repudiation, one-time pad, one-time passwords, one-time tape, one-way function, operations manager, out-of-band, permuter, personal security environment, personalization service, port, pretty good privacy, primary account number, privacy, private key, public-key, public-key forward secrecy, public-key infrastructure, random, rekey, scavenging, seal, secure hash standard, secure socket layer, security event, semantic security, shared secret, signature, simple network management protocol, status information, steganography, strong authentication, system indicator, ticket, time-stamp token, token storage key, traffic analysis, traffic padding, traffic-flow security, trapdoor, trusted path, two-person control, unforgeable, updating, user partnership program, validate vs. verify, work factor, wrap, zeroize,
cryptologic
cryptologic information system
cryptology: Related:analysis, communications, cryptography, intelligence, security,
cryptonet: Related:algorithm, cryptographic, key, system,
cryptonet control station: IncludedBy:control, cryptography,
cryptonet key: IncludedBy:key,
cryptoperiod: Related:algorithm, analysis, authorized, certificate, cryptographic, key, process, public-key, public-key infrastructure, rekey, risk, system,
cryptosynchronization: IncludedBy:cryptography,; Related:cryptographic, process,
cryptosystem: HasPreferred:cryptographic system,
cryptosystem analysis: IncludedBy:analysis, cryptographic system, system,; Related:process,
cryptosystem evaluation: IncludedBy:cryptographic system, evaluation, system,; Related:process, vulnerability,
cryptosystem review: IncludedBy:cryptographic system, system,; Related:authority, control,
cryptosystem survey: IncludedBy:cryptographic system, system,; Related:evaluation, information,
cultural assumptions: Related:function,
custodian: Related:classified,
customer: HasPreferred:users,
customer/contractor-supplied software: IncludedBy:software,
cut-and-paste attack: IncludedBy:attack,; Related:cipher, cryptography, integrity,
cyber system
cyberattack: IncludedBy:attack,; Related:control, information, software, technology, vulnerability,
cybersecurity: IncludedBy:security,; Related:application, assurance, communications, information, risk, risk management, system, telecommunications, users,
cyberspace: IncludedBy:internet,; Related:communications, computer, control, information, process, system, technology, telecommunications,
cyberspace operations: Related:computer, computer network, information, object,
cycle time: Related:algorithm, control, process,
cyclic redundancy check: Related:algorithm, code, cryptographic, cryptography, hash, integrity, protocols,
daemon: Related:process, system,
damage: Includes:damage assessment, damage to physical assets, damage to the national security,; Related:TOP SECRET, adversary, application data backup/recovery, back up vs. backup, biological warfare, classification levels, computer abuse, confidential, critical system files, directed-energy warfare, emergency action plan, emergency response, environmentally controlled area, hackers, impact, infrastructure assurance, insider, joint task force-computer network defense, least privilege, logic bombs, malicious code, physical security, recover, safety, secret, sensitive information, system safety, technical vulnerability, terrorists, threat, threat assessment, token backup, toluene,
damage assessment: IncludedBy:assessment, damage,; Related:analysis, authorized, classified, security,
damage to physical assets: IncludedBy:damage, operational risk loss,
damage to the national security: IncludedBy:damage, security,; Related:authorized, foreign,
dangling threat: IncludedBy:threat,; Related:vulnerability,
dangling vulnerability: IncludedBy:vulnerability,; Related:risk,
dark-side hacker: IncludedBy:threat,; Related:criminal, malicious,
data: IncludedBy:automated information system,; Related:computer, information, process,
data administration: IncludedBy:automated information system,
data aggregation: IncludedBy:automated information system,; Related:adversary, classified, information, system,
data architecture: IncludedBy:automated information system,; Related:information, process,
Data Authentication Algorithm: IncludedBy:algorithm, authentication,; Related:cipher, function, hash, key,
data authentication code: IncludedBy:National Institute of Standards and Technology, authentication, code, integrity,; Related:algorithm, cryptographic, function, hash function, key, message, standard,; Synonym:message authentication code,
data authentication code vs. Data Authentication Code: IncludedBy:authentication, code,; Related:algorithm, hash, key, message, message authentication code, standard,
data communications: IncludedBy:communications,; Related:information, system,
data compromise: IncludedBy:compromise, incident,; Related:access, access control, authorized, information, security, security incident, unauthorized access,
data confidentiality: IncludedBy:confidentiality, data privacy,; Related:authorized, confidence, entity, information, process, property, system,
data confidentiality service: IncludedBy:confidentiality,; Related:authorized, security,
data contamination: IncludedBy:automated information system,; Related:integrity, process,
data control language: IncludedBy:automated information system, control,
data custodian: Related:information, owner,
data definition language: IncludedBy:automated information system,
data dictionary: IncludedBy:automated information system,; Related:application, file, program,
data diddling: IncludedBy:attack,
data driven attack: IncludedBy:attack,; Related:code, cryptography, process, software, system, users,
Data Encryption Algorithm: IncludedBy:algorithm, encryption, symmetric cryptography,; Related:cipher, key, standard,
data encryption key: IncludedBy:encryption, key,; Includes:data key,; Related:application, cipher, cryptographic, integrity, message, signature,
data encryption security association type indicator: IncludedBy:security,
Data Encryption Standard: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, encryption, key, standard, symmetric algorithm,; Includes:initialization vector,; Related:algorithm, classified, computer, cryptographic, function, information, integrity, message, policy, process, technology,
data flow control: IncludedBy:control, flow,; Related:information,
data flow diagram: IncludedBy:automated information system, flow,
data historian: Related:analysis, control, process,
data input: IncludedBy:automated information system,; Related:domain, function, key, message, process, signature,
data integrity: IncludedBy:data security, integrity,; Related:authorized, computer, confidence, destruction, entity, information, malicious, process, property, quality, subject, trust,
data integrity service: IncludedBy:integrity,; Related:access, access control, association, authentication, authorized, entity, identity, malicious, security, system, users, verification,
data items' representation: Related:cryptographic, cryptography, hash,
data key: IncludedBy:data encryption key, key, key recovery,; Related:authentication, cryptographic, process,
data management: IncludedBy:automated information system,; Related:access, access control, computer, control,
data manipulation language: IncludedBy:automated information system,
data origin authentication: IncludedBy:authentication,; Related:verification,
data origin authentication service: IncludedBy:authentication,; Related:association, connection, digital signature, entity, identity, integrity, key, public-key, signature, system,
data owner: IncludedBy:owner,; Related:critical,
data path: IncludedBy:cryptographic module,
data privacy: IncludedBy:data security, privacy,; Includes:data confidentiality,; Related:assurance, confidentiality,
data processing: IncludedBy:automated information system, process,; Related:computer, program,
data reengineering: IncludedBy:automated information system,; Related:process, system,
data security: IncludedBy:security,; Includes:data integrity, data privacy,; Related:authorized, confidentiality, integrity,
data source: Includes:users,; Related:connection, firewall, interface, network,
data storage: IncludedBy:automated information system,; Related:authority, information,
data string: Related:function, hash,
data structure: IncludedBy:automated information system,
data synchronization: Related:automated information system, file, information,
data transfer device: Related:communications security, key, program, system,
data validation: IncludedBy:automated information system, validation,
database: Related:information, process,
database administration: IncludedBy:automated information system,
database management system: IncludedBy:system,; Includes:consistency, metadata, transaction, view, view definition,; Related:Directory Access Protocol, computer, control, function, information, integrity, retrieval, security, software, users,
database server: Related:information,
datagram: Related:entity, establishment, information, network,
dc servo drive: Related:code,
DD 254 - Final: Related:authorized, classified, requirements, security,
DD 254 - Original: Related:classified, requirements, security,
deactivated state: Antonym:active state,; IncludedBy:key lifecycle state,; Related:cryptographic, key, lifecycle, process,
dead bolt
deadlock: IncludedBy:threat,; Related:process,; Synonym:deadly embrace,
deadlocking panic hardware
deadly embrace: IncludedBy:threat,; Related:process,; Synonym:deadlock,
debilitated: IncludedBy:risk,
debriefing: Related:access,
debug: Related:computer, fault, software,
debugger
debugging: IncludedBy:automated information system,
deception: IncludedBy:threat consequence,; Related:adversary, authorized, case officer, communications, denial, entity, evidence, telecommunications,
decertification: IncludedBy:certification,; Related:revocation,
decibel
decipher: IncludedBy:cipher,; Related:cryptographic, key, system,
decipherment: IncludedBy:cipher,; Related:encipherment,
decision support systems: IncludedBy:system,
declassification: Related:authorized, classified,
declassification authority: Related:classified,
declassification guide: Related:security,
declassification of AIS storage media: Includes:automated information system, subject,; Related:security,
decode: IncludedBy:code,
decomposition: IncludedBy:protection profile,; Related:file, process, profile,
decrypt: Related:algorithm, application, cipher, code, control, cryptographic, encryption, information, key,
decryption: Antonym:encryption,; Related:cipher, encipherment, process,
dedicated loop encryption device: IncludedBy:encryption,
dedicated mode: Related:access, access control, classified, computer security, control, information, operation, process, program, security, system, users,
dedicated security mode: IncludedBy:modes of operation, security,; Related:accreditation, authorization, classification levels, classified, control, information, operation, policy, process, system, system-high security mode, users,
default account: Related:access, access control, computer, login, passwords, system, users,
default classification: IncludedBy:classification levels, classified,; Includes:object,; Related:process, system,
default file protection: IncludedBy:access control, file,; Related:access, control, owner, system,
defect: IncludedBy:risk,; Related:bug, failure, fault, requirements,
defense: Related:confidence, threat,
defense articles
Defense Central Index of Investigations: Related:security,
Defense Central Security Index: IncludedBy:security,; Related:access, authorized, classified,
defense communications system: IncludedBy:communications, system,
defense courier service
Defense Industrial Security Clearance Office: IncludedBy:security,
Defense Information Infrastructure: IncludedBy:information,; Related:application, command and control, communications, computer, control, intelligence, network, process, security, system, telecommunications, users,
Defense Information System Network: IncludedBy:information, network, system,
Defense Information Systems Network: Related:classified, requirements, security, users,
Defense Information Systems Network Designated Approving Authority: Related:intelligence, risk, security,
defense message system: IncludedBy:message, system,
Defense Office of Hearings and Appeals
Defense Personnel Exchange Program: Related:foreign,
Defense Security Service: IncludedBy:security,; Related:critical, intelligence,
Defense Security Service Personnel Investigations Center: IncludedBy:security,
Defense Services: Related:foreign,
defense switched network: IncludedBy:network,
Defense Travel Briefing: Related:criminal, security, target,
Defense Treaty Inspection Readiness Program: Related:security,
defense-in-depth: IncludedBy:security,; Related:application, assurance, attack, availability, confidence, confidentiality, control, information, integrity, operation, resource, risk, system, technology,
defense-wide information assurance program: IncludedBy:information, information assurance, program,; Related:authentication, availability, confidentiality, integrity, non-repudiation, resource,
Defensive Information Operations: IncludedBy:information, operation,; Related:access, access control, assurance, exploit, information assurance, intelligence, process, security, system, technology,
degauss: IncludedBy:erasure,; Includes:degaussing,; Related:application, process,
degausser: IncludedBy:National Security Agency, degausser products list,; Related:computer security, information, system,
degausser products list: IncludedBy:Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership,; Includes:degausser,; Related:computer security, information, system,
degaussing: IncludedBy:degauss,
degrees of freedom: Related:random,
delegated accrediting authority: IncludedBy:authority,
delegated development program: IncludedBy:program,; Related:communications, telecommunications,
delegation: IncludedBy:authorization,
delegation of disclosure authority letter: Related:authorized, foreign, subject,
delete access: IncludedBy:access,; Related:program,
deliberate compromise of classified information: IncludedBy:classified, compromise,; Related:authorized, object,
deliberate exposure: IncludedBy:threat consequence,; Related:authorized, entity,
deliverable: Related:assessment, assurance, file, object, process, profile, security, security target, standard, system, target,
deliverables list: IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership, target of evaluation,; Related:IT security, computer security, security, security target, target,
delivery: IncludedBy:target of evaluation,; Related:process, target,
delivery authority: IncludedBy:authority,; Related:evidence, trust,
delta CRL: IncludedBy:public-key infrastructure,; Related:X.509, certificate, revoked state,
demand assigned multiple access: IncludedBy:access,
demilitarized zone: IncludedBy:firewall,; Includes:protected network, unprotected network,; Related:access, access control, assurance, attack, computer, information, internet, policy, resource, ruleset, security, trust,
demon dialer: IncludedBy:attack,; Related:access, access control, authorized, denial-of-service, malicious, program,
denial: Related:deception, denial-of-service,
denial time: Related:risk,
denial-of-service: IncludedBy:attack, exploit, incident,; Includes:distributed denial-of-service,; PreferredFor:interdiction,; Related:Automated Information System security, ICMP flood, SYN flood, access, access control, application, authorized, availability, availability service, bot-network operators, computer, computer abuse, cookies, critical, demon dialer, denial, function, information systems security, internet, letterbomb, logic bombs, message, operation, ping of death, resource, smurf, spam, system, tamper, users,
deny by default: Related:malware, router, security,
Department of Defense Components
Department of Defense Information System
Department of Defense National Agency Check Plus Written Inquiries: Related:access, security,
department/agency/organization code
dependency: IncludedBy:trusted computing base,; Related:object, requirements,
depends: IncludedBy:trusted computing base,
depot maintenance: IncludedBy:full maintenance,
derf: IncludedBy:threat,; Related:exploit, terminal hijacking,
derivative classification: Related:classified,
derogatory information: Related:connection, criminal, foreign, security, trust,
descriptive top-level specification: IncludedBy:top-level specification,; Related:computer, criteria, evaluation, information, system, trust,
design controlled spare parts: IncludedBy:control,; Related:communications security,
designated: Related:IT security, authorized, computer security, criteria, evaluation, security, validation,
designated accrediting authority: IncludedBy:authority,; Related:risk,
designated approval authority: IncludedBy:authority,; Related:risk, system,
designated approving authority: IncludedBy:accreditation, authority, risk,; Includes:automated information system,; Related:information, network, operation, system,
designated approving authority representative: Related:requirements, security,
designated disclosure authority: Related:classified,
designated intelligence disclosure official: IncludedBy:intelligence,; Related:foreign,
designated laboratories list: IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership,; Related:IT security, authorized, computer security, criteria, evaluation, security, validation,
designating authority: IncludedBy:Common Criteria Testing Laboratory, authority,; Related:criteria, evaluation, validation,
designation policy: IncludedBy:Common Criteria Testing Laboratory, policy,; Related:application, criteria, evaluation, process, requirements, security, validation,
designer: Related:authority, system,
destroyed: HasPreferred:destruction,
destroyed compromised state: IncludedBy:compromise, destruction, key lifecycle state,; Related:key, lifecycle, metadata,
destroyed state: IncludedBy:destruction, key lifecycle state,; Related:key, lifecycle, metadata,
destroying: HasPreferred:destruction,
destruction: IncludedBy:risk,; Includes:destroyed compromised state, destroyed state,; PreferredFor:destroyed, destroying,; Related:Rivest-Shamir-Adleman algorithm, certificate management, critical, critical infrastructures, data integrity, erasure, garbled, integrity, key lifecycle state, key management, one-time pad, recover,
detailed design: IncludedBy:software development, target of evaluation,; Related:process, target,
detectable actions
determination authority: Related:access, intelligence,
deterministic: Related:random,
deterrence: Related:accountability, fear, uncertainty, or doubt,
developer: IncludedBy:target of evaluation,; Related:system, target,
developer security: IncludedBy:security,; Related:control,
development assurance: IncludedBy:assurance, development process,; Includes:software development methodologies,; Related:evidence, operation, process, requirements, test,
development assurance component: IncludedBy:assurance, component,; Related:requirements,
development assurance package: IncludedBy:assurance,
development assurance requirements: IncludedBy:assurance, requirements,; Related:evidence, file, process, profile,
development environment: IncludedBy:development process, target of evaluation,; Related:standard, target,
development process: IncludedBy:process, software development, target of evaluation,; Includes:development assurance, development environment, hierarchical decomposition, informal specification, security specifications, top-level specification, validation, verification,; Related:requirements, software, target,
deviation: Related:personnel security exceptions,
diagnostics: Related:analysis, information,
dial back: Related:computer, connection, identify, system,
dial-up: Includes:dial-up line, dial-up security,; Related:communications, computer,
dial-up capability: Related:remote logon, standard, system, users,
dial-up line: IncludedBy:dial-up,; Related:communications, computer, internet, system,
dial-up security: IncludedBy:dial-up, security,; Related:computer,
diameter: Related:security,
dictionary attack: IncludedBy:attack,; Related:access, access control, authentication, encryption, key, message, password cracker, passwords, software, system, users,
Diffie-Hellman: IncludedBy:asymmetric algorithm,; Related:algorithm, attack, authentication, cryptography, encryption, establishment, key, key management, operation, privacy, protocols, public-key,
diffie-hellman group: Related:encryption, key,
digest: HasPreferred:message digest,
digital certificate: IncludedBy:certificate, credentials, key,; Related:authority, backup, certification, computer, digital signature, entity, identity, object, public-key, security, signature,
digital certification: IncludedBy:certification,; Related:key, public-key,
digital document: Related:automated information system, information, object,
digital envelope: Related:algorithm, confidentiality, encryption, key, message, public-key,
digital forensics: Related:analysis, application, identification, information, integrity,
digital id: IncludedBy:public-key infrastructure,; Related:authentication, certificate, entity, identification, identity, information, key, public-key,
digital key: IncludedBy:key,; Related:cryptographic,
digital notary: Related:digital signature, signature, trust,
digital signature: IncludedBy:key, public-key infrastructure, signature,; Includes:Digital Signature Standard, digital signature algorithm,; Related:ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman algorithm, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, algorithm, archive, asymmetric cryptography, attribute certificate, authentic signature, authenticate, authentication, backup, bind, brand CRL identifier, certificate, certificate validation, certification path, computer, cryptographic, cryptographic algorithm, cryptographic system, cryptography, data origin authentication service, digital certificate, digital notary, digitized signature, dual signature, electronic signature, elliptic curve cryptography, encryption, encryption certificate, end entity, entity, file, function, hash, identity, information, integrity, invalidity date, key pair, merchant certificate, message, network, no prior relationship, non-repudiation, object, operation, personality label, pre-signature, pretty good privacy, private signature key, process, program, public-key, public-key certificate, revocation date, seal, security mechanism, sign, signature certificate, signature equation, signature function, signature key, signature process, signature system, signer, symmetric cryptography, system, triple DES, unforgeable, valid signature, validate vs. verify, verification,
digital signature algorithm: IncludedBy:Digital Signature Standard, algorithm, digital signature, signature,; Related:cryptographic, entity, hash, identity, integrity, key, message, public-key, secure hash algorithm, standard,
Digital Signature Standard: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, digital signature, signature, standard,; Includes:Elliptic Curve Digital Signature Algorithm, digital signature algorithm,; Related:algorithm, cryptography, information, process, technology,
digital subscriber voice terminal
digital telephony: Related:communications, system, technology,
digital watermarking: PreferredFor:watermarking,; Related:control, function, integrity, owner, property,
digitized signature: IncludedBy:signature,; Related:digital signature,
digraph and/or trigraph
diplomatic telecommunications service: IncludedBy:communications, telecommunications,; Related:network,
direct access storage device: IncludedBy:access,; Related:automated information system,
direct data feed: Related:information, process,
direct memory access: IncludedBy:access, automated information system,
direct shipment: Related:communications security, users,
directed-energy warfare: IncludedBy:warfare,; Related:damage,
direction finding
directive
directly trusted CA: IncludedBy:public-key infrastructure, trust,; Related:application, entity, key, public-key,
directly trusted CA key: IncludedBy:key, public-key infrastructure, trust,; Related:certificate, entity, public-key,
Director Central Intelligence Directive: IncludedBy:intelligence,
Director of Central Intelligence Directive: IncludedBy:intelligence,
directory: HasPreferred:directory vs. Directory,
Directory Access Protocol: IncludedBy:access, protocols,; Related:database management system, system, users,
directory information base: IncludedBy:information,
directory service: Related:access, access control, certificate, information, object, public-key infrastructure,
directory user agent: IncludedBy:users,
directory vs. Directory: PreferredFor:directory,; Related:certificate, entity, information, public-key infrastructure, system,
disaster plan: IncludedBy:contingency plan,; Related:authorized, threat,
disaster recovery: IncludedBy:contingency plan, recovery, risk management,; Includes:cold site, hot site,; Related:file, operation, process, reconstitution, users,
disaster recovery plan: IncludedBy:contingency plan, recovery,; Related:application, critical, operation, process, risk management, software, system,
disclosure: Related:release,
disclosure of information: IncludedBy:information,; Related:access, access control, authorized,
disclosure record: Related:access,
discrete event simulation: Related:computer, model, system,
discrete process: IncludedBy:process,; Related:entity, identity,
discretionary access control: Antonym:non-discretionary access control,; IncludedBy:access, control,; Includes:surrogate access,; Related:authorization, authorized, entity, file, identity, object, owner, policy, privileged, process, resource, security, subject, system, users,
disinfecting: Related:file, malware, security,
disk imaging
diskette: Related:access,
dispersion: Related:standard,
disposition
disruption: IncludedBy:threat consequence,; Related:function, operation, system,
dissemination: Related:intelligence,
