Concepts

access control, assurance, attack, audit, authentication, authorization, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, cyberspace, evaluation, identity, key management, privacy, requirements, risk, risk management, security, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, users,

Terms

*-property
IncludedBy:Bell-LaPadula security model, property,
PreferredFor:star (*) property,
Related:access control, model,
Synonym:confinement property,
2-factor authentication
IncludedBy:3-factor authentication,
Related:process,
3-factor authentication
IncludedBy:authentication,
Includes:2-factor authentication, authentication information,
Related:biometric authentication, challenge/response, passwords, personal identification number, personal identity verification, process, proof of possession protocol, tokens,
ABA Guidelines
Related:association, certificate, digital signature, signature,
abend
Related:control, failure, process, program, test,
abort
Related:computer, failure, program,
Abrams, Jojodia, Podell essays
Related:computer, information, information security, security,
Abstract Syntax Notation One
Includes:Basic Encoding Rules, Distinguished Encoding Rules, object identifier,
Related:certificate, computer, function, information, object, protocols, public-key infrastructure, revocation, standard,
abuse of privilege
IncludedBy:threat,
Related:insider threat, policy, users,
acceptable level of risk
IncludedBy:threat,
Related:analysis, application, assessment, authority, control, countermeasures, critical, network, operation, requirements, vulnerability,
acceptable risk
IncludedBy:risk,
Related:control, system,
acceptable use policy
IncludedBy:policy,
Related:network, system, users,
acceptance criteria
IncludedBy:acceptance procedure, criteria,
Related:authorized, entity, system, users,
acceptance inspection
IncludedBy:acceptance procedure,
Related:information, security testing, software, standard, system, test,
acceptance procedure
IncludedBy:software development, target of evaluation,
Includes:acceptance criteria, acceptance inspection, acceptance testing, object,
Related:control, control systems, process, system, target,
acceptance testing
IncludedBy:acceptance procedure, security testing, test,
Related:criteria, requirements, system, users,
access
Includes:Directory Access Protocol, Internet Message Access Protocol, version 4, Law Enforcement Access Field, Lightweight Directory Access Protocol, Terminal Access Controller Access Control System, access approval, access approval authority, access authority, access category, access control, access control center, access control lists, access control mechanisms, access control officer, access control service, access control system, access eligibility determination, access evaluation, access level, access list, access mediation, access mode, access national agency check and inquiries, access period, access point, access port, access profile, access roster, access termination, access type, access with limited privileges, accesses, accessibility, accessioned records, acknowledged special access program, acquisition special access program, administrative access, approved access control device, attribute-based access control, browse access protection, code division multiple access, common access card, context-dependent access control, controlled access area, controlled access program coordination office, controlled access program oversight committee, controlled access programs, controlled access protection, delete access, demand assigned multiple access, direct access storage device, direct memory access, discretionary access control, execute access, failure access, ferroelectric random access memory, file transfer access management, formal access approval, frequency division multiple access, handle via special access control channels only, identity based access control, intelligence special access program, interim access authorization, last mile broadband access, limited access authorization, local access, logical access, logical access control, mandatory access control, media access control address, merge access, multiple access rights terminal, need for access, network access, network access control, non-discretionary access control, non-volatile random access memory, object, on-access scanning, one-time access, partition rule base access control, peer access approval, peer access enforcement, physical access control, policy-based access control, privileged access, program access request, random access memory, read access, remote access, remote access software, risk-adaptable access control, role-based access control, special access office, special access program, special access program facility, special access program/special access required, special access programs central office, special access programs coordination office, special access required programs oversight committee, subject, surrogate access, tactical special access program facility, temporary access eligibility, time division multiple access, umbrella special access program, unacknowledged special access program, unauthorized access, update access, waived special access program, wi-fi protected access-2, wireless access point, write access,
Related:ACL-based authorization, Automated Information System security, Bell-LaPadula security model, Clark Wilson integrity model, Defense Central Security Index, Defensive Information Operations, Department of Defense National Agency Check Plus Written Inquiries, Escrowed Encryption Standard, Freedom of Information Act, IA product, IT security policy, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, KOA agent, Network File System, PHF, PIV issuer, POSIX, Post Office Protocol, version 3, RA domains, SOCKS, SSO PIN, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, USENET, accreditation range, accredited security parameter, acoustic security, activation data, active wiretapping, ad hoc network, adequate security, adjudication, adjudication authority, adversary, adverse information, alternative compensatory control measures, anonymous and guest login, anonymous login, appeal, applicant, application, application program interface, application proxy, application server attack, archiving, associated markings, attack, attack signature, attribute-based authorization, audit, audit trail, authenticate, authentication, authentication mechanism, authentication period, authority, authorization, authorized, authorized adjudicative agency, authorized investigative agency, authorized person, authorized user, automated information system media control system, availability, availability service, backdoor, balanced magnetic switch, base station, bastion host, benign, between-the-lines-entry, billets, boundary, brute force password attack, buffer overflow, call back, capability, carve-out, category, central office, centralized authorization, certification practice statement, classified, classified contract, classified information procedures act, classified visit, clearance, clearance certification, clearance level, cleared escort, client, client server, closed storage, cloud computing, co-utilization, collateral information, common gateway interface, communications, compartment, compartmentalization, compartmentation, compartmented intelligence, compartmented mode, compelling need, component reference monitor, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, console logon, continuous operation, contractor/command program security officer, control, controlled security mode, controlled sharing, controlled space, cookies, covert channel, covert channel analysis, cracker, credentials, critical, critical program information, critical system, cross domain solution, cryptographic application programming interface, data asset, data compromise, data integrity service, data management, debriefing, dedicated mode, default account, default file protection, demilitarized zone, demon dialer, denial-of-service, determination authority, device distribution profile, dictionary attack, directory service, disclosure of information, disclosure record, diskette, distributed plant, domain, domain name system, domain parameter, dominated by, dual control, eligibility, encapsulation, entry control, exception, exploit, exploitation, external security controls, external system exposure, extranet, extraordinary security measures, facility security clearance, failed logon, false acceptance, false acceptance rate, false rejection rate, federated identity, federation, fedline, fetch protection, file encryption, file protection, file security, file series, firewall, flooding, flow, foreign disclosure, foreign ownership, control, or influence, foreign travel briefing, foreign visit, formulary, full disk encryption, government-approved facility, granularity, guard, guest system, hackers, high assurance guard, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, immediate family member, impersonation, inadvertent disclosure, inadvertent disclosure incident, incident of security concern, individual accountability, individual electronic accountability, indoctrination, inference, information, information assurance, information assurance product, information category, information security, information security risk, information sharing environment, information steward, information systems security, inside threat, insider, insider threat, integrity, intercept, interception, interface, internal security controls, internal system exposure, internal vulnerability, internet protocol security, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection and prevention system, intrusion detection systems, intrusion detection tools, isolator, joint personnel adjudication system, kerberos, key recovery, key-escrow, kiosk, labeled security protections, least privilege, letter of compelling need, list-oriented, local logon, lock-and-key protection system, lockout, logged in, logic bombs, logical completeness measure, login, logoff, logon, maintenance hook, major application, malicious intruder, malicious logic, management client, masquerade, masquerading, minor application, mission critical, mode of operation, modes of operation, motivation, multi-releasable, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, need-to-know, need-to-know determination, network component, network reference monitor, network security, network weaving, nicknames, no-lone zone, non-disclosure agreement, non-discretionary security, non-discussion area, noncomputing security methods, office of personnel management, online attack, open storage area, operations and support, operations manager, operator, overwriting, packet filter, packet filtering, partitioned security mode, password protected, password system, passwords, peer-to-peer communication, penetration, penetration testing, perimeter-based security, permanent records, permissions, personal computer system, personal identification number, personnel security, personnel security - issue information, personnel security clearance, personnel security exceptions, personnel security interview, personnel security investigation, personnel security program, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, pii confidentiality impact level, platform it interconnection, point-to-point tunneling protocol, policy, pop-up box, port, portal, primary services node (prsn), privacy, privilege management, privileged accounts, privileged user, probe, procedural security, process, program channels or program security channels, program material, program office, program security officer, programmable read-only memory, protected network, protection ring, protection-critical portions of the TCB, protective security service, proximity, proxy, proxy server, public-key certificate, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, reinstatement, relying party, remote administration tool, remote authentication dial-in user service, remote login, replay attacks, repository, requirements, resource, resource encapsulation, response force, restricted area, revocation, risk avoidance, rootkit, routine changes, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, sandboxed environment, sandboxing, scattered castles, scoping guidance, screen scraping, secure data device, secure single sign-on, secure state, secure working area, security, security assurance, security attribute, security banner, security clearance, security compromise, security controls, security director, security domain, security incident, security intrusion, security kernel, security label, security level, security management, security management infrastructure, security policy, security safeguards, security service, security violation, security-relevant event, segregation of duties, senior foreign official, senior review group, sensitive activities, sensitive compartmented information, sensitive compartmented information courier, sensitive information, sensitivity label, service, signature, simple network management protocol, simple security condition, simple security property, single scope background investigation - periodic reinvestigation, single sign-on, social engineering, software, software-based fault isolation, source program, special program review group, sponsoring agency, spoof, spoofing, storage object, store, subcontract, subject security level, subset-domain, suspicious contact, system, system entry, system high mode, system resources, system software, system-high security mode, target vulnerability validation techniques, tcpwrapper, technical countermeasures, technical policy, technological attack, technology, technology control plan, temporary help/job shopper, term rule-based security policy, theft, threat, ticket, ticket-oriented, timing attacks, tokens, transaction, trapdoor, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, unauthorized disclosure, unauthorized person, unclassified internet protocol router network, unclassified sensitive, unfavorable personnel security determination, uniform resource locator, unprotected network, user PIN, users, vault, verification, virus, vulnerability, war driving, web browser cache, web content filtering software, website, wide-area network, wimax, wireless gateway server, wiretapping, workstation, world wide web, write,
access approval
IncludedBy:access,
Related:authorization, classified, security clearance,
access approval authority
IncludedBy:access,
access authority
IncludedBy:access,
access category
IncludedBy:access,
Related:authorized, process, program, resource, users,
access control
IncludedBy:Automated Information System security, access, authorization, control, risk management, security, security-relevant event, trusted computing base, users,
Includes:IT default file protection parameters, centralized authorization, classified information, component reference monitor, controlled sharing, cookies, default file protection, entry control, fetch protection, file protection, file security, granularity, logged in, login, logoff, logon, need-to-know, network reference monitor, privileged, sandboxed environment, secure state, security kernel, security perimeter, sensitivity label, system entry, technical policy,
Related:*-property, Bell-LaPadula security model, Clark Wilson integrity model, Defensive Information Operations, Escrowed Encryption Standard, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, Network File System, PIV issuer, POSIX, RA domains, SOCKS, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, accreditation range, active wiretapping, adequate security, adversary, application, application program interface, application proxy, archiving, attack, audit, audit trail, authenticate, authentication, authorized, availability, availability service, backdoor, bastion host, benign, between-the-lines-entry, boundary, boundary host, breach, buffer overflow, call back, capability, category, classified, clearance level, client, client server, common gateway interface, communications, compartment, compartmentalization, compartmented mode, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, controlled security mode, controlled space, covert channel, covert channel analysis, cracker, credentials, critical, critical system, cryptographic application programming interface, cryptographic equipment room, data compromise, data integrity service, data management, dedicated mode, default account, demilitarized zone, demon dialer, denial-of-service, dictionary attack, directory service, disclosure of information, domain, domain name system, domain parameter, dominated by, dual control, encapsulation, exploit, exploitation, external security controls, external system exposure, extranet, federated identity, federation, fedline, firewall, flooding, formulary, function, guard, hackers, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, impersonation, inadvertent disclosure, individual accountability, individual electronic accountability, inference, information, information assurance product, information category, information security, information systems security, integrity, interception, interface, internal security controls, internal system exposure, internet protocol security, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection tools, kerberos, key recovery, key-escrow, kiosk, labeled security protections, list-oriented, lock-and-key protection system, lockout, logic bombs, logical completeness measure, maintenance hook, major application, malicious intruder, malicious logic, masquerade, masquerading, minimum essential infrastructure, mode of operation, modes of operation, motivation, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, network, network component, network security, network weaving, no-lone zone, non-discretionary security, noncomputing security methods, operations manager, operator, packet filtering, partitioned security mode, password system, passwords, peer-to-peer communication, penetration, permissions, personal identification number, personnel security, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, policy, pop-up box, privacy, probe, procedural security, process, program, protected network, protection ring, protection-critical portions of the TCB, proximity, proxy server, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, remote administration tool, remote authentication dial-in user service, repository, resource, resource encapsulation, restricted area, rootkit, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, scoping guidance, screen scraping, secure single sign-on, security clearance, security compromise, security controls, security domain, security incident, security intrusion, security label, security management, security management infrastructure, security policy, security safeguards, security violation, segregation of duties, sensitive compartmented information, sensitive information, signature, simple network management protocol, simple security condition, simple security property, single sign-on, social engineering, software, source program, spoof, spoofing, storage object, subject security level, subset-domain, system, system high mode, system resources, system software, system-high security mode, tcpwrapper, technological attack, technology, term rule-based security policy, theft, threat, threat consequence, ticket, ticket-oriented, timing attacks, tokens, transaction, trapdoor, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, uniform resource locator, unprotected network, user PIN, verification, virus, vulnerability, web browser cache, website, wide-area network, wireless gateway server, wiretapping, workstation, world wide web,
access control center
IncludedBy:access, control,
Related:computer, cryptography, key, policy, security, system,
access control lists
IncludedBy:access,
Includes:ACL-based authorization,
PreferredFor:access list,
Related:authorized, communications security, computer, control, object, process, program, resource, subject, system, users,
access control mechanisms
IncludedBy:access, control,
Related:authorized, management, security, software, system, unauthorized access,
access control officer
IncludedBy:access, control,
access control service
IncludedBy:access, control,
Related:authorized, entity, policy, resource, security, system, unauthorized access,
access control system
IncludedBy:access,
Related:security,
access eligibility determination
IncludedBy:access,
Related:classified, requirements, security,
access evaluation
IncludedBy:access, evaluation,
Related:security,
access level
IncludedBy:access, security level,
Related:authorization, identify, object, users,
access list
HasPreferred:access control lists,
IncludedBy:access,
access mediation
IncludedBy:access,
Related:authorized, control, policy, process, resource,
access mode
IncludedBy:access, automated information system,
Related:object, operation, process, subject, system,
access national agency check and inquiries
IncludedBy:access,
Related:classified, security,
access period
IncludedBy:access,
access point
IncludedBy:access,
access port
IncludedBy:access,
Related:computer,
access profile
IncludedBy:access, file, profile,
Related:object, users,
access roster
IncludedBy:access,
access termination
IncludedBy:access,
access type
IncludedBy:access,
Related:authorization, file, management, object, program, users,
access with limited privileges
IncludedBy:access,
Related:application, control, domain, process, security, system, users,
accesses
IncludedBy:access,
Related:classified, critical, requirements, security,
accessibility
IncludedBy:access,
Related:computer, resource, system,
accessioned records
IncludedBy:access,
account aggregation
Related:entity, information, target,
account authority digital signature
IncludedBy:authority, public-key infrastructure, signature,
Related:authentication, key, public-key,
account fraud
IncludedBy:fraud, identity theft,
PreferredFor:account hijacking, account takeover,
Related:entity, theft,
account hijacking
HasPreferred:account fraud,
account management
Related:information,
account takeover
HasPreferred:account fraud,
accountability
IncludedBy:security goals,
Includes:automated information system, identification, object, users,
Related:audit, authority, communications security, computer, control, deterrence, entity, failure, fault isolation, identify, information, intrusion, intrusion detection, intrusion prevention, key, minimum essential infrastructure, non-repudiation, owner, policy, process, property, quality, recovery, resource, security objectives, system, trust,
accounting legend code
IncludedBy:code,
Related:communications security, control, control systems, security, system,
accounting number
Related:communications security, control,
accreditation
IncludedBy:certification,
Includes:DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation boundary, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, identification and accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation,
PreferredFor:accredited,
Related:Common Criteria Testing Laboratory, approved technologies list, approved test methods list, assessment, association, authority, authorization, cascading, certificate, certificate revocation list, certification phase, certifier, classified, computer, control, controlled security mode, criteria, dedicated security mode, evaluation, external security controls, function, information, intelligence, multilevel security mode, national information assurance partnership, network, operation, partitioned security mode, pre-certification phase, process, requirements, risk, security evaluation, security testing, site certification, standard, system, system-high security mode, test, trust, trusted computer system, type certification,
accreditation authority
IncludedBy:accreditation, authority,
Related:entity, information, trust,
accreditation body
IncludedBy:accreditation, national information assurance partnership,
Related:standard,
accreditation boundary
IncludedBy:accreditation, boundary,
Related:information, resource, security, system, users,
Synonym:security perimeter,
accreditation disapproval
IncludedBy:accreditation,
Related:control, critical, operation, requirements, risk, security, system,
accreditation multiplicity parameter
IncludedBy:accreditation,
Related:authority, entity, information,
accreditation package
IncludedBy:accreditation,
Related:security, system,
accreditation phase
IncludedBy:accreditation,
Related:assessment, process, risk, security, system, update,
accreditation range
IncludedBy:accreditation,
Related:access, access control, authority, computer, computer security, control, criteria, evaluation, network, operation, process, requirements, risk, security, system, trust, trusted computer system,
accredited
HasPreferred:accreditation,
accredited security parameter
IncludedBy:security,
Related:access,
accrediting authority
IncludedBy:authority,
Related:security,
accuracy
Related:assessment,
ACH debit fraud
IncludedBy:fraud, identity theft,
Related:authorized,
acknowledged special access program
IncludedBy:access,
Related:authorized, classified, compromise, risk, vulnerability,
ACL-based authorization
IncludedBy:access control lists, authorization,
Includes:distributed computing environment,
Related:access,
acoustic intelligence
IncludedBy:intelligence,
Related:acoustic security, analysis,
acoustic security
IncludedBy:security,
Related:access, acoustic intelligence, classified,
acoustic warfare
IncludedBy:warfare,
acquirer
IncludedBy:Secure Electronic Transaction,