Distinguished Encoding Rules: IncludedBy:Abstract Syntax Notation One, Basic Encoding Rules,; Related:application, certificate, code, digital signature, signature,
distinguished name: IncludedBy:public-key infrastructure,; Includes:subordinate distinguished name,; Related:X.509, certificate, entity, identify, identity, information, key, object, public-key, subject,
distinguishing identifier: Related:entity, information, non-repudiation, process,
Distributed Authentication Security Service: IncludedBy:authentication, internet, security protocol,; Related:cryptographic, cryptography, protocols,
distributed computing environment: IncludedBy:ACL-based authorization, Generic Security Service Application Program Interface,; Includes:kerberos,; Related:application, audit, authentication, interface, system,
distributed control system: IncludedBy:control, control systems, system,; Related:intelligence, process,
distributed data: Related:computer, network,
distributed database: Related:computer, control, network, process, system,
distributed dataprocessing: IncludedBy:automated information system, process,; Related:computer network, control, function,
distributed denial-of-service: IncludedBy:denial-of-service, exploit,; Related:computer, system, worm,
distributed plant: Related:access, internet,
distributed processing: IncludedBy:automated information system, process,; Related:communications, computer, network, operation, system,
distribution point: IncludedBy:public-key infrastructure,; Related:X.509, authority, certificate, information, key, public-key, revocation, revoked state,
disturbance: Related:control, system,
DNS spoofing: IncludedBy:domain name system, masquerade, spoof, spoofing,; Related:compromise, domain, system,
document
documentary information
documentation: IncludedBy:target of evaluation,; Related:application, control, information, operation, security, software, system, target, users,
DoD Information Technology Security Certification and Accreditation Process: IncludedBy:accreditation, computer security, information, process, requirements, technology,; Related:identify, information security, standard, system,
DoD Trusted Computer System Evaluation Criteria: IncludedBy:computer, criteria, evaluation, system, trust,
domain: IncludedBy:multilevel information systems security initiative, object, subject,; Includes:RA domains, certificate domain, certificate domain parameters, cross domain solution, domain controller, domain modulus, domain name, domain name service server, domain name system, domain of interpretation, domain parameter, domain verification exponent, public domain software, security domain, subset-domain,; Related:DNS spoofing, Internet Corporation for Assigned Names and Numbers, access, access control, access with limited privileges, boundary value analysis, boundary value testing, certificate, control, country code, cryptographic hash function, data input, executive state, firewall, hash function, hash token, identification data, identity, internet, metadata, model, one-way function, packet filtering, pharming, policy, policy creation authority, policy mapping, program, public-key certificate, public-key derivation function, public-key infrastructure, realm, registration, resource, revoked state, security authority, security perimeter, security policy information file, signature function, signature process, system, transport, trust relationship, uniform resource locator, users, validate, verification process,
domain controller: IncludedBy:control, domain,; Related:identification, information, passwords,
domain modulus: IncludedBy:domain,; Related:trust,
domain name: IncludedBy:domain, domain name system,; Related:code, internet, resource, system,
domain name service server: IncludedBy:domain, internet,; Related:computer, protocols,
domain name system: IncludedBy:domain, internet, system,; Includes:DNS spoofing, domain name,; Related:access, access control, authentication, control, information, integrity, key, operation, program, protocols, public-key, resource, response, software, users,
domain of interpretation: IncludedBy:domain,; Related:algorithm, cryptographic, cryptography, information, internet protocol security, internet security protocol, security,
domain parameter: IncludedBy:domain,; Related:access, access control, function, hash, message, policy, security, tokens,
domain verification exponent: IncludedBy:domain, verification,
dominated by: Antonym:dominates,; Includes:object,; Related:access, access control, classification levels, classified, integrity, policy, security, trust,
dominates: Antonym:dominated by,; Related:classification levels, classified, computer security, security,
dongle: IncludedBy:tokens,; Related:authentication, computer, information, key, program, software,
downgrade: IncludedBy:requirements, security,; Related:authorized, classification levels, classified, file, information, network,
downgrading: Related:classified,
download: Related:computer, file, process,
draft RFC: IncludedBy:Request for Comment,
drop accountability: Related:communications security,
Drug Enforcement Agency
dual citizen: Related:United States citizen,
dual control: IncludedBy:control, security,; Related:access, access control, entity, function, information, process, resource, system,
dual driver service
dual signature: IncludedBy:Secure Electronic Transaction, signature,; Related:digital signature, encryption, hash, integrity, key, message, operation, verification,
dual technology: Related:intrusion,
dual-homed gateway firewall: IncludedBy:firewall, gateway,; Related:application, interface, internet, network,
due care: Related:control, information, information security, security, system,
dump: Related:computer, failure,
dumpster diving: IncludedBy:threat,; PreferredFor:trashing,; Related:computer, identity theft, information,
dynamic analysis: IncludedBy:analysis,; Related:code, process, program, system, testing,
dynamic binding: IncludedBy:backup,; Related:association, message, object,
e-banking: IncludedBy:internet,
e-mail server: IncludedBy:internet,; Related:computer,
ease of use: IncludedBy:target of evaluation,; Related:assessment, target, users,
eavesdropping: IncludedBy:attack,; Related:adversary, authorization, authorized, emanation, emanations security, information, message, shoulder surfing,
eavesdropping attack: IncludedBy:attack,; Related:authentication, information, protocols,
economic intelligence: IncludedBy:intelligence,
economy of mechanism: IncludedBy:security,; Related:operation, policy, system,
EE: Related:encryption, entity, escrow, standard,
effective key length: IncludedBy:encryption, key,; Related:algorithm, cryptographic,
effectiveness: IncludedBy:assurance,; Related:file, function, operation, profile, property, requirements, risk, security target, target, threat,
egress filtering: Related:internet, process, protocols, security,
egress point: Related:authorized,
El Gamal algorithm: IncludedBy:algorithm,; Related:cipher, code, cryptography, digital signature, encryption, signature,
elapsed time
electrical power systems: IncludedBy:critical infrastructures, system,; Related:critical, function, users,
electromagnetic compatibility: Related:response, system,
electromagnetic emanations: IncludedBy:emanation, emanations security,
electromagnetic interference: IncludedBy:risk,; Related:system,
electronic attack: IncludedBy:attack,; Related:communications security, jamming,
electronic authentication: IncludedBy:authentication,; Related:information, process, system, users,
electronic benefit transfer: Related:network,
electronic codebook: IncludedBy:code,
electronic commerce: IncludedBy:Secure Electronic Transaction,; Related:communications, computer, electronic data interchange, email, function, information, internet, technology,
electronic counter-countermeasures: IncludedBy:countermeasures,
electronic countermeasures: IncludedBy:countermeasures,
electronic credentials: Related:authentication, entity, identity,
electronic data interchange: Related:communications, computer, electronic commerce, standard, value-added network,
electronic document management system: IncludedBy:system,
electronic fill device
electronic funds transfer system: IncludedBy:system,
electronic generation, accounting, and distribution system: IncludedBy:system,
electronic intelligence: IncludedBy:intelligence,; Related:foreign,
electronic key entry: IncludedBy:key, key management,; Related:cryptographic, module, users,
electronic key management system: IncludedBy:key, key management, system,; Related:communications, communications security,
electronic messaging services: Related:function, internet, quality, requirements,
electronic personnel security questionnaire: IncludedBy:security,
electronic protection: Related:assurance,
electronic questionnaire for investigative processing: Related:security,
electronic security: IncludedBy:security,; Related:analysis, authorized, communications, information,
electronic signature: IncludedBy:signature,; Related:digital signature, information, message,
electronic surveillance: Related:Foreign Intelligence Surveillance Act,
electronic transmission
electronic warfare: IncludedBy:warfare,; Includes:electronic warfare support,; Related:attack, control,
electronic warfare support: IncludedBy:electronic warfare, warfare,; Related:control, identify, information, intelligence, operation, target, threat,
electronically generated key: IncludedBy:key,; Related:algorithm, communications security, software,
element: Related:communications security, security,
eligibility: Related:access, security,
elliptic curve cryptography: IncludedBy:cryptography,; Related:algorithm, analysis, attack, digital signature, key, signature,
elliptic curve cryptosystem: IncludedBy:asymmetric algorithm, cryptographic system, system,; Related:encryption, key, public-key,
Elliptic Curve Digital Signature Algorithm: IncludedBy:Digital Signature Standard, algorithm, signature,; Related:cryptography, digital signature, standard,
email: IncludedBy:internet,; Includes:email packages, email security software, letterbomb, mailbomb, multipurpose internet mail extensions, privacy enhanced mail, secure multipurpose internet mail extensions, spam,; Related:SET qualifier, Secure Data Network System, X.400, application, bounce, communications, computer, electronic commerce, gateway, message, message authentication code vs. Message Authentication Code, message handling system, message integrity code, pretty good privacy, simple mail transfer protocol, system,
email packages: IncludedBy:email,; Includes:email security software,; Related:encryption, function, interface, signature, users,
email security software: IncludedBy:email, email packages, security software, software,; Includes:pretty good privacy,; Related:encryption, message, network, signature, users,
emanation: IncludedBy:TEMPEST, emanations security, threat,; Includes:electromagnetic emanations, emanations analysis,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, eavesdropping, implant, information, intelligence, operation, procedural security, process, security architecture, suppression measure, system,; Synonym:RED signal,
emanations analysis: IncludedBy:analysis, emanation, threat consequence,; Related:system,
emanations security: IncludedBy:TEMPEST,; Includes:compromising emanation performance requirement, compromising emanations, electromagnetic emanations, emanation, undesired signal data emanations,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, analysis, application, authorized, compromise, eavesdropping, implant, information, procedural security, security architecture, suppression measure, system, technology,; Synonym:emissions security,
embedded computer: IncludedBy:computer,; Related:system,
embedded cryptographic system: IncludedBy:cryptographic, cryptographic system, system,; Related:control, function,
embedded cryptography: IncludedBy:cryptography,; Related:cryptographic, function, system,
embedded system: IncludedBy:system,; Related:control, function,
emergency action message: IncludedBy:message,
emergency action plan: Related:attack, damage, intelligence,
emergency plan: IncludedBy:contingency plan,; Related:threat,
emergency response: IncludedBy:response,; Related:computer, damage, operation, property, threat,
emergency response time: IncludedBy:response,
emergency services: IncludedBy:critical infrastructures,; Related:critical, function, recovery, response, system,
emergency shutdown controls: IncludedBy:control, risk management,; Related:IT security, computer, system, vulnerability,
emission security: IncludedBy:security,; Related:analysis, authorized,
emissions security: IncludedBy:Automated Information System security, TEMPEST, communications security, computer security,; Related:RED signal, analysis, authorized, compromise, cryptography, information, system, telecommunications,; Synonym:emanations security,
employee
employment practices and workplace safety: IncludedBy:operational risk loss,
empty position
encapsulating security payload: IncludedBy:internet protocol security, security protocol,; Related:association, authentication, confidentiality, connection, flow, gateway, integrity, internet, internet security protocol, message, protocols, tunnel,
encapsulating security payload protocol: IncludedBy:protocols, security,; Related:encryption, integrity, internet protocol security, internet security protocol,
encapsulation: Related:access, access control, object, program, protocols, resource, users,
encipher: IncludedBy:cipher, encryption,; Related:cryptographic, system,
encipherment: IncludedBy:cipher, encryption,; Includes:asymmetric encipherment system, encipherment algorithm, public encipherment key, public encipherment transformation, symmetric encipherment algorithm,; Related:algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, ciphertext, cryptographic, cryptographic key, cryptographic synchronization, cryptography, decipherment, decryption, encryption algorithm, feedback buffer, information, initializing value, key, private decipherment transformation, private key, public-key, public-key certificate,
encipherment algorithm: IncludedBy:algorithm, cipher, cryptography, encipherment,; Related:encryption,
enclave: Related:assurance, authority, control, policy, security,
enclave boundary: IncludedBy:boundary,
encode: IncludedBy:code, encryption,; Related:cipher, information, system,
encrypt: IncludedBy:cipher, cryptography, encryption,; Related:algorithm, code, cryptographic,
encrypt for transmission only: Related:encryption, network,
encrypted key: IncludedBy:cipher, key, key recovery,; PreferredFor:ciphertext key,; Related:cryptographic, passwords,
encryption: Antonym:cleartext, decryption,; IncludedBy:Secure Electronic Transaction, privacy enhanced mail,; Includes:Cryptographic Application Program Interface, Data Encryption Algorithm, Data Encryption Standard, Escrowed Encryption Standard, International Data Encryption Algorithm, NULL encryption algorithm, The Exponential Encryption System, advanced encryption standard, asymmetric cryptographic algorithm, asymmetric encryption algorithm, bulk encryption, cipher, cryptographic functions, data encryption key, dedicated loop encryption device, effective key length, encipher, encipherment, encode, encrypt, encryption algorithm, encryption certificate, encryption software, encryption strength, encryption tools, end-to-end encryption, endorsed data encryption standard products list, file encryption, full disk encryption, hybrid encryption, key-encryption-key, link encryption, low-cost encryption/authentication device, one-way encryption, pretty good privacy, secure multipurpose internet mail extensions, superencryption, symmetric algorithm, symmetric encryption algorithm, tactical trunk encryption device, tamper, traffic encryption key, trunk encryption device,; Related:CAST, COMSEC control program, Clipper chip, Cryptographic Message Syntax, Diffie-Hellman, EE, El Gamal algorithm, Federal Standard 1027, Fortezza, IEEE P1363, IP splicing/hijacking, Internet Security Association and Key Management Protocol, Law Enforcement Access Field, MIME Object Security Services, Network Layer Security Protocol, Rivest Cipher 2, Rivest Cipher 4, Rivest-Shamir-Adleman algorithm, SET private extension, SOCKS, Secure/MIME, Simple Key-management for Internet Protocols, Skipjack, Terminal Access Controller Access Control System, Transport Layer Security Protocol, algorithm, application, application controls, asymmetric algorithm, asymmetric cryptography, asymmetric encipherment system, asymmetric keys, authentication code, authorized, baggage, block cipher, break, cardholder certificate, certificate revocation list, ciphertext, code, code book, common data security architecture, communications, computer cryptography, container, control, cooperative key generation, cryptanalysis, crypto-algorithm, cryptographic, cryptographic algorithm, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptographic service, cryptographic system, cryptography, decrypt, dictionary attack, diffie-hellman group, digital envelope, digital signature, dual signature, elliptic curve cryptosystem, email packages, email security software, encapsulating security payload protocol, encipherment algorithm, encrypt for transmission only, in the clear, indistinguishability, information, information systems security, information systems security equipment modification, initialization vector, initialize, intelligent threat, internet protocol security, key, key agreement, key center, key distribution center, key generator, key logger, key pair, key recovery, key translation center, key transport, key-encrypting key, key-escrow system, keyed hash, keys used to encrypt and decrypt files, merchant certificate, message authentication code vs. Message Authentication Code, message integrity code, mode of operation, off-line cryptosystem, on-line cryptosystem, one-time pad, operation, over-the-air key transfer, over-the-air rekeying, password system, per-call key, personality label, privacy programs, privacy system, process, protected communications, protected distribution systems, protection suite, public-key cryptography, public-key forward secrecy, salt, secret-key cryptography, secure shell, secure socket layer, security, security management infrastructure, security mechanism, security strength, semantic security, session key, signature certificate, standard, start-up KEK, stream cipher, symmetric cryptographic technique, symmetric cryptography, symmetric key, system, system indicator, threat consequence, tokens, traffic analysis, triple DES, tunnel, unencrypted, version, virtual private network, wrap,
encryption algorithm: IncludedBy:algorithm, encryption,; Related:cipher, communications security, confidentiality, control, cryptographic, encipherment, key, process, version,
encryption certificate: IncludedBy:certificate, encryption,; Related:X.509, cryptographic, digital signature, function, key, public-key, signature,
encryption software: IncludedBy:encryption, software,; Related:file, function, message, users,
encryption strength: IncludedBy:encryption, quality of protection,; PreferredFor:strength of encryption,; Related:algorithm, cryptographic system, key, system,
encryption tools: IncludedBy:encryption, security software,
end entity: IncludedBy:entity,; Related:X.509, application, certificate, cryptography, digital signature, key, policy, public-key, public-key infrastructure, role, signature, subject, system,
end system: IncludedBy:system,; Related:computer, internet, network, protocols,
end-item accounting
end-to-end encryption: IncludedBy:encryption,; Related:communications, computer, cryptographic, flow, information, network, router, system, telecommunications,
end-to-end security: IncludedBy:security,; Related:cryptographic, cryptography, information, system,
end-user: IncludedBy:target of evaluation, users,; Related:application, computer, entity, network, operation, public-key infrastructure, resource, system, target,
end-user computing: IncludedBy:users,
endorsed cryptographic products list: IncludedBy:cryptographic,
endorsed data encryption standard products list: IncludedBy:encryption, standard,
endorsed for unclassified cryptographic information: IncludedBy:classified, cryptographic, information,
endorsed for unclassified cryptographic item: IncludedBy:classified, cryptographic,; Related:information,
Endorsed TEMPEST Products List: IncludedBy:TEMPEST,
endorsed tools list: IncludedBy:Information Systems Security products and services catalogue, formal verification, national information assurance partnership,; Related:computer, computer security, system, trust, verification,
endorsement: Related:information, security,
energy-efficient computer equipment: IncludedBy:computer,; Related:model, users,
enforcement vector
engineering development model
enhanced hierarchical development methodology: IncludedBy:software development methodologies,; Related:program, security,
enrollment service: Related:certificate, entity, process,
ensure: Related:IT security, assure, program, security,
enterprise: Related:operation, process,
enterprise resource planning: IncludedBy:resource,
entity: Includes:application entity, end entity, entity authentication, entity authentication of A to B, entity-wide security, external it entity, federated identity, identity, identity based access control, identity credential, identity credential issuer, identity management systems, identity proofing, identity theft, identity token, identity validation, identity verification, identity-based security policy, mutual entity authentication, peer entity authentication, peer entity authentication service, personal identity verification, personal identity verification card, redundant identity, system entity,; Related:COMSEC account, Challenge Handshake Authentication Protocol, EE, Identification Protocol, Internet Corporation for Assigned Names and Numbers, MISSI user, OAKLEY, PIV issuer, PIV registrar, PKCS #10, X.509, X.509 public-key certificate, acceptance criteria, access control service, account aggregation, account fraud, accountability, accreditation authority, accreditation multiplicity parameter, adversary, alias, anonymous, applicant, applicant assertion, assurance, asymmetric cryptographic technique, attack, attribute, attribute authority, authenticate, authentication, authentication data, authentication exchange, authentication information, authentication protocol, authentication service, authenticator, authenticity, authority, authorization, authorized, availability, binding, biometric measurement, biometric system, biometrics, brand, capability, cardholder, certificate, certificate holder, certificate owner, certificate user, certification, certification authority, certification path, certification practice statement, certification request, certify, challenge/response, checksum, claimant, class 2, 3, 4, or 5, client, communications security, comparisons, component, compromise, configuration item, covert channel, credentials, credentials service provider, criminal groups, criticality assessment, cryptography, data confidentiality, data integrity, data integrity service, data origin authentication service, datagram, deception, deliberate exposure, digital certificate, digital id, digital signature, digital signature algorithm, directly trusted CA, directly trusted CA key, directory vs. Directory, discrete process, discretionary access control, distinguished name, distinguishing identifier, dual control, electronic credentials, end-user, enrollment service, evidence requester, evidence subject, exchange multiplicity parameter, explicit key authentication from A to B, exposure, false acceptance, false rejection, false rejection rate, falsification, flooding, fraud, help desk, human error, identification, identification and authentication, identification authentication, identification data, identifier, implicit key authentication from A to B, individual accountability, inference, insertion, insider, interception, intruder, intrusion, investigation service, issuing authority, judicial authority, kerberos, key confirmation, key confirmation from A to B, key distribution center, key establishment, key owner, key token, key translation centre, key transport, least privilege, login, malicious code, malware, mandatory access control, masquerade, masquerade attack, masquerading, misappropriation, mutual authentication, mutual suspicion, nations, non-repudiation, non-repudiation of creation, non-repudiation service, object, one-time passwords, organizational registration authority, origin authenticity, originator, outsourcing, password system, passwords, perpetrator, personal identification number, personal security environment, phishing, physical access control, practice statement, pre-authorization, principal, privacy, private accreditation information, private key, proprietary, protected channel, proxy server, pseudonym, public-key, public-key certificate, public-key derivation function, public-key information, public-key infrastructure, randomizer, recipient, references, registration, registration authority, relying party, repudiation, response, risk, risk management, role-based access control, root, router, salt, secret, secure envelope, secure socket layer, security authority, server, signature key, signer, simple authentication, site accreditation, source authentication, sponsor, spoof, strong authentication, subject, substitution, theft of service, threat, ticket, time variant parameter, time-stamp requester, time-stamp verifier, tokens, transaction intermediary, trapdoor, trojan horse, trust, trusted agent, unilateral authentication, users, usurpation, validate vs. verify, validation service, vendor, verification, verification key, verified name, verifier, violation of permissions, witness,
entity authentication: IncludedBy:authentication, entity,
entity authentication of A to B: IncludedBy:authentication, entity,; Related:assurance, identity,