Related:authorization, process, system,
acquisition
Related:control,
acquisition plan
Related:analysis, requirements,
acquisition program
acquisition special access program
IncludedBy:access,
Related:evaluation, intelligence, requirements,
acquisition strategy
Related:control, object, system,
acquisition systems protection
Related:authorized, compromise, foreign, intelligence, security,
activation data
Related:access,
active attack
IncludedBy:attack,
Related:authentication, impersonation, protocols,
active content
Related:program, software,
active security testing
IncludedBy:security testing, test,
Related:system, target, vulnerability,
active state
Antonym:deactivated state,
IncludedBy:key lifecycle state,
Related:algorithm, application, cryptographic, key, lifecycle, security,
active wiretapping
IncludedBy:wiretapping,
Related:access, access control, authorized, communications, computer, control, message, users,
activities
activity
activity analysis
IncludedBy:analysis, security software,
Related:process,
activity security manager
IncludedBy:security,
Related:classified, information security, security incident,
activity-based costing
IncludedBy:business process,
actuator
ad hoc
ad hoc network
IncludedBy:network,
Related:access,
ad hoc testing
IncludedBy:security testing, test,
ad-lib test
IncludedBy:test,
adaptive predictive coding
add-on security
IncludedBy:security,
Related:computer, operation, process, software, system,
address
address indicator group
address of record
address spoofing
IncludedBy:masquerade, spoof, spoofing,
Includes:ip spoofing,
Related:impersonation, network, system,
adequate security
IncludedBy:security,
Related:access, access control, authorized, availability, control, information, integrity, management, operation, risk, system, unauthorized access,
adjudication
Related:access, classified, evaluation, security, trust,
adjudication authority
Related:access,
adjudicative process
Related:risk, security,
adjudicator
Related:security,
administration documentation
IncludedBy:target of evaluation,
Related:information, target,
administrative access
IncludedBy:access,
Related:authorized, function, system,
administrative account
Related:computer, users,
administrative safeguards
Related:development, security,
administrative security
HasPreferred:procedural security,
IncludedBy:security,
administrator
IncludedBy:target of evaluation,
Related:operation, target,
advanced development model
IncludedBy:software development,
advanced encryption standard
IncludedBy:National Institute of Standards and Technology, encryption, standard, symmetric cryptography,
Related:algorithm, classified, cryptographic, key,
advanced intelligence network
IncludedBy:intelligence, network,
advanced intelligent network
IncludedBy:network,
advanced key processor
IncludedBy:key,
Related:management,
Advanced Mobile Phone Service
Related:standard, system, update, users,
advanced narrowband digital voice terminal
advanced persistent threats
IncludedBy:threat,
Related:attack, critical, cyberspace, target,
Advanced Research Projects Agency Network
IncludedBy:network,
advanced self-protection jammer
IncludedBy:communications security, jamming,
Related:assurance,
adversary
IncludedBy:security,
Includes:adversary collection methodology, adversary threat strategy,
Related:C2-attack, C2-protect, RED team, access, access control, advisory, attack, camouflage, command and control warfare, communications cover, communications deception, compromise, counterintelligence, countermeasures, cover, critical, cryptographic key, damage, data aggregation, deception, eavesdropping, entity, imitative communications deception, indicator, information, information assurance, information operations, information superiority, information warfare, intelligence, intelligent threat, malware, man-in-the-middle attack, motivation, national information infrastructure, non-technical countermeasure, operations security, operations security indicator, perceived collection threat, radio frequency jamming, random, replay attacks, risk, security environment threat list, security threat, social engineering, system, target, threat, threat analysis, traffic analysis, vulnerability, vulnerability analysis, vulnerability assessment,
adversary collection methodology
IncludedBy:adversary,
Related:critical,
adversary threat strategy
IncludedBy:adversary, threat,
adverse action
adverse information
Related:access, classified, security,
advisory
Includes:Computer Incident Advisory Capability, National COMSEC Advisory Memorandum, National Industrial Security Advisory Committee, National Security Telecommunications Advisory Committee, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, TEMPEST advisory group,
Related:Internet Architecture Board, adversary, computer emergency response team, development, target, threat,
affiliate
agency
Related:classified, control,
agent
Related:attack, intrusion, intrusion detection, malicious, program,
agent of the government
Related:authorized,
aggregation
Related:classified, information, security,
aggressive mode
Related:establishment, internet protocol security, internet security protocol, message,
agreement
Related:management, security,
alarm
Related:countermeasures, function,
Synonym:alert,
alarm reporting
Related:fault, identification, information, network, resource, security software,
alarm surveillance
Related:analysis, communications, control, fault, function, information, network, operation, resource, security software,
alert
Related:anomaly, attack, audit, communications security, critical, identify, message, network, process, resource, security,
Synonym:alarm,
algorithm
Includes:Data Authentication Algorithm, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, International Data Encryption Algorithm, Key Exchange Algorithm, MAC algorithm key, NULL encryption algorithm, RSA algorithm, Rivest-Shamir-Adleman algorithm, algorithm transition, asymmetric algorithm, asymmetric cryptographic algorithm, asymmetric encryption algorithm, control algorithm, cryptographic algorithm, cryptographic algorithm for confidentiality, data encryption algorithm, digital signature algorithm, encipherment algorithm, encryption algorithm, hash algorithm, keyed hash algorithm, message authentication code algorithm, message digest algorithm 5, public-key algorithm, secure hash algorithm, symmetric algorithm, symmetric encipherment algorithm, symmetric encryption algorithm,
Related:CAST, Clipper chip, Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security, Computer Security Objects Register, Diffie-Hellman, Digital Signature Standard, Escrowed Encryption Standard, FIPS PUB 140-1, FIPS approved security method, Fortezza, Internet Security Association and Key Management Protocol, OAKLEY, Rivest Cipher 2, Rivest Cipher 4, SET qualifier, Simple Key-management for Internet Protocols, Skipjack, Type 4 product, Type I cryptography, Type II cryptography, Type III cryptography, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, active state, advanced encryption standard, approved, asymmetric cryptography, asymmetric encipherment system, biometric template, block cipher, break, brute force attack, certification request, checksum, cipher, cipher block chaining, cipher feedback, cipher suite, ciphertext, ciphertext-only attack, code, communications security, computer, computer cryptography, cryptanalysis, cryptographic, cryptographic functions, cryptographic key, cryptographic logic, cryptographic module, cryptographic system, cryptographic token, cryptography, cryptonet, cryptoperiod, cycle time, cyclic redundancy check, data authentication code, data authentication code vs. Data Authentication Code, data encryption standard, decrypt, digital envelope, digital signature, domain of interpretation, effective key length, electronically generated key, elliptic curve cryptography, encipherment, encrypt, encryption, encryption strength, frequency hopping, hash, hash function, hybrid encryption, indistinguishability, initial transformation, initialization value, initialization vector, intelligent threat, internet protocol security, key, key agreement, key distribution, key generating function, key generator, key pair, key recovery, key space, key transport, key-escrow system, keyed hash, known-plaintext attack, link encryption, man-in-the-middle attack, message, message authentication code, message authentication code vs. Message Authentication Code, message digest, metrics, mode of operation, one-time pad, out-of-band, output transformation, parameters, pretty good privacy, private key, process controller, protection suite, pseudo-random, public-key, public-key cryptography standards, public-key forward secrecy, public-key information, secret key, secret-key cryptography, secure hash standard, secure hypertext transfer protocol, secure socket layer, security mechanism, security strength, semantic security, signature generation, signature verification, stream cipher, strength of mechanisms, symmetric cryptography, symmetric key, trapdoor, triple DES, trust, tunnel, type 1 products, type 2 product, type 3 product, validate, virus definitions,
algorithm transition
IncludedBy:algorithm,
Related:cryptographic, process,
alias
Related:anonymous, entity, masquerade,
alien
Related:United States citizen,
alignment
Related:process, system,
all-hazards
allocation
Related:control, security,
allowed traffic
Related:bit forwarding rate, ruleset, system, test,
alternate COMSEC custodian
IncludedBy:communications security,
Related:authority,
alternate work site
alternative compensatory control measures
Related:access, intelligence,
alternative work site
Related:program,
American institute of certified public accountants
American National Standards Institute
IncludedBy:standard,
Related:association, automated information system, communications, computer, users,
American Standard Code for Information Interchange
IncludedBy:code, information, standard,
Related:automated information system,
analog signal
analysis
Includes:SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit, cost/benefit analysis, cost/benefit estimate, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, gap analysis, information sharing and analysis center, mutation analysis, network behavior analysis system, requirements analysis, risk analysis, risk reduction analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, stateful protocol analysis, static analysis, target identification and analysis techniques, technical threat analysis, threat analysis, traffic analysis, value analysis, vulnerability analysis,
Related:Federal Standard 1027, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acceptable level of risk, acoustic intelligence, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, counterintelligence assessment, countermeasures, cryptology, cryptoperiod, damage assessment, data historian, diagnostics, digital forensics, electronic security, elliptic curve cryptography, emanations security, emission security, emissions security, error seeding, evaluation assurance, fault injection, financial crimes enforcement network, flaw hypothesis methodology, flooding, formal language, functional test case design, global requirements, hashed message authentication code, independent validation and verification, instrumentation, intelligence, intelligence sources and methods, judgment sample, known-plaintext attack, limited network analyzer, local requirements, measurement and signature intelligence, model, national computer security assessment program, network sniffing, one-time pad, operations security, operations security process, operations security survey, personal computer system, portfolio, privacy impact assessment, reference monitor, reference validation mechanism, remote maintenance, risk assessment, risk identification, risk management, robustness, sanitization, sanitizing, security test and evaluation, significant change, symbolic execution, system development, system development methodologies, target vulnerability validation techniques, telemetry, telemetry intelligence, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, verification, vulnerability, vulnerability assessment,
Synonym:evaluation, test,
analysis of alternatives
IncludedBy:analysis,
Related:information, process,
ankle-biter
IncludedBy:threat,
Related:internet, malicious, program,
anomaly
Includes:anomaly detection, anomaly detection model,
Related:alert, bug, failure, fault, operation, problem, requirements, software, users,
anomaly detection
IncludedBy:anomaly, security software,
Related:countermeasures, intrusion, system, users,
anomaly detection model
IncludedBy:anomaly, model, security policy model,
Related:intrusion, system, users,
anomaly-based detection
anonymity
Related:identification, information, security, users,
anonymous
Related:alias, application, attack, authorized, entity, privacy, security, system, users,
anonymous and guest login
IncludedBy:login,
Related:access, authentication, protocols, system,
anonymous login
IncludedBy:internet, login,
Related:access, control, file, passwords, protocols, resource, system, threat, users,
anti-jam
IncludedBy:communications security,
Related:information, jamming,
anti-jamming
IncludedBy:communications security,
Related:jamming,
anti-spoof
Antonym:spoofing,
IncludedBy:spoof,
Related:attack, authentication, authorized, identification, security software, subject,
anti-tamper
IncludedBy:tamper,
Related:critical,
anti-tamper executive agent
IncludedBy:tamper,
antispyware software
IncludedBy:software,
Related:malware, program,
antisubmarine warfare
IncludedBy:warfare,
antivirus software
IncludedBy:security software, software, virus,
Related:application, computer, countermeasures, file, identify, incident, integrity, intrusion, intrusion detection, malware, program, system,
antivirus tools
IncludedBy:virus,
Related:code, countermeasures, malicious, software, system, technology,
appeal
Related:access,
appendix
Related:signature,
applet
Related:application, program, world wide web,
applicant
Related:access, authorized, certificate, certification, classified, entity, key,
applicant assertion
Related:entity, identity, information, process, registration,
application
IncludedBy:software,
Includes:Cryptographic Application Program Interface, Generic Security Service Application Program Interface, application controls, application data backup/recovery, application entity, application gateway firewall, application generator, application level gateway, application program interface, application programming interface, application proxy, application server attack, application software, application system, application-level firewall, cryptographic application programming interface, key management application service element, major application, rapid application development, wireless application protocol,
Related:COMSEC end-item, Common Criteria for Information Technology Security, Defense Information Infrastructure, Distinguished Encoding Rules, Europay, MasterCard, Visa, FIPS PUB 140-1, Federal Public-key Infrastructure, Generic Upper Layer Security, IT security certification, IT security support functions, Java, Lightweight Directory Access Protocol, Network File System, OSI architecture, Open Systems Interconnection Reference model, PIV issuer, PKIX, POSIX, S/Key, SOCKS, TOE security functions interface, X.500 Directory, acceptable level of risk, access, access control, access with limited privileges, active state, anonymous, antivirus software, applet, archive, asynchronous transfer mode, automated information system, backup, backup generations, banner grabbing, baseline management, bastion host, bill payment, blacklist, certificate policy, certification, certification authority workstation, certification phase, certification practice statement, circuit proxy, clean system, closed security environment, collaborative computing, command and control warfare, common security, communications, component operations, computer, computer architecture, computer fraud, computer related controls, computing environment, control, control server, cookies, critical system files, cryptographic system, cybersecurity, data dictionary, data encryption key, decrypt, defense-in-depth, degauss, denial-of-service, designation policy, digital forensics, directly trusted CA, disaster recovery plan, distributed computing environment, documentation, dual-homed gateway firewall, email, emanations security, encryption, end entity, end-user, extensible markup language, extension, extranet, fail soft, file infector virus, file transfer protocol, firewall, firmware, formal language, function, general controls, general support system, global information grid, hash function, hijacking, host, host-based firewall, hybrid encryption, hypertext markup language, hypertext transfer protocol, identity management systems, interface, internet vs. Internet, interpretation, interpreted virus, kerberos, key generating function, key management, key-encrypting key, least privilege, legacy systems, line managers, link encryption, lockout, macro virus, malicious applets, malicious code, malicious program, malware, management server, meta-language, middleware, mode of operation, modem, motion control network, multipurpose internet mail extensions, national security system, naval special warfare, network protocol stack, network service worm, on-line system, online certificate status protocol, open security, open security environment, open system interconnection model, operating system, operations security, outcome, packet filter, passive fingerprinting, password cracker, patch, penetration testing, personal identification number, personality label, physical security, platform, portability, pretty good privacy, process, program, protocol analyzer, prototyping, proxy, proxy server, public-key cryptography standards, public-key infrastructure, purge, random, realm, registration authority, rekey, relying party, repair action, reusability, review techniques, risk analysis, routing control, run manual, scalability, scope of a requirement, screened host firewall, secure socket layer, security assertion markup language, security evaluation, security requirements, security support programming interface, security testing, session key, significant change, simple mail transfer protocol, simple network management protocol, single sign-on, site accreditation, smartcards, software security, source code generator, starting variable, statistical process control, support software, system, system accreditation, system software, systems engineering, systems software, target identification and analysis techniques, technical controls, technology area, teleprocessing, telnet, test bed, test facility, transmission control protocol, transmission security, transport layer security, trust-file PKI, trusted gateway, type accreditation, unauthorized access, unit of transfer, user data protocol, user partnership program, users, validate, validation, verification, version scanning, virus, virus signature, vulnerability, vulnerability assessment, water supply system, whitelist, workgroup computing, workstation, world wide web,
application controls
IncludedBy:application, control,
Related:authorized, encryption, process, program, security controls, system, validation,
application data backup/recovery
IncludedBy:application, availability, backup,
Related:damage, information, process, software,
application entity
IncludedBy:application, entity,
application gateway firewall
IncludedBy:application, firewall, gateway,
Related:internet, protocols, system,
application generator
IncludedBy:application,
Related:code, control, program, requirements, software,
application level gateway
IncludedBy:application, gateway,
Related:connection, firewall, process, system,
Synonym:application proxy,
application program interface
IncludedBy:application, interface, program, security, software,
Related:access, access control, code, communications, function, network, standard, system, users,
application programming interface
IncludedBy:application, interface, program,
Related:interoperability, software, system,
application proxy
IncludedBy:application, firewall, proxy,
Includes:gateway,
Related:access, access control, audit, connection, control, protocols, response,
Synonym:application level gateway,
application server attack
IncludedBy:application, attack,
Related:access, authorized, availability, compromise, computer, information, integrity, resource, system, users,
application software
IncludedBy:application, software,
Related:process, program, system,
application system
IncludedBy:application, system,
Related:automated information system, computer, function, process, program, resource,
application-level firewall
IncludedBy:application, firewall, security,
Related:connection, process, protocols, system,
approach
approval for service use
approval to operate
Related:management, risk,
approval/accreditation
IncludedBy:accreditation,
Related:TEMPEST, authorization, communications, communications security, computer, control, evaluation, information, operation, process, security, software, system,
approved
Related:algorithm, function, security,
approved access control device
IncludedBy:access,
Related:requirements, security,
approved built-in combination lock
approved combination padlock
Related:requirements,
approved electronic, mechanical, or electromechanical device
Related:requirements, security,
approved key-operated padlock
IncludedBy:key,
Related:requirements,
approved mode of operation
Related:security,
approved security container
IncludedBy:security,
Related:certification,
approved security function
IncludedBy:security,
Related:authentication, management,
approved technologies list
IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership,
Related:IT security, accreditation, computer security, evaluation, information, security, technology, test,
approved test methods list
IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership, test,
Related:IT security, accreditation, authorized, computer security, evaluation, security,
approved vault
approved vault door
architectural design
IncludedBy:software development, target of evaluation,
Related:process, target,
architecture
Related:function, information, interface, system, users,
archive
IncludedBy:recovery,
Related:application, audit, backup, certificate, cryptographic, digital signature, information, integrity, key, non-repudiation service, operation, public-key, public-key infrastructure, redundancy, retrieval, signature, software, software library, system, technology, uniform resource locator,
Synonym:archiving,
archiving
Related:access, access control, backup, file,
Synonym:archive,
area interswitch rekeying key
IncludedBy:key, rekey,
areas of control
IncludedBy:control,
Related:assurance, object,
areas of potential compromise
IncludedBy:compromise, vulnerability,
Related:minimum essential infrastructure,
ARPANET
IncludedBy:internet, network,
as-is process model
IncludedBy:model, process,
Related:baseline, business process,
assessment
Includes:computer incident assessment capability, counterintelligence assessment, criticality assessment, damage assessment, independent assessment, national computer security assessment program, operations security assessment, privacy impact assessment, qualitative risk assessment, risk assessment, threat assessment, vulnerability assessment, web risk assessment,
Related:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, acceptable level of risk, accreditation, accreditation phase, accuracy, analysis, assurance, authorize processing, binding of functionality, certification, certification package, certification phase, cost-risk analysis, deliverable, ease of use, evaluation, evaluation pass statement, evaluator, information, management countermeasure, metrics, monitoring and evaluation, operations security, operations security process, portfolio, pre-certification phase, process, process assurance, rating, resource, risk analysis, risk avoidance, risk management, scheme, security, security category, security fault analysis, site certification, standard, strength of mechanisms, suitability of functionality, system, threat monitoring, verification, vulnerability,
assessment method
assessment object
assessment objective
Related:control, security,
assessment procedure
asset
IncludedBy:target of evaluation,
Related:countermeasures, information, intelligence, operation, resource,
asset identification
Related:security,
asset reporting format
assignment
IncludedBy:protection profile,
Related:file, function, message, profile, signature,
associated markings
Related:access, classified,
association
Includes:Internet Security Association and Key Management Protocol, information systems audit and control association, information systems security association, personal computer memory card international association, security association, security association identifier, security association lifetime, symmetric measure of association,
Related:ABA Guidelines, American National Standards Institute, IPsec Key Exchange, PCMCIA, U.S. person, accreditation, authentication header, binding, certification authority, cookies, data integrity service, data origin authentication service, dynamic binding, encapsulating security payload, hijack attack, information, internet key exchange protocol, internet protocol security, key establishment, key recovery, key transport, keying material, man-in-the-middle attack, on-line cryptosystem, peer entity authentication, peer entity authentication service, primary account number, protocols, proxy server, repudiation, risk, security parameters index, security situation, spam, static binding, system, transport mode vs. tunnel mode, unit of transfer,
assurance
IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, security goals, target of evaluation,
Includes:assurance approach, assurance authority, assurance case, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, assure, automated information system, confidence, configuration management, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, evidence, high assurance guard, identification and authentication, information assurance, information assurance component, infrastructure assurance, integrity, mission assurance category, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, security assurance, site information assurance manager, software assurance, software quality assurance, supporting information assurance infrastructures, test,
Related:Common Criteria for Information Technology Security, Defensive Information Operations, Information Technology Security Evaluation Criteria, RED team, Trusted Computer System Evaluation Criteria, advanced self-protection jammer, areas of control, assessment, augmentation, authentication, authentication mode, authentication tag, availability, backtracking resistance, bebugging, beyond A1, cardholder certificate, certificate, certification, class 2, 3, 4, or 5, closed security environment, common criteria, communications deception, communications security, component dependencies, component extensibility, component hierarchy, computer, computer security, computer security toolbox, computing security methods, confidentiality, control, controlled access protection, criteria, cross domain solution, cryptographic system, cybersecurity, data privacy, defense-in-depth, deliverable, demilitarized zone, electronic protection, enclave, entity, entity authentication of A to B, environmental failure protection, error seeding, evaluation products list, explicit key authentication from A to B, exploit, extension, fetch protection, file protection, function, functional protection requirements, hardening, identity, implicit key authentication from A to B, information, information protection policy, information systems security manager, infrastructure protection, internal system exposure, key authentication, key confirmation, key confirmation from A to B, level of protection, levels of concern, likelihood of occurrence, lock-and-key protection system, minimum level of protection, mutual authentication, mutual entity authentication, network security, non-repudiation, notarization, object, open security, open security environment, outsourced information technology based process, package, physical protection, platform it interconnection, policy, port protection device, prediction resistance, privacy protection, privileged user, process, product rationale, property, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, public-key infrastructure, purge, quality of protection, questions on controls, requirements, security evaluation, security mechanism, security objectives, security target, signature validation, software, suspicious activity report, system, system administrator, target, technology, trusted computer system, trusted computing system, trusted foundry, trusted network interpretation, type 3 product, unilateral authentication, users, validation, virtual private network,
assurance approach
IncludedBy:assurance,
assurance authority
IncludedBy:assurance, authority,
assurance case
IncludedBy:assurance,
assurance component
IncludedBy:Common Criteria for Information Technology Security Evaluation, assurance, component,
Related:requirements,
assurance element
IncludedBy:assurance,
Related:process,
assurance level
IncludedBy:assurance,
Related:confidence, criteria, federation, quality, requirements, target,
assurance method
IncludedBy:assurance,
assurance profile
IncludedBy:assurance, file, profile,
Related:confidence, function,
assurance results
IncludedBy:assurance,
assurance scheme
IncludedBy:assurance,
Related:authority,
assurance stage
IncludedBy:assurance,
assure
IncludedBy:assurance,
Related:IT security, ensure, process, program,
assured information sharing
Related:risk, security,
assured software
IncludedBy:software,
Related:process, test, trust,
astragal strip
Related:authorized,
asymmetric algorithm
IncludedBy:algorithm, asymmetric cryptography,
Includes:Diffie-Hellman, Rivest-Shamir-Adleman algorithm, elliptic curve cryptosystem, private key, public-key, public-key cryptography standards,
Related:encryption, key, message,
asymmetric cipher
IncludedBy:asymmetric cryptography, cipher,
Related:encipherment, system,
asymmetric cryptographic algorithm
IncludedBy:algorithm, cryptographic, encryption, key,
Related:message,
asymmetric cryptographic technique
IncludedBy:asymmetric cryptography, cryptographic,
Related:cipher, cryptographic system, encipherment, entity, function, key, message, property, public-key, signature, system, verification,
asymmetric cryptography
IncludedBy:cryptography,
Includes:asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public-key derivation function, public-key information, public-key system,
Related:algorithm, authentication, confidentiality, digital signature, encryption, integrity, key, key management, owner, public-key, signature,
asymmetric encipherment system
IncludedBy:asymmetric cryptography, cipher, encipherment, system,
Related:algorithm, cryptographic, encryption,
asymmetric encryption algorithm
IncludedBy:algorithm, asymmetric cryptography, encryption,
Related:cipher, encipherment, system,
asymmetric key pair
IncludedBy:asymmetric cryptography, key,
Related:public-key,
asymmetric keys
IncludedBy:key,
Related:encryption, operation, public-key, signature, verification,
asymmetric signature system
IncludedBy:asymmetric cryptography, signature, system,
Related:cryptographic, verification,
asynchronous attacks
IncludedBy:attack,
Related:system,
asynchronous communication
IncludedBy:communications,
Related:information,
asynchronous transfer mode
IncludedBy:security,
Related:application, connection, network, process, technology,
attack
Antonym:security software,
IncludedBy:incident, risk, security, threat,
Includes:Attack Sensing and Warning, C2-attack, ICMP flood, IP splicing/hijacking, Star Trek attack, TTY watcher, active attack, application server attack, asynchronous attacks, attack potential, attack signature, attack signature recognition, attackers, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, brute force password attack, buffer overflow attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial-of-service, dictionary attack, eavesdropping, eavesdropping attack, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, key logger, keystroke monitoring, killer packets, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle attack, masquerade attack, masquerading, mimicking, nak attack, off-line attack, online attack, online guessing attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attacks, rootkit, scanning, scavenging, session hijack attack, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, supply chain attack, synchronous flood, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping,
Related:Diffie-Hellman, POP3 APOP, RED team, SOF-basic, SOF-high, SOF-medium, US-CERT, access, access control, advanced persistent threats, adversary, agent, alert, anonymous, anti-spoof, authentication header, authorization, authorized, availability, availability service, bastion host, blinding, blue team, bot-network operators, buffer overflow, challenge-response protocol, checksum, code red, compromise, computer, computer emergency response team, computer emergency response teams' coordination center, computer network operations, control, cookies, countermeasures, cracker, criminal, criminal groups, critical, cross site scripting, cryptanalysis, cybersecurity, defense-in-depth, demilitarized zone, disconnection, electronic warfare, elliptic curve cryptography, emergency action plan, entity, entropy, evasion, exploit, exploit code, firewall, flaw hypothesis methodology, guessing entropy, hackers, handler, hash function, hijacking, honeypot, host-based security, impact, incident of security concern, incident response plan, indicator, information, information security, information system resilience, insider, integrity, internet, intrusion, intrusion detection systems, jamming, kerberos, key validation, keyed hash, layered solution, mailbomb, malicious, man-in-the-middle attack, management message, manipulation detection code, min-entropy, misappropriation, motivation, network, nonce, one-time passwords, operation, pharming, physical security, policy, precursor, privacy system, protected checksum, proxy, purge, radio frequency jamming, remote administration tool, resource, risk plane, risk value, salt, scenario, scrambling, secret key, security audit, security environment threat list, security management infrastructure, signature, spammers, strength of a requirement, strength of function, strength of mechanisms, survivability, system, target, threat action, threat consequence, tiger team, traceability, traffic analysis, trapdoor, tri-homed, trojan horse, trusted process, unilateral authentication, users, victim, virus, vulnerability, vulnerability assessment, white team, zombie,
attack potential
IncludedBy:attack,
Related:resource,
Attack Sensing and Warning
IncludedBy:attack,
Related:authorized, identification, response,
attack signature
IncludedBy:attack, signature,
Related:access, audit,
attack signature recognition
IncludedBy:attack, security software, signature,
Includes:virus signature,
Related:file, profile,
attackers
IncludedBy:attack,
Related:computer, information, malicious, min-entropy, system,
attribute
Related:entity, object, quality,
attribute authority
IncludedBy:authority, public-key infrastructure,
Related:certificate, entity, identity, trust,
attribute certificate
IncludedBy:certificate,
Related:authority, backup, cryptographic, cryptography, digital signature, function, identification, information, key, owner, public-key, security, signature, subject, users,
attribute sampling
attribute-based access control
IncludedBy:access, control,
Related:target,
attribute-based authorization
IncludedBy:authorization,
Related:access,
audit
IncludedBy:security,
Includes:COMSEC account audit, audit charter, audit data, audit log, audit plan, audit program, audit record, audit reduction tools, audit service, audit software, audit trail, audit/review, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, institute of internal auditors, multihost based auditing, security audit, test, vulnerability audit,
Related:Government Accountability Office, IT security, IT security training, Identification Protocol, POSIX, access, access control, accountability, alert, application proxy, archive, attack signature, confidence, control, controlled access program oversight committee, controlled access protection, criteria, critical, distributed computing environment, file, fraudulent financial reporting, function, functional component, gap analysis, host based, identify, independence, intrusion detection, intrusion detection systems, key management, key-escrow, keystroke monitoring, login, network based, network component, object, operation, policy, policy management authority, population, resource encapsulation, sas 70 report, secure single sign-on, security controls, security features, security software, security-relevant event, sniffer, standard, system, system administrator, system security officer, technical countermeasures, threat monitoring, trust, verification, vulnerability, vulnerability analysis, work program,
audit charter
IncludedBy:audit,
Related:authority, function,
audit data
IncludedBy:audit,
Related:system,
audit log
IncludedBy:audit,
audit plan
IncludedBy:audit,
Related:object, resource,
audit program
IncludedBy:audit, program,
Related:function,
audit record
IncludedBy:audit,
Related:information,
audit reduction tools
IncludedBy:audit,
audit service
IncludedBy:audit,
Related:information, system,
audit software
IncludedBy:audit, software,
Related:computer, file, program,
audit trail
IncludedBy:audit, threat monitoring,
Includes:automated information system, console logs, security audit trail,
Related:access, access control, authorized, communications, communications security, computer, computer security, evidence, file, information, login, message, operation, process, resource, system, users,
Synonym:logging,
audit/review
IncludedBy:audit,
Related:certification, control, function, identify, system, vulnerability,
auditing tool
IncludedBy:audit,
Related:computer, network, passwords, system,
augmentation
Related:assurance,
authentic signature
IncludedBy:signature,
Related:digital signature, trust,
authenticate
IncludedBy:authentication,
Related:access, access control, authorized, certificate, communications, digital signature, entity, identity, integrity, network, object, public-key infrastructure, resource, signature, system, users, validate,
authentication
IncludedBy:quality of protection, security,
Includes:3-factor authentication, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, SAML authentication assertion, Simple Authentication and Security Layer, authenticate, authentication code, authentication data, authentication exchange, authentication header, authentication header protocol, authentication mechanism, authentication mode, authentication period, authentication protocol, authentication service, authentication system, authentication tag, authentication token, authentication tools, biometric authentication, challenge and reply authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, electronic authentication, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification, implicit key authentication from A to B, key authentication, logon, low-cost encryption/authentication device, message authentication code, message authentication key, multifactor authentication, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication,
Related:COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IA product, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Security Association and Key Management Protocol, KMI protected channel, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman algorithm, S-box, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access, access control, account authority digital signature, active attack, anonymous and guest login, anti-spoof, approved security function, assurance, asymmetric cryptography, authenticity, authorization, authorized, backup, biometric measurement, biometrics, call back, certificate, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge-response protocol, challenge/response, claimant, code, common data security architecture, communications security, computer, computer cryptography, computer network, confidence, control, credentials, criteria, critical, critical security parameters, cryptographic algorithm, cryptographic key, cryptography, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distinguishing identifier, distributed computing environment, domain name system, dongle, eavesdropping attack, electronic credentials, encapsulating security payload, entity, exchange multiplicity parameter, file, file encryption, fingerprint, fraud, full disk encryption, handshaking procedures, hash function, impersonation, individual electronic accountability, information, information assurance, information assurance product, information systems security, information systems security equipment modification, initiator, integrity, interleaving attack, internet protocol security, keyed hash, keyed hash algorithm, keying material, language, man-in-the-middle attack, masquerading, message, message integrity code, network component, non-repudiation, non-repudiation service, nonce, object, off-line attack, one-time passwords, online attack, origin authenticity, passive attack, password system, passwords, point-to-point protocol, practice statement, pretty good privacy, privacy enhanced mail, process, proof of possession protocol, protection suite, protocol run, proxy, proxy server, public key enabling, public-key forward secrecy, public-key infrastructure, realm, registration, registration authority, replay attacks, resource, responder, sandboxed environment, secret, secret seed, secure DNS, secure communication protocol, secure hash standard, secure shell, secure socket layer, security assertion markup language, security association, security association identifier, security controls, security mechanism, security service, session hijack attack, shared secret, signature, simple network management protocol, single sign-on, software, spoof, spoofing, subject, subscriber, symmetric key, system, system entity, system entry, technical countermeasures, test, third party trusted host model, tokens, transport layer security, trust, trusted third party, unsigned data, user identifier, users, validate vs. verify, validation, verification, verifier, verifier impersonation attack, virtual private network, vulnerability, zero-knowledge password protocol,
authentication code
IncludedBy:authentication, code,
Related:computer, cryptographic, cryptography, encryption, function, information, integrity, process, software, system, users,
authentication data
IncludedBy:authentication,
Related:entity, identity, information, users,
authentication exchange
IncludedBy:authentication,
Related:entity, identity, information,
authentication header
IncludedBy:authentication, internet protocol security, security protocol,
Related:association, attack, confidentiality, connection, gateway, integrity, internet, internet security protocol, protocols, tunnel,
Synonym:authentication header protocol,
authentication header protocol
IncludedBy:authentication, protocols,
Related:integrity, internet protocol security, internet security protocol,
Synonym:authentication header,
authentication information
IncludedBy:3-factor authentication, information,
Related:entity, identity,
authentication mechanism
IncludedBy:authentication,
Related:access, identity, software, users,
authentication mode
IncludedBy:authentication,
Related:assurance,
authentication period
IncludedBy:authentication,
Related:access,
authentication protocol
IncludedBy:authentication, protocols,
Related:control, cryptographic, entity, identity, key, message, process,
authentication service
IncludedBy:authentication,
Related:entity, identity, network,
authentication system
IncludedBy:authentication, system,
Related:cryptographic system, cryptography, process,
authentication tag
IncludedBy:authentication,
Related:assurance,
authentication token
IncludedBy:authentication, tokens,
Related:code, response,
authentication tools
IncludedBy:authentication, security software,
authenticator
Related:backup, entity, identity,
authenticity
IncludedBy:integrity,
Related:authentication, confidence, entity, identity, information, message, process, property, resource, subject, system, trust, users,
authority
Includes:Internet Assigned Numbers Authority, Internet Policy Registration Authority, JTC1 Registration Authority, X.509 authority revocation list, account authority digital signature, accreditation authority, accrediting authority, assurance authority, attribute authority, authority certificate, authority revocation list, brand certification authority, cardholder certification authority, certificate authority workstation, certification authority, certification authority digital signature, certification authority workstation, certificaton authority, certified TEMPEST technical authority, command authority, controlling authority, delegated accrediting authority, delivery authority, designated accrediting authority, designated approval authority, designated approving authority, designating authority, evaluation authority, geopolitical certificate authority, issuing authority, judicial authority, local authority, merchant certification authority, organizational registration authority, payment gateway certification authority, policy approving authority, policy certification authority, policy creation authority, policy management authority, principal accrediting authority, registration authority, security authority, sub-registration authority, subordinate certification authority, time-stamping authority, trusted time stamping authority,
Related:COMSEC custodian, International Traffic in Arms Regulations, Internet Protocol Security Option, NRS token, NRT token, National Voluntary Laboratory Accreditation Program, SSO PIN, acceptable level of risk, access, accountability, accreditation, accreditation multiplicity parameter, accreditation range, alternate COMSEC custodian, assurance scheme, attribute certificate, audit charter, authorizing official, binding, certificate, certificate domain, certificate rekey, certificate revocation list, certification, certification hierarchy, certification practice statement, command and control, conformant validation certificate, control, credentials, cryptosystem review, data storage, designer, digital certificate, distribution point, enclave, entity, evaluation and validation scheme, evaluation scheme, identity proofing, information owner, information system security officer, inspectable space, national telecommunications and information system security directives, network security officer, non-repudiation of submission, non-repudiation of transport, notarization, operational waiver, personnel security, policy, policy mapping, primary account number, private accreditation exponent, private accreditation information, process, public-key certificate, public-key cryptography standards, public-key information, public-key infrastructure, realm, registration, review board, risk management, root, root CA, root registry, rules of engagement, security policy, sensitive information, special access program, system security officer, time-stamp requester, trust, trusted third party, trusted time stamp, users, validated products list, validation service,
authority certificate
IncludedBy:authority, certificate,
Related:certification,
authority revocation list
IncludedBy:authority, revocation,
Related:certificate, key, public-key, validate,
authorization (to operate)
IncludedBy:authorization,
Related:control, management, risk, security,
authorization
IncludedBy:users,
Includes:ACL-based authorization, access control, attribute-based authorization, authorization (to operate), authorization boundary, authorization key, authorization to process, authorize processing, authorized, delegation, interim access authorization, joint authorization, limited access authorization, list-oriented, multilevel security, need-to-know determination, permissions, pre-authorization, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented,
Related:Bell-LaPadula security model, Identification Protocol, RA domains, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, access, access approval, access level, access type, accreditation, acquirer, approval/accreditation, attack, authentication, case-by-case basis, category, certificate update, clearance, closed security environment, computer, connection approval, control, covert channel, cracker, credentials, dedicated security mode, discretionary access control, eavesdropping, entity, export license, file, firewall, hackers, identity, identity based access control, insider, intelligence sources and methods, interconnection security agreements, interface control document, interim accreditation, interim approval to operate, interim approval to test, internal system exposure, intruder, intrusion, intrusion detection, kerberos, key-encryption-key, key-escrow system, language, malicious intruder, management controls, mandatory access control, mode of operation, modes of operation, multilevel secure, multilevel security mode, open security environment, partitioned security mode, passwords, payment gateway, periods processing, personality label, personnel security, policy-based access control, privilege management infrastructure, privileged accounts, process, program, registration, reinstatement, remote authentication dial-in user service, resource, risk executive, risk index, risk management, risk-adaptable access control, role, role-based access control, security, security assertion markup language, security clearance, security intrusion, security management infrastructure, security perimeter, sensitive compartmented information facility accreditation, simple network management protocol, skimming, system, system-high security mode, trojan horse, trust, unfavorable personnel security determination, update (a certificate), user partnership program, vulnerability,
authorization boundary
IncludedBy:authorization,
authorization key
IncludedBy:authorization, key,
authorization to process
IncludedBy:authorization, process,
Related:system,
authorize processing
IncludedBy:authorization, process,
Related:assessment, control, operation, risk, system,
authorized
IncludedBy:authorization,
Includes:authorized adjudicative agency, authorized classification and control markings register, authorized data security association list, authorized investigative agency, authorized person, authorized user, authorized vendor, authorized vendor program, unauthorized access, unauthorized disclosure, unauthorized person,