entity-wide security: IncludedBy:entity, security,; Related:control, risk,
entrance national agency check: Related:security,
entrapment: IncludedBy:risk management,; Related:exploit, penetration, system,
entropy: Related:attack,
entry control: IncludedBy:access control, control,; Related:access, authorized, controlled access area, process, resource,
entry label: Related:information,
entry-level certification: IncludedBy:certification,; Related:availability, confidentiality, integrity, system,
environment: Includes:object,; Related:operation, system, users,
environmental failure protection: IncludedBy:failure, risk management,; Related:assurance, compromise, cryptographic, cryptography, module,
environmental failure testing: IncludedBy:failure, security testing, test,; Related:compromise, cryptographic, cryptography, module,
environmentally controlled area: IncludedBy:availability, control,; Related:damage,
ephemeral key: IncludedBy:key,; Related:public-key,
equipment radiation TEMPEST zone: IncludedBy:TEMPEST,
equity: Related:classified,
erasable programmable readonly memory
erasure: Includes:degauss, overwrite procedure,; Related:destruction, information, process,
error: Related:bug, fault, operation, process, program, system, version,
error analysis: IncludedBy:analysis,
error detection and correction
error detection code: IncludedBy:code, integrity,; Includes:check character,; Related:information,
error guessing: Related:test,
error seeding: Related:analysis, assurance, computer, mutation analysis, process, program,; Synonym:bebugging,
escort: Related:classified,
escrow: Includes:Escrowed Encryption Standard, key-escrow, key-escrow system,; Related:CAPSTONE chip, Clipper chip, EE, Law Enforcement Access Field, Skipjack, cryptographic, key, key management, key recovery, public-key infrastructure, retrieval, trust,
Escrowed Encryption Standard: IncludedBy:encryption, escrow, standard,; Related:access, access control, algorithm, authorized, classified, communications, key, system, telecommunications,
espionage: IncludedBy:threat,; Related:covert, intelligence,
essential elements of friendly information
essential elements of information
essential secrecy: Related:critical,
establishment: Includes:connection establishment, connection establishment time, key establishment, point-to-point key establishment,; Related:Diffie-Hellman, FIPS PUB 140-1, IPsec Key Exchange, Internet Security Association and Key Management Protocol, OAKLEY, Photuris, aggressive mode, configuration control, connection overhead, cookies, cryptographic module, datagram, filtering router, identity proofing, key agreement, key confirmation, key recovery, key transport, main mode, peer entity authentication service, privacy protection, public law 100-235, public-key forward secrecy, quick mode, security, security association:, subcommittee on Automated Information System security, subcommittee on telecommunications security, testability, unit of transfer,
Estelle: Related:computer, computer network, network, protocols,
ethernet meltdown: IncludedBy:threat,; Related:gateway, illegal, network,
ethernet sniffing: IncludedBy:sniffing,; Related:criteria, file, interface, login, packet sniffer, passwords, promiscuous mode, software, users,
Europay, MasterCard, Visa: Related:application, tokens,
European Information Technology Security Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, information, target of evaluation, technology,; Includes:assurance, correctness,; Related:target, version,
European quality award: IncludedBy:quality,
evaluated products list: IncludedBy:Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership,; Related:computer, computer security, criteria, evaluation, information, software, system, trust, trusted computer system,
evaluated system: IncludedBy:evaluation, system,; Related:criteria, security,
evaluation: IncludedBy:certification,; Includes:Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology, DoD Trusted Computer System Evaluation Criteria, IT Security Evaluation Criteria, IT Security Evaluation Methodology, Information Technology Security Evaluation Criteria, Monitoring of Evaluations, Trusted Computer System Evaluation Criteria, Trusted Products Evaluation Program, access evaluation, assurance, certification and accreditation, certification test and evaluation, cryptosystem evaluation, evaluated system, evaluation authority, evaluation facility, evaluation pass statement, evaluation scheme, evaluation technical report, evaluation work plan, independent review and evaluation, monitoring and evaluation, program evaluation and review technique, quality of protection, risk evaluation, security evaluation, security test & evaluation, software system test and evaluation process, strength of a requirement, target of evaluation, technical surveillance countermeasures surveys and evaluations, validation, verification,; Related:Common Criteria, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, FIPS approved security method, Government Accountability Office, IT security, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Orange book, Red book, Scope of Accreditation, Yellow book, accreditation, accreditation range, acquisition special access program, adjudication, approval/accreditation, approved technologies list, approved test methods list, assessment, benchmark, beyond A1, candidate TCB subset, certificate, certificate revocation list, certification agent or certifier, certification authority, computer security, controlled access program oversight committee, controlled access protection, criteria, cryptosystem survey, descriptive top-level specification, designated, designated laboratories list, designating authority, designation policy, evaluated products list, file, flaw hypothesis methodology, function, independent assessment, intelligence, interface control document, interim approval to operate, network component, observation reports, operations security assessment, penetration test, policy, preproduction model, process, profile, protection philosophy, quality, requirements for content and presentation, requirements for evidence, risk analysis, risk assessment, risk avoidance, risk management, risk treatment, security, security environment threat list, security policy model, security-compliant channel, self-inspection, source selection, sponsor, subset-domain, system, target, technology area, test method, test procedure, testing, threat assessment, trusted network interpretation, type certification, validated products list,; Synonym:analysis,
evaluation and validation scheme: IncludedBy:validation,; Related:authority, function, standard, system,
evaluation assurance: IncludedBy:assurance,; Includes:evaluation assurance level,; Related:analysis, target, threat,
evaluation assurance component: IncludedBy:assurance, component,; Related:requirements,
evaluation assurance level: IncludedBy:Common Criteria for Information Technology Security Evaluation, evaluation assurance, requirements,; Includes:evaluation criteria, evaluator, evaluator actions,; Related:boundary, criteria, network, system,
evaluation assurance package: IncludedBy:assurance,
evaluation assurance requirements: IncludedBy:assurance, requirements,; Related:file, profile,
evaluation authority: IncludedBy:authority, evaluation,; Related:quality, standard,
evaluation criteria: IncludedBy:criteria, evaluation assurance level,; Related:system,
evaluation facility: IncludedBy:evaluation,
evaluation pass statement: IncludedBy:evaluation,; Related:assessment, criteria, standard,
evaluation scheme: IncludedBy:evaluation,; Related:authority,
evaluation technical report: IncludedBy:Common Criteria Testing Laboratory, evaluation,; Related:validation,
evaluation work plan: IncludedBy:Common Criteria Testing Laboratory, evaluation,; Related:IT security, computer security, security,
evaluator: IncludedBy:evaluation assurance level,; Related:assessment, officer, security, system,
evaluator actions: IncludedBy:evaluation assurance level,; Related:criteria, identify, information,
evasion: Related:attack, malicious, target,
event: Related:incident, system,
evidence: IncludedBy:assurance,; Includes:evidence requester, evidence subject, requirements for evidence,; Related:audit trail, correctness, credentials, deception, delivery authority, development assurance, development assurance requirements, failure, forced entry, information, logging, monitor, non-repudiation, non-repudiation information, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, notarization, notary, operations security, operations security survey, proof, records, secure envelope, security audit trail, security environment threat list, security target, statistical estimate, surreptitious entry, time-stamping authority, time-stamping service, trust, trusted time stamping authority, validate vs. verify, validation, validation report, verifier, witness,
evidence requester: IncludedBy:evidence,; Related:entity, trust,
evidence subject: IncludedBy:evidence, subject,; Related:entity,
exception: Related:access, bug, classified, fault, flow, operation, program, security, subject,
exchange multiplicity parameter: Related:authentication, entity, message,
executable code: IncludedBy:code,; Related:computer, program,
execute access: IncludedBy:access,; Related:program, software,
execution, delivery, and process management: IncludedBy:operational risk loss, process,
executive information systems: IncludedBy:information, system,
executive order
executive state: Includes:privileged instructions,; PreferredFor:supervisor state,; Related:domain, operation, privileged, software, system, users,
executive steering committee: Related:information, process,
exempted
exercise key: IncludedBy:key,; Related:communications,
exercised: Related:program, test,
exhaustive testing: IncludedBy:security testing, test,; Related:program,
expanded national agency check
expanded steel
expansibility
expert review team: Related:identify, information, resource, security, system,
expire: HasPreferred:certificate expiration,
explain: Related:information, requirements,
explicit key authentication from A to B: IncludedBy:authentication, key,; Related:assurance, entity,
exploit: IncludedBy:threat,; Includes:denial-of-service, distributed denial-of-service, exploit tools, logic bombs, phishing, sniffer, trojan horse, virus, vishing, war driving, worm, zero-day exploit,; Related:Defensive Information Operations, access, access control, assurance, attack, code, covert channel, derf, entrapment, exploitable channel, firewall, flaw hypothesis methodology, information, information assurance, information superiority, information warfare, intelligent threat, non-technical countermeasure, object, operations security, penetration testing, port scan, program, security, security threat, smurf, system, technical vulnerability, threat agent, vulnerability,
exploit tools: IncludedBy:exploit,; Related:system, vulnerability,
exploitable channel: IncludedBy:channel, threat, trusted computing base,; Includes:covert channel, subject,; Related:computer, covert, exploit, information, policy, security, system,
exploitation: IncludedBy:vulnerability,; PreferredFor:exploitation of vulnerability,; Related:access, access control, control, intelligence, operation, policy, security, system,
exploitation of vulnerability: HasPreferred:exploitation,; IncludedBy:vulnerability,
export: Related:foreign,
export license: Related:authorization, security,
export license application: Related:foreign,
exposure: IncludedBy:threat consequence,; Includes:common vulnerabilities and exposures, external system exposure, internal system exposure,; Related:authorized, entity, inadvertent disclosure, levels of concern, media protection, risk, risk assessment, system, unauthorized disclosure,
extended industry standard architecture: IncludedBy:standard,; Related:automated information system,
extensibility: Related:function, interface, protocols, system,
extensible: Related:control, program,
Extensible Authentication Protocol: IncludedBy:authentication, protocols, security protocol,; Related:challenge/response, network, passwords, response, router,
extensible markup language: IncludedBy:standard generalized markup language,; Related:application, computer, object, process, program, validation,
extension: IncludedBy:public-key infrastructure,; PreferredFor:private extension,; Related:X.509, application, assurance, certificate, certification, function, information, key, policy, public-key, requirements, revocation, security, standard, subject,
external fraud: IncludedBy:fraud, operational risk loss,; Related:property,
external it entity: IncludedBy:entity, target of evaluation,; Related:system, target, trust,
external label: Related:identify,
external security controls: IncludedBy:control, protection profile, risk management, security controls,; Related:access, access control, accreditation, boundary, certification, file, process, profile,
external security testing: IncludedBy:security testing, test,; Related:security perimeter,
external system exposure: IncludedBy:exposure, system,; Related:access, access control, connection, internet, users,
external throughput rate
extraction resistance: Related:communications, cryptography, key, telecommunications,
extranet: IncludedBy:internet,; Related:access, access control, application, authorized, computer, computer network, network, technology, users, virtual private network,
extraordinary security measures: IncludedBy:security,; Related:access, authorized,
facilities: Related:information, process, resource, technology,
facilities accreditation: Related:classified, security,
facilities certification: IncludedBy:certification,; Related:classified, security,
facility
facility manager: Related:security, system,
facility security clearance: IncludedBy:security,; Related:access, classified,
facsimile
fail safe: IncludedBy:failure control,; Related:failure, operation, process, program, software, system,
fail soft: IncludedBy:automated information system, failure control,; Related:application, failure, function, process, software, system,
failed logon: IncludedBy:logon, threat,; Related:access, resource, users,
failure: IncludedBy:risk,; Includes:environmental failure protection, environmental failure testing, failure access, failure control, mean-time-between-failure, mean-time-between-outages, mean-time-to-fail,; Related:IS related risk, abend, abort, accountability, anomaly, availability, backup procedures, bomb, contingency plan, crash, critical mechanism, defect, dump, evidence, fail safe, fail soft, fallback procedures, flooding, function, mean-time-to-repair, mean-time-to-service-restoral, operation, outage, problem, program, recovery procedures, requirements, software, software reliability, strength of a requirement, system, uninterruptible power supply, vulnerability,; Synonym:fault,
failure access: IncludedBy:access, failure, threat,; Related:authorized, incident, software, system, unauthorized access,
failure control: IncludedBy:control, failure, risk management,; Includes:fail safe, fail soft,; Related:function, process, recovery, software, system,
fallback procedures: Related:backup, failure, process, system,
false acceptance: Related:entity, identity, system,
false acceptance rate: IncludedBy:biometrics,; Related:authorized, system, users,
false denial of origin: IncludedBy:threat consequence,
false denial of receipt: IncludedBy:threat consequence,
false negative: IncludedBy:risk,; Related:identify, intrusion, intrusion detection, malicious, system, technology, threat,
false positive: IncludedBy:risk,; Related:classified, intrusion, intrusion detection, malicious, system, technology,
false rejection: Related:entity, identity, system,
false rejection rate: Related:entity, identity, system,
falsification: IncludedBy:threat consequence,; Related:authorized, entity,
family: Related:object, security,
fault: IncludedBy:threat,; Includes:fault injection, fault isolation, fault management, fault tolerance, fault tolerant, security fault analysis,; Related:Federal Standard 1027, alarm reporting, alarm surveillance, anomaly, bug, communications, computer, correctness, debug, defect, error, exception, function, maintenance, network, network management, problem, process, program, software, software reliability, system, trap,; Synonym:failure,
fault injection: IncludedBy:fault,; Related:analysis, code, program, software,
fault isolation: IncludedBy:fault,; Related:accountability, function,
fault management: IncludedBy:fault,
fault tolerance: IncludedBy:fault,; Related:operation, process, risk, software, system,; Synonym:fault tolerant,
fault tolerant: IncludedBy:fault,; Related:availability, function, software, system,; Synonym:fault tolerance,
fear, uncertainty, or doubt: Related:deterrence,
Federal Criteria for Information Technology Security: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, information, technology,; Includes:Federal Criteria Vol. I, assurance, correctness,; Related:system, trust,
Federal Criteria Vol. I: IncludedBy:Federal Criteria for Information Technology Security, National Institute of Standards and Technology, criteria,; Includes:protection profile,; Related:computer security, file, information, profile, standard, technology, version,
Federal Information Processing Standards: IncludedBy:National Institute of Standards and Technology, information, process, standard,; Includes:Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Information Processing Standards Publication 140,; Related:computer, computer security, property, security, system, technology,
Federal Information Processing Standards Publication 140: IncludedBy:Federal Information Processing Standards, information, process, standard,; Synonym:FIPS PUB 140-1,
federal personnel manual
Federal Public-key Infrastructure: IncludedBy:key, public-key, public-key infrastructure,; Related:application, certificate, classified, communications security,
federal record
Federal Reserve Banks
federal secure telephone service
Federal Standard 1027: IncludedBy:National Institute of Standards and Technology, standard,; Related:FIPS PUB 140-1, National Security Agency, analysis, classified, criteria, emanation, emanations security, encryption, fault, information, key, key management, security, tamper,
federal telecommunications system: IncludedBy:communications, system, telecommunications,
federated identity: IncludedBy:entity, identity,; Related:access, access control, federation, system, users,
federation: Related:access, access control, assurance level, federated identity, relying party, system, users,
fedline: Related:access, access control,
fedwire: Related:process, system,
feedback buffer: Related:cipher, cryptography, encipherment, process,
ferroelectric random access memory: IncludedBy:access,
fetch protection: IncludedBy:access control,; Includes:contamination,; Related:access, assurance, authorized, file, process, program, system, unauthorized access,
fiber distributed data interface: IncludedBy:interface,; Related:automated information system,
fiber-optics: Related:information,
field: Related:computer, file,
field device: Related:communications,
field site: Related:communications, system,
fieldbus: Related:control, message, protocols,
file: Includes:CKMS profile, COMSEC profile, IT default file protection parameters, Network File System, access profile, assurance profile, communications profile, critical system files, default file protection, file encryption, file infector virus, file integrity checker, file integrity checking, file protection, file security, file transfer, file transfer access management, file transfer protocol, keys used to encrypt and decrypt files, master file, profile, profile assurance, protection profile, protection profile family, secure profile inspector, security policy information file, system files, system profile, transaction file, trust-file PKI, user profile,; Related:Federal Criteria Vol. I, Minimum Interoperability Specification for PKI Components, PHF, PKIX, Tripwire, access type, anonymous login, antivirus software, archiving, assignment, attack signature recognition, audit, audit software, audit trail, authentication, authorization, backup, backup generations, backup procedures, batch mode, browse access protection, capability, card initialization, clean system, component, computer, computer fraud, connection, container, cookies, correctness, data dictionary, data synchronization, decomposition, deliverable, development assurance requirements, digital signature, disaster recovery, discretionary access control, disinfecting, downgrade, download, effectiveness, encryption software, ethernet sniffing, evaluation, evaluation assurance requirements, external security controls, fetch protection, field, firewall, functional protection requirements, general controls, gopher, granularity, hash function, hash totals, honeypot, hypertext markup language, integration test, intrusion detection system, key-escrow, logic bombs, login, macro virus, malicious applets, mandatory access control, message digest, metadata, multipartite virus, multipurpose internet mail extensions, national computer security assessment program, national information assurance partnership, object, off-line attack, on-access scanning, output, permissions, personal security environment, pretty good privacy, product rationale, programmable logic controller, prowler, purge, purging, push technology, quarantine, quarantining, real-time system, recovery procedures, redundancy, refinement, register, review techniques, rootkit, sampling frame, sandboxed environment, sanitize, script, secure hash algorithm, security certificate, security label, security target, security-relevant event, server, snarf, social engineering, stateful protocol analysis, superuser, suspicious activity report, system administrator privileges, system resources, system software, tracking cookie, trigger, trojan horse, trusted certificate, trusted key, uniform resource locator, upload, users, utility programs, virus, virus signature, web browser cache, web of trust, work product,
file encryption: IncludedBy:encryption, file,; Related:access, authentication, process,
file infector virus: IncludedBy:file, virus,; Related:application, computer, process, program,
file integrity checker: IncludedBy:file, integrity,; Related:message, software,
file integrity checking: IncludedBy:file, integrity,; Related:compromise, message, software,
file protection: IncludedBy:access control, file,; Includes:contamination,; Related:access, assurance, authorized, process, system, unauthorized access,
file security: IncludedBy:access control, file,; Related:access, authorized, computer,
file series: Related:access, subject,
file series exemption
file transfer: IncludedBy:file,; Related:computer, network, process, protocols, system,
file transfer access management: IncludedBy:access, file,; Related:network,
file transfer protocol: IncludedBy:file, internet, protocols,; Related:application, computer, network, standard,
fill device: Related:communications security, cryptography, key,
fill device interface unit: IncludedBy:interface,
filtering router: IncludedBy:router,; Related:control, establishment, internet, network, packet filter, policy, security,; Synonym:screening router,
finality
financial crimes enforcement network: Related:analysis,
financial disclosure: Related:security, subject,
fingerprint: Related:authentication, hash, key, public-key,
finite population correction factor
finite state machine: Related:function, model,
FIPS approved security method: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, security policy,; Related:algorithm, authentication, criteria, cryptographic, evaluation, key,
FIPS PUB 140-1: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology,; Includes:random number generator,; Related:Federal Standard 1027, algorithm, application, authorized, classified, communications security, computer, cryptographic, cryptography, establishment, information, interface, key, key management, module, requirements, role, security, security testing, software, standard, system, test, zeroization, zeroize,; Synonym:Federal Information Processing Standards Publication 140,
fire barrier: IncludedBy:availability,
fire suppression system: IncludedBy:availability, system,
FIREFLY: Related:cryptography, key, key management, protocols, public-key,
firewall: IncludedBy:front-end security filter, gateway, guard, internet, security filter, security software,; Includes:application gateway firewall, application proxy, application-level firewall, bastion host, circuit proxy, connection, demilitarized zone, dual-homed gateway firewall, firewall machine, goodput, homed, host-based firewall, illegal traffic, logging, network address translation, network level firewall, packet filter, packet filtering, packet filtering firewall, protected network, proxy, rejected traffic, router-based firewall, ruleset, screened host firewall, screened subnet firewall, stateful packet filtering, trusted gateway, unprotected network,; Related:access, access control, application, application level gateway, attack, authorization, authorized, boundary, circuit level gateway, computer, computer network, control, countermeasures, criteria, critical, data source, domain, exploit, file, flow, identification, interface, network, operation, policy, process, protocols, resource, router, screening router, software, spoof, system, threat, unauthorized access, unit of transfer, users, vulnerability,
firewall machine: IncludedBy:firewall,; Related:connection, security,
firmware: IncludedBy:cryptographic module,; Related:application, computer, program, software,
fishbone diagram: PreferredFor:cause and effect diagram,; Related:identify,
fishbowl: Related:authorized, information, system, users,
fixed COMSEC facility: Related:communications security,
fixed disk
fixed price contract
flash memory
flaw: IncludedBy:threat,; Related:system,