Related:ACH debit fraud, Attack Sensing and Warning, Automated Information System security, Bell-LaPadula security model, COMSEC equipment, COMSEC facility, DD 254 - Final, Defense Central Security Index, Escrowed Encryption Standard, FIPS PUB 140-1, IP splicing/hijacking, IS related risk, IT security database, IT security incident, IT-related risk, PIV issuer, RED team, SOCKS, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, TOP SECRET, U.S.-controlled facility, U.S.-controlled space, acceptance criteria, access, access category, access control, access control lists, access control mechanisms, access control service, access mediation, acknowledged special access program, acquisition systems protection, active wiretapping, adequate security, administrative access, agent of the government, anonymous, anti-spoof, applicant, application controls, application server attack, approved test methods list, astragal strip, attack, audit trail, authenticate, authentication, automated information system media control system, automated security incident measurement, availability, between-the-lines-entry, bound metadata, browse access protection, call back, call back security, capability, carve-out, certification, certification authority, change control and lifecycle management, classification, classification levels, classification markings and implementation working group, classified, classified information, clearance, cleared commercial carrier, client server, communications security, compromise, compromised key list, computer abuse, computer intrusion, computer network defense, computer security intrusion, confidential, confidentiality, configuration control, control zone, controlled access area, controlled space, controlled unclassified information, courier, covert channel, covert channel analysis, critical system, cryptographic key, cryptographic officer, cryptography, cryptoperiod, damage assessment, damage to the national security, data compromise, data confidentiality, data confidentiality service, data integrity, data integrity service, data security, deception, declassification, delegation of disclosure authority letter, deliberate compromise of classified information, deliberate exposure, demon dialer, denial-of-service, designated, designated laboratories list, disaster plan, disclosure of information, discretionary access control, downgrade, eavesdropping, egress point, electronic security, emanations security, emission security, emissions security, encryption, entity, entry control, exposures, extranet, extraordinary security measures, failure access, false acceptance rate, falsification, fetch protection, file protection, file security, firewall, fishbowl, forced entry, foreign disclosure, foreign liaison officer, foreign military sales, foreign ownership, control, or influence, fraud, frequency hopping, guard, hackers, hacking, handcarrier, honeypot, human error, identity, illegal drug use, impact, impersonation, implant, inadvertent disclosure, inadvertent disclosure incident, incident of security concern, inference, information assurance, information assurance product, information security, information systems security, insertion, insider, integrity, integrity policy, intelligence activities, intelligence activity, intelligence community classification and control markings implementation, interception, internal security controls, intranet, intrusion, intrusion detection, intrusion detection systems, intrusion detection tools, issuer, joint personnel adjudication system, key distribution service, key owner, key recovery, leakage, least privilege, level of concern, list-oriented, logic bombs, logical access, logical access control, logoff, logon, major application, malicious applets, malicious code, malicious logic, malicious program, malware, masquerade, masquerading, media protection, misappropriation, mission critical, mode of operation, modes of operation, motivation, national security information, national security system, need for access, need-to-know, need-to-know determination, network security, no-lone zone, non-disclosure agreement, non-discussion area, open storage, operational data security, original classification, original classification authority, overt channel, passive, passive attack, passive threat, passwords, penetration, permissions, personal firewall, phage, physical and environmental protection, physical security, piggyback, piggyback entry, pre-activation state, principal disclosure authority, privacy, privileged access, privileged process, probe, procedural security, process, program channels or program security channels, program protection plan, protected network, protection ring, protective security service, proxy, random selection, regrade, remote access, resource, risk, rogue device, safeguarding statement, scavenging, secrecy policy, secret, secure state, security, security clearance, security compromise, security in-depth, security incident, security violation, segregation of duties, sensitive information, session hijack attack, signature, skimming, social engineering, special access program/special access required, split knowledge, sponsor, spoof, spoofing, store, subcommittee on Automated Information System security, subcommittee on telecommunications security, subject, substitution, superuser, surreptitious entry, suspicious contact, system, system integrity, system integrity service, system security officer, system-high security mode, tamper, tamper resisting, tampering, tcpwrapper, theft of data, theft of functionality, theft of service, threat, ticket-oriented, time bomb, traditional INFOSEC program, transmission, trapdoor, trespass, trojan horse, trusted agent, trusted computing base, trusted identification forwarding, two-person control, two-person integrity, unclassified, unclassified controlled nuclear information, unclassified sensitive, unforgeable, upgrade, user representative, usurpation, vault, violation of permissions, vulnerability, war driving,
authorized adjudicative agency
IncludedBy:authorized,
Related:access, classified, intelligence,
authorized classification and control markings register
IncludedBy:authorized,
Related:classified, intelligence, security,
authorized data security association list
IncludedBy:authorized, security,
authorized investigative agency
IncludedBy:authorized,
Related:access, classified, intelligence,
authorized person
IncludedBy:authorized,
Related:access, classified, information,
Synonym:authorized user,
authorized user
IncludedBy:authorized, users,
Related:access, operation,
Synonym:authorized person,
authorized vendor
IncludedBy:authorized,
Related:cryptography, requirements,
authorized vendor program
IncludedBy:authorized, program,
Related:cryptographic, requirements, security,
authorizing official
Related:authority, function, information, operation, risk, system,
auto-manual system
IncludedBy:system,
automated clearing house
Related:computer,
automated data processing
HasPreferred:automated information system,
automated data processing security
HasPreferred:Automated Information System security,
IncludedBy:security,
automated data processing system
IncludedBy:automated information system, process, system,
Related:computer, software,
automated information system
IncludedBy:accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, information, modes of operation, process, security, system,
Includes:Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed dataprocessing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, lifecycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, network, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation,
PreferredFor:IT system, automated data processing,
Related:American National Standards Institute, American Standard Code for Information Interchange, Backus-Naur form, PCMCIA, application, application system, computer, control, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, function, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, nibble, object code, object-oriented programming, operation, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, resource, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload,
automated information system media control system
Related:access, authorized, classified, identity, security,
Automated Information System security
IncludedBy:automated information system, information, process, risk management, subcommittee on Automated Information System security, system,
Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards,
PreferredFor:automated data processing security,
Related:access, authorized, computer, control, denial-of-service, function, operation, security software, software,
Synonym:computer security,
automated key distribution
IncludedBy:key management,
Related:computer, computer network, cryptographic, network, protocols,
automated key management center
IncludedBy:key management,
automated key management system
IncludedBy:key management, system,
automated key transport
IncludedBy:key,
automated logon sequences
IncludedBy:logon,
Related:computer, connection, program, users,
automated office support systems
IncludedBy:system,
automated password generator
automated security incident measurement
IncludedBy:incident, security incident, security software,
Related:authorized, information, network, target,
automated security monitoring
IncludedBy:risk management, security software,
Related:classified, control, critical, process, software, subject, system,
automatic declassification
automatic digital network
IncludedBy:network,
automatic key distribution center
IncludedBy:key,
automatic key distribution/rekeying control unit
IncludedBy:control, key, rekey,
automatic log-on
Related:users,
automatic remote rekeying
IncludedBy:key, rekey,
autonomous message switch
IncludedBy:message,
autonomous system
IncludedBy:system,
Related:policy, router,
auxiliary power unit
auxiliary vector
availability
IncludedBy:risk management, security, security goals,
Includes:application data backup/recovery, availability of data, availability service, business continuity plan, business impact analysis, contingency planning, continuity of operations, environmentally controlled area, fire barrier, fire suppression system, high availability, object, privacy, authentication, integrity, non-repudiation, recovery, system retention/backup, token backup,
Related:Common Criteria for Information Technology Security, IT security, IT security controls, IT security incident, National Computer Security Center, access, access control, adequate security, application server attack, assurance, attack, authorized, baseline security, communications, computer, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial-of-service, entity, entry-level certification, failure, fault tolerant, hardening, high impact, high-impact system, impact, impact level, impact value, incident, information, information assurance, information security, information system and network security, intrusion, level of concern, levels of concern, line managers, low impact, low-impact system, maintainability, malicious code, malware, mid-level certification, minimum essential infrastructure, mirroring, mission assurance category, moderate impact, moderate-impact system, post-accreditation phase, potential impact, process, property, redundant control server, reliability, remediation, requirements for procedures and standards, resource, resource starvation, retro-virus, risk, security category, security controls, security event, security policy, security requirements, security safeguards, security service, simple network management protocol, software, system, tactical edge, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, users, vaulting, vulnerability,
availability of data
IncludedBy:availability,
Related:users,
availability service
IncludedBy:availability,
Related:access, access control, attack, control, denial-of-service, resource, system,
awareness (information security)
IncludedBy:security,
back up vs. backup
IncludedBy:backup, contingency plan,
Related:damage, function, resource, system,
backdoor
IncludedBy:malicious code,
Related:access, access control, computer, control, login, malicious, privileged, program, protocols, resource, risk, security, software, system, users,
Synonym:trapdoor,
background investigation
Related:security,
backhaul
backtracking resistance
Related:assurance,
backup
IncludedBy:recovery,
Includes:application data backup/recovery, back up vs. backup, backup generations, backup operations, backup plan, backup procedures, binding of functionality, binding of security functionality, card backup, dynamic binding, static binding, system retention/backup, token backup,
Related:X.509 certificate revocation list, application, archive, archiving, attribute certificate, authentication, authenticator, certificate renewal, certification, certification authority, certify, contingency plan, contingency planning, cryptographic key management system, digital certificate, digital signature, fallback procedures, file, key, key recovery, logic bombs, mirroring, national telecommunications and information system security directives, operations manager, process, program, public-key infrastructure, redundancy, redundant control server, registration, remediation, retrieval, retro-virus, security event, system, system administrator, time-stamp token, token management, valid certificate, validate vs. verify, validity period, vaulting,
backup generations
IncludedBy:backup, contingency plan,
Related:application, file,
backup operations
IncludedBy:backup, contingency plan, operation,
Related:business process, computer,
backup plan
IncludedBy:backup, contingency plan,
backup procedures
IncludedBy:backup, recovery,
Related:computer, failure, file, program, system,
Backus-Naur form
Related:automated information system,
baggage
IncludedBy:Secure Electronic Transaction,
Related:encryption, message,
balanced magnetic switch
Related:access, intrusion,
bandwidth
IncludedBy:information,
PreferredFor:information rate,
Related:channel capacity, communications, computer, computer network, covert, network, standard,
bank identification number
IncludedBy:Secure Electronic Transaction, identification,
Related:identify,
banking and finance
IncludedBy:critical infrastructures,
Related:critical, operation, system,
banner
Related:system,
banner grabbing
Related:application, connection, information, process, version,
bar code
IncludedBy:code,
Related:identification, information,
barograph
barometer
base station
Related:access,
baseline
IncludedBy:security,
Includes:baseline architecture, baseline controls, baseline management, baselining, security requirements baseline,
Related:as-is process model, control, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version,
baseline architecture
IncludedBy:baseline,
baseline configuration
Related:control,
baseline controls
IncludedBy:baseline, control,
Related:security controls, system,
baseline management
IncludedBy:baseline, configuration management,
Related:application, identify,
baseline security
IncludedBy:security,
Related:availability, control,
baselining
IncludedBy:baseline,
Related:process, resource,
basic component
IncludedBy:component,
Basic Encoding Rules
IncludedBy:Abstract Syntax Notation One,
Includes:Distinguished Encoding Rules,
Related:standard,
basic testing
bastion host
IncludedBy:automated information system, firewall,
Related:access, access control, application, attack, computer, gateway, network, protocols, resource, router, software, system, users,
batch mode
IncludedBy:automated information system,
Related:file, process,
batch process
IncludedBy:process,
Related:subject,
batch processing
IncludedBy:automated information system, process,
bebugging
Related:assurance, computer, program, test,
Synonym:error seeding,
behavioral outcome
Related:security,
Bell-LaPadula model
HasPreferred:Bell-LaPadula security model,
Bell-LaPadula security model
IncludedBy:formal security policy model, model, security model,
Includes:*-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject,
PreferredFor:Bell-LaPadula model, tranquility property,
Related:access, access control, authorization, authorized, classification levels, classified, computer, computer security, confinement property, control, flow, information, operation, policy, process, system,
benchmark
Related:business process, computer, evaluation, process, program, requirements, software, standard, system, test, users,
benchmarking
Related:identify, operation, process, quality,
benign
Related:access, access control, compromise, countermeasures, cryptographic, cryptography,
benign environment
Related:countermeasures, security,
best practices
IncludedBy:risk management,
Related:business process, function, identify, process, recommended practices, system,
beta i
Related:certification, security,
beta ii
Related:certification, security,
between-the-lines-entry
IncludedBy:attack,
Includes:piggyback,
Related:access, access control, authorized, communications, unauthorized access, users,
beyond A1
IncludedBy:trusted computer system,
Related:assurance, computer, criteria, evaluation, security, system, technology,
bias
Related:process, system,
Biba Integrity model
IncludedBy:formal security policy model, integrity, model,
Related:object, subject, system,
Synonym:Biba model,
Biba model
IncludedBy:model,
Related:integrity, object, subject, trust,
Synonym:Biba Integrity model,
big-endian
IncludedBy:automated information system,
bilateral trust
IncludedBy:public-key infrastructure, trust,
Related:business process,
bill payment
Related:application, internet,
bill presentment
Related:internet,
billets
Related:access, security,
bind
Related:certificate, digital signature, key, public-key, public-key infrastructure, signature, subject,
binding
Related:association, authority, certificate, certification, communications, cryptographic, cryptography, entity, identity, information, key, officer, operation, process, public-key, registration, security, trust, verification,
binding of functionality
IncludedBy:backup, function, target of evaluation,
Related:assessment, security, target,
binding of security functionality
IncludedBy:backup, function, security,
biological warfare
IncludedBy:warfare,
Related:damage,
biometric authentication
IncludedBy:authentication, biometrics,
Includes:thumbprint,
Related:3-factor authentication, information,
biometric information
IncludedBy:biometrics, information,
biometric measurement
IncludedBy:biometrics,
Related:authentication, entity, identity, users,
biometric system
IncludedBy:biometrics, system,
Related:entity, identification, identity, users, verification,
biometric template
IncludedBy:biometrics,
Related:algorithm,
biometrics
IncludedBy:security,
Includes:biometric authentication, biometric information, biometric measurement, biometric system, biometric template, capture, comparisons, false acceptance rate, match, minutiae,
Related:authentication, entity, identify, identity, key, registration, signature,
bit
IncludedBy:automated information system,
Related:information, key,
bit error rate
Related:communications, system, telecommunications,
bit forwarding rate
Related:allowed traffic, goodput, illegal traffic, interface, rejected traffic, response, test, unit of transfer,
BLACK
Related:RED/BLACK concept, cipher, classified, communications security, cryptography, information, process, security, system,
black-box testing
IncludedBy:security testing, test,
Related:analysis, function, functional test case design, functional testing, program, software, stress testing,
blacklist
Related:application, malicious, threat, users,
blacklisting
Related:security,
blended attack
IncludedBy:attack,
Related:code, malicious, malware,
blinding
Related:attack,
block
Related:function,
block chaining
Related:cipher, cryptographic, encipherment, information,
Synonym:cipher block chaining,
block cipher
IncludedBy:cipher,
Related:algorithm, encryption, interface, key, operation, process, property,
block cipher algorithm
block cipher key
IncludedBy:cipher, key,
Related:control, operation,
Blowfish
IncludedBy:symmetric cryptography,
Related:cipher, key,
blue box devices
IncludedBy:threat,
Related:system,
blue team
Related:attack, cyberspace, evaluation, risk, security, security testing, test, threat, vulnerability,
body of evidence
Related:control, requirements, security,
bomb
IncludedBy:threat,
Related:failure, software, system,
boot sector virus
IncludedBy:virus,
Related:system,
bot-network operators
IncludedBy:network, threat,
Related:attack, control, denial-of-service, system,
bounce
Related:email, message,
bound metadata
IncludedBy:metadata,
Related:authorized, key,
boundary
Includes:COMSEC boundary, accreditation boundary, boundary host, boundary value, boundary value analysis, boundary value coverage, boundary value testing, cryptographic boundary, enclave boundary, specialized boundary host, system boundary,
Related:access, access control, cryptographic module, evaluation assurance level, external security controls, firewall, interface, remote access, security perimeter, software, system, users,
boundary host
IncludedBy:boundary,
Related:access control, control, flow, information, system,
boundary protection
Related:control,
boundary protection device
Related:control, security,
boundary value
IncludedBy:boundary,
Includes:boundary value analysis, boundary value coverage, boundary value testing,
Related:stress testing, system,
boundary value analysis
IncludedBy:analysis, boundary, boundary value,
Related:domain, security testing, test,
boundary value coverage
IncludedBy:boundary, boundary value,
Related:test,
boundary value testing
IncludedBy:boundary, boundary value, security testing, test,
Related:domain,
branch coverage
Related:program, test,
brand
IncludedBy:Secure Electronic Transaction,
Related:entity, network, role,
brand certification authority
IncludedBy:Secure Electronic Transaction, authority, certification, public-key infrastructure,
brand CRL identifier
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:digital signature, message, process, signature,
breach
IncludedBy:threat,
Related:access control, control, information, penetration, security, system,
break
Related:algorithm, analysis, computer, cryptographic, cryptography, encryption, function, gateway, key, network, system,
break-wire detector
Related:intrusion,
brevity list
Related:message,
bridge
Related:protocols, router,
British Standard 7799
IncludedBy:standard,
Related:certification, code, control, criteria, information, information security, object, requirements, security, system,
broadband network
IncludedBy:network,
Related:operation, technology,
broadcast
brouters
IncludedBy:router,
Related:network, protocols,
browse access protection
IncludedBy:access,
Related:authorized, file, owner, security, software, system, users,
browser
IncludedBy:world wide web,
Related:computer, information, program,
browsing
IncludedBy:attack,
Related:information,
brute force
HasPreferred:brute force attack,
IncludedBy:attack,
brute force attack
IncludedBy:attack,
PreferredFor:brute force,
Related:algorithm, analysis, cipher, computer, cryptography, intelligence, key, message, process, program,
brute force password attack
IncludedBy:attack,
Related:access,
buffer overflow
IncludedBy:flow, threat,
Related:access, access control, attack, code, computer, control, information, interface, process, system,
buffer overflow attack
IncludedBy:attack,
bug
IncludedBy:threat,
Related:anomaly, defect, error, exception, fault, function, program, property,
bulk encryption
IncludedBy:encryption,
Related:communications, telecommunications,
bulletin board services (systems)
IncludedBy:system,
burn bag
Related:classified,
burn-in
business areas
Related:function, information, operation, resource, version,
business case
IncludedBy:business process,
Related:analysis, function, process, risk,
business continuity
business continuity plan
IncludedBy:availability, business process,
Related:risk,
business disruption and system failures
IncludedBy:operational risk loss, system,
business impact analysis
IncludedBy:analysis, availability, business process, risk analysis,
Related:control, identify, process, requirements,
business process
IncludedBy:process,
Includes:activity-based costing, business case, business continuity plan, business impact analysis, business process improvement, business process reengineering, constructive cost model, cost reimbursement contract, cost-risk analysis, cost/benefit, cost/benefit analysis, rolling cost forecasting technique,
Related:as-is process model, backup operations, benchmark, best practices, bilateral trust, change management, contingency plan, continuity of services and operations, core or key process, hardening, integrity, legacy systems, mission critical system, process management approach, recovery site, remediation, simulation modeling, to-be-process model, total quality management, workload, world class organizations,
business process improvement
IncludedBy:business process, process, quality,
business process reengineering
IncludedBy:business process, process,
Related:critical, quality, system,
BUSTER
Related:security,
bypass label processing
IncludedBy:process,
byte
IncludedBy:automated information system,
Related:computer, information,
C2-attack
IncludedBy:attack,
Related:C2-protect, adversary, information, system,
C2-protect
IncludedBy:Orange book, security,
Related:C2-attack, adversary, command and control, control, information, system,
CA certificate
IncludedBy:certificate,
Related:X.509, digital signature, key, public-key, signature,
call back
IncludedBy:security,