flaw hypothesis methodology: IncludedBy:risk management,; Related:analysis, attack, compromise, computer, control, evaluation, exploit, penetration, security testing, system, test,
flexibility: Related:operation, program,
flooding: IncludedBy:attack, incident,; Related:access, access control, analysis, computer, covert, entity, failure, flow, information, message, process, system,
flow: Includes:buffer overflow, data flow control, data flow diagram, information flow, information flow control, modeling or flowcharting, security flow analysis, traffic flow confidentiality, traffic-flow security, underflow, workflow,; Related:Bell-LaPadula security model, Gypsy verification environment, access, boundary host, cascading, coding, concurrent connections, confidentiality, contact interface, contactless interface, continuous process, controlled interface, encapsulating security payload, end-to-end encryption, exception, firewall, flooding, hierarchical development methodology, identify, information superiority, infrastructure, interface, internet protocol, internet protocol security, intrusion, intrusion detection, lattice model, link encryption, mandatory access control, network behavior analysis system, packet filtering, ping of death, pressure sensor, program, read, read access, sensor, subject, system, topology, traffic analysis, user data protocol, valve, vulnerability, wiretapping, workgroup computing, write,
flow control: HasPreferred:information flow control,
flush: Related:security,
foe: IncludedBy:threat,
for official use only: Related:classified,
For Official Use Only Certified TEMPEST Technical Authority: Related:certification, requirements, security,
forced entry: Related:authorized, evidence,
foreground information
foreign: Includes:Foreign Intelligence Surveillance Act, Office of Foreign Assets Control, foreign contact, foreign disclosure, foreign disclosure point of contact, foreign exchange personnel, foreign government information, foreign intelligence, foreign intelligence service, foreign interest, foreign liaison officer, foreign military sales, foreign national, foreign owned, controlled or influenced, foreign ownership, control, or influence, foreign person, foreign relations of the united states, foreign representative, foreign travel briefing, foreign visit, representative of a foreign interest, senior foreign official,; Related:Defense Personnel Exchange Program, Defense Services, U.S. person, United States national, acquisition systems protection, caveat, communications intelligence, controlled information, cooperative program personnel, counterintelligence, counterintelligence assessment, criminal activity, critical financial markets, damage to the national security, delegation of disclosure authority letter, derogatory information, designated intelligence disclosure official, electronic intelligence, export, export license application, formerly restricted data, government-to-government transfer, intelligence, intelligence community, long-haul telecommunications, national security system, national security-related information, oral/visual disclosure, program protection plan, psychological operations, release prefix, security assurance, security policy automation network, senior intelligence officer, sensitive information, special access required programs oversight committee, special activity, tear line, technical security, technology control plan, technology transfer, telemetry intelligence, threat, unclassified sensitive,
foreign contact: IncludedBy:foreign,; Related:United States citizen,
foreign disclosure: IncludedBy:foreign,; Related:access, authorized, classified, security,
foreign disclosure point of contact: IncludedBy:foreign,; Related:classified,
foreign exchange personnel: IncludedBy:foreign,
foreign government information: IncludedBy:foreign,
foreign intelligence: IncludedBy:foreign, intelligence,
foreign intelligence service: IncludedBy:foreign, intelligence,
Foreign Intelligence Surveillance Act: IncludedBy:foreign, intelligence,; Related:electronic surveillance,
foreign interest: IncludedBy:foreign,; Related:trust,
foreign liaison officer: IncludedBy:foreign,; Related:authorized, connection, security,
foreign military sales: IncludedBy:foreign,; Related:authorized, security,
foreign national: IncludedBy:foreign,
foreign owned, controlled or influenced: IncludedBy:control, foreign,
foreign ownership, control, or influence: IncludedBy:foreign,; Related:access, authorized, classified,
foreign person: IncludedBy:foreign,; Related:trust,
foreign relations of the united states: IncludedBy:foreign,; Related:classified,
foreign representative: IncludedBy:foreign,
foreign travel briefing: IncludedBy:foreign,; Related:access, classified, security,
foreign visit: IncludedBy:foreign,; Related:access, classified,
forensically clean: Related:malware,
Forensics: HasPreferred:computer forensics,
fork bomb: IncludedBy:threat,; Related:code, process, system,
formal: Antonym:informal,; Includes:formal access approval, formal development methodology, formal model of security policy, formal proof, formal security policy model, formal specification, formal top-level specification, formal verification,; Related:semantics,
formal access approval: IncludedBy:access, formal,; Related:classified, information, owner, privacy, process, requirements, security,
formal development methodology: IncludedBy:formal, software development methodologies,; Related:identification, model, program, requirements, security, software, system, verification,
formal language: Related:analysis, application, computer, program,
formal method: Related:policy, security, system,
formal model of security policy: IncludedBy:formal, model, policy, security, target of evaluation,; Synonym:formal security policy model,
formal proof: IncludedBy:formal, formal verification,; Related:computer, process, program, verification,
formal security policy: IncludedBy:policy, security,
formal security policy model: IncludedBy:formal, formal verification, model, policy, security policy, trusted computing base,; Includes:Bell-LaPadula security model, Biba Integrity model,; Related:computer, control, interface, operation, semantics, system,; Synonym:formal model of security policy,
formal specification: Antonym:informal specification,; IncludedBy:formal, formal verification,; Includes:formal top-level specification,; Related:computer, function, semantics, software, system,
formal top-level specification: IncludedBy:formal, formal specification, top-level specification,; Related:computer, model, policy, process, program, requirements, security, system, verification,
formal verification: IncludedBy:formal, verification,; Includes:endorsed tools list, formal proof, formal security policy model, formal specification,; Related:model, policy, process, program, security, system,
format: Related:computer, information, process,
formerly restricted data: Related:classified, foreign,
formulary: Related:access, access control, control,
Fortezza: IncludedBy:National Institute of Standards and Technology, National Security Agency,; Related:CAPSTONE chip, MISSI user, SSO PIN, SSO-PIN ORA, algorithm, cryptographic, digital signature, encryption, hash, key, no-PIN ORA, personal identification number, personality label, signature, slot, software, tokens, user PIN, user-PIN ORA,
Forum of Incident Response and Security Teams: IncludedBy:computer emergency response team, incident, response,; Related:computer, computer security, information, information security, quality, security incident,
forward engineering: Related:process, system,
forward secrecy: Includes:forward secrecy with respect to A, forward secrecy with respect to both A and B individually, mutual forward secrecy, public-key forward secrecy,; PreferredFor:perfect forward secrecy,; Related:compromise, internet protocol security, internet security protocol, key,
forward secrecy with respect to A: IncludedBy:forward secrecy,; Related:key, operation, property,
forward secrecy with respect to both A and B individually: IncludedBy:forward secrecy,; Related:key, operation, property,
frame relay: Related:automated information system, system, technology, users,
framework: Related:computer, system,
framing: Related:information, standard, users,
fraud: IncludedBy:illegal, threat,; Includes:ACH debit fraud, account fraud, computer fraud, external fraud, fraudulent financial reporting, internal fraud,; Related:authentication, authorized, computer abuse, criminal groups, entity, identity theft, invalidity date, pharming, phishing, replay attack, suspicious activity report, unforgeable,
fraudulent financial reporting: IncludedBy:fraud,; Related:audit,
Freedom of Information Act: Related:access,
freight forwarder
frequency division multiple access: IncludedBy:access,; Related:users,
frequency hopping: Related:algorithm, authorized, communications, communications security, jamming, telecommunications,
friend
friendly
front-end processor: IncludedBy:automated information system, process,; Related:communications, computer,
front-end security filter: IncludedBy:security,; Includes:firewall,; Related:computer, integrity, policy, process, software, system,
full accreditation: IncludedBy:accreditation,; Related:control, process, requirements, security, system,
full disk encryption: IncludedBy:encryption,; Related:access, authentication, computer, process, system,
full maintenance: Includes:depot maintenance,
full-duplex: Related:communications,
function: Includes:IT security support functions, TOE security functions, TOE security functions interface, binding of functionality, binding of security functionality, collision-resistant hash function, cryptographic check function, cryptographic functions, cryptographic hash function, functional component, functional package, functional proponent, functional protection requirements, functional security requirements specification, functional test case design, functional testing, functional unit, functionality, functionality class, hash function, hash function identifier, key derivation function, key generating function, mask generation function, one-way function, public-key derivation function, quality function deployment, reduction-function, round-function, security function, security function policy, signature function, strength of function, sub-function, suitability of functionality, theft of functionality, trusted functionality, verification function,; Related:Abstract Syntax Notation One, Automated Information System security, CAPSTONE chip, CASE tools, CCI assembly, CCI component, CCI equipment, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC module, Common Criteria, Common Criteria for Information Technology Security, Cryptographic Application Program Interface, Data Authentication Algorithm, Data Encryption Standard, Generic Upper Layer Security, Guidelines and Recommendations for Security Incident Processing, IA architecture, IT security product, Information Technology Security Evaluation Criteria, Internet Corporation for Assigned Names and Numbers, Internet Security Association and Key Management Protocol, Monitoring of Evaluations, Network File System, Open Systems Interconnection Reference model, PC card, PKCS #11, POSIX, Rivest-Shamir-Adleman algorithm, S/Key, SOF-basic, SOF-high, SOF-medium, SSO PIN, SSO-PIN ORA, Terminal Access Controller Access Control System, The Exponential Encryption System, Type 4 key, access control, accreditation, administrative access, alarm, alarm surveillance, application, application program interface, application system, approved, architecture, assignment, assurance, assurance profile, asymmetric cryptographic technique, attribute certificate, audit, audit charter, audit program, audit/review, authentication code, authorizing official, automated information system, back up vs. backup, best practices, black-box testing, block, break, bug, business areas, business case, centralized operations, certificate management, certification authority workstation, checksum, claimant, code amber, code red, command and control, communications profile, completeness, component, component dependencies, component extensibility, component hierarchy, computer operations, audit, and security technology, computer security, computing security methods, configuration, configuration identification, configuration item, configuration management, continuity of operations plan, control loop, controlled access protection, cooperative key generation, correctness, corruption, cost/benefit, countermeasures, critical, criticality, criticality assessment, crypto-ancillary equipment, cryptographic check value, cryptographic initialization, cryptographic module, cryptographic officer, cryptographic randomization, cryptographic service, cryptographic token, cultural assumptions, data authentication code, data input, data string, database management system, denial-of-service, digital signature, digital watermarking, disruption, distributed dataprocessing, domain parameter, dual control, effectiveness, electrical power systems, electronic commerce, electronic messaging services, email packages, embedded cryptographic system, embedded cryptography, embedded system, emergency services, encryption certificate, encryption software, evaluation, evaluation and validation scheme, extensibility, extension, fail soft, failure, failure control, fault, fault isolation, fault tolerant, finite state machine, formal specification, gateway, general support system, generation, global command and control system, granularity of a requirement, group user id, hardening, hash code, hash result, hash token, hash value, hashed message authentication code, human error, informal security policy, information architecture, information processing standard, information systems security equipment modification, information technology, information warfare, infrastructure, initial transformation, initializing value, integrity, intelligent electronic device, inter-TSF transfers, interface, internal subject, joint task force-computer network defense, key, key agreement, keyed hash, lines of business, logical access, logical system definition, maintenance, major application, malicious applets, malicious logic, man-in-the-middle attack, matrix, message authentication code algorithm, message authentication code vs. Message Authentication Code, message digest, message representative, metric, misuse, mockingbird, modes of operation, mutual suspicion, mutually suspicious, national information assurance partnership, national security system, natural disaster, network security, no-PIN ORA, off-line cryptosystem, on-line cryptosystem, one-time passwords, open system interconnection model, operating system, operational integrity, organizational registration authority, output transformation, package, packet filtering, plug-in, point-to-point tunneling protocol, port, pre-signature, privilege, privileged process, privileged user, process, product, product rationale, programmable logic controller, protection profile, protection profile family, protection-critical portions of the TCB, protocols, proxy, public-key infrastructure, public-key system, quality of protection, randomizer, reference monitor, reference validation mechanism, registration authority, reliability, requirements, requirements traceability matrix, resource, restructuring, reusability, revision, risk, risk assessment, risk management, robustness, role, role-based access control, rootkit, salt, sector, secure hash standard, secure operating system, security, security certification level, security features, security management infrastructure, security mechanism, security policy, security relevant, security target, security testing, separation of duties, signaling, signaling system 7, signature certificate, signature equation, significant change, site certification, smartcards, software, software assurance, software enhancement, software reliability, software system test and evaluation process, stovepipe systems, stream cipher, strength of a requirement, structural testing, subassembly, subsystem, support software, system, system files, system integrity, system security officer, tamper, tampering, technology area, teleprocessing, testability, thrashing, threat, to-be-process model, token management, tokens, top-level specification, trapdoor, trojan horse, trust, trusted channel, trusted path, trustworthy system, turnaround time, unforgeable, user PIN, user-PIN ORA, usurpation, verifier, version, violation of permissions, website, white-box testing, word, workload,
functional component: IncludedBy:Common Criteria for Information Technology Security Evaluation, component, function, security target,; Includes:object,; Related:audit, requirements,
functional package: IncludedBy:function,; Includes:security target,
functional proponent: IncludedBy:function, network sponsor,
functional protection requirements: IncludedBy:function, protection profile,; Related:assurance, file, profile,
functional security requirements specification: IncludedBy:function, requirements, security,
functional test case design: IncludedBy:function, test,; Related:analysis, black-box testing,
functional testing: IncludedBy:function, security testing, test,; Related:black-box testing, computer, operation, response, system,
functional unit: IncludedBy:component, function,
functionality: IncludedBy:function, target of evaluation,; Related:requirements, security,
functionality class: IncludedBy:function, target of evaluation,; Related:policy, security, system, target,
future narrow band digital terminal: IncludedBy:security,; Related:message, network,
gap analysis: IncludedBy:analysis, risk analysis,; Related:audit, vulnerability analysis,
garbled: Related:cryptographic, destruction, key,
gas and oil production, storage and transportation: IncludedBy:critical infrastructures,; Related:critical, process, role, system,
gateway: IncludedBy:application proxy,; Includes:application gateway firewall, application level gateway, circuit level gateway, common gateway interface, dual-homed gateway firewall, firewall, gateway server, payment gateway, payment gateway certification authority, security gateway, trusted gateway, wireless gateway server,; Related:Chernobyl packet, authentication header, bastion host, break, cardholder certification authority, certification hierarchy, code, communications, component, computer, computer network, email, encapsulating security payload, ethernet meltdown, function, geopolitical certificate authority, guard, interface, internet control message protocol, internetwork, local-area network, merchant certification authority, network, operation, program, protocols, router, screened host firewall, screened subnet firewall, secure network server, security, system, transport mode vs. tunnel mode, tunnel, virtual private network, wiretapping,
gateway server: IncludedBy:gateway, internet,; Related:computer,
gauss
general accounting office
general controls: IncludedBy:control,; Related:IT security, application, computer, file, integrity, object, operation, policy, program, recovery, security, system,
General Services Administration
general support system: IncludedBy:system,; Related:application, communications, control, function, information, resource, software, users,
general-purpose system: IncludedBy:system,; Related:computer,
GeneralizedTime: Related:UTCTime, coordinated universal time,
generally accepted system security principles: IncludedBy:security, system,
generation: Related:cryptographic, function, key, metadata,
Generic Security Service Application Program Interface: IncludedBy:application, interface, internet, program, security protocol,; Includes:distributed computing environment, security support programming interface,; Related:authentication, code, confidentiality, cryptography, integrity, non-repudiation, privacy, process, protocols, standard, system, tokens,
generic SIO class
generic threat: IncludedBy:threat,; Related:vulnerability,
Generic Upper Layer Security: IncludedBy:security,; Related:application, confidentiality, function, information, integrity, standard,
geopolitical certificate authority: IncludedBy:Secure Electronic Transaction, authority, certificate,; Related:certification, gateway, public-key infrastructure,
geosynchronous orbit
global command and control system: IncludedBy:command and control, control, control systems, security, system,; Related:function, information, network, process,
global information grid: IncludedBy:information, security,; Related:application, communications, policy, process, software, system,
global information infrastructure: IncludedBy:information,; Related:communications, connection, system,
global network information environment: IncludedBy:information, network, security,; Related:process, system,
global positioning system: IncludedBy:system,
global requirements: Antonym:local requirements,; IncludedBy:requirements, trusted computing base,; Related:analysis, system,
global telecommunications service: IncludedBy:communications, telecommunications,; Related:network,
goodput: IncludedBy:firewall,; Related:bit forwarding rate, interface, network, protocols, test,
gopher: Related:computer, file, network, protocols, users,
Government Accountability Office: Related:audit, evaluation,
government contracting activity
government emergency telecommunications service: IncludedBy:communications, telecommunications,; Related:network,
government program manager
government services: Related:critical infrastructures,
government-approved facility: Related:access,
government-off-the-shelf
government-to-government transfer: Related:classified, foreign,
graduated security: IncludedBy:security,; Related:risk, system, technology, threat,
granularity: IncludedBy:access control,; Includes:object,; Related:access, control, file,
granularity of a requirement: IncludedBy:requirements, trusted computing base,; Includes:object, subject,; Related:function, users,
graphical-user interface: IncludedBy:interface, users,; Related:computer, key, program,
GRC senior staff: Related:program,
Green book: IncludedBy:rainbow series,; Related:information, interface, internet, passwords, process, program, standard, system,
ground wave emergency network: IncludedBy:network,
group: Related:users,
group key encryption key
group of users: IncludedBy:users,; Related:security, software,
group traffic encryption key
group user id: IncludedBy:user id,; Related:function, risk,
guard: IncludedBy:security,; Includes:firewall,; Related:United States citizen, access, access control, authorized, classified, computer, gateway, information, integrity, network, process, system, trust, users,
guerrilla warfare: IncludedBy:warfare,
guessing entropy: Related:attack, passwords, random, system,
guest system: Related:access,
guideline: Related:policy,
Guidelines and Recommendations for Security Incident Processing: IncludedBy:incident, process, security incident,; Related:function, internet, network, response, role, technology,
Gypsy verification environment: IncludedBy:software development methodologies, verification,; Related:flow, information, process, program, users,
hackers: IncludedBy:threat,; Includes:cracker, hacking, script bunny,; Related:Samurai, access, access control, attack, authorization, authorized, computer, computer network, critical, damage, hacking run, information, intelligence, internet, malicious, network, program, protocols, security, system, users,
hacking: IncludedBy:hackers,; Related:authorized, information, network, security, system,
hacking run: Related:hackers,
half-block
handcarrier: Related:authorized, classified, connection,
handle: Related:operation, process,
handle via special access control channels only: IncludedBy:access,; Related:classified, requirements, security,
handler: Related:attack, control, incident, program, response,
handshaking procedures: Related:authentication, computer, identify, program, users,
hard copy key: IncludedBy:key,; Related:program,
hard disk
hard-copy output
hardened unique storage
hardened unique storage Key: IncludedBy:key,
hardening: Related:assurance, availability, business process, computer, function, process,
hardware: IncludedBy:cryptographic module,; Related:computer, cryptographic, module, process, program, system,
hardware and system software maintenance: IncludedBy:software, system,; Related:control, operation, security,
hardware or software error: IncludedBy:software, threat consequence,; Related:operation, system,
hardware token: HasPreferred:tokens,
hardwired key: IncludedBy:key,
hash: IncludedBy:security,; Includes:collision-resistant hash function, cryptographic hash function, hash algorithm, hash code, hash function, hash function identifier, hash result, hash token, hash totals, hash value, hashed message authentication code, hashing, hashword, keyed hash, keyed hash algorithm, secure hash algorithm, secure hash standard,; Related:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Cryptographic Message Syntax, Data Authentication Algorithm, Fortezza, MD2, MD4, MD5, POP3 APOP, Rivest-Shamir-Adleman algorithm, S/Key, SET private extension, SET qualifier, algorithm, certificate revocation tree, challenge-response protocol, checksum, code, cryptographic, cryptographic algorithm, cryptographic component, cryptographic service, cryptographic system, cryptography, cyclic redundancy check, data authentication code vs. Data Authentication Code, data items' representation, data string, digital signature, digital signature algorithm, domain parameter, dual signature, fingerprint, imprint, initializing value, integrity, integrity check, matrix, message, message authentication code vs. Message Authentication Code, message digest, message integrity code, one-time passwords, one-way function, output transformation, public-key forward secrecy, reduction-function, round-function, secure socket layer, thumbprint, witness, word,
hash algorithm: IncludedBy:algorithm, hash,; Related:message,
hash code: IncludedBy:code, hash,; Related:function, hash function, subject,