Related:access, access control, authentication, authorized, computer, connection, identify, system,
call back security
IncludedBy:security,
Related:authorized, connection, identify, system,
camouflage
Related:adversary, case officer, object,
Canadian Trusted Computer Product Evaluation Criteria
IncludedBy:Common Criteria for Information Technology Security Evaluation, computer, criteria, trust,
candidate TCB subset
IncludedBy:trusted computing base,
Includes:object, subject,
Related:evaluation, identification, software,
canister
Related:key,
capability
Includes:object,
Related:access, access control, authorized, certificate, communications, critical, critical infrastructures, entity, file, information, public-key infrastructure, resource, risk, system, tokens,
capacity
Related:message, signature,
CAPSTONE chip
IncludedBy:National Security Agency,
Related:Fortezza, cryptographic, cryptography, escrow, function, key, process,
Capstone policies
Related:requirements,
capture
IncludedBy:biometrics,
Related:users,
card backup
HasPreferred:token backup,
IncludedBy:backup,
card initialization
Related:file, process, tokens,
card personalization
Related:code, signature, tokens,
cardholder
IncludedBy:Secure Electronic Transaction,
Related:entity, identity, information, software, users,
cardholder certificate
IncludedBy:Secure Electronic Transaction, certificate,
Related:assurance, encryption, tokens, validate,
cardholder certification authority
IncludedBy:Secure Electronic Transaction, authority, certification, public-key infrastructure,
Related:certificate, gateway, tokens, verification,
carve-out
Related:access, authorized, classified,
cascading
Related:accreditation, flow, information, network, security, system,
case officer
Related:camouflage, deception, intelligence,
CASE tools
Related:code, function, information, model, program, requirements, security testing, software, test,
case-by-case basis
Related:authorization,
CAST
IncludedBy:symmetric cryptography,
Related:algorithm, encryption,
category
Includes:object,
Related:access, access control, authorization, classified, information, privileged, security, subject,
cause and effect diagram
HasPreferred:fishbone diagram,
caveat
Related:foreign, security,
CCI assembly
Related:communications security, control, cryptographic, cryptography, function,
CCI component
Related:communications security, control, cryptographic, cryptography, function,
CCI equipment
Related:communications, communications security, control, cryptographic, cryptography, function, information, telecommunications,
CCITT
IncludedBy:ITU-T,
cell
Related:communications, system,
cellular telephone
cellular transmission
Related:communications, network, technology,
center for information technology excellence
IncludedBy:information, technology,
Related:IT security, security, standard,
central adjudication facility
Related:security,
central office
Related:access,
central office of record
Related:communications security, subject,
central processing unit
IncludedBy:automated information system, process,
central services node
Related:management, security,
Central United States Registry for North Atlantic Treaty Organization
Related:classified,
centralized authorization
IncludedBy:access control,
Related:access, control,
centralized data processing
IncludedBy:automated information system, process,
centralized operations
IncludedBy:operation,
Related:certification, computer, control, function, process, quality,
centrally-administered network
IncludedBy:network,
Related:system,
certificate
IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative, pretty good privacy, privacy enhanced mail, web of trust,
Includes:CA certificate, Validation Certificate, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate, attribute certificate, authority certificate, cardholder certificate, certificate authority workstation, certificate chain, certificate chain validation, certificate creation, certificate directory, certificate domain, certificate domain parameters, certificate expiration, certificate holder, certificate management, certificate management services, certificate owner, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate revocation list, certificate revocation tree, certificate serial number, certificate status responder, certificate update, certificate user, certificate validation, conformant validation certificate, cross-certificate, digital certificate, encryption certificate, geopolitical certificate authority, indirect certificate revocation list, merchant certificate, mutual recognition of certificates, online certificate status protocol, organizational certificate, public-key certificate, root certificate, security certificate, self-signed certificate, signature certificate, software publisher certificate, trusted certificate, v1 certificate, v2 certificate, v3 certificate, valid certificate,
Related:ABA Guidelines, Abstract Syntax Notation One, Cryptographic Message Syntax, Distinguished Encoding Rules, Federal Public-key Infrastructure, IT security certification, MISSI user, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, RA domains, SET private extension, SET qualifier, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, X.500 Directory, X.509, X.509 authority revocation list, accreditation, applicant, archive, assurance, attribute authority, authenticate, authentication, authority, authority revocation list, bind, binding, capability, cardholder certification authority, certification, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, certification service, certify, common name, common security, compromised key list, credentials, critical, cross-certification, cryptoperiod, delta CRL, digital id, digital signature, directly trusted CA key, directory service, directory vs. Directory, distinguished name, distribution point, domain, end entity, enrollment service, entity, evaluation, extension, hierarchy management, identification, identity, information, invalidity date, issue, issuer, key, key lifetime, key management infrastructure, key material identifier, local authority, management, merchant certification authority, mesh PKI, message, operation, organizational registration authority, owner, party, path discovery, path validation, payment gateway certification authority, personal identity verification card, personality label, policy, policy approving authority, policy certification authority, policy creation authority, policy mapping, privilege management infrastructure, process, program, public-key, public-key infrastructure, registration, registration authority, registration service, relying party, repository, requirements, revocation, revocation date, root, root CA, secure hypertext transfer protocol, security, security event, security management infrastructure, security testing, signature, slot, sponsor, standard, strong authentication, subject, subordinate certification authority, system, test, ticket, token management, tokens, trust-file PKI, trusted key, tunneled password protocol, unforgeable, users, v1 CRL, v2 CRL, valid signature, validate, validate vs. verify, validated products list, validation, validity period, world wide web,
certificate authority
HasPreferred:certification authority,
certificate authority workstation
IncludedBy:authority, certificate,
certificate chain
IncludedBy:certificate,
Related:certification, public-key infrastructure, standard,
certificate chain validation
IncludedBy:certificate, validation,
Related:public-key infrastructure, standard,
certificate creation
IncludedBy:certificate, public-key infrastructure,
Related:process,
certificate directory
IncludedBy:certificate, public-key infrastructure,
Related:certification, key, public-key,
certificate domain
IncludedBy:certificate, domain,
Related:authority, certification, key, policy, public-key, security,
certificate domain parameters
IncludedBy:certificate, domain,
Related:cryptographic, cryptography, public-key infrastructure,
certificate expiration
IncludedBy:certificate,
PreferredFor:expire,
Related:public-key infrastructure,
certificate holder
IncludedBy:certificate,
Related:entity, subject, system,
certificate management
IncludedBy:certificate, management, public-key infrastructure,
Related:code, destruction, function, key, process, rekey, update,
certificate management authority
IncludedBy:management,
Related:certification,
certificate management services
IncludedBy:certificate,
Related:certification, lifecycle, public-key infrastructure, registration, revocation,
certificate owner
IncludedBy:certificate, owner,
Related:entity, subject, system, world wide web,
certificate policy
IncludedBy:Secure Electronic Transaction, certificate, policy, public-key infrastructure,
Related:X.509, application, authentication, control, critical, key, management, object, public-key, requirements, security, trust, users,
certificate policy qualifier
IncludedBy:certificate, policy, public-key infrastructure,
Related:X.509, information, key, public-key,
certificate reactivation
IncludedBy:certificate, public-key infrastructure,
Related:process, revocation,
certificate rekey
IncludedBy:certificate, key, multilevel information systems security initiative, public-key infrastructure, rekey,
Related:X.509, authority, process, public-key, revoked state, subject, update,
certificate renewal
IncludedBy:certificate, public-key infrastructure, renewal,
PreferredFor:renew,
Related:X.509, backup, key, process, public-key, rekey, revoked state, subject, update,
certificate request
IncludedBy:certificate, public-key infrastructure,
Related:certification, standard,
certificate revocation
IncludedBy:certificate, public-key infrastructure,
PreferredFor:revoke,
Related:X.509, users,
certificate revocation list
IncludedBy:certificate, certification authority, revocation,
Related:accreditation, authentication, authority, encryption, evaluation, identify, key, process, public-key, revoked state, users, validate,
certificate revocation tree
IncludedBy:certificate, revocation,
Related:X.509, hash,
certificate serial number
IncludedBy:certificate,
PreferredFor:serial number,
certificate status authority
Related:trust,
certificate status responder
IncludedBy:certificate, public-key infrastructure,
Related:X.509, authentication, information, trust, users,
certificate update
IncludedBy:certificate, public-key infrastructure, update,
Related:X.509, authorization, key, process, public-key, rekey, renewal, subject,
certificate user
IncludedBy:certificate, users,
Related:control, entity, information, key, process, public-key, subject, system,
certificate validation
IncludedBy:certificate, public-key infrastructure, validation,
Related:X.509, certification, critical, digital signature, key, process, public-key, revocation, revoked state, semantics, signature, trust, users, validate,
certificate-related information
Related:certification,
certification
IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative,
Includes:IT security certification, accreditation, automated information system, brand certification authority, cardholder certification authority, certification agent or certifier, certification analyst, certification authority, certification authority digital signature, certification authority facility, certification authority workstation, certification body, certification hierarchy, certification package, certification path, certification phase, certification policy, certification practice statement, certification request, certification service, clearance certification, decertification, digital certification, entry-level certification, evaluation, facilities certification, merchant certification authority, mid-level certification, payment gateway certification authority, policy certification authority, pre-certification phase, principal certification authority, requirements, root certification authority, security certification level, site certification, subordinate certification authority, superior certification authority, top-level certification, type certification,
Related:British Standard 7799, For Official Use Only Certified TEMPEST Technical Authority, IT security, Internet Policy Registration Authority, MISSI user, PIV registrar, RA domains, SET qualifier, SSO PIN, X.509 public-key certificate, applicant, application, approved security container, assessment, assurance, audit/review, authority, authority certificate, authorized, backup, beta i, beta ii, binding, centralized operations, certificate, certificate chain, certificate directory, certificate domain, certificate management authority, certificate management services, certificate request, certificate validation, certificate-related information, certified TEMPEST technical authority, certifier, clearance, component extensibility, computer, computer security, control, criteria, cross-certificate, digital certificate, entity, extension, external security controls, geopolitical certificate authority, hierarchical PKI, hierarchy management, hierarchy of trust, information, information assurance, key, key management, line supervision, management, mission assurance category, operation, owner, path discovery, path validation, penetration test, policy approving authority, policy creation authority, policy management authority, pre-authorization, privacy enhanced mail, process, protocols, public-key, public-key certificate, public-key information, public-key infrastructure, root, root certificate, security event, security program manager, security testing, system, test, top CA, trust, trust anchor, trust chain, trust hierarchy, trust-file PKI, trusted agent, trusted certificate, trusted key, users, validate vs. verify,
certification agent or certifier
IncludedBy:certification,
Related:control, evaluation, requirements, risk, security, system, vulnerability,
certification analyst
IncludedBy:certification,
Related:control, management, requirements, risk, security,
certification and accreditation
IncludedBy:accreditation, evaluation, requirements, risk,
Related:process,
certification authority
IncludedBy:authority, certification, public-key infrastructure, trust,
Includes:certificate revocation list, credentials, cross-certification, non-repudiation, root CA,
PreferredFor:certificate authority,
Related:PIV issuer, X.509, association, authorized, backup, entity, evaluation, identity, identity credential issuer, information, key, message, public-key, requirements, security, standard, system, test, users, validate,
certification authority digital signature
IncludedBy:authority, certification, public-key infrastructure, signature,
Related:authentication, certificate, key, public-key,
certification authority facility
IncludedBy:certification,
certification authority workstation
IncludedBy:authority, certification, public-key infrastructure,
Related:application, certificate, computer, function, software, system, trust,
certification body
IncludedBy:certification,
certification hierarchy
IncludedBy:Secure Electronic Transaction, certification, multilevel information systems security initiative, public-key infrastructure,
Related:authority, certificate, gateway, internet, key, policy, public-key, registration, users, validation,
certification package
IncludedBy:certification,
Related:assessment, operation, risk, security,
certification path
IncludedBy:certification, public-key infrastructure,
Related:X.509, certificate, digital signature, entity, information, key, object, process, public-key, signature, subject, trust, users, validate,
certification phase
IncludedBy:certification,
Related:accreditation, application, assessment, control, process, security, system, verification,
certification policy
IncludedBy:certification, policy,
Related:certificate, public-key infrastructure,
certification practice statement
IncludedBy:certification, public-key infrastructure,
Related:access, application, authority, certificate, computer, entity, operation, policy, requirements, security, system, trust, users,
certification request
IncludedBy:certification, public-key infrastructure,
Related:X.509, algorithm, certificate, entity, key, public-key,
certification service
IncludedBy:certification, public-key infrastructure,
Related:certificate,
certification test and evaluation
IncludedBy:evaluation, test,
Related:development, security, software,
certificaton authority
IncludedBy:authority, public-key infrastructure,
certified information systems security professional
IncludedBy:computer security, information, system,
certified TEMPEST technical authority
IncludedBy:TEMPEST, authority,
Related:certification, criteria, requirements,
certifier
Related:accreditation, certification, identify, requirements, risk, system,
certify
Related:backup, certificate, entity, identity, key, owner, public-key, public-key infrastructure, subject, verification,
CGI scripts
IncludedBy:common gateway interface, software, threat, world wide web,
Related:security,
chain letter
IncludedBy:threat,
Related:users,
chain of custody
chain of evidence
Related:control,
challenge
IncludedBy:challenge/response,
Related:information, random, response,
challenge and reply authentication
IncludedBy:authentication,
Related:subject,
Challenge Handshake Authentication Protocol
IncludedBy:authentication, challenge/response, protocols, security protocol,
Related:cryptographic, cryptography, entity, hash, key, random, response,
Challenge-Response Authentication Mechanism
IncludedBy:authentication, challenge/response, response,
Related:hash, key, shared secret,
challenge-response protocol
IncludedBy:protocols, response,
Related:attack, authentication, control, cryptographic, hash, key, operation, public-key, random,
challenge/response
IncludedBy:response,
Includes:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, challenge,
Related:3-factor authentication, Extensible Authentication Protocol, IMAP4 AUTHENTICATE, POP3 AUTH, authentication, entity, identity, information, key, process, system, tokens, users,
change control and lifecycle management
IncludedBy:control, software development,
Related:authorized, program,
change management
Related:business process, process, security testing, test,
channel
Includes:communication channel, covert channel, covert storage channel, covert timing channel, exploitable channel, internal communication channel, overt channel, security-compliant channel, trusted channel,
Related:information, system,
channel capacity
Related:bandwidth, communications, information,
channel scanning
Related:intrusion, intrusion detection, system,
check character
IncludedBy:error detection code,
Includes:check character system,
check character system
IncludedBy:check character, system,
check digits
check word
Related:cipher, cryptographic, cryptography, check_password
check_password
IncludedBy:attack,
Related:passwords, program,
checksum
IncludedBy:integrity,
Related:algorithm, attack, computer, confidence, countermeasures, cryptographic, cryptography, entity, function, hash, information, network, object, system,
chemical warfare
IncludedBy:warfare,
Related:control,
Chernobyl packet
IncludedBy:threat,
Related:gateway, network,
chief information agency officer
IncludedBy:information, officer,
Related:operation, process, resource, technology,
chief information officer
IncludedBy:information, officer,
Related:management, resource, technology,
chosen-ciphertext attack
IncludedBy:attack, cipher,
Related:analysis, key,
chosen-plaintext attack
IncludedBy:attack,
Related:analysis, cipher, cryptography, key,
cipher
IncludedBy:encryption,
Includes:Rivest Cipher 2, Rivest Cipher 4, asymmetric cipher, asymmetric encipherment system, block cipher, block cipher key, chosen-ciphertext attack, cipher block chaining, cipher feedback, cipher suite, cipher text auto-key, ciphertext, ciphertext-only attack, decipher, decipherment, encipher, encipherment, encipherment algorithm, encrypt, encrypted key, n-bit block cipher, private decipherment key, private decipherment transformation, public encipherment key, public encipherment transformation, stream cipher, symmetric encipherment algorithm,
Related:BLACK, Blowfish, Data Authentication Algorithm, El Gamal algorithm, RED/BLACK separation, Rivest-Shamir-Adleman algorithm, Skipjack, algorithm, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, brute force attack, check word, chosen-plaintext attack, ciphony, cleartext, code, controlled access area, cryptanalysis, cryptographic, cryptographic algorithm, cryptographic key, cryptographic synchronization, cryptographic system, cryptography, cut-and-paste attack, data encryption algorithm, data encryption key, decrypt, decryption, encode, encryption algorithm, feedback buffer, initialization value, initialization vector, initializing value, intelligent threat, key, key generator, key stream, known-plaintext attack, message authentication code vs. Message Authentication Code, mode of operation, one-time pad, one-way encryption, out-of-band, private key, public-key, public-key certificate, public-key cryptography, secret-key cryptography, security strength, semantic security, superencryption, system, traffic analysis, traffic encryption key, triple DES,
cipher block chaining
IncludedBy:cipher,
Related:algorithm, code,
Synonym:block chaining,
cipher feedback
IncludedBy:cipher, cryptography,
Related:algorithm, code,
cipher suite
IncludedBy:cipher,
Related:algorithm, code,
cipher text auto-key
IncludedBy:cipher, key,
Related:cryptographic,
ciphertext
IncludedBy:cipher,
Related:algorithm, encipherment, encryption, information, message,
ciphertext key
HasPreferred:encrypted key,
IncludedBy:key,
ciphertext-only attack
IncludedBy:attack, cipher,
Related:algorithm, analysis, cryptographic, key, subject,
ciphony
Related:cipher, information, process,
circuit control officer
IncludedBy:control,
circuit level gateway
IncludedBy:gateway,
Related:connection, firewall, validate,
Synonym:circuit proxy,
circuit proxy
IncludedBy:firewall, proxy,
Related:application, connection, control, key,
Synonym:circuit level gateway,
circuit switching
Related:communications, connection, network, system,
civil liberties
CKMS
Related:cryptographic, key, metadata,
CKMS component
Related:policy, software,
CKMS profile
IncludedBy:file, profile,
Related:requirements, security,
claimant
Related:authentication, entity, function, identity, man-in-the-middle attack, protocols,
clandestine operation
Related:covert operation, overt operation,
Clark Wilson integrity model
IncludedBy:integrity, model,
Related:access, access control, control, software,
class 2, 3, 4, or 5
IncludedBy:public-key infrastructure,
Related:assurance, classified, critical, cryptographic, entity, identification, information, key, risk, system, tokens,
class
Related:object,
class hierarchy
Related:network,
class object
IncludedBy:object,
classification
Related:authorized, classified, object, security,
classification guidance
classification guide
Related:classified, subject,
classification levels
IncludedBy:classified,
Includes:TOP SECRET, confidential, default classification, secret, sensitive, sensitive but unclassified, trust level,
Related:Bell-LaPadula security model, Internet Protocol Security Option, authorized, classified information, clearance level, compartment, confinement property, controlled security mode, damage, dedicated security mode, dominated by, dominates, downgrade, information, lattice model, mode of operation, modes of operation, multilevel security, multilevel security mode, non-discretionary security, object, regrade, risk index, sanitize, security label, security level, security situation, sensitivity label, system-high security mode, users,
classification markings and implementation working group
Related:authorized, intelligence,
classified
IncludedBy:security,
Includes:classification levels, classified contract, classified information, classified information procedures act, classified information spillage, classified military information, classified national security information, classified visit, controlled unclassified information, default classification, deliberate compromise of classified information, endorsed for unclassified cryptographic information, endorsed for unclassified cryptographic item, north atlantic treaty organization classified information, sensitive but unclassified, sensitive but unclassified information, unclassified, unclassified controlled nuclear information, unclassified internet protocol router network, unclassified sensitive,