hash function: IncludedBy:function, hash,; Related:algorithm, application, attack, authentication, cryptographic, cryptographic hash function, cryptography, data authentication code, domain, file, hash code, hash result, hash value, message, message authentication code, object, property, random, requirements, subject,
hash function identifier: IncludedBy:function, hash,; Related:identify,
hash result: IncludedBy:hash,; Related:function, hash function, message, process,
hash token: IncludedBy:hash, tokens,; Related:code, control, domain, function, identify, signature,
hash totals: IncludedBy:hash,; Related:file, information,
hash value: IncludedBy:hash,; Related:cryptographic, function, hash function, message,
hashed message authentication code: IncludedBy:code, hash, message, message authentication code,; Related:analysis, cryptographic, cryptography, function, key, software,
hashing: IncludedBy:hash,
hashword: IncludedBy:hash,
hazard
head of department of defense component
help desk: Related:communications, computer, entity,
hierarchical decomposition: IncludedBy:development process,; Related:system,
hierarchical development methodology: IncludedBy:software development methodologies,; Related:flow, information, process, program,
hierarchical input process output: IncludedBy:process,
hierarchical PKI: IncludedBy:public-key infrastructure,; Related:certification,
hierarchy management: IncludedBy:public-key infrastructure,; Related:certificate, certification, key, process, public-key,
hierarchy of trust: IncludedBy:public-key infrastructure, trust,; Related:certification,
high assurance guard: IncludedBy:assurance,; Related:classified, message, software,
high availability: IncludedBy:availability,
high-impact system: IncludedBy:system,; Related:availability, information, integrity, object, security,
hijack attack: IncludedBy:attack,; Related:IP splicing/hijacking, association, control, hijacking, pagejacking, spoofing, terminal hijacking,
hijacking: Related:application, attack, hijack attack, response, session hijack attack, system, users,
hoax: IncludedBy:threat,; Related:social engineering, system, users,
home office facility
homed: IncludedBy:firewall,; Includes:tri-homed,; Related:interface, network, security testing, test,
honeypot: Related:attack, authorized, file, resource, system, users,
host: IncludedBy:automated information system,; Related:access, access control, application, communications, computer, computer network, information, internet, network, protocols, software, system, users,
host based: IncludedBy:automated information system,; Related:audit, information, intrusion,
host to front-end protocol: IncludedBy:automated information system, protocols,; Related:control,
host-based firewall: IncludedBy:automated information system, firewall,; Related:application, computer, network, software,
host-based intrusion prevention system: IncludedBy:intrusion, system,; Related:identify, program,
host-based security: IncludedBy:security,; Related:attack, system, version,
hot site: IncludedBy:disaster recovery,; Related:cold site, critical, system,
hot wash: Related:test,
https: Related:access, access control, internet, protocols, security,
human error: IncludedBy:threat consequence,; Related:authorized, entity, function, system,
human intelligence: IncludedBy:intelligence,
human user: IncludedBy:target of evaluation, users,
human-machine interface: IncludedBy:interface,; Related:control, software,
hybrid encryption: IncludedBy:encryption,; Related:algorithm, application, confidentiality, cryptography, key,
hybrid threat: IncludedBy:threat,; Related:criminal, hybrid warfare, information, object, warfare,
hybrid warfare: IncludedBy:warfare,; Related:criminal, hybrid threat, threat,
hydrometer
hydrophone
hydroscope: Related:object,
hygrograph
hygrometer
hygroscope
hyperlink: IncludedBy:world wide web,; Related:access, access control, information, link, object, users,
hypermedia: Related:internet, object,
hypertext: Related:access, access control, computer, internet, standard generalized markup language, world wide web,
hypertext markup language: IncludedBy:standard generalized markup language, world wide web,; Related:application, file, semantics, system,
hypertext transfer protocol: IncludedBy:protocols, world wide web,; Related:application, internet, network, response, secure socket layer,
IA architecture: IncludedBy:information assurance,; Related:function, operation, system,
IA-enabled information technlogogy product: IncludedBy:information,; Related:role, router, security, system, technology, trust,
IA-enabled information technology product: IncludedBy:information, information assurance, technology,
ICMP flood: IncludedBy:attack,; Related:denial-of-service, protocols,
identification: IncludedBy:accountability, authentication,; Includes:Identification Protocol, bank identification number, configuration identification, control identification list, identification and accreditation, identification and authentication, identification authentication, identification data, identification, friend or foe, identification, friend, foe, or neutral, identify, identity, identity based access control, identity-based security policy, key management identification number, personal identification number, privacy, authentication, integrity, identification, non-repudiation, radio frequency identification, risk identification, target identification and analysis techniques, terminal identification, trusted identification forwarding,; Related:Attack Sensing and Warning, IT security support functions, SSO PIN, access, access control, alarm reporting, anonymity, anti-spoof, attribute certificate, bar code, biometric system, candidate TCB subset, certificate, class 2, 3, 4, or 5, comparisons, compromised key list, configuration control, digital forensics, digital id, domain controller, entity, firewall, formal development methodology, identity credential, identity credential issuer, individual electronic accountability, information systems security, information systems security equipment modification, key tag, network component, network sniffing, operations security, personal identity verification, pre-certification phase, primary account number, process, public-key derivation function, redundant identity, registration authority, relying party, repair action, resource, risk analysis, risk assessment, risk management, security controls, spoofing, system, target vulnerability validation techniques, threat assessment, token device, trusted agent, uniform resource identifier, user PIN, users, validate vs. verify, verification, vulnerability assessment,
identification and accreditation: IncludedBy:accreditation, identification,
identification and authentication: IncludedBy:assurance, identification,; Related:access, access control, control, entity, identity, system, users,
identification authentication: IncludedBy:identification,; Related:access, access control, code, computer, entity, identity, process, resource, response, users,
identification data: IncludedBy:identification,; Related:domain, entity, identify, identity credential, key, policy, process, security, signature,
Identification Protocol: IncludedBy:identification, internet, protocols, security protocol,; Related:access, access control, audit, authorization, connection, control, entity, identity, information, owner, system, users,
identification, friend or foe: IncludedBy:identification,
identification, friend, foe, or neutral: IncludedBy:identification,
identifier: Related:entity, identity, key,
identify: IncludedBy:identification,; Related:CRYPTO, DoD Information Technology Security Certification and Accreditation Process, PKIX private extension, SATAN, SWOT analysis, TSEC nomenclature, Tripwire, access level, accountability, alert, antivirus software, audit, audit/review, bank identification number, baseline management, benchmarking, best practices, biometrics, business impact analysis, call back, call back security, certificate revocation list, certifier, configuration management, connection establishment, connection maintenance, connection teardown, dial back, distinguished name, electronic warfare support, evaluator actions, expert review team, external label, false negative, fishbone diagram, flow, handshaking procedures, hash function identifier, hash token, host-based intrusion prevention system, identification data, identity, identity credential, identity theft, individual accountability, information security, information systems security engineering, inspectable space, interface control document, intrusion detection, intrusion detection system, intrusion detection tools, management server, mass mailing worm, message identifier, network behavior analysis system, network-based intrusion prevention system, observation reports, operations security, penetration signature, penetration test, penetration testing, persistent cookie, registration service, requirements for content and presentation, requirements for procedures and standards, reverse engineering, risk analysis, risk assessment, risk evaluation, risk identification, risk management, root cause analysis, security association identifier, security policy model, short title, signature, smartcards, sniffer, spyware detection and removal utility, stateful protocol analysis, system indicator, system security authorization agreement, system testing, terminal identification, test, test design, threat analysis, triangulation, uniform resource identifier, user id, user identifier, vulnerability analysis, vulnerability assessment, vulnerability audit, wireless intrusion detection and prevention system,
identity: IncludedBy:entity, identification,; Includes:federated identity, identity based access control, identity credential, identity credential issuer, identity management systems, identity proofing, identity theft, identity token, identity validation, identity verification, identity-based security policy, personal identity verification, redundant identity,; Related:Identification Protocol, OAKLEY, applicant assertion, assurance, authenticate, authentication data, authentication exchange, authentication information, authentication protocol, authentication service, authenticator, authenticity, authorization, authorized, automated information system media control system, binding, biometric measurement, biometric system, biometrics, certificate, certification authority, certify, challenge/response, claimant, comparisons, component, covert operation, credentials, criminal groups, cryptography, data integrity service, data origin authentication service, digital certificate, digital id, digital signature, digital signature algorithm, discrete process, discretionary access control, distinguished name, domain, electronic credentials, entity authentication of A to B, false acceptance, false rejection, false rejection rate, identification and authentication, identification authentication, identifier, identify, individual accountability, information, key owner, masquerade attack, masquerading, mutual authentication, mutual entity authentication, non-repudiation, object, one-time passwords, organizational registration authority, password system, passwords, peer entity authentication service, personal identification number, phishing, physical access control, principal, private accreditation information, protected channel, proxy server, pseudonym, public-key certificate, references, registration, registration authority, relying party, response, role-based access control, secure socket layer, security, simple authentication, source authentication, strong authentication, subject, ticket, tokens, trust, undercover operation, unilateral authentication, users, validate vs. verify, verification, verified name, verifier, witness,
identity based access control: IncludedBy:access, control, entity, identification, identity,
identity credential: IncludedBy:credentials, entity, identity,; Related:identification, identification data, identify, identity credential issuer, information, users,
identity credential issuer: IncludedBy:credentials, entity, identity,; Related:PIV issuer, access, access control, certification authority, identification, identity credential, resource, users, validate,
identity management systems: IncludedBy:entity, identity, system,; Related:application, process, validation, verification,
identity proofing: IncludedBy:entity, identity,; Related:authority, establishment, information, process, registration, validate,
identity theft: IncludedBy:entity, identity, theft,; Includes:ACH debit fraud, account fraud,; Related:dumpster diving, fraud, identify, information, keystroke logger, phishing, shoulder surfing, social engineering, spyware, subject,
identity token: IncludedBy:entity, identity, tokens,; Related:key, object,
identity validation: IncludedBy:entity, identity, validation,; Related:resource, test, users,
identity verification: IncludedBy:entity, identity, verification,; Related:access, access control, process, system,
identity-based security policy: IncludedBy:entity, identification, identity, policy, security,; Related:access, access control, object, process, resource, subject, system, users,
IEEE 802.10: Related:network, security, standard,
IEEE P1363: Related:cryptography, digital signature, encryption, key, public-key, signature, standard,
illegal: IncludedBy:risk,; Includes:criminal, fraud, illegal drug use, illegal traffic, theft,; Related:computer related crime, ethernet meltdown, suspicious contact, unclassified controlled nuclear information,
illegal drug use: IncludedBy:illegal,; Related:authorized,
illegal traffic: IncludedBy:firewall, illegal,; Related:bit forwarding rate, ruleset,; Synonym:rejected traffic,
imagery: Related:object,
imagery intelligence: IncludedBy:intelligence,; Related:object,
imaging system: IncludedBy:system,; Related:computer,
IMAP4 AUTHENTICATE: Related:authentication, challenge/response, key, protocols, response, security,
imitative communications: IncludedBy:communications,; Related:message,
imitative communications deception: Related:adversary,
immediate family member: Related:access,
immigrant alien
impact: Related:attack, authorized, availability, damage, incident, information, risk assessment, system,
impersonating: Related:spoof,; Synonym:impersonation,
impersonation: IncludedBy:attack,; Includes:verifier impersonation attack,; Related:access, access control, active attack, address spoofing, authentication, authorized, computer, ip spoofing, man-in-the-middle attack, masquerading, mimicking, network, replay attack, social engineering, spoofing, system, users,; Synonym:impersonating, masquerade,
implant: Related:authorized, emanation, emanations security, information,
implementation: IncludedBy:target of evaluation,; Related:process, software, target,
implementation under test: IncludedBy:test,; Related:protocols, security testing,
implementation vulnerability: IncludedBy:vulnerability,; Related:software,
implicit key authentication from A to B: IncludedBy:authentication, key,; Related:assurance, entity,
imported software: IncludedBy:software,
imprint: Related:code, hash,
improved emergency message automatic transmission system: IncludedBy:message, system,
in the clear: Related:encryption,
inadvertent disclosure: IncludedBy:incident,; Related:access, access control, authorized, exposure, information, risk,
inadvertent disclosure incident: Related:access, authorized, classified, security, security incident,
inappropriate usage: IncludedBy:threat,
incapacitation: IncludedBy:risk, threat consequence,; Related:critical, critical infrastructures, operation, system,
incident: IncludedBy:threat,; Includes:COMSEC incident, Computer Incident Advisory Capability, Forum of Incident Response and Security Teams, Guidelines and Recommendations for Security Incident Processing, IT security incident, attack, automated security incident measurement, compromise, computer incident assessment capability, computer intrusion, computer security incident, computer security incident response capability, computer security incident response team, contamination, data compromise, denial-of-service, flooding, inadvertent disclosure, incident handling, incident response capability, multiple component incident, probe, program automated information system security incident support team, security incident, security intrusion, suspicious event,; Related:COMSEC insecurity, antivirus software, availability, classified information spillage, communications security, computer, computer emergency response team, event, failure access, handler, impact, indication, information, infrastructure assurance, integrity, intrusion, intrusion detection, intrusion detection and prevention, intrusion prevention, intrusion prevention system, joint task force-computer network defense, mitigation, precursor, process, protective technologies, response, security, security controls, security event, security policy, signature, spyware detection and removal utility, standard, system, vulnerability,
incident handling: IncludedBy:incident, response,; PreferredFor:incident response,; Related:security,
incident of security concern: IncludedBy:security,; Related:access, attack, authorized, classified,
incident response: HasPreferred:incident handling,
incident response capability: IncludedBy:incident, response,; Related:control, operation, security, system,
incomplete parameter checking: IncludedBy:threat,; Related:penetration, system,
independence: Related:audit,
independent assessment: IncludedBy:assessment,; Related:control, evaluation, security, system,
independent research and development
independent review and evaluation: IncludedBy:evaluation,; Related:system,
independent validation and verification: IncludedBy:validation, verification,; Related:analysis, requirements, security testing, software, software development, test, users,
indication: Related:incident, malware, security,; Synonym:signature,
indicator: Related:adversary, attack,
indirect certificate revocation list: IncludedBy:certificate, public-key infrastructure, revocation,; Related:X.509,
indistinguishability: Related:algorithm, encryption, security,
individual: Related:privacy,
individual accountability: Related:access, access control, computer, entity, identify, identity, system, users,
individual electronic accountability: Related:access, access control, authentication, identification, system, users,
indoctrination: Related:access,
industrial espionage
industrial security: IncludedBy:security,; Related:classified, information security,
industry standard architecture: IncludedBy:standard,; Related:automated information system,
infection: IncludedBy:threat,; Related:malicious, virus, worm,
inference: IncludedBy:threat consequence,; Related:access, access control, authorized, communications, entity,
informal: Antonym:formal,; Includes:informal specification,
informal security policy: IncludedBy:policy, security,; Related:function,
informal specification: Antonym:formal specification,; IncludedBy:development process, informal,
information: Includes:American Standard Code for Information Interchange, Automated Information System security, Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Defense Information Infrastructure, Defense Information System Network, Defensive Information Operations, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Federal Information Processing Standards, Federal Information Processing Standards Publication 140, IA-enabled information technlogogy product, IA-enabled information technology product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, National COMSEC Information Memorandum, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Administration, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, authentication information, automated information system, bandwidth, biometric information, center for information technology excellence, certified information systems security professional, chief information agency officer, chief information officer, classified information, classified information spillage, control information, control objectives for information and related technology, defense-wide information assurance program, directory information base, disclosure of information, endorsed for unclassified cryptographic information, executive information systems, global information grid, global information infrastructure, global network information environment, information and communications, information architecture, information assurance, information assurance manager, information assurance officer, information assurance product, information category, information center, information engineering, information environment, information flow, information flow control, information operations, information owner, information processing standard, information protection policy, information ratio, information resources, information security, information security policy, information security testing, information sharing and analysis center, information superhighway, information superiority, information system, information system security officer, information systems audit and control association, information systems audit and control foundation, information systems security, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, information systems security product, information systems/technology, information technology, information technology system, information type, information warfare, major information system, management information base, multilevel information systems security initiative, national information assurance partnership, national information infrastructure, national security information, national telecommunications and information system security directives, network information services, non-repudiation information, official information, operational vulnerability information, private accreditation information, program automated information system security incident support team, proprietary information, public information, public-key information, request for information, security information object, security information object class, security policy information file, sensitive compartmented information, sensitive compartmented information facility, sensitive information, special information operations, status information, subcommittee on Automated Information System security, technical vulnerability information, wide area information service,; Related:Abrams, Jojodia, Podell essays, Abstract Syntax Notation One, BLACK, Bell-LaPadula security model, British Standard 7799, C2-attack, C2-protect, CASE tools, CCI equipment, COMSEC equipment, COMSEC insecurity, COMSEC modification, COMSEC survey, COMSEC system data, CRYPTO, Common Criteria, Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, Federal Criteria Vol. I, Federal Standard 1027, Forum of Incident Response and Security Teams, Generic Upper Layer Security, Green book, Gypsy verification environment, IS related risk, IT Security Evaluation Criteria, IT security, IT security controls, IT security database, IT security incident, IT security policy, IT-related risk, Identification Protocol, Integrated CASE tools, Interim approval to test, International Traffic in Arms Regulations, International organization for standardization, Internet Corporation for Assigned Names and Numbers, Internet Protocol Security Option, NIAP Common Criteria Evaluation and Validation Scheme, National Institute of Standards and Technology, National Security Agency, National Security Decision Directive 145, PKCS #11, PKIX, POSIX, RED, RED signal, RED/BLACK concept, RED/BLACK separation, SAML authentication assertion, SET private extension, SET qualifier, Secure Electronic Transaction, TEMPEST, TOE security functions interface, Tripwire, Type 1 key, Type 2 key, Type I cryptography, Type II cryptography, Type III cryptography, Wassenaar Arrangement, X.500 Directory, acceptance inspection, access, access control, account aggregation, account management, accountability, accreditation, accreditation authority, accreditation boundary, accreditation multiplicity parameter, adequate security, administration documentation, adversary, aggregation, alarm reporting, alarm surveillance, analysis of alternatives, anonymity, anti-jam, applicant assertion, application data backup/recovery, application server attack, approval/accreditation, approved technologies list, architecture, archive, assessment, asset, association, assurance, asynchronous communication, attack, attackers, attribute certificate, audit record, audit service, audit trail, authentication, authentication code, authentication data, authentication exchange, authenticity, authorized person, authorizing official, automated security incident measurement, availability, banner grabbing, bar code, binding, biometric authentication, bit, block chaining, boundary host, breach, browser, browsing, buffer overflow, business areas, byte, capability, cardholder, cascading, category, certificate, certificate policy qualifier, certificate status responder, certificate user, certification, certification authority, certification path, challenge, challenge/response, channel, channel capacity, checksum, ciphertext, ciphony, class 2, 3, 4, or 5, classification levels, classified, clearance level, cleartext, code, collaborative computing, color change, command and control warfare, common criteria version 1.0, common criteria version 2.0, communication channel, communications cover, communications protocol, communications security, compartment, compartmentalization, compartmented mode, compensating security controls, compromise, compromising emanations, computer abuse, computer cryptography, computer emergency response team, computer intrusion, computer network attack, computer network defense, computer network exploitation, computer security, computer security incident, computer security incident response team, computer security intrusion, computer security technical vulnerability reporting program, concealment system, confidentiality, configuration control, connection, contactless smart card, control, control objectives, control zone, controlled cryptographic item, controlled interface, controlled security mode, cookies, corporate security policy, correctness, correctness integrity, counterintelligence, countermeasures, cover-coding, covert channel, covert channel analysis, covert timing channel, cracker, credentials, criteria, critical security parameters, critical system, criticality, criticality/sensitivity, cross domain solution, cryptographic algorithm for confidentiality, cryptographic check value, cryptographic token, cryptography, cryptosystem survey, cyberattack, cybersecurity, cyberspace, cyberspace operations, data, data aggregation, data architecture, data communications, data compromise, data confidentiality, data custodian, data flow control, data integrity, data storage, data synchronization, database, database management system, database server, datagram, decrypt, dedicated mode, dedicated security mode, defense-in-depth, degausser, degausser products list, demilitarized zone, descriptive top-level specification, designated approving authority, diagnostics, digital document, digital forensics, digital id, digital signature, direct data feed, directory service, directory vs. Directory, distinguished name, distinguishing identifier, distribution point, documentation, domain controller, domain name system, domain of interpretation, dongle, downgrade, dual control, due care, dumpster diving, eavesdropping, eavesdropping attack, electronic authentication, electronic commerce, electronic security, electronic signature, electronic warfare support, emanation, emanations security, emissions security, encipherment, encode, encryption, end-to-end encryption, end-to-end security, endorsed for unclassified cryptographic item, endorsement, entry label, erasure, error detection code, evaluated products list, evaluator actions, evidence, executive steering committee, expert review team, explain, exploit, exploitable channel, extension, facilities, fiber-optics, fishbowl, flooding, formal access approval, format, framing, general support system, global command and control system, guard, hackers, hacking, hash totals, hierarchical development methodology, high-impact system, host, host based, hybrid threat, hyperlink, identity, identity credential, identity proofing, identity theft, impact, implant, inadvertent disclosure, incident, input data, inspectable space, instrumentation, integrity, integrity policy, intelligence, interconnection security agreements, interface, interference, interim accreditation, interim approval to operate, interleaving attack, internal system exposure, internet control message protocol, interoperability, interoperability standards/protocols, intranet, intrusion, intrusion detection, intrusion detection system, key agreement, key establishment, key exchange, key tag, key wrapping, keying material, laboratory attack, leapfrog attack, legacy data, legacy systems, level of protection, levels of concern, lifecycle management, lines of business, link encryption, logical system definition, low-impact system, magnetic remanence, major application, malware, man-in-the-middle attack, management controls, management server, mandatory access control, master file, match, memory scavenging, merchant, message externals, metadata, mission critical, mobile code, mode of operation, moderate-impact system, modes of operation, multi-security level, multicast, multilevel mode, multilevel secure, multilevel security, multilevel security mode, multimedia, multiuser mode of operation, national computer security assessment program, national security system, nations, need-to-know, need-to-know determination, network, network connection, network management protocol, network security, network security officer, network sniffing, non-discretionary security, non-repudiation, non-repudiation exchange, non-technical countermeasure, object, object identifier, on ramp, one-part code, one-time passwords, online certificate status protocol, open storage, open systems interconnection, operational controls, operational documentation, operational key, operations security, oracle, organisational security policy, out-of-band, output, output data, packet, packet filtering, packet switching, partitioned security mode, passive, passive threat, passwords, payload, people, periods processing, personalization service, personnel security, pharming, phishers, phishing, phreaking, physical security, post-accreditation phase, preferred products list, privacy, privacy impact assessment, privacy protection, private accreditation exponent, private data, private key, probe, process, product rationale, promiscuous mode, proprietary, protected distribution systems, protection needs elicitation, protective distribution system, protective technologies, protocol converter, protocol data unit, protocols, psychological operations, public law 100-235, public-key, public-key certificate, public-key infrastructure, purge, purging, radio frequency identification, read, read access, real-time, records, recovery site, red team, redundancy, references, register, register entry, registration authority, regrade, reliability, relying party, remanence, remote access, remote authentication dial-in user service, remote diagnostics, repository, repudiation, requirements for content and presentation, residual risk, residue, resource, review techniques, risk, risk analysis, risk assessment, risk management, rootkit, routing, rules of engagement, sample, sanitization, sanitize, sanitizing, scanning, screen scraping, secrecy policy, secret, sector coordinator, sector liaison, secure channel, security, security assertion markup language, security association:, security attribute, security breach, security category, security certificate, security clearance, security controls, security domain, security evaluation, security event, security flow analysis, security incident, security label, security level, security management, security management infrastructure, security plan, security policy, security policy model, security requirements, security situation, security strength, security tag, security violation, semantic security, sensitive, sensitive label, sensitivity, sensitivity label, signaling, significant change, simple authentication, simple network management protocol, single-level device, smartcards, sniffer, social engineering, soft TEMPEST, solicitation, source integrity, spammers, special access program, special access program facility, spillage, split knowledge, spoofing, spread spectrum, spyware, state, stateful packet filtering, strong authentication, sub-function, subcommittee on telecommunications security, subject, subsystem, superencryption, system, system entity, system high mode, system low, system retention/backup, system security, system security engineering, system security officer, system security policy, system-high security mode, systems security steering group, tamper, target identification and analysis techniques, target vulnerability validation techniques, technical controls, technical countermeasures, technical security policy, telecommunications, teleprocessing, terrorists, threat, threat agent, threat analysis, threat assessment, threat monitoring, token backup, token copy, token device, tokens, topology, traceroute, traffic analysis, transaction, transmission, transmission security, trapdoor, trojan horse, trust, trusted channel, trusted computer system, trusted gateway, trusted identification forwarding, trusted path, trusted platform module chip, trusted subject, trusted time stamp, type 1 products, type 2 product, type 3 key, type 3 product, type certification, unauthorized disclosure, unclassified, uniform resource locator, user documentation, user partnership program, user representative, users, validate vs. verify, validated products list, vaulting, verification, verifier impersonation attack, virtual departments or divisions, virtual private network, vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit, web bug, website, wireless technology, wiretapping, workflow, workstation, world wide web, worm, write,
information and communications: IncludedBy:communications, critical infrastructures, information,; Related:critical, process, software, telecommunications,
information architecture: IncludedBy:automated information system, information,; Related:function, interface,
information assurance: IncludedBy:assurance, information,; Includes:IA architecture, IA-enabled information technology product, defense-wide information assurance program, information assurance manager, information assurance officer, information assurance product, national information assurance partnership,; Related:Common Criteria, Defensive Information Operations, access, adversary, authentication, authorized, availability, certification, confidentiality, exploit, information security, information systems security manager, integrity, intrusion, level of protection, levels of concern, malicious, non-repudiation, object, operation, requirements, system, trust, vulnerability,
information assurance manager: IncludedBy:information, information assurance,; Related:system,
information assurance officer: IncludedBy:information, information assurance, officer,; Related:network security officer, system, system administrator,
information assurance product: IncludedBy:information, information assurance,; Related:access, access control, authentication, authorized, control, integrity, intrusion, intrusion detection, malicious, system, technology, vulnerability,
information category: IncludedBy:information,; Related:access, access control, classified, control, process, security, system, technology,
information center: IncludedBy:automated information system, information,
information engineering: IncludedBy:automated information system, information,; Related:system,
information environment: IncludedBy:automated information system, information,; Related:process, system,
information flow: IncludedBy:automated information system, flow, information,; Related:computer, system,
information flow control: IncludedBy:control, flow, information,; Includes:object,; PreferredFor:flow control,; Related:security, system,
information integrity
information operations: IncludedBy:automated information system, information, operation,; Related:adversary, system,
information owner: IncludedBy:information, owner,; Related:authority, control, operation, process,
information processing standard: IncludedBy:information, process, standard,; Related:communications, function, interoperability, operation, security testing, software, telecommunications, test,
information protection policy: IncludedBy:information, policy,; Related:assurance, operation, security policy, threat,
information rate: HasPreferred:bandwidth,
information ratio: IncludedBy:automated information system, information,
information resources: IncludedBy:information, resource,; Related:technology,
information security: IncludedBy:information, security,; Includes:information security oversight office, information security policy, information security testing, information systems security,; Related:Abrams, Jojodia, Podell essays, British Standard 7799, DoD Information Technology Security Certification and Accreditation Process, Forum of Incident Response and Security Teams, International Traffic in Arms Regulations, National Institute of Standards and Technology, National Security Agency, Sensitive Information Computer Security Act of 1987, access, access control, activity security manager, attack, authorized, availability, communications security, computer, confidentiality, contractor special security officer, control, critical, due care, identify, industrial security, information assurance, information system security officer, integrity, management controls, mission critical, national information assurance partnership, national security system, non-technical countermeasure, process, public-key infrastructure, review techniques, risk, rules of engagement, security policy, system, target identification and analysis techniques, target vulnerability validation techniques, technical countermeasures, threat, users, vulnerability,
information security oversight office: IncludedBy:information security,; Related:classified,
information security policy: IncludedBy:information, information security, policy,
information security testing: IncludedBy:information, information security, security testing, test,; Related:control, process, requirements, system,
information sharing and analysis center: IncludedBy:analysis, information,; Related:intrusion, threat, vulnerability,
information superhighway: IncludedBy:information,; Related:communications, system,
information superiority: IncludedBy:information,; Related:adversary, exploit, flow, process,
information system: IncludedBy:information, system,; Related:computer, process, resource,
information system and network security: IncludedBy:security,; Related:availability,
information system security engineer/system design security officer: IncludedBy:security,; Related:requirements,
information system security officer: IncludedBy:computer security, information, officer, system, system security officer,; Related:authority, information security, operation, owner, program,
information system storage device
information systems audit and control association: IncludedBy:association, audit, control, information, system,
information systems audit and control foundation: IncludedBy:audit, control, information, system,
information systems security: IncludedBy:information, information security, system, threat,; Includes:network security, system security, system security engineering, telecommunications security,; Related:access, access control, authentication, authorized, denial-of-service, encryption, identification, process, unauthorized access, users,; Synonym:computer security,
information systems security association: IncludedBy:association, computer security, information, system,
information systems security engineering: IncludedBy:computer security, information, requirements, system, threat,; Related:communications, countermeasures, identify, process, risk management, vulnerability,
information systems security equipment modification: IncludedBy:computer security, information, system,; Includes:COMSEC modification,; Related:authentication, control, encryption, function, identification, key, message, policy, software,
information systems security manager: IncludedBy:computer security, information, system,; Related:assurance, information assurance, program,
information systems security officer: IncludedBy:computer security, information, officer, system,; Includes:network security officer,; Related:operation, program,
information systems security product: IncludedBy:information, security, system,; Related:module,
Information Systems Security products and services catalogue: IncludedBy:computer security, information, system,; Includes:degausser products list, endorsed tools list, evaluated products list, preferred products list,
information systems security representative: IncludedBy:security,
information systems/technology: IncludedBy:information, system, technology,
information technology: IncludedBy:automated information system, information, technology,; Related:communications, computer, control, function, process, resource, software, system, telecommunications,
Information Technology Security Evaluation Criteria: IncludedBy:computer security, criteria, evaluation, information, technology,; Related:assurance, function, standard,
information technology system: IncludedBy:automated information system, information, system, technology,; Related:communications, computer,
information type: IncludedBy:information,; Related:policy, privacy, security,
information warfare: IncludedBy:information, threat, warfare,; Related:adversary, exploit, function, object, operation, process, system,
infrastructure: Related:flow, function, security, system,
infrastructure assurance: IncludedBy:assurance,; Related:confidence, critical, critical infrastructures, damage, incident, response, risk, risk management, threat,
infrastructure protection: IncludedBy:critical infrastructures,; Related:assurance, critical, risk, threat, vulnerability,
ingress filtering: Related:internet, process, security,
inheritance: Related:object,
initial operating capability: Related:requirements,
initial transformation: Related:algorithm, function, network,
initialization value: Related:algorithm, cipher, cryptographic, key, message, process,; Synonym:initialization vector,
initialization vector: IncludedBy:Data Encryption Standard,; Related:algorithm, cipher, cryptographic, encryption, operation, process,; Synonym:initialization value,
initialize: Related:cryptographic, cryptography, encryption, key,
initializing value: Related:cipher, encipherment, function, hash, process,
inline sensor
input: Related:resource,
input data: IncludedBy:cryptographic module,; Related:cryptographic, information, module,
input preparation cycle: Related:operation, process,
input/output: Related:automated information system,
insertion: IncludedBy:threat consequence,; Related:authorized, entity,
insider: IncludedBy:threat,; Includes:insider attack, insider threat,; Related:access, attack, authorization, authorized, compromise, computer, covert channel, damage, entity, malicious intruder, resource, security, security perimeter, system,
insider attack: IncludedBy:attack, insider,; Related:insider threat, network,
insider threat: IncludedBy:insider,; Related:abuse of privilege, insider attack, internal vulnerability,
inspectable space: Related:TEMPEST, authority, classified, control, identify, information, process,
instance: Related:object,
instantiate
Institute of Electrical and Electronics Engineers, Inc
institute of internal auditors: IncludedBy:audit,
instrument: Related:operation, security testing, software, system, test,
instrumentation: Related:analysis, code, information, operation, program, software, system,
integral file block
Integrated CASE tools: Related:analysis, code, information, software,
integrated logistics support
Integrated services digital network: IncludedBy:network,; Related:communications, computer, interface, standard, system, users,
integrated test facility: IncludedBy:test,; Related:software development,
integration test: IncludedBy:test,; Related:file, interface, process, program, software development,
integrity: IncludedBy:assurance, quality of protection, security goals,; Includes:Biba Integrity model, Clark Wilson integrity model, authenticity, checksum, connectionless data integrity service, correctness, correctness integrity, data authentication code, data integrity, data integrity service, error detection code, file integrity checker, file integrity checking, integrity check, integrity check value, integrity policy, integrity-checking tools, message integrity code, operational integrity, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, secure hash algorithm, source integrity, system and data integrity, system integrity, system integrity service, two-person integrity,; Related:Biba model, Common Criteria for Information Technology Security, Data Encryption Standard, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, Rivest-Shamir-Adleman algorithm, Secure Electronic Transaction, access, access control, adequate security, antivirus software, application server attack, archive, asymmetric cryptography, attack, authenticate, authentication, authentication code, authentication header, authentication header protocol, authorized, business process, common security, communications security, computer, computer abuse, computer emergency response team, computer forensics, computer related controls, computer security, configuration control, critical system files, cut-and-paste attack, cyclic redundancy check, data contamination, data encryption key, data origin authentication service, data security, database management system, defense-in-depth, defense-wide information assurance program, destruction, digital forensics, digital signature, digital signature algorithm, digital watermarking, domain name system, dominated by, dual signature, encapsulating security payload, encapsulating security payload protocol, entry-level certification, front-end security filter, function, general controls, guard, hash, high-impact system, incident, information, information assurance, information assurance product, information security, internet protocol security, intrusion, kerberos, key wrapping, level of concern, levels of concern, line managers, low-impact system, malicious, malicious code, malware, message authentication code, message authentication code vs. Message Authentication Code, message digest, mid-level certification, moderate-impact system, network management, network security, non-repudiation, object, post-accreditation phase, potential impact, privacy enhanced mail, process, property, protected channel, protection suite, public-key certificate, public-key infrastructure, quality, reference monitor, requirements for procedures and standards, review techniques, sandboxed environment, seal, secure DNS, secure envelope, secure hypertext transfer protocol, secure shell, secure single sign-on, secure socket layer, security category, security controls, security event, security objectives, security policy, security requirements, signature, signed applet, simple key management for IP, simple network management protocol, software, supervisory control and data acquisition, system, threat, top-level certification, transmission, trojan horse, trust, trusted channel, trusted computer system, verification, virtual private network, vulnerability,
integrity check: IncludedBy:integrity,; Related:cryptographic, cryptography, hash,
integrity check value: IncludedBy:integrity,
integrity policy: IncludedBy:integrity, policy,; Related:authorized, information, security, security policy, users,
integrity-checking tools: IncludedBy:integrity, security software,
intellectual property: IncludedBy:property,
intelligence: Includes:Director Central Intelligence Directive, Director of Central Intelligence Directive, Foreign Intelligence Surveillance Act, acoustic intelligence, advanced intelligence network, command, control, communications and intelligence, communications intelligence, compartmented intelligence, counterintelligence, counterintelligence assessment, designated intelligence disclosure official, economic intelligence, electronic intelligence, foreign intelligence, foreign intelligence service, human intelligence, imagery intelligence, intelligence activities, intelligence activity, intelligence collection, intelligence community, intelligence community classification and control markings implementation, intelligence cycle, intelligence information, intelligence sources and methods, intelligence special access program, intelligence system, measurement and signature intelligence, national intelligence, open source intelligence, senior intelligence officer, senior officials of the intelligence community, special intelligence, telemetry intelligence,; Related:Defense Information Infrastructure, Defense Information Systems Network Designated Approving Authority, Defense Security Service, Defensive Information Operations, National Security Agency, accreditation, acquisition special access program, acquisition systems protection, adversary, alternative compensatory control measures, analysis, asset, authorized adjudicative agency, authorized classification and control markings register, authorized investigative agency, brute force attack, case officer, classification markings and implementation working group, cognizant security agency, command and control warfare, compromising emanations, computer network exploitation, controlled access program coordination office, controlled access program oversight committee, controlled access programs, cryptology, determination authority, dissemination, distributed control system, electronic warfare support, emanation, emergency action plan, espionage, evaluation, exploitation, foreign, hackers, information, internal vulnerability, national security information, national security system, non-disclosure agreement, operations security, packet switching, personnel security exceptions, physical security waiver, principal accrediting authority, process, program protection plan, reciprocity, report of investigation, risk avoidance, scattered castles, security environment threat list, senior review group, sensitive activities, sensitive compartmented information, sensitive compartmented information facility, sensitive compartmented information facility accreditation, sensitive compartmented information facility database, signal flags, single scope background investigation - periodic reinvestigation, special access program, special access required programs oversight committee, special activity, special security center, sponsoring agency, suspicious contact, systems security steering group, tear line, technical threat analysis, threat assessment, traffic analysis, unconventional warfare,
intelligence activities: IncludedBy:intelligence,; Related:authorized,
intelligence activity: IncludedBy:intelligence,; Related:authorized,
intelligence collection: IncludedBy:intelligence,
intelligence community: IncludedBy:intelligence,; Related:foreign, program, security,
intelligence community classification and control markings implementation: IncludedBy:intelligence,; Related:authorized,
intelligence cycle: IncludedBy:intelligence,; Related:users,
intelligence information: IncludedBy:intelligence,
intelligence sources and methods: IncludedBy:intelligence,; Related:analysis, authorization,
intelligence special access program: IncludedBy:access, intelligence,
intelligence system: IncludedBy:intelligence,
intelligent electronic device: Related:control, function, process,
intelligent threat: IncludedBy:threat,; Related:adversary, algorithm, cipher, cryptography, encryption, exploit, key, operation, vulnerability,