Related:BLACK, Bell-LaPadula security model, COMSEC demilitarization, CRYPTO, Central United States Registry for North Atlantic Treaty Organization, DD 254 - Final, DD 254 - Original, Defense Central Security Index, Defense Information Systems Network, Escrowed Encryption Standard, FIPS PUB 140-1, Federal Public-key Infrastructure, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, National Institute of Standards and Technology, National Security Agency, RED, RED/BLACK concept, Secure Telephone Unit III, Skipjack, Trusted Computer System Evaluation Criteria, Type 1 key, Type 2 key, Type I cryptography, Type II cryptography, access, access approval, access control, access eligibility determination, access national agency check and inquiries, accesses, accreditation, acknowledged special access program, acoustic security, activity security manager, adjudication, advanced encryption standard, adverse information, agency, aggregation, applicant, associated markings, authorized, authorized adjudicative agency, authorized classification and control markings register, authorized investigative agency, authorized person, automated information system media control system, automated security monitoring, burn bag, carve-out, category, class 2, 3, 4, or 5, classification, classification guide, classifier, clearance, clearance certification, cleared escort, clearing, closed area, code word, cognizant security agency, compartment, compartmentalization, compromise, confidentiality, confinement property, contamination, controlled cryptographic item, controlled security mode, courier, custodian, damage assessment, data aggregation, data encryption standard, declassification, declassification authority, dedicated mode, dedicated security mode, derivative classification, designated disclosure authority, dominated by, dominates, downgrade, downgrading, equity, escort, exception, facilities accreditation, facilities certification, facility security clearance, false positive, for official use only, foreign disclosure, foreign disclosure point of contact, foreign ownership, control, or influence, foreign relations of the united states, foreign travel briefing, foreign visit, formal access approval, formerly restricted data, government-to-government transfer, guard, handcarrier, handle via special access control channels only, high assurance guard, inadvertent disclosure incident, incident of security concern, industrial security, information, information category, information security oversight office, inspectable space, interim approval to operate, internal vulnerability, invalidation, key-escrow system, lattice model, law enforcement sensitive, mandatory access control, mandatory declassification review, mission critical, mode of operation, modes of operation, multilevel security, multilevel security mode, multiuser mode of operation, national security information, national security system, national security-related information, naval nuclear propulsion information, need for access, need-to-know, nicknames, non-disclosure agreement, non-discretionary security, non-discussion area, one-time access, open storage, operations security, operations security survey, originating agency determination required, pass/fail, periods processing, personnel security, personnel security - issue information, personnel security clearance, personnel security determination, personnel security interview, personnel security investigation, personnel security program, policy, program channels or program security channels, program protection plan, program sensitive information, protected distribution systems, protected information, public law 100-235, purge, radio frequency jamming, reference material, regrade, reinstatement, release, restricted area, restricted data, revocation, revocation of facility security clearance, risk index, safeguarding and safeguarding measures, safeguarding statement, sanitize, sanitizing, secret, secret key, secure data device, secure operating system, security assurance, security classification guides, security clearance, security compromise, security domain, security incident, security infraction, security label, security level, security policy automation network, security situation, security violation, senior agency official, sensitive compartmented information, sensitive information, sensitivity label, single scope background investigation - periodic reinvestigation, source document, special access program facility, spillage, sponsoring agency, stand-alone automated information system, standard practice procedures, stratified random sample, subcontract, suspicious contact, system-high security mode, systematic declassification review, tear line, technical data, temporary help/job shopper, transmission, transportation plan, trusted computer system, trusted foundry, type 1 products, type 2 product, type 3 key, type 3 product, unacknowledged special access program, unauthorized disclosure, unauthorized person, unfavorable personnel security determination, upgrade, working papers,
classified contract
IncludedBy:classified,
Related:access, requirements,
classified data
HasPreferred:classified information,
classified information
IncludedBy:access control, classified, information,
Includes:classified military information, classified national security information,
PreferredFor:classified data,
Related:authorized, classification levels, classified information procedures act, classified information spillage,
classified information procedures act
IncludedBy:classified,
Related:access, classified information,
classified information spillage
IncludedBy:classified, information, threat,
Related:classified information, incident, security incident,
classified military information
IncludedBy:classified, classified information,
classified national security information
IncludedBy:classified, classified information,
classified visit
IncludedBy:classified,
Related:access,
classifier
Related:classified, security,
clean system
IncludedBy:system,
Related:application, compromise, computer, file, risk, security, software, trust, virus,
clear
Related:software,
clearance
Related:access, authorization, authorized, certification, classified, security, trust,
clearance certification
IncludedBy:certification,
Related:access, classified, security,
clearance level
Related:access, access control, classification levels, information, security, security clearance,
cleared commercial carrier
Related:authorized, security,
cleared employees
Related:security,
cleared escort
Related:United States citizen, access, classified,
clearing
Related:classified, key, system,
cleartext
Antonym:encryption,
PreferredFor:plain text,
Related:cipher, cryptography, information, operation, process,
client (application)
client
Related:access, access control, computer, entity, process, program, system, users,
client server
IncludedBy:automated information system,
Related:access, access control, authorized, communications, computer, model, process, program, system, users,
clients, products, and business practices
IncludedBy:operational risk loss,
Related:requirements,
Clinger-Cohen Act of 1996
Related:management, risk,
Clipper chip
IncludedBy:National Institute of Standards and Technology, National Security Agency,
Includes:Law Enforcement Access Field,
Related:algorithm, communications, cryptographic, cryptography, encryption, escrow, key, process, standard, tamper,
closed area
Related:classified, requirements,
closed security environment
IncludedBy:security, software development,
Related:application, assurance, authorization, control, malicious, operation, system,
closed storage
Related:access, security,
closed user group
IncludedBy:users,
Related:communications,
cloud computing
Related:access, control, management, security, software, users,
cluster controller
IncludedBy:control,
cluster sample
Related:random,
co-utilization
Related:access,
coalition
coaxial cable
code
Includes:American Standard Code for Information Interchange, accounting legend code, authentication code, bar code, code amber, code book, code coverage, code division multiple access, code green, code group, code red, code vocabulary, coded switch system, country code, data authentication code, data authentication code vs. Data Authentication Code, decode, electronic codebook, encode, error detection code, executable code, hash code, hashed message authentication code, malicious code, manipulation detection code, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message integrity code, microcode, mobile code, object code, one-part code, operations code, source code, source code generator, two-part code,
Related:British Standard 7799, CASE tools, Distinguished Encoding Rules, El Gamal algorithm, Generic Security Service Application Program Interface, Integrated CASE tools, POSIX, Type II cryptography, algorithm, antivirus tools, application generator, application program interface, authentication, authentication token, blended attack, buffer overflow, card personalization, certificate management, cipher, cipher block chaining, cipher feedback, cipher suite, coding, communications security, compiled viruses, compiler, completeness, computer, crack, cryptographic, cryptographic application programming interface, cryptographic key, cryptography, cyclic redundancy check, data driven attack, dc servo drive, decrypt, domain name, dynamic analysis, encrypt, encryption, exploit, fault injection, fork bomb, gateway, hash, hash token, identification authentication, imprint, information, instrumentation, interface, interpreted virus, keyed hash algorithm, keying material, killer packets, logic bombs, maintenance hook, malicious program, malware, message, national security system, network sniffing, null, object, out-of-band, output transformation, passive security testing, patch, payload, penetration test, penetration testing, personal identification number, polymorphism, portability, positive control material, primary account number, program, protocols, reduction-function, reverse engineering, revoked state, scalability, secure hash standard, security perimeter, sensitive information, shim, simple network management protocol, spyware, state delta verification system, syllabary, symmetric key, synchronous flood, system, technical vulnerability information, test case generator, test cycle, time bomb, trapdoor, trojan horse, trust, unit, untrusted process, variant, verification, virus, worm,
code amber
IncludedBy:code, critical infrastructures, threat,
Related:critical, function, security,
code book
IncludedBy:code,
Related:encryption, system,
code coverage
IncludedBy:code,
Related:analysis, software, test,
code division multiple access
IncludedBy:access, code, security,
Related:cryptography, technology,
code green
IncludedBy:code, critical infrastructures,
code group
IncludedBy:code,
Related:system,
code red
IncludedBy:code, critical infrastructures, threat,
Related:attack, critical, function, security,
code vocabulary
IncludedBy:code,
Related:system,
code word
Related:classified, security,
coded switch system
IncludedBy:code, system,
coding
Related:code, computer, flow, program, software,
coefficient of variation
Related:standard,
coercive force
coercivity
cognizant security agency
IncludedBy:security,
Related:classified, intelligence,
cognizant security office
IncludedBy:security,
cohabitant
cold site
IncludedBy:disaster recovery,
Related:communications, computer, connection, hot site, system,
cold start
Related:cryptography, key, users,
collaborative computing
Related:application, information, technology,
collateral information
Related:access, security, security clearance, subject,
collision
collision-resistant hash function
IncludedBy:function, hash,
Related:property, requirements,
color change
Related:information, process, system,
command and control
IncludedBy:control,
Includes:command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, global command and control system, nuclear command and control document,
Related:C2-protect, Defense Information Infrastructure, authority, communications, function, operation,
command and control warfare
IncludedBy:command and control, control, warfare,
Related:adversary, application, information, intelligence, operation, security,
command authority
IncludedBy:authority,
Related:key, users,
command, control, and communications
IncludedBy:command and control, communications, control,
command, control, communications and computers
IncludedBy:command and control, communications, computer, control,
command, control, communications and intelligence
IncludedBy:command and control, communications, control, intelligence,
Commercial COMSEC Endorsement Program
IncludedBy:communications security, program,
Commercial COMSEC Evaluation Program
IncludedBy:communications security, evaluation, program,
Related:algorithm, module, standard, system,
commercial off-the-shelf software
IncludedBy:software,
Related:test,
Synonym:COTS software,
commercial software
IncludedBy:software,
Related:owner,
commercial-off-the-shelf
Includes:COTS software,
Committee of sponsoring organizations (of the Treadway Commission)
commodity service
Related:control, management, security,
common access card
IncludedBy:access,
common carrier
common control
IncludedBy:control,
Related:security,
common control provider
IncludedBy:control,
Related:development, security,
common criteria
IncludedBy:criteria,
Related:assurance, computer security, evaluation, function, information, information assurance, program, requirements, role, security, standard, system, technology,
Synonym:Common Criteria for Information Technology Security,
Common Criteria for Information Technology Security
IncludedBy:National Institute of Standards and Technology, computer security, criteria, information, security, technology,
Includes:Common Criteria for Information Technology Security Evaluation, national information assurance partnership,
Related:National Security Agency, algorithm, application, assessment, assurance, availability, computer, computer network, confidentiality, control, cryptographic, cryptography, emanation, emanations security, evaluation, function, integrity, malicious, network, operation, requirements, software, standard, system, threat, trust, version,
Synonym:common criteria,
Common Criteria for Information Technology Security Evaluation
IncludedBy:Common Criteria for Information Technology Security, computer security, criteria, evaluation, information, technology,
Includes:Canadian Trusted Computer Product Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria, assurance component, common criteria version 1.0, common criteria version 2.0, component dependencies, component extensibility, component hierarchy, component operations, evaluation assurance level, functional component, protection profile, security target, trusted gateway,
Related:IT security, assessment, requirements, risk,
Common Criteria Testing Laboratory
IncludedBy:criteria, national information assurance partnership, security testing, test,
Includes:Monitoring of Evaluations, Scope of Accreditation, Validation Certificate, approved technologies list, approved test methods list, deliverables list, designated laboratories list, designating authority, designation policy, evaluation technical report, evaluation work plan, observation reports,
Related:IT security, accreditation, computer security, evaluation, program, validation,
Common Criteria Testing Program
IncludedBy:criteria, national information assurance partnership, program, security testing, test,
Related:evaluation, validation,
common criteria version 1.0
IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, version,
Related:computer security, information, technology,
common criteria version 2.0
IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, version,
Related:computer security, information, technology,
common data security
IncludedBy:common data security architecture,
Related:communications, module, system,
common data security architecture
IncludedBy:security,
Includes:common data security, common security, common security services manager, cryptographic service, cryptographic service providers,
PreferredFor:communication and data security architecture,
Related:authentication, encryption,
Common Evaluation Methodology
IncludedBy:evaluation, national information assurance partnership,
common fill device
Related:key,
common gateway interface
IncludedBy:gateway, interface, world wide web,
Includes:CGI scripts,
Related:access, access control, program, resource,
common interswitch rekeying key
IncludedBy:key, rekey,
Common IP Security Option
IncludedBy:security,
common misuse scoring system
Related:security, software, vulnerability,
common name
IncludedBy:public-key infrastructure,
Related:X.509, certificate, key, object, public-key,
common platform enumeration
common security
IncludedBy:common data security architecture,
Related:application, certificate, cryptographic, integrity, key, policy, protocols, public-key infrastructure, trust,
common security services manager
IncludedBy:common data security architecture,
common vulnerabilities and exposures
IncludedBy:exposures, vulnerability,
Related:cyberspace, risk,
communication and data security architecture
HasPreferred:common data security architecture,
IncludedBy:security,
communication channel
IncludedBy:channel, communications,
Includes:internal communication channel,
Related:information, network,
communication equipment room
IncludedBy:communications,
communication link
IncludedBy:communications,
communications
IncludedBy:network,
Includes:National Communications System, National Security Telecommunications Advisory Committee, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Administration, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, asynchronous communication, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, communication channel, communication equipment room, communication link, communications cover, communications deception, communications electronics operating instruction, communications profile, communications protocol, communications security element, data communications, defense communications system, diplomatic telecommunications service, federal telecommunications system, global telecommunications service, government emergency telecommunications service, imitative communications, information and communications, internal communication channel, manipulative communications deception, minimum essential emergency communications network, national telecommunications and information system security directives, personal communications network, private communication technology, protected communications, protected communications zone, secure communications, subcommittee on telecommunications security, telecommunications, telecommunications security, tri-service tactical communications system,
Related:American National Standards Institute, CCI equipment, COMSEC aid, COMSEC equipment, COMSEC material, COMSEC module, COMSEC monitoring, COMSEC survey, CRYPTO, Clipper chip, Defense Information Infrastructure, Escrowed Encryption Standard, IT resources, ITU-T, Integrated services digital network, National Security Decision Directive 145, OSI architecture, Rivest-Shamir-Adleman algorithm, TEMPEST, access, access control, active wiretapping, alarm surveillance, application, application program interface, approval/accreditation, audit trail, authenticate, availability, bandwidth, between-the-lines-entry, binding, bit error rate, bulk encryption, capability, cell, cellular transmission, channel capacity, circuit switching, client server, closed user group, cold site, command and control, common data security, component, computer fraud, content filtering, control, controlled cryptographic item, covert channel, covert timing channel, cracker, cross-talk, cryptography, cryptology, cybersecurity, cyberspace, deception, delegated development program, dial-up, dial-up line, digital telephony, distributed processing, electronic commerce, electronic data interchange, electronic key management system, electronic security, email, encryption, end-to-end encryption, exercise key, extraction resistance, fault, field device, field site, frequency hopping, front-end processor, full-duplex, gateway, general support system, global information grid, global information infrastructure, help desk, host, inference, information processing standard, information superhighway, information systems security engineering, information technology, information technology system, interface, interference, internet, internet control message protocol, internet protocol, internetwork, intranet, key exchange, key management/exchange, key recovery, line conditioning, line conduction, link, link encryption, local loop, local-area network, major application, message indicator, mission critical, multicast, multilevel security, national information infrastructure, national security system, nations, network architecture, network configuration, network device, network layer security, network management, network management architecture, network management protocol, network weaving, online certificate status protocol, open system interconnection model, operations code, outage, over-the-air key transfer, over-the-air rekeying, overt channel, packet filtering, passive wiretapping, peer-to-peer communication, per-call key, personal firewall, platform, port, privacy system, protocol suite, protocols, public-key infrastructure, reliability, remote access, remote terminal emulation, remote terminal unit, replay attacks, secure hypertext transfer protocol, secure socket layer, security, security controls, security perimeter, session hijack attack, signaling, simple network management protocol, software, spread spectrum, subcommittee on Automated Information System security, subnetwork, superencryption, system, system assets, systems security steering group, systems software, technology area, telecommuting, teleprocessing, traffic analysis, traffic padding, traffic-flow security, transmission security, transport mode vs. tunnel mode, trusted gateway, tunnel, user data protocol, virtual private network, war dialer, wide-area network, wiretapping, worm,
communications cover
IncludedBy:communications,
Related:adversary, information,
communications deception
IncludedBy:communications, security,
Related:adversary, assurance,
communications electronics operating instruction
IncludedBy:communications,
communications intelligence
IncludedBy:intelligence,
Related:foreign,
communications profile
IncludedBy:communications, file, profile,
Related:communications security, function, security, system,
communications protocol
IncludedBy:communications, protocols,
Related:computer, information, standard,
communications security
IncludedBy:Automated Information System security, security,
Includes:COMSEC Material Control System, COMSEC Parent Switch, COMSEC Resources Program, COMSEC Subordinate Switch, COMSEC Utility Program, COMSEC account, COMSEC account audit, COMSEC aid, COMSEC boundary, COMSEC chip set, COMSEC control program, COMSEC custodian, COMSEC end-item, COMSEC equipment, COMSEC facility, COMSEC incident, COMSEC insecurity, COMSEC manager, COMSEC material, COMSEC modification, COMSEC module, COMSEC monitoring, COMSEC profile, COMSEC survey, COMSEC system data, COMSEC training, Commercial COMSEC Endorsement Program, Commercial COMSEC Evaluation Program, National COMSEC Advisory Memorandum, National COMSEC Information Memorandum, National COMSEC Instruction, advanced self-protection jammer, alternate COMSEC custodian, anti-jam, anti-jamming, communications security element, crypto-security, emissions security, internet protocol security, meaconing, intrusion, jamming, and interference, network security, network security architecture, network security architecture and design, network security officer, subcommittee on telecommunications security, telecommunications security,
Related:BLACK, CCI assembly, CCI component, CCI equipment, CRYPTO, FIPS PUB 140-1, Federal Public-key Infrastructure, RED, RED/BLACK separation, Secure Data Exchange, TSEC nomenclature, access control lists, accountability, accounting legend code, accounting number, alert, algorithm, approval/accreditation, assurance, audit trail, authentication, authorized, central office of record, code, communications profile, computer emergency response team, confidentiality, control, cryptographic, cryptography, data transfer device, design controlled spare parts, direct shipment, drop accountability, electronic attack, electronic key management system, electronically generated key, element, encryption algorithm, entity, fill device, fixed COMSEC facility, frequency hopping, incident, information, information security, integrity, key, key distribution center, key management, limited maintenance, local management device/key processor, long title, mandatory modification, network sponsor, optional modification, procedural security, process, protective packaging, repair action, security architecture, security incident, security net control station, short title, supersession, system, systems security steering group, telecommunications, test key, time-compliance date, transmission security, trusted path, two-person integrity, updating, user representative,
communications security element
IncludedBy:communications, communications security,
communications security monitoring
IncludedBy:security,
community of interest
Related:security, users,
community risk
IncludedBy:risk,
Related:vulnerability,
community string
Related:passwords, version,
company
comparisons
IncludedBy:biometrics,
Related:entity, identification, identity, process, verification,
compartment
Related:access, access control, classification levels, classified, control, information,
compartment key
IncludedBy:key,
compartmentalization
Related:access, access control, classified, control, information, security,
compartmentation
Related:access,
compartmented intelligence
IncludedBy:intelligence,
Related:access,
compartmented mode
Related:access, access control, information, operation, process, security, system, users,
compelling need
Related:access,
compensating security controls
IncludedBy:control, security,
Related:countermeasures, information, management, operation, system,
competition
Related:object,
compiled viruses
IncludedBy:virus,
Related:code, program, system,
compiler
IncludedBy:software development,
Related:code, computer, object, program, source code,
completeness
Related:code, function, requirements, software,
compliance-based
Related:IT security, program, security, standard, system,
component