intending citizen
intent: Related:critical, object, security,
intention
inter-TSF transfers: IncludedBy:TOE security functions, target of evaluation,; Related:function, trust,
interactive mode: Related:computer, response,
interarea interswitch rekeying key: IncludedBy:key, rekey,
intercept: IncludedBy:threat,; Related:access, interception,
interception: IncludedBy:threat consequence,; Related:access, access control, authorized, entity, intercept,
interconnected network
interconnection security agreements: IncludedBy:connection, security,; Related:authorization, control, information, requirements, risk, system,
interdependence: Related:risk,
interdependency
interdiction: HasPreferred:denial-of-service,
interface: Includes:Cryptographic Application Program Interface, Generic Security Service Application Program Interface, TOE security functions interface, application program interface, application programming interface, common gateway interface, contact interface, contactless interface, controlled interface, cryptographic application programming interface, fiber distributed data interface, fill device interface unit, graphical-user interface, human-machine interface, interface control document, interface control unit, interface testing, internetwork private line interface, layer management interface, network interface card, secure digital net radio interface unit, security support programming interface, user interface, user interface system,; Related:FIPS PUB 140-1, Green book, Integrated services digital network, PC card, PKCS #11, POSIX, TTY watcher, access, access control, application, architecture, bit forwarding rate, block cipher, boundary, buffer overflow, code, communications, computer, connection, connection establishment time, connection teardown time, console, cryptographic, cryptography, data source, distributed computing environment, dual-homed gateway firewall, email packages, ethernet sniffing, extensibility, firewall, flow, formal security policy model, function, gateway, goodput, homed, information, information architecture, integration test, line conditioning, line conduction, module, on-line system, payment gateway, process, program, promiscuous mode, protocol data unit, proximity, remote terminal emulation, ruleset, scope of a requirement, significant change, smartcards, software, software system test and evaluation process, stealth mode, subnetwork, system, teleprocessing, tri-homed, trusted agent, user representative, users,
interface control document: IncludedBy:control, interface,; Related:authorization, baseline, evaluation, identify, lifecycle, operation,
interface control unit: IncludedBy:automated information system, control, interface,
interface testing: IncludedBy:interface, security testing, test,; Related:control, system,
interference: IncludedBy:threat consequence,; Related:communications, control, information, operation, system, users,
interim access authorization: IncludedBy:access, authorization,; Related:temporary access eligibility,
interim accreditation: IncludedBy:accreditation,; Related:authorization, information, process, security, system,
interim accreditation action plan: IncludedBy:accreditation,; Related:control, critical, operation, owner, program, resource, risk, security, system,
interim approval to operate: Related:authorization, classified, evaluation, information, process, security, system,
Interim approval to test: IncludedBy:test,; Related:authorization, information, operation, system,
interim security clearance: IncludedBy:security,; Related:requirements, temporary access eligibility,
interleaving attack: IncludedBy:attack,; Related:authentication, information,
internal communication channel: IncludedBy:channel, communication channel, communications, target of evaluation,
internal control questionnaire: IncludedBy:control,
internal fraud: IncludedBy:fraud, operational risk loss,; Related:policy, property,
internal label
internal rate of return
internal security controls: IncludedBy:control, risk management, security controls,; Includes:subject,; Related:access, access control, authorized, program, resource, software, system,
internal security testing: IncludedBy:security testing, test,; Related:security perimeter,
internal subject: IncludedBy:subject,; Related:function, process, system, users,
internal system exposure: IncludedBy:exposure, system,; Related:access, access control, assurance, authorization, information, process, security,
internal throughput time
internal TOE transfer: IncludedBy:target of evaluation,
internal vulnerability: IncludedBy:vulnerability,; Related:access, classified, insider threat, intelligence, trust,
International Data Encryption Algorithm: IncludedBy:algorithm, encryption, symmetric algorithm,; Related:key,
international organization
International organization for standardization: IncludedBy:automated information system, standard,; Includes:Open Systems Interconnection Reference model,; Related:ITU-T, information, process, system, technology,
international standards organization: IncludedBy:standard,
international telecommunication union: Related:network,
International Traffic in Arms Regulations: Related:TEMPEST, authority, control, cryptographic, cryptography, information, information security, security, system, technology,
internet: Includes:ARPANET, Distributed Authentication Security Service, Generic Security Service Application Program Interface, IP address, Identification Protocol, Internet Architecture Board, Internet Assigned Numbers Authority, Internet Corporation for Assigned Names and Numbers, Internet Draft, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Message Access Protocol, version 4, Internet Policy Registration Authority, Internet Protocol Security Option, Internet Security Association and Key Management Protocol, Internet Society, Internet Society Copyright, Internet Standard, Internet Standards document, Internet worm, MIME Object Security Services, PKIX, POP3 AUTH, Post Office Protocol, version 3, Rexd, SOCKS, Secure/MIME, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, USENET, anonymous login, cyberspace, domain name service server, domain name system, e-banking, e-mail server, email, extranet, file transfer protocol, firewall, gateway server, internet control message protocol, internet key exchange protocol, internet protocol, internet protocol security, internet service provider, internet vs. Internet, internetwork, internetwork private line interface, intranet, listserv, mailing list, management information base, markup language, multipurpose internet mail extensions, point-to-point protocol, port, pretty good privacy, proxy server, router, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure shell, simple mail transfer protocol, simple network management protocol, sniffer, telnet, traceroute, transmission control protocol, transmission control protocol/internet protocol, transport layer security, tunnel, uniform resource identifier, uniform resource locator, uniform resource name, user data protocol, virtual private network, wide area information service, world wide web, worm,; Related:Green book, Guidelines and Recommendations for Security Incident Processing, IPsec Key Exchange, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Message Security Protocol, Open Systems Interconnection Reference model, Request for Comment, Secure Electronic Transaction, ankle-biter, application gateway firewall, attack, authentication header, bill payment, bill presentment, certification hierarchy, communications, computer, computer emergency response team, computer emergency response teams' coordination center, computer network, concept of operations, confidentiality, connection, control, cookies, countermeasures, demilitarized zone, denial-of-service, dial-up line, distributed plant, domain, domain name, dual-homed gateway firewall, egress filtering, electronic commerce, electronic messaging services, encapsulating security payload, end system, external system exposure, filtering router, hackers, host, https, hypermedia, hypertext, hypertext transfer protocol, ingress filtering, interoperability standards/protocols, lurking, message, national information infrastructure, network, network address translation, network connection, network worm, object identifier, one-time passwords, online certificate status protocol, open systems security, packet assembly and disassembly, password sniffing, peer-to-peer communication, personal communications network, phishing, point-to-point tunneling protocol, policy certification authority, pop-up box, port scanning, privacy enhanced mail, protocols, public-key forward secrecy, remote authentication dial-in user service, repudiation, rules of behavior, scan, secure socket layer, security assertion markup language, spam, system, trojan horse, trusted gateway, users, validate vs. verify, vendor, virtual mall, vishing, web server, website hosting,
Internet Architecture Board: IncludedBy:Internet Society, internet,; Related:advisory, protocols, standard, trust,
Internet Assigned Numbers Authority: IncludedBy:Internet Society, authority, internet,; Related:network, protocols, registration,
internet control message protocol: IncludedBy:control, internet, message, protocols, security,; Related:communications, gateway, information, network, process, router, standard,
Internet Corporation for Assigned Names and Numbers: IncludedBy:internet,; Related:domain, entity, function, information, key, object, protocols, system,
Internet Draft: IncludedBy:internet,; Related:update,
Internet Engineering Steering Group: IncludedBy:Internet Society, internet,; Related:process, standard, trust,
Internet Engineering Task Force: IncludedBy:Internet Society, internet,; Related:access, access control, authentication, message, protocols, random, security, standard, technology, version,
internet key exchange protocol: IncludedBy:internet, key, protocols,; Related:association, security,
Internet Message Access Protocol, version 4: IncludedBy:access, internet, message, protocols, version,
Internet Policy Registration Authority: IncludedBy:Internet Society, authority, internet, policy, registration,; Related:X.509, certification, public-key infrastructure,
internet protocol: IncludedBy:internet, protocols,; Related:communications, computer, control, flow, network, router, standard, system, version,
internet protocol security: IncludedBy:communications security, internet, protocols, security protocol,; Includes:IPsec Key Exchange, authentication header, encapsulating security payload, transport mode vs. tunnel mode, tunnel mode,; Related:Internet Security Association and Key Management Protocol, NULL encryption algorithm, OAKLEY, Photuris, access, access control, aggressive mode, algorithm, association, authentication, authentication header protocol, confidentiality, connection, control, cookies, domain of interpretation, encapsulating security payload protocol, encryption, flow, forward secrecy, integrity, internet security protocol, key, key management, main mode, pre-shared key, process, protection suite, public-key, quick mode, secure socket layer, security association:, security gateway, security parameters index, system, transport mode, triple DES, version,
Internet Protocol Security Option: IncludedBy:internet, protocols, security protocol,; Related:National Security Agency, access, access control, authority, classification levels, classified, information, network, process, program, users,
Internet Security Association and Key Management Protocol: IncludedBy:association, internet, key, key management, protocols, security protocol,; Related:algorithm, authentication, connection, cryptography, digital signature, encryption, establishment, function, internet protocol security, internet security protocol, signature,
internet security protocol: Includes:IPsec Key Exchange,; Related:Internet Security Association and Key Management Protocol, NULL encryption algorithm, OAKLEY, Photuris, aggressive mode, authentication header, authentication header protocol, cookies, domain of interpretation, encapsulating security payload, encapsulating security payload protocol, forward secrecy, internet protocol security, main mode, pre-shared key, protection suite, quick mode, secure socket layer, security association:, security gateway, security parameters index, transport mode, transport mode vs. tunnel mode, triple DES, tunnel mode,
internet service provider: IncludedBy:internet,; Related:access, access control,
Internet Society: IncludedBy:internet,; Includes:Internet Architecture Board, Internet Assigned Numbers Authority, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Policy Registration Authority, Internet Society Copyright, Request for Comment,; Related:standard, trust,
Internet Society Copyright: IncludedBy:Internet Society, internet,; Related:process, standard,
Internet Standard: IncludedBy:internet, standard,; Related:Request for Comment, operation, process, protocols,
Internet Standards document: IncludedBy:Request for Comment, internet, standard,; Related:process,
internet vs. Internet: IncludedBy:internet,; Related:application, computer, computer network, model, network, protocols, standard, system, users,
Internet worm: IncludedBy:internet, worm,; Related:computer, connection, network, program, system,
internetwork: IncludedBy:internet, network,; Related:communications, gateway, protocols, system,
internetwork private line interface: IncludedBy:interface, internet,; Related:connection, cryptographic,
interoperability: Includes:Minimum Interoperability Specification for PKI Components, Trusted Systems Interoperability Group, interoperability standards/protocols,; Related:PKIX, application programming interface, computer, information, information processing standard, open system environment, open systems, portability, recommended practices, security assertion markup language, semantics, site accreditation, system,; Synonym:interoperable,
interoperability standards/protocols: IncludedBy:interoperability, protocols, standard,; Related:computer, information, internet, program,
interoperable: Related:software,; Synonym:interoperability,
interoperate: Related:system,
interpersonal messaging
interpretation: Related:application, criteria,
interpreted virus: IncludedBy:virus,; Related:application, code,
interswitch rekeying key: IncludedBy:key, rekey,
interval estimate: Related:confidence,
interval variable
intranet: IncludedBy:internet,; Related:access, access control, authorized, communications, computer, computer network, information, network, technology, users,
intruder: IncludedBy:intrusion,; Related:access, access control, authorization, entity, resource, system,
intrusion: IncludedBy:threat consequence,; Includes:Intrusion Detection In Our Time, SATAN, computer intrusion, computer security intrusion, host-based intrusion prevention system, intruder, intrusion detection, intrusion detection and prevention, intrusion detection and prevention system, intrusion detection system, intrusion detection system load balancer, intrusion detection tools, intrusion prevention, intrusion prevention system, meaconing, intrusion, jamming, and interference, network-based intrusion prevention system, penetration, security intrusion, wireless intrusion detection and prevention system,; Related:access, access control, accountability, agent, anomaly detection, anomaly detection model, antivirus software, attack, authorization, authorized, availability, balanced magnetic switch, break-wire detector, channel scanning, compromise, computer, computer security incident, confidentiality, console, cracker, dual technology, entity, false negative, false positive, flow, host based, incident, information, information assurance, information assurance product, information sharing and analysis center, integrity, management server, misuse detection model, multihost based auditing, network based, network behavior analysis system, resource, rules based detection, security, sensor, shim, stealth mode, stealth probe, subversion, system, technology, trustworthy system, tuning, unauthorized access,
intrusion detection: IncludedBy:intrusion,; Includes:Intrusion Detection In Our Time, intrusion detection and prevention, intrusion detection system, intrusion detection system load balancer, intrusion detection tools, wireless intrusion detection and prevention system,; Related:access, access control, accountability, agent, antivirus software, audit, authorization, authorized, channel scanning, computer, console, countermeasures, false negative, false positive, flow, identify, incident, information, information assurance product, intrusion prevention system, management server, network, network behavior analysis system, process, resource, rules based detection, security, sensor, shim, software, stealth mode, stealth probe, system, tuning,
intrusion detection and prevention: IncludedBy:intrusion, intrusion detection,; Related:computer, incident, process, system,
intrusion detection and prevention system: IncludedBy:intrusion,; Related:access, security,
Intrusion Detection In Our Time: IncludedBy:intrusion, intrusion detection, security software,; Related:system,
intrusion detection system: IncludedBy:intrusion, intrusion detection, security software, system,; Related:access, audit, authorized, computer, file, identify, information, network, process, resource, software,
intrusion detection system load balancer: IncludedBy:intrusion, intrusion detection, system,
intrusion detection tools: IncludedBy:intrusion, intrusion detection, security software,; Related:access, access control, authorized, computer, identify, system, unauthorized access,
intrusion prevention: IncludedBy:intrusion,; Includes:intrusion prevention system,; Related:accountability, computer, countermeasures, incident, process, system,
intrusion prevention system: IncludedBy:intrusion, intrusion prevention, system,; Related:incident, intrusion detection, software, target,
invalidation: Related:classified,
invalidity date: IncludedBy:public-key infrastructure,; Related:X.509, certificate, compromise, digital signature, fraud, key, non-repudiation, revocation, revoked state, signature,
investigation service: Related:entity,
IP address: IncludedBy:internet,; Related:computer, network, protocols, version,
ip payload compression protocol: IncludedBy:protocols,
IP splicing/hijacking: IncludedBy:attack,; Related:authentication, authorized, encryption, hijack attack, network, role, users,
ip spoofing: IncludedBy:address spoofing, masquerade, spoof, spoofing,; Related:impersonation, network, system,
IPsec Key Exchange: IncludedBy:internet protocol security, internet security protocol, key,; Related:association, authentication, establishment, internet, protocols,
irregular warfare: IncludedBy:warfare,
IS related risk: IncludedBy:risk,; Related:authorized, failure, information, malicious, operation, system, threat, vulnerability,
IS security architecture: IncludedBy:computer security,; Related:system,
isolation: Includes:object, subject,; Related:control, system,
isolator: Related:access, security,
issue: Related:certificate, public-key infrastructure, users,
issue case
issuer: IncludedBy:Secure Electronic Transaction,; Related:X.509, authorized, certificate, public-key infrastructure,
issuing authority: IncludedBy:authority,; Related:entity, update,
IT default file protection parameters: IncludedBy:access control, file,; Related:owner, system,
IT resources: IncludedBy:resource,; Related:communications, computer, software, system, telecommunications,
IT security: IncludedBy:Automated Information System security,; Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security achitecture, IT security certification, IT security controls, IT security database, IT security goal, IT security incident, IT security objective, IT security plan, IT security policy, IT security product, IT security support functions,; Related:Common Criteria Testing Laboratory, Common Criteria for Information Technology Security Evaluation, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, approved technologies list, approved test methods list, assure, audit, authentication, availability, center for information technology excellence, certification, compliance-based, confidentiality, conformant validation certificate, contingency plan, deliverables list, designated, designated laboratories list, emergency shutdown controls, ensure, evaluation, evaluation work plan, general controls, information, integrity, management control processes, non-repudiation, observation reports, operation, organization computer security representative, party, protection profile, residual risk, risk treatment, risk-based, security goals, security target, system, technology area, waiver,; Synonym:computer security,
IT security achitecture: IncludedBy:IT security, security,; Related:system,
IT security certification: IncludedBy:Automated Information System security, IT security, certification, computer security, target of evaluation,; Related:application, certificate, criteria,
IT security controls: IncludedBy:IT security, control, security,; Related:availability, confidentiality, information, integrity, security controls, software,
IT security database: IncludedBy:IT security, security,; Related:authorized, control, information, process, program, system,
IT Security Evaluation Criteria: IncludedBy:Automated Information System security, IT security, computer security, criteria, evaluation,; Related:confidence, information, standard, validation,
IT Security Evaluation Methodology: IncludedBy:Automated Information System security, IT security, computer security, evaluation,; Related:confidence, criteria, standard, validation,
IT security goal: HasPreferred:security goals,; IncludedBy:IT security, security,
IT security incident: IncludedBy:IT security, incident, security incident,; Related:authorized, availability, computer, confidentiality, information, integrity, resource, security-relevant event, system, users, vulnerability,
IT security objective: HasPreferred:security objectives,; IncludedBy:IT security, object, security,
IT security plan: IncludedBy:IT security, security,; Related:system,
IT security policy: IncludedBy:IT security, computer security, policy,; Related:information, system,
IT security product: IncludedBy:IT security, computer security,; Related:function, software, system,
IT security support functions: IncludedBy:IT security, function, security,; Related:application, identification, software, system, users,
IT system: HasPreferred:automated information system,
IT-related risk: IncludedBy:risk,; Related:authorized, information, malicious, operation, system, technology, threat, vulnerability,
iteration: Related:operation,
ITU-T: Includes:CCITT, Open Systems Interconnection Reference model,; Related:International organization for standardization, communications, protocols, standard, system, telecommunications,
jamming: Includes:advanced self-protection jammer, meaconing, intrusion, jamming, and interference, radio frequency jamming,; Related:anti-jam, anti-jamming, attack, electronic attack, frequency hopping,
Java: IncludedBy:software,; Related:application, network, program, system,
jitter
joint personnel adjudication system: Related:access, authorized, security,
joint task force-computer network defense: IncludedBy:computer, computer network,; Related:damage, function, incident, system, threat,
joint use agreement: Related:security,
joint venture
JTC1 Registration Authority: IncludedBy:authority, registration,; Related:object, standard,
judgment sample: Related:analysis, standard,
judicial authority: IncludedBy:authority,; Related:entity,
kerberos: IncludedBy:Simple Authentication and Security Layer, distributed computing environment, security software,; Includes:key distribution center, session key, third party trusted host model,; Related:access, access control, application, attack, authorization, control, cryptography, entity, integrity, key, network, passwords, privacy, protocols, system, technology, trust, users,
kernelized secure operating system: IncludedBy:system,