IncludedBy:component dependencies, component extensibility, component hierarchy, component operations, component reference monitor, construction of TOE requirements, target of evaluation,
Includes:assurance component, basic component, development assurance component, evaluation assurance component, functional component, functional unit, network component,
Related:communications, computer, control, entity, file, function, gateway, identity, message, network, object, operation, profile, security, security testing, software, subject, system, target, telecommunications, test, trust, verification,
component dependencies
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Includes:component,
Related:assurance, function,
component extensibility
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Includes:component, security target,
Related:assurance, certification, criteria, function,
component hierarchy
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Includes:component,
Related:assurance, criteria, function, requirements,
component operations
IncludedBy:Common Criteria for Information Technology Security Evaluation, operation,
Includes:component, security policy, threat,
Related:application, criteria, policy,
component reference monitor
IncludedBy:access control,
Includes:component, object, subject,
Related:access, control,
comprehensive testing
compromise
IncludedBy:incident,
Includes:areas of potential compromise, compromised key list, compromised state, compromising emanation performance requirement, compromising emanations, data compromise, deliberate compromise of classified information, destroyed compromised state, security compromise,
Related:DNS spoofing, TEMPEST, TEMPEST shielded, TEMPEST test, acknowledged special access program, acquisition systems protection, adversary, application server attack, attack, authorized, benign, classified, clean system, computer, control, control zone, core secrets, cost-risk analysis, counterintelligence assessment, critical, critical program information, critical security parameters, cryptographic, cryptography, emanations security, emissions security, entity, environmental failure protection, environmental failure testing, file integrity checking, flaw hypothesis methodology, forward secrecy, information, insider, intrusion, invalidity date, key, key lifecycle state, leapfrog attack, line supervision, malware, metadata, multilevel device, object, ohnosecond, payment gateway certification authority, policy, privacy, protective technologies, public-key forward secrecy, revocation, revocation date, risk analysis, robustness, rootkit, security, security audit, security environment threat list, security event, security incident, security infraction, security management infrastructure, security violation, suppression measure, suspicious contact, system, tri-homed, trust, trusted recovery, unacknowledged special access program, version, vulnerability, vulnerability assessment, warehouse attack,
compromised key list
IncludedBy:compromise, key, multilevel information systems security initiative, public-key infrastructure, threat,
Related:authorized, certificate, computer, control, identification, subject, system, users,
compromised state
IncludedBy:compromise, key lifecycle state,
Related:cryptographic, key, lifecycle, process,
compromising emanation performance requirement
IncludedBy:compromise, emanations security, risk,
compromising emanations
IncludedBy:TEMPEST, compromise, emanations security, threat,
Related:information, intelligence, process, system,
computer
Includes:Canadian Trusted Computer Product Evaluation Criteria, Computer Incident Advisory Capability, Computer Security Objects Register, DoD Trusted Computer System Evaluation Criteria, National Computer Security Center, National Computer Security Center glossary, Trusted Computer System Evaluation Criteria, command, control, communications and computers, computer abuse, computer architecture, computer cryptography, computer emergency response team, computer emergency response teams' coordination center, computer forensics, computer fraud, computer incident assessment capability, computer intrusion, computer network, computer network attack, computer network defense, computer network exploitation, computer network operations, computer operations, audit, and security technology, computer oracle and password system, computer related controls, computer related crime, computer security, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computer-aided software engineering, computer-assisted audit technique, embedded computer, energy-efficient computer equipment, joint task force-computer network defense, laptop computer, national computer security assessment program, organization computer security representative, personal computer, personal computer memory card international association, trusted computer system,
Related:Abrams, Jojodia, Podell essays, Abstract Syntax Notation One, American National Standards Institute, Automated Information System security, Bell-LaPadula security model, COMSEC control program, Common Criteria for Information Technology Security, Cryptographic Application Program Interface, Defense Information Infrastructure, Estelle, FIPS PUB 140-1, Federal Information Processing Standards, Forum of Incident Response and Security Teams, IP address, IT resources, IT security incident, Integrated services digital network, Internet worm, Open Systems Interconnection Reference model, Orange book, PC card, PCMCIA, PHF, POSIX, Red book, SOCKS, TEMPEST, Terminal Access Controller Access Control System, Trusted Systems Interoperability Group, Yellow book, abort, access control center, access control lists, access port, accessibility, accountability, accreditation, accreditation range, active wiretapping, add-on security, administrative account, algorithm, antivirus software, application, application server attack, application system, approval/accreditation, assurance, attack, attackers, audit software, audit trail, auditing tool, authentication, authentication code, authorization, automated clearing house, automated data processing system, automated information system, automated key distribution, automated logon sequences, availability, backdoor, backup operations, backup procedures, bandwidth, bastion host, bebugging, benchmark, beyond A1, break, browser, brute force attack, buffer overflow, byte, call back, centralized operations, certification, certification authority workstation, certification practice statement, checksum, clean system, client, client server, code, coding, cold site, communications protocol, compiler, component, compromise, compromised key list, confidentiality, configuration control, configuration item, configuration management, console logon, console logs, continuity of services and operations, cracker, cracking, crash, criteria, cyberspace, cyberspace operations, data, data encryption standard, data integrity, data management, data processing, database management system, debug, default account, demilitarized zone, denial-of-service, descriptive top-level specification, dial back, dial-up, dial-up line, dial-up security, digital certificate, digital signature, discrete event simulation, distributed data, distributed database, distributed denial-of-service, distributed processing, domain name service server, dongle, download, dump, dumpster diving, e-mail server, electronic commerce, electronic data interchange, email, emergency response, emergency shutdown controls, end system, end-to-end encryption, end-user, endorsed tools list, error seeding, evaluated products list, executable code, exploitable channel, extensible markup language, extranet, fault, field, file, file infector virus, file security, file transfer, file transfer protocol, firewall, firmware, flaw hypothesis methodology, flooding, formal language, formal proof, formal security policy model, formal specification, formal top-level specification, format, framework, front-end processor, front-end security filter, full disk encryption, functional testing, gateway, gateway server, general controls, general-purpose system, gopher, graphical-user interface, guard, hackers, handshaking procedures, hardening, hardware, help desk, host, host-based firewall, hypertext, identification authentication, imaging system, impersonation, incident, individual accountability, information flow, information security, information system, information technology, information technology system, insider, integrity, interactive mode, interface, internet, internet protocol, internet vs. Internet, interoperability, interoperability standards/protocols, intranet, intrusion, intrusion detection, intrusion detection and prevention, intrusion detection systems, intrusion detection tools, intrusion prevention, key center, key logger, kiosk, language of temporal ordering specification, leakage, legacy systems, link, list-oriented, local-area network, logic bombs, loop, malicious applets, malicious intruder, malicious logic, malware, memory, message authentication code vs. Message Authentication Code, message integrity code, meta-language, microcode, middleware, mirroring, mockingbird, modem, multiuser mode of operation, national information infrastructure, network, network component, network device, network front-end, network services, node, object, on-demand scanning, on-line system, operating system, optical scanner, output, overt channel, packet sniffer, packet switching, passive threat, password cracking, peer-to-peer communication, penetration test, penetration testing, peripheral equipment, persistent cookie, personal digital assistant, personal firewall, personal identity verification, phishing, phracker, piggyback entry, port, portability, pretty good privacy, privilege, privileged access, privileged instructions, privileged process, procedural security, process controller, program, proprietary information, protocol suite, protocols, prototyping, proxy server, public law 100-235, push technology, read-only memory, real-time processing, real-time system, reciprocal agreement, recovery site, reliability, remote access, remote access software, remote terminal emulation, remote terminal unit, requirements, requirements traceability matrix, resource starvation, response time, restart, reusability, reverse engineering, risk, rootkit, router, run, safeguarding statement, scan, screen scraping, script, script bunny, secure configuration management, security architecture, security audit, security evaluation, security event, security incident, security kernel, security label, security policy model, security service, security test and evaluation, security-relevant event, segregation of duties, sensitive information, server, session key, shrink-wrapped software, simple mail transfer protocol, simulation modeling, single sign-on, smartcards, sniffer, social engineering, soft TEMPEST, software, software development methodologies, software product, source code, source data entry, source program, spoofing, spyware detection and removal utility, stand-alone, shared system, stand-alone, single-user system, state variable, stovepipe systems, supervisory control, supervisory control and data acquisition, support software, suspicious event, system, system development lifecycle, system files, system integrity, system lifecycle, system parameter, system security officer, system software, systems software, technical policy, technical vulnerability, telecommuting, teleprocessing, telnet, testability, thrashing, threat, ticket-oriented, tiger team, time bomb, timing attacks, tokens, traceroute, tracking cookie, transaction, transmission control protocol, trapdoor, trojan horse, trust level, trusted computing base, trusted network interpretation, trusted path, trusted platform module chip, trustworthy system, tunnel, type time, unit, upload, user data protocol, user id, user interface, users, utility programs, value-added network, vaulting, vendor, virtual private network, virus, virus-detection tool, vulnerability, war dialer, war driving, web server, website hosting, white-box testing, wireless gateway server, workstation, worm,
computer abuse
IncludedBy:automated information system, computer, threat,
Related:authorized, availability, confidentiality, damage, denial-of-service, fraud, information, integrity, key, malicious, process, resource, theft,
computer architecture
IncludedBy:computer, security architecture,
Includes:object,
Related:application, process, program, protocols, software, standard, system,
computer cryptography
IncludedBy:computer, cryptography,
Related:algorithm, authentication, encryption, information, process, program, users,
computer emergency response team
IncludedBy:computer, response, security,
Includes:Forum of Incident Response and Security Teams, computer emergency response teams' coordination center,
Related:Computer Incident Advisory Capability, advisory, attack, availability, communications security, computer security, computer security incident response team, incident, information, integrity, internet, network, owner, system, threat, vulnerability,
computer emergency response teams' coordination center
IncludedBy:computer, computer emergency response team, response,
Related:attack, internet, program, software, system,
computer forensics
IncludedBy:computer,
PreferredFor:forensics,
Related:integrity,
computer fraud
IncludedBy:computer, fraud,
Related:application, communications, file, operation, program, software, system,
Computer Incident Advisory Capability
IncludedBy:advisory, computer, incident,
Related:computer emergency response team, response,
computer incident assessment capability
IncludedBy:assessment, computer, incident,
computer incident response team
Related:cyberspace, security,
computer intrusion
IncludedBy:attack, computer, incident, intrusion,
Related:access, access control, authorized, information, system, unauthorized access,
computer network
IncludedBy:computer, network,
Includes:computer network attack, computer network defense, computer network exploitation, computer network operations, joint task force-computer network defense,
Related:Common Criteria for Information Technology Security, Estelle, authentication, automated key distribution, bandwidth, computer oracle and password system, cyberspace operations, distributed dataprocessing, extranet, firewall, gateway, hackers, host, internet, internet vs. Internet, intranet, language of temporal ordering specification, mirroring, packet switching, protocol suite, remote access, security policy automation network, sniffer, system, transmission control protocol, tunnel, value-added network, vaulting, virtual private network, war driving, wide-area network, wireless gateway server,
computer network attack
IncludedBy:attack, computer, computer network, network,
Related:information, operation,
computer network defense
IncludedBy:computer, computer network, network,
Related:authorized, information, system,
computer network exploitation
IncludedBy:computer, computer network, network,
Related:information, intelligence, system, target,
computer network operations
IncludedBy:computer, computer network, network,
Related:attack,
computer operations, audit, and security technology
IncludedBy:audit, computer, operation, technology,
Related:computer security, function, system,
computer oracle and password system
IncludedBy:computer, security software, system,
Related:computer network, network, passwords, program, software,
computer related controls
IncludedBy:computer, control,
Related:application, availability, confidentiality, integrity, security controls,
computer related crime
IncludedBy:computer, threat,
Related:illegal, technology,
computer security
IncludedBy:computer, security,
Includes:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Computer Security Objects Register, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IS security architecture, IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security certification, IT security policy, IT security product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, National Computer Security Center, National Computer Security Center glossary, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, certified information systems security professional, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computing security methods, emissions security, information system security officer, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, multilevel information systems security initiative, national computer security assessment program, national telecommunications and information system security directives, program automated information system security incident support team, subcommittee on Automated Information System security,
Related:Bell-LaPadula security model, Common Criteria Testing Laboratory, Federal Criteria Vol. I, Federal Information Processing Standards, Forum of Incident Response and Security Teams, National Security Decision Directive 145, National Voluntary Laboratory Accreditation Program, Orange book, Scope of Accreditation, Trusted Computer System Evaluation Criteria, Yellow book, access, access control, accreditation range, approved technologies list, approved test methods list, assurance, audit trail, availability, certification, common criteria, common criteria version 1.0, common criteria version 2.0, computer emergency response team, computer operations, audit, and security technology, confidentiality, conformant validation certificate, control, correctness, covert channel, criteria, dedicated mode, degausser, degausser products list, deliverables list, designated, designated laboratories list, dominates, endorsed tools list, evaluated products list, evaluation, evaluation work plan, function, information, integrity, observation reports, partitioned security mode, party, preferred products list, procedural security, process, protection profile, public law 100-235, residual risk, risk treatment, security architecture, security purpose, security requirements, security target, security-compliant channel, sensitive information, software, subcommittee on telecommunications security, suspicious event, system, system high mode, systems security steering group, tamper, technology area, trusted network interpretation,
Synonym:Automated Information System security, IT security, information systems security,
computer security emergency response team
IncludedBy:computer, computer security, response,
computer security incident
IncludedBy:computer, computer security, incident, security incident,
Related:information, intrusion, system,
computer security incident response capability
IncludedBy:computer, computer security, incident, response, security incident,
computer security incident response team
IncludedBy:computer, computer security, incident, response, security incident,
Related:computer emergency response team, information,
computer security intrusion
IncludedBy:computer, computer security, intrusion,
Related:access, access control, authorized, information, penetration, system, unauthorized access,
computer security object
IncludedBy:computer, computer security, object,
Related:security software,
Computer Security Objects Register
IncludedBy:National Institute of Standards and Technology, computer, computer security, object,
Related:algorithm, registration, standard,
computer security subsystem
IncludedBy:computer, computer security, system,
Related:software,
computer security technical vulnerability reporting program
IncludedBy:computer, computer security, program, vulnerability,
Related:information, login, software,
computer security toolbox
IncludedBy:security,
Related:assurance,
computer-aided software engineering
IncludedBy:computer, software,
computer-assisted audit technique
IncludedBy:audit, computer,
Related:program, software, test,
computerized telephone system
computing environment
Related:application, system,
computing security methods
IncludedBy:computer security,
Related:assurance, function, network, requirements, software, system, verification,
COMSEC
Related:security,
COMSEC account
IncludedBy:communications security,
Related:control, entity,
COMSEC account audit
IncludedBy:audit, communications security,
COMSEC aid
IncludedBy:communications security,
Related:communications, key, operation, system, telecommunications,
COMSEC assembly
COMSEC boundary
IncludedBy:boundary, communications security,
Related:critical, function, key, software,
COMSEC chip set
IncludedBy:communications security,
COMSEC control program
IncludedBy:communications security, control, program,
Related:authentication, computer, encryption, function, key, message,
COMSEC custodian
IncludedBy:communications security,
Related:authority,
COMSEC demilitarization
Related:classified, process,
COMSEC element
COMSEC end-item
IncludedBy:communications security,
Related:application,
COMSEC equipment
IncludedBy:communications security,
Related:authentication, authorized, communications, cryptography, information, process, telecommunications, version,
COMSEC facility
IncludedBy:communications security,
Related:authorized,
COMSEC incident
IncludedBy:communications security, incident,
COMSEC insecurity
IncludedBy:communications security,
Related:incident, information,
COMSEC manager
IncludedBy:communications security,
Related:resource,
COMSEC material
IncludedBy:communications security,
Related:communications, control systems, cryptographic, cryptography, function, key, software, telecommunications,
COMSEC Material Control System
IncludedBy:communications security, control, control systems, system,
Related:key,
COMSEC modification
IncludedBy:communications security, information systems security equipment modification,
Related:information, system,
COMSEC module
IncludedBy:communications security, module,
Related:communications, function, system, telecommunications,
COMSEC monitoring
IncludedBy:communications security,
Related:communications, telecommunications,
COMSEC Parent Switch
IncludedBy:communications security,
COMSEC profile
IncludedBy:communications security, file, profile,
Related:operation, system,
COMSEC Resources Program
IncludedBy:communications security, program, resource,
COMSEC Subordinate Switch
IncludedBy:communications security,
COMSEC survey
IncludedBy:communications security,
Related:communications, information, operation, system,
COMSEC system data
IncludedBy:communications security, system,
Related:control, information, key,
COMSEC training
IncludedBy:communications security,
COMSEC Utility Program
IncludedBy:communications security, program,
concealment
concealment system
IncludedBy:system,
Related:confidentiality, information, security,
concept of operations
IncludedBy:operation, security,
Related:internet, object, process, system,
concurrency control
IncludedBy:control,
Related:users,
concurrent connections
IncludedBy:connection,
Related:flow, test, users,
confidence
IncludedBy:assurance, trust,
Includes:confidence coefficient, confidence interval, confidence level, confidence limits, public confidence,
Related:IT Security Evaluation Criteria, IT Security Evaluation Methodology, Monitoring of Evaluations, assurance level, assurance profile, audit, authentication, authenticity, checksum, confidentiality, data confidentiality, data integrity, defense, defense-in-depth, infrastructure assurance, interval estimate, national information assurance partnership, policy, profile assurance, quality assurance, reference monitor, reliability, robustness, sampling error, software quality assurance, source integrity, state delta verification system, trusted channel, trusted computing system, trusted path,
confidence coefficient
IncludedBy:confidence,
confidence interval
IncludedBy:confidence,
confidence level
IncludedBy:confidence,
Related:random,
confidence limits
IncludedBy:confidence,
confidential
IncludedBy:classification levels,
Related:authorized, damage, security,
confidential source
Related:security,
confidentiality
IncludedBy:privacy, security goals,
Includes:cryptographic algorithm for confidentiality, data confidentiality, data confidentiality service, traffic flow confidentiality,
Related:Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, NULL encryption algorithm, Secure Electronic Transaction, access, access control, assurance, asymmetric cryptography, authentication header, authorized, classified, communications security, computer, computer abuse, computer related controls, computer security, concealment system, confidence, data privacy, data security, defense-in-depth, defense-wide information assurance program, digital envelope, encapsulating security payload, encryption algorithm, entry-level certification, flow, hybrid encryption, information, information assurance, information security, internet, internet protocol security, intrusion, key recovery, levels of concern, line managers, mid-level certification, network, object, passive, penetration, post-accreditation phase, privacy enhanced mail, privacy programs, privacy protection, process, property, public-key infrastructure, requirements for procedures and standards, secure shell, secure socket layer, security controls, security event, security objectives, security policy, simple network management protocol, subject, symmetric cryptography, system, top-level certification, transmission security, users, vulnerability, wrap,
configuration
IncludedBy:configuration management, target of evaluation,
Related:function, software, system, target,
configuration control
IncludedBy:configuration management, control, target of evaluation,
Includes:object,
Related:authorized, computer, establishment, identification, information, integrity, malicious, operation, process, software, system, target,
configuration control board
IncludedBy:control,
Related:development, software,
configuration identification
IncludedBy:configuration management, identification,
Related:function, system,
configuration item
IncludedBy:configuration management,
Related:computer, entity, function, process, program, software,
configuration management
IncludedBy:assurance, risk management, software development,
Includes:baseline management, configuration, configuration control, configuration identification, configuration item, secure configuration management,
Related:computer, control, function, identify, operation, process, requirements, software, system, test,
confinement
Includes:confinement channel, confinement property,
Related:program, risk,
confinement channel
IncludedBy:confinement,
Related:covert, covert channel, covert timing channel,
confinement property
IncludedBy:confinement,
Related:Bell-LaPadula security model, access, access control, classification levels, classified, object, subject,
Synonym:*-property,
conformance
Related:requirements, standard, test,
conformance testing
IncludedBy:security testing, test,
Related:process,
conformant validation certificate
IncludedBy:certificate, validation,
Related:IT security, authority, computer security, security,
congruence
Related:property,
connection
IncludedBy:firewall,
Includes:Open Systems Interconnection Reference model, concurrent connections, connection approval, connection establishment, connection establishment time, connection maintenance, connection overhead, connection teardown, connection teardown time, connectionless data integrity service, interconnection security agreements, network connection, open system interconnection, open system interconnection model, open systems interconnection, platform it interconnection, system interconnection,
Related:Identification Protocol, Internet Security Association and Key Management Protocol, Internet worm, OSI architecture, SOCKS, SYN flood, Security Protocol 3, Security Protocol 4, Simple Authentication and Security Layer, Terminal Access Controller Access Control System, USENET, application level gateway, application proxy, application-level firewall, asynchronous transfer mode, authentication header, automated logon sequences, banner grabbing, call back, call back security, circuit level gateway, circuit proxy, circuit switching, cold site, connectivity, control, cookies, data origin authentication service, data source, derogatory information, dial back, encapsulating security payload, external system exposure, file, firewall machine, foreign liaison officer, global information infrastructure, handcarrier, information, interface, internet, internet protocol security, internetwork private line interface, local-area network, long-haul telecommunications, malicious code screening, memorandum of understanding, national information infrastructure, network, network address translation, network configuration, network tap, on ramp, personal firewall, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, port, port scanner, port scanning, protective security service, protocols, proxy, proxy server, remote access, remote maintenance, router, rules of behavior, scan, secure shell, secure socket layer, security association, security certificate, security controls, security domain, security parameters index, session key, signaling, stateful packet filtering, stealth probe, stovepipe systems, system security authorization agreement, tinkerbell program, transmission control protocol, trusted identification forwarding, tunneling, unit of transfer, users, war dialing, wireless technology, wiretapping, worm,
connection approval
IncludedBy:connection,
Related:authorization,
connection establishment
IncludedBy:connection, establishment,
Related:identify, protocols, security association, test,
connection establishment time
IncludedBy:connection, establishment,
Related:interface, protocols,
connection maintenance
IncludedBy:connection,
Related:identify, protocols, users,
connection overhead
IncludedBy:connection,
Related:establishment,
connection teardown
IncludedBy:connection,
Related:identify, protocols, test,
connection teardown time
IncludedBy:connection,
Related:interface, protocols,
connectionless data integrity service
IncludedBy:connection, integrity,
Related:security,
connectivity
IncludedBy:target of evaluation,
Related:connection, property,
consequence
consequence management
IncludedBy:risk management,
consignee
consignor
Related:shipper,
consistency
IncludedBy:database management system,
Related:standard, system,
console
Related:interface, intrusion, intrusion detection, program, system, users,
console logon
IncludedBy:logon,
Related:access, computer, control, privileged, system, users,
console logs
IncludedBy:audit trail,
Related:computer, control, system,
constant surveillance service
Related:security,
construction
IncludedBy:target of evaluation,
Related:process, target,
construction of TOE requirements
IncludedBy:requirements, target of evaluation,
Includes:component, security target,
Related:object, security,
construction surveillance technician
Related:security,
constructive cost model
IncludedBy:business process,
consumers
Related:policy, requirements, security, system, users,
contact interface
IncludedBy:interface,
Related:flow,
contactless interface
IncludedBy:interface,
Related:flow,
contactless smart card
IncludedBy:smartcards,
Related:information,
container
Related:encryption, file, technology,
contamination
IncludedBy:fetch protection, file protection, incident, risk,
Related:classified,
content filtering
Related:communications, process, users,
context-dependent access control
IncludedBy:access, control,
continental united states
contingency key
IncludedBy:key,
Related:operation,
contingency plan
IncludedBy:contingency planning,
Includes:back up vs. backup, backup generations, backup operations, backup plan, disaster plan, disaster recovery, disaster recovery plan, emergency plan, recovery procedures, redundancy,
Related:IT security, backup, business process, critical, failure, management, operation, process, program, recovery, resource, response, risk, security, system, test,
contingency planning
IncludedBy:availability,
Includes:contingency plan,
Related:backup, control, critical, operation, recovery, resource, response, system,
continuity of operations
IncludedBy:availability, operation,
Related:process,
continuity of operations plan
IncludedBy:operation,
Related:damage, function, management, risk,
continuity of services and operations
IncludedBy:operation, risk management,
Related:business process, computer, control, critical, minimum essential infrastructure, recovery,
continuous monitoring
Related:control, development, risk, security,
continuous operation
Related:access,
continuous process
IncludedBy:process,
Related:flow, operation,
continuous process improvement
IncludedBy:process, quality,
Related:operation,
continuous sensitive compartmented information facility operation
continuous signature service
IncludedBy:signature,
contract
Related:subject,
contracting officer
contracting officer representative
contractor
Related:security,
contractor special security officer
IncludedBy:security,
Related:information security,
contractor/command program manager
contractor/command program security officer
IncludedBy:security,
Related:access,
control
Includes:COMSEC Material Control System, COMSEC control program, IT security controls, Office of Foreign Assets Control, TSF scope of control, Terminal Access Controller Access Control System, U.S.-controlled facility, U.S.-controlled space, access control, access control center, access control mechanisms, access control officer, access control service, application controls, areas of control, attribute-based access control, automatic key distribution/rekeying control unit, baseline controls, change control and lifecycle management, circuit control officer, cluster controller, command and control, command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, common control, common control provider, compensating security controls, computer related controls, concurrency control, configuration control, configuration control board, context-dependent access control, control algorithm, control center, control class, control family, control identification list, control information, control loop, control network, control objectives, control objectives for information and related technology, control server, control systems, control zone, controlled access area, controlled access protection, controlled area, controlled cryptographic item, controlled interface, controlled security mode, controlled sharing, controlled space, controlled variable, controller, controlling authority, criteria of control, cryptonet control station, data control language, data flow control, design controlled spare parts, discretionary access control, distributed control system, domain controller, dual control, emergency shutdown controls, entry control, environmentally controlled area, external security controls, failure control, firewall control proxy, foreign owned, controlled or influenced, general controls, global command and control system, hybrid security control, identity based access control, industrial control system, information flow control, information systems audit and control association, information systems audit and control foundation, interface control document, interface control unit, internal control questionnaire, internal security controls, internet control message protocol, key control, logical access control, machine controller, management control processes, management controls, management security controls, mandatory access control, master control switch, media access control address, modification/configuration control board, motion control network, net control station, network access control, non-discretionary access control, nuclear command and control document, operational controls, partition rule base access control, physical access control, physical controls, point of control and observation, policy-based access control, positive control material, procedural controls, process controller, programmable logic controller, quality assurance/control, quality control, questions on controls, redundant control server, risk-adaptable access control, role-based access control, routing control, security control assessment, security control assessor, security control baseline, security control effectiveness, security control enhancements, security control inheritance, security controls, security net control station, single loop controller, statistical process control, supervisory control, supervisory control and data acquisition, system-specific security control, tailored security control baseline, technical controls, technical security controls, transfers outside TSF control, transmission control protocol, transmission control protocol/internet protocol, two-person control, zone of control,
Related:Automated Information System security, Bell-LaPadula security model, British Standard 7799, C2-protect, CCI assembly, CCI component, CCI equipment, COMSEC account, COMSEC system data, Clark Wilson integrity model, Common Criteria for Information Technology Security, Defense Information Infrastructure, IA product, IT security database, IT security policy, Identification Protocol, International Traffic in Arms Regulations, KMI operating account, MAC algorithm key, PIV issuer, POSIX, RED signal, SSO PIN, TCB subset, TEMPEST, Trusted Computer System Evaluation Criteria, U.S. person, Wassenaar Arrangement, abend, acceptable level of risk, acceptable risk, acceptance procedure, access, access control lists, access mediation, access with limited privileges, accountability, accounting legend code, accounting number, accreditation, accreditation disapproval, accreditation range, acquisition, acquisition strategy, active wiretapping, adequate security, agency, alarm surveillance, allocation, anonymous login, application, application generator, application proxy, approval/accreditation, assessment objective, assurance, attack, audit, audit/review, authentication, authentication protocol, authority, authorization, authorization (to operate), authorize processing, automated information system, automated security monitoring, availability service, backdoor, baseline, baseline configuration, baseline security, block cipher key, body of evidence, bot-network operators, boundary host, boundary protection, boundary protection device, breach, buffer overflow, business impact analysis, centralized authorization, centralized operations, certificate policy, certificate user, certification, certification agent or certifier, certification analyst, certification phase, chain of evidence, challenge-response protocol, chemical warfare, circuit proxy, closed security environment, cloud computing, commodity service, communications, communications security, compartment, compartmentalization, component, component reference monitor, compromise, compromised key list, computer security, configuration management, connection, console logon, console logs, contingency planning, continuity of services and operations, continuous monitoring, cookies, cost/benefit estimate, countermeasures, covert channel, credentials, critical elements, cross domain solution, cryptographic key, cryptographic system review, cryptographic token, cryptosystem review, cyberattack, cyberspace, cycle time, data historian, data management, database management system, decrypt, dedicated mode, dedicated security mode, default file protection, defense-in-depth, developer security, device distribution profile, digital watermarking, distributed database, distributed dataprocessing, disturbance, documentation, domain, domain name system, due care, electronic warfare, electronic warfare support, embedded cryptographic system, embedded system, enclave, encryption, encryption algorithm, entity-wide security, examine, exploitation, extensible, external network, fieldbus, filtering router, firewall, flaw hypothesis methodology, formal security policy model, formulary, full accreditation, general support system, granularity, handler, hardware and system software maintenance, hash token, high assurance guard, hijack attack, host to front-end protocol, human-machine interface, identification and authentication, incident response capability, independent assessment, independent validation authority, information, information assurance product, information category, information management, information owner, information security, information security program plan, information security testing, information sharing environment, information steward, information system, information systems security equipment modification, information technology, inspectable space, intellectual property, intelligent electronic device, interconnection security agreements, interface testing, interference, interim accreditation action plan, internal network, internet, internet protocol, internet protocol security, interview, isolation, kerberos, key, key management, key management infrastructure, key stream, key-escrow system, labeled security protections, lattice model, levels of concern, light tower, line conditioning, line conduction, local-area network, logical access, logical completeness measure, login, malicious logic, manipulated variable, media library, media protection, misappropriation, modes of operation, multi-releasable, national security information, national security system, naval coastal warfare, network, network administrator, network analyzer, network component, network connection, network management, network reference monitor, network security, non-repudiation, noncomputing security methods, object, official information, open security environment, operating system, operations security, optional modification, packet, packet filter, packet filtering, packet switching, pagejacking, password protected, penetration study, perimeter-based security, permissions, personnel security, photo eye, physical and environmental protection, physical security, physically isolated network, point-to-point tunneling protocol, policy, pre-certification phase, pressure regulator, privacy, privileged command, privileged instructions, privileged user, probe, procedural security, proof of possession protocol, protected distribution systems, protected network, protection philosophy, protection-critical portions of the TCB, protocol data unit, protocols, proximity, proxy server, public-key certificate, public-key infrastructure, random number generator, reference monitor, reference monitor concept, remote access, repair action, replay attacks, residual risk, restricted area, risk assessment, risk management, risk mitigation, risk reduction analysis, rule-based security policy, ruleset, safeguarding statement, safety, salt, sandboxed environment, sandboxing, scoping guidance, secure configuration management, secure operating system, secure subsystem, security, security attribute, security audit, security awareness, training, and education, security breach, security certification level, security kernel, security label, security management, security management infrastructure, security perimeter, security plan, security program plan, security safeguards, security service, security test & evaluation, security violation, security-relevant event, segregation of duties, sensitive compartmented information, sensitive information, sensitivity label, servo valve, session hijack attack, set point, short title, signaling, simple network management protocol, software library, software-based fault isolation, special access program, split knowledge, spoofing, stateful packet filtering, superuser, surrogate access, system, system administrator, system and data integrity, system development and acquisition, system interconnection, system of records, system security plan, system software, systems software, tailoring, tamper, technical security policy, technological attack, technology, terminal hijacking, test, thermostat, threat shifting, ticket, token authenticator, token management, tokens, topical areas, trace packet, transmission security, trapdoor, under sea warfare, unprotected network, user PIN, user data protocol, users, usurpation, verification, verification techniques, verifier, virtual private network, vulnerability, vulnerability assessment, wireless device,
control algorithm
IncludedBy:algorithm, control,
control center
IncludedBy:control,
Related:process,
control class
IncludedBy:control,
Related:operation, security,
control family
IncludedBy:control,
Related:security,
control identification list
IncludedBy:control, identification,
Related:critical, security,
control information
IncludedBy:control, cryptographic module, information,
Related:cryptographic, module, operation,
control loop
IncludedBy:control,
Related:function, process,
control network
IncludedBy:control, network,
Related:critical, process,
control objectives
IncludedBy:control, object, risk management,
Related:information,
control objectives for information and related technology
IncludedBy:control, information, object, technology,
control server
IncludedBy:control,
Related:application, control systems, system,
control systems
IncludedBy:control, system,
Includes:COMSEC Material Control System, Terminal Access Controller Access Control System, distributed control system, global command and control system, supervisory control and data acquisition,
Related:COMSEC material, acceptance procedure, accounting legend code, control server, controlled variable, cookies, login, machine controller, national security information, physical access control, programmable logic controller, salt, sensitive compartmented information,
control zone
IncludedBy:control, security,
Related:authorized, compromise, information, process,
controlled access area
IncludedBy:access, control,
Related:authorized, cipher, entry control,
controlled access program coordination office
IncludedBy:access,
Related:intelligence,
controlled access program oversight committee
IncludedBy:access,
Related:audit, evaluation, intelligence,
controlled access programs
IncludedBy:access,
Related:intelligence, security clearance,
controlled access protection
IncludedBy:access, control,
Related:assurance, audit, evaluation, function, resource, security, trust, users,
controlled area
IncludedBy:control,
Related:requirements,
controlled area/compound
Related:security, subject,
controlled building
Related:security, subject,
controlled cryptographic item
IncludedBy:control, cryptographic,
Related:classified, communications, information, requirements, telecommunications,
controlled information
Related:foreign, object, target,
controlled interface
IncludedBy:control, interface,
Related:flow, information, security, system,
controlled security mode
IncludedBy:control, multilevel security,
Related:access, access control, accreditation, classification levels, classified, information, operation, policy, requirements, risk, software, system, users, version, vulnerability,
controlled sharing
IncludedBy:access control, control,
Related:access, system,
controlled space
IncludedBy:control,
Related:access, access control, authorized,
controlled unclassified information
IncludedBy:classified,
Related:authorized,
controlled variable
IncludedBy:control,
Related:control systems, system,
controller
IncludedBy:control,
Related:program,
controlling authority
IncludedBy:authority, control,
Related:cryptography, key, operation,
conversion
IncludedBy:version,
Related:software,
cookies
IncludedBy:access control,
Related:access, application, association, attack, connection, control, control systems, denial-of-service, establishment, file, information, internet, internet protocol security, internet security protocol, message, privacy, profile, system, world wide web,
cooperative key generation
IncludedBy:key,
Related:encryption, function, random,
cooperative program personnel
Related:foreign,
cooperative remote rekeying
IncludedBy:key, rekey,
coordinated universal time
Related:GeneralizedTime, UTCTime,
core or key process
IncludedBy:key, process,
Related:business process,
core secrets
Related:compromise,
corporate family
corporate security policy
IncludedBy:policy, security policy,
Related:information, users,
corporation
correctness
IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, integrity,
Includes:correctness integrity, correctness proof,
Related:analysis, computer security, criteria, evidence, fault, file, function, information, profile, program, property, requirements, security target, software, system, target, technology, users, verification,
correctness integrity
IncludedBy:correctness, integrity,
Related:information,
correctness proof
IncludedBy:correctness, security,
Related:system,
corroborate
IncludedBy:validate,
corruption
IncludedBy:threat consequence,
Related:function, operation, system,
cost reimbursement contract
IncludedBy:business process,
cost-risk analysis
IncludedBy:analysis, business process, risk analysis,
Related:assessment, compromise, cost/benefit analysis, system,
cost/benefit
IncludedBy:analysis, business process,
Related:cost/benefit analysis, cost/benefit estimate, function, program,
cost/benefit analysis
IncludedBy:analysis, business process,
Related:cost-risk analysis, cost/benefit, countermeasures, operation, process, risk, risk management, vulnerability,
cost/benefit estimate
IncludedBy:analysis,
Related:control, cost/benefit, process,
COTS software
IncludedBy:commercial-off-the-shelf, software,
Related:mass-market software, standard,
Synonym:commercial off-the-shelf software,
counter
Related:process,
counterintelligence
IncludedBy:intelligence,
Related:adversary, countermeasures, foreign, information, security, threat,
counterintelligence assessment
IncludedBy:assessment, intelligence,
Related:analysis, compromise, critical, foreign, risk, target, threat,
countermeasures
IncludedBy:risk management, threat,
Includes:electronic counter-countermeasures, electronic countermeasures, non-technical countermeasure, security countermeasures, technical countermeasures, technical surveillance countermeasures, technical surveillance countermeasures inspection, technical surveillance countermeasures surveys and evaluations,
Related:acceptable level of risk, adversary, alarm, analysis, anomaly detection, antivirus software, antivirus tools, asset, attack, benign, benign environment, checksum, compensating security controls, control, cost/benefit analysis, counterintelligence, firewall, function, information, information systems security engineering, internet, intrusion detection, intrusion prevention, key, layered solution, level of protection, management controls, object, operation, operational controls, operations security, operations security process, physical security, protective distribution system, protocols, residual risk, risk analysis, risk assessment, robustness, security audit, security controls, security safeguards, security software, security testing, system, system security authorization agreement, technical controls, technology, threat analysis, threat assessment, virus definitions, vulnerability, vulnerability assessment, work factor,
country code
IncludedBy:code,
Related:domain, standard,
courier
Related:authorized, classified