key: IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative,; Includes:Data Encryption Standard, Federal Public-key Infrastructure, IPsec Key Exchange, Internet Security Association and Key Management Protocol, Key Exchange Algorithm, Key Management Protocol, MAC algorithm key, Programmable key storage device, S/Key, SAVILLE Advanced Remote Keying, Simple Key-management for Internet Protocols, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Type 1 key, Type 2 key, Type 4 key, X.509 public-key certificate, area interswitch rekeying key, asymmetric cryptographic algorithm, asymmetric key pair, asymmetric keys, automated key distribution, automated key management center, automated key management system, automatic key distribution center, automatic key distribution/rekeying control unit, automatic remote rekeying, block cipher key, certificate rekey, cipher text auto-key, common interswitch rekeying key, compartment key, compromised key list, contingency key, cooperative key generation, cooperative remote rekeying, core or key process, crypto-ignition key, cryptographic functions, cryptographic ignition key, cryptographic key, cryptographic key component, cryptographic key management system, cryptonet key, data encryption key, data key, digital certificate, digital key, digital signature, directly trusted CA key, effective key length, electronic key entry, electronic key management system, electronically generated key, encrypted key, ephemeral key, exercise key, explicit key authentication from A to B, hard copy key, hardened unique storage Key, hardwired key, implicit key authentication from A to B, interarea interswitch rekeying key, internet key exchange protocol, interswitch rekeying key, key agreement, key authentication, key card, key center, key confirmation, key confirmation from A to B, key control, key derivation function, key distribution, key distribution center, key distribution service, key entry, key establishment, key exchange, key generating function, key generation, key generation exponent, key generator, key label, key length, key lifecycle state, key lifetime, key list, key loader, key management, key management application service element, key management center, key management identification number, key management infrastructure, key management ordering and distribution center, key management protocol data unit, key management system, key management system Agent, key management user agent, key management/exchange, key material identifier, key output, key owner, key pair, key processor, key production key, key recovery, key space, key state transition, key storage device, key stream, key tag, key tape, key token, key translation center, key translation centre, key transport, key update, key updating, key validation, key variable generator, key wrapping, key-auto-key, key-encrypting key, key-encryption-key, key-escrow, key-escrow system, keyed hash, keyed hash algorithm, keying material, keys used to encrypt and decrypt files, local management device/key processor, lock-and-key protection system, loop key generator, maintenance key, manual key distribution, manual key entry, manual remote rekeying, master crypto-ignition key, operational key, over-the-air key distribution, over-the-air key transfer, over-the-air rekeying, per-call key, plaintext key, point-to-point key establishment, post-nuclear event key, pre-shared key, pretty good privacy, private decipherment key, private key, private signature key, public encipherment key, public verification key, public-key, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key derivation function, public-key forward secrecy, public-key information, public-key infrastructure, public-key system, rekey, remote rekeying, reserve keying material, root key, secret key, secret-key cryptography, secure multipurpose internet mail extensions, security management infrastructure, seed key, session key, signature key, simple key management for IP, single point keying, split key, symmetric algorithm, symmetric key, test key, token storage key, tokens, traffic encryption key, transmission security key, trusted key, type 3 key, unique interswitch rekeying key, verification key, virtual private network,; Related:Blowfish, CA certificate, CAPSTONE chip, CKMS, COMSEC Material Control System, COMSEC aid, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC system data, CRYPTO, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Clipper chip, Cryptographic Message Syntax, Data Authentication Algorithm, Data Encryption Algorithm, Diffie-Hellman, Escrowed Encryption Standard, FIPS PUB 140-1, FIPS approved security method, FIREFLY, Federal Standard 1027, Fortezza, IEEE P1363, IMAP4 AUTHENTICATE, International Data Encryption Algorithm, Internet Corporation for Assigned Names and Numbers, MIME Object Security Services, MISSI user, OAKLEY, PKCS #10, PKCS #11, PKIX, POP3 APOP, Photuris, RED signal, RSA algorithm, Rivest Cipher 2, Rivest Cipher 4, Rivest-Shamir-Adleman algorithm, SET private extension, Secure Data Network System, Simple Authentication and Security Layer, Skipjack, Standards for Interoperable LAN/MAN Security, The Exponential Encryption System, U.S.-controlled space, Wassenaar Arrangement, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, access control center, account authority digital signature, accountability, active state, advanced encryption standard, algorithm, applicant, archive, asymmetric algorithm, asymmetric cryptographic technique, asymmetric cryptography, attribute certificate, authentication protocol, authority revocation list, backup, bind, binding, biometrics, bit, block cipher, bound metadata, break, brute force attack, canister, certificate, certificate directory, certificate domain, certificate management, certificate policy, certificate policy qualifier, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification authority digital signature, certification hierarchy, certification path, certification request, certify, challenge-response protocol, challenge/response, chosen-ciphertext attack, chosen-plaintext attack, cipher, ciphertext-only attack, circuit proxy, class 2, 3, 4, or 5, clearing, cold start, command authority, common fill device, common name, common security, communications security, compromise, compromised state, computer abuse, control, controlling authority, countermeasures, critical security parameters, critical system files, cross-certification, cryptanalysis, crypto-algorithm, cryptographic, cryptographic algorithm, cryptographic check function, cryptographic initialization, cryptographic module, cryptographic service, cryptographic system, cryptographic token, cryptography, cryptonet, cryptoperiod, data authentication code, data authentication code vs. Data Authentication Code, data input, data origin authentication service, data transfer device, deactivated state, decipher, decrypt, destroyed compromised state, destroyed state, dictionary attack, diffie-hellman group, digital certification, digital envelope, digital id, digital signature algorithm, directly trusted CA, distinguished name, distribution point, domain name system, dongle, dual signature, elliptic curve cryptography, elliptic curve cryptosystem, encipherment, encryption, encryption algorithm, encryption certificate, encryption strength, end entity, escrow, extension, extraction resistance, fill device, fingerprint, forward secrecy, forward secrecy with respect to A, forward secrecy with respect to both A and B individually, function, garbled, generation, graphical-user interface, hashed message authentication code, hierarchy management, hybrid encryption, identification data, identifier, identity token, information systems security equipment modification, initialization value, initialize, intelligent threat, internet protocol security, invalidity date, kerberos, known-plaintext attack, link encryption, malicious applets, man-in-the-middle attack, merchant certificate, mesh PKI, message, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message integrity code, message representative, metadata, mode of operation, modulus, mutual forward secrecy, national information infrastructure, non-repudiation, nonce, object, ohnosecond, one-time cryptosystem, one-time pad, one-time passwords, one-time tape, one-way encryption, online certificate status protocol, operation, operations manager, organizational certificate, out-of-band, passwords, path discovery, peripheral equipment, personal digital assistant, personal identity verification, personal identity verification card, personal security environment, personality label, personalization service, physical protection, policy approving authority, policy certification authority, policy creation authority, pre-activation state, print suppression, privacy enhanced mail, private communication technology, private component, private decipherment transformation, proof of possession protocol, protected channel, protective packaging, protective technologies, public component, public encipherment transformation, random, randomizer, recover, registration, registration authority, release prefix, renewal, repository, retrieval, revocation, revocation date, revoked state, root, root certificate, secret, secure envelope, secure hash standard, secure hypertext transfer protocol, secure socket layer, security association identifier, security event, segregation of duties, self-signed certificate, shared secret, signature, signature certificate, signature function, signature generation, signature process, signature verification, signer, slot, smartcards, social engineering, soft TEMPEST, split knowledge, standard, start-up KEK, stream cipher, strong authentication, subject, subordinate certification authority, suspended state, symmetric cryptographic technique, symmetric cryptography, symmetric encipherment algorithm, symmetric encryption algorithm, system indicator, third party trusted host model, ticket, token copy, token management, transport, trapdoor, triple DES, trust, trust anchor, trust-file PKI, trusted certificate, trusted platform module chip, tunneled password protocol, two-person integrity, type 1 products, type 2 product, type 3 product, unforgeable, update, updating, user interface, user representative, users, v1 certificate, v2 certificate, v3 certificate, validate, validate vs. verify, validity period, verification, verification function, verification process, web of trust, workstation, zeroize,
key agreement: IncludedBy:key,; Related:algorithm, cryptography, encryption, establishment, function, information, message, process, public-key, shared secret,
key authentication: IncludedBy:authentication, key,; Related:assurance,
key card: IncludedBy:key,
key center: IncludedBy:key,; Related:computer, cryptography, encryption, process, standard, system, users,
key confirmation: IncludedBy:key,; Related:assurance, entity, establishment, protocols,
key confirmation from A to B: IncludedBy:key,; Related:assurance, entity,
key control: IncludedBy:control, key,
key derivation function: IncludedBy:function, key,
key distribution: IncludedBy:key,; Includes:key distribution center, key distribution service,; Related:algorithm, cryptographic, key exchange, key management/exchange, process,
key distribution center: IncludedBy:kerberos, key, key distribution, key management,; PreferredFor:key distribution centre,; Related:communications security, cryptography, encryption, entity, protocols, standard, trust,
key distribution centre: HasPreferred:key distribution center,
key distribution service: IncludedBy:key, key distribution,; Related:authorized,
key entry: IncludedBy:key,; Related:cryptographic, module, process,
key establishment: IncludedBy:establishment, key,; Related:association, entity, information, process, security,
key exchange: IncludedBy:key,; Includes:Key Exchange Algorithm,; Related:communications, information, key distribution, process, public-key,
Key Exchange Algorithm: IncludedBy:algorithm, key, key exchange,; Related:National Security Agency, classified,
key generating function: IncludedBy:function, key, key generation,; Related:algorithm, application, property,
key generation: IncludedBy:key,; Includes:key generating function, key generator,; Related:cryptographic, process,
key generation exponent: IncludedBy:key,; Related:trust,
key generator: IncludedBy:key, key generation,; Related:algorithm, cipher, cryptographic, encryption, random,
key label: IncludedBy:key,
key length: IncludedBy:key,; Related:cryptographic,
key lifecycle: HasPreferred:key lifecycle state,; IncludedBy:lifecycle,
key lifecycle state: IncludedBy:key, key management, lifecycle,; Includes:active state, compromised state, deactivated state, destroyed compromised state, destroyed state, key state transition, pre-activation state, revoked state, suspended state,; PreferredFor:key lifecycle,; Related:compromise, cryptographic, destruction, revoked state,
key lifetime: IncludedBy:key, multilevel information systems security initiative,; Related:X.509, certificate, public-key, public-key infrastructure,
key list: IncludedBy:key,
key loader: IncludedBy:key, key management,; Related:cryptographic, module,
key logger: IncludedBy:attack,; Related:computer, encryption, keystroke logger, passwords, program,
key management: IncludedBy:key, security,; Includes:Internet Security Association and Key Management Protocol, Key Management Protocol, Simple Key-management for Internet Protocols, automated key distribution, automated key management center, automated key management system, cryptographic key management system, electronic key entry, electronic key management system, key distribution center, key lifecycle state, key loader, key management application service element, key management center, key management identification number, key management infrastructure, key management ordering and distribution center, key management protocol data unit, key management system, key management system Agent, key management user agent, key management/exchange, key recovery, key-escrow, manual key distribution, manual key entry, simple key management for IP,; Related:Cryptographic Message Syntax, Diffie-Hellman, FIPS PUB 140-1, FIREFLY, Federal Standard 1027, Rivest-Shamir-Adleman algorithm, Secure Data Network System, Standards for Interoperable LAN/MAN Security, application, asymmetric cryptography, audit, certification, communications security, control, cryptanalysis, cryptographic, cryptographic system, cryptographic token, cryptography, destruction, escrow, internet protocol security, key token, one-time pad, policy, pretty good privacy, privacy enhanced mail, process, public-key infrastructure, registration, revocation, secure hypertext transfer protocol, security management infrastructure, symmetric cryptography, system, token management,
key management application service element: IncludedBy:application, key, key management,
key management center: IncludedBy:key, key management,
key management identification number: IncludedBy:identification, key, key management,
key management infrastructure: IncludedBy:key, key management,; Related:certificate, control, cryptographic, object, process, public-key, software, subject,
key management ordering and distribution center: IncludedBy:key, key management,
Key Management Protocol: IncludedBy:key, key management, protocols, security protocol,; Related:users, version,
key management protocol data unit: IncludedBy:key, key management, protocols,
key management system: IncludedBy:key, key management, system,
key management system Agent: IncludedBy:key, key management, system,
key management user agent: IncludedBy:key, key management, users,
key management/exchange: IncludedBy:key, key management,; Related:communications, cryptographic, key distribution, privacy, public-key, system,
key material identification number
key material identifier: IncludedBy:key, multilevel information systems security initiative,; Related:X.509, certificate, public-key, public-key infrastructure,
key output: IncludedBy:key,; Related:cryptographic, metadata, module, process,
key owner: IncludedBy:key, owner,; Related:authorized, cryptographic, entity, identity, module,
key pair: IncludedBy:key,; Related:algorithm, cryptography, digital signature, encryption, owner, public-key, signature, system,
key processor: IncludedBy:key, process,
key production key: IncludedBy:key,
key recovery: IncludedBy:key, key management, recovery,; Includes:data key, encrypted key, key-encrypting key, key-escrow system, plaintext key, session key, split knowledge,; Related:access, access control, algorithm, association, authorized, backup, communications, confidentiality, cryptographic, encryption, escrow, establishment, key-escrow, operation, process, protocols, retrieval, standard, telecommunications, trust,
key resources
key service unit
key space: IncludedBy:key,; Related:algorithm, cryptographic,
key state transition: IncludedBy:key, key lifecycle state,; Related:lifecycle, process,
key storage device: IncludedBy:key,
key stream: IncludedBy:key,; Related:cipher, control, cryptographic system, process, security, system,
key tag: IncludedBy:key,; Related:identification, information,
key tape: IncludedBy:key,
key token: IncludedBy:key, tokens,; Related:entity, key management, message,
key translation center: IncludedBy:key,; Related:cryptography, encryption, protocols, standard,
key translation centre: IncludedBy:key,; Related:entity, trust,
key transport: IncludedBy:key,; Related:algorithm, association, encryption, entity, establishment, message, process, public-key, random,
key update: IncludedBy:key, update,
key updating: IncludedBy:key,; Related:cryptographic, process,
key validation: IncludedBy:key, validation,; Related:attack, public-key, requirements,
key variable generator: IncludedBy:key,
key wrapping: IncludedBy:key,; Related:information, integrity,
key-auto-key: IncludedBy:key,; Related:cryptographic,
key-encrypting key: IncludedBy:key, key recovery,; Related:application, cryptographic, encryption,
key-encryption-key: IncludedBy:encryption, key,; Related:authorization,
key-escrow: IncludedBy:escrow, key, key management,; Related:access, access control, audit, cryptographic, file, key recovery, process, system, trust,
key-escrow system: IncludedBy:escrow, key, key recovery, system,; Related:algorithm, authorization, classified, control, encryption, message, process, program, public-key, standard, technology,
keyed hash: IncludedBy:hash, key,; Related:algorithm, attack, authentication, cryptographic, encryption, function, object, threat,
keyed hash algorithm: IncludedBy:algorithm, hash, key,; Related:authentication, code, message,
keying material: IncludedBy:key,; Related:association, authentication, code, cryptographic, information, security,
keys used to encrypt and decrypt files: IncludedBy:file, key,; Related:encryption, users,
keystroke logger: Related:identity theft, key logger, keystroke monitoring,
keystroke monitoring: IncludedBy:attack,; Related:audit, keystroke logger, response, software, users,
killer packets: IncludedBy:attack,; Related:code, network, system,
kiosk: Related:access, access control, computer,
known-plaintext attack: IncludedBy:attack,; Related:algorithm, analysis, cipher, cryptographic, cryptography, key,
label: IncludedBy:security label,
labeled security protections: IncludedBy:security,; Related:access, access control, control, trust,
laboratory attack: IncludedBy:attack,; Related:information, recovery,
language: Related:automated information system,
language of temporal ordering specification: Related:computer, computer network, network, protocols,
laptop: HasPreferred:laptop computer,; IncludedBy:portable computer system,
laptop computer: IncludedBy:computer,; PreferredFor:laptop,; Related:automated information system, version,
large scale integration: Related:automated information system,
last mile broadband access: IncludedBy:access,
lattice: IncludedBy:Bell-LaPadula security model,; Related:test,
lattice model: IncludedBy:Bell-LaPadula security model, model,; Related:classification levels, classified, control, flow, system, test,
Law Enforcement Access Field: IncludedBy:Clipper chip, access,; Related:encryption, escrow, standard,
law enforcement sensitive: Related:classified, threat,
lawful permanent resident
Layer 2 Forwarding Protocol: IncludedBy:protocols, security protocol,; Related:internet, network, users,
Layer 2 Tunneling Protocol: IncludedBy:protocols, security protocol, tunnel,; Related:internet, network,
layer management entry
layer management interface: IncludedBy:interface,
layered solution: IncludedBy:security,; Related:attack, countermeasures,
lead: Related:subject,
leakage: IncludedBy:threat,; Related:authorized, computer, covert, system,
leapfrog attack: IncludedBy:attack,; Related:compromise, information, passwords, standard, users,
least privilege: IncludedBy:privilege,; Includes:need-to-know, subject,; Related:application, authorized, damage, entity, operation, resource, security, system,
legacy data: Related:automated information system, information, standard,
legacy systems: IncludedBy:system,; Related:application, business process, computer, critical, information, operation, program,
letter of compelling need: Related:access, critical, risk, security,
letter of consent
letter of intent: Related:security, subject,
letterbomb: IncludedBy:email, threat,; Related:denial-of-service, malicious,
level of concern: Related:authorized, availability, integrity,
level of protection: Related:assurance, countermeasures, information, information assurance, network, risk, security, standard, system, threat, vulnerability,
levels of concern: Related:assurance, availability, confidentiality, control, critical, exposure, information, information assurance, integrity, risk, security, system, threat, vulnerability,
liability
license: Related:software,
lifecycle: Includes:key lifecycle, key lifecycle state, lifecycle management, lifecycle stage,; Related:active state, certificate management services, compromised state, deactivated state, destroyed compromised state, destroyed state, interface control document, key state transition, pre-activation state, revoked state, security event, software assurance, suspended state, system,
lifecycle management: IncludedBy:automated information system, lifecycle,; Related:information, process, system,
lifecycle stage: IncludedBy:lifecycle,
light tower: Related:control, process,
Lightweight Directory Access Protocol: IncludedBy:access, protocols, security protocol,; Related:application, authentication, requirements, resource,
limited access authorization: IncludedBy:access, authorization,; Related:United States citizen,
limited background investigation: Related:subject,
limited maintenance: Related:communications security,
limited network analyzer: Related:analysis,
limited rate initial preproduction
line conditioning: Related:communications, control, interface, telecommunications,
line conduction: Related:communications, control, interface, telecommunications,
line managers: Related:application, availability, confidentiality, critical, integrity, process,
line supervision: Related:certification, compromise, security,
line-of-sight signal propagation
linear predictive coding
lines of business: Related:function, information, operation, resource, version,
link: Related:communications, computer, hyperlink, network, world wide web,
link encryption: IncludedBy:encryption,; Related:algorithm, application, communications, flow, information, key, network, operation, system,
list-oriented: Antonym:ticket-oriented,; IncludedBy:authorization,; Includes:object, subject,; Related:access, access control, authorized, computer, system,
listserv: IncludedBy:internet,
local agency check: Related:criminal, security, subject,
local authority: IncludedBy:authority,; Related:certificate, users,
local logon: IncludedBy:logon,; Related:access, users,
local loop: Related:communications,
local management device
local management device/key processor: IncludedBy:key, process,; Related:communications security, users,
local requirements: Antonym:global requirements,; IncludedBy:requirements, trusted computing base,; Related:analysis,
local-area network: IncludedBy:network,; Related:communications, computer, connection, control, gateway, process, system, users, wide-area network,
lock-and-key protection system: IncludedBy:key, system,; Related:access, access control, assurance, passwords,
lockout: Related:access, access control, application, logon,
logged in: IncludedBy:access control,; Related:access, automated information system, system,; Synonym:logon,
logging: IncludedBy:firewall,; Related:evidence, process, system, test, users,; Synonym:audit trail,
logic bombs: IncludedBy:exploit,; Related:access, access control, authorized, backup, code, computer, damage, denial-of-service, file, malicious, program, resource, system, time bomb, virus,
logical access: IncludedBy:access,; Related:authorized, control, function, security, system, users,
logical access control: IncludedBy:access, control,; Related:authorized, process, program, resource, users,
logical co-processing kernel: IncludedBy:process,
logical completeness measure: Related:access, access control, control, security,
logical system definition: IncludedBy:automated information system, system,; Related:function, information, network,
login: IncludedBy:access control,; Includes:anonymous and guest login, anonymous login, login prompt, remote login,; Related:S/Key, access, audit, audit trail, backdoor, computer security technical vulnerability reporting program, control, control systems, default account, entity, ethernet sniffing, file, one-time passwords, passwords, repository, resource, secure shell, security-relevant event, single sign-on, system, telnet, tinkerbell program,; Synonym:logon,
login prompt: IncludedBy:login,; Related:passwords, system, users,
logoff: IncludedBy:access control,; Related:access, authorized, logon,
logon: IncludedBy:access control, authentication,; Includes:automated logon sequences, console logon, failed logon, local logon, remote logon,; Related:access, authorized, lockout, logoff, secure single sign-on, security-relevant event,; Synonym:logged in, login,
long title: Related:communications security,
long-haul telecommunications: Related:connection, foreign,
loop: IncludedBy:risk,; Related:computer, process, program,
loop key generator: IncludedBy:key,
loophole: IncludedBy:threat,; Related:policy, security, software, system,
low probability of detection: Related:risk,
low probability of intercept: Related:risk,
low-cost encryption/authentication device: IncludedBy:authentication, encryption,
low-impact system: IncludedBy:system,; Related:availability, information, integrity, object, security,
lurking: IncludedBy:threat,; Related:internet,
MAC algorithm key: IncludedBy:algorithm, key,; Related:control, operation,
machine controller: IncludedBy:control,; Related:control systems, system,
macro virus: IncludedBy:threat, virus,; Related:application, file, process, program,
magnetic media
magnetic remanence: IncludedBy:overwrite procedure,; Related:information,; Synonym:remanence,
mailbomb: IncludedBy:email, threat,; PreferredFor:mailbombing,; Related:attack, system,
mailbombing: HasPreferred:mailbomb,
mailing list: IncludedBy:internet,
main mode: Related:establishment, internet protocol security, internet security protocol, message,
maintainability: Related:availability, operation, program,
maintenance: Related:fault, function, process, software, system,
maintenance hook: IncludedBy:risk,; Related:access, access control, code, software,
maintenance key: IncludedBy:key,
major application: IncludedBy:application,; Related:access, access control, authorized, communications, function, information, program, requirements, resource, risk, security, software, system, technology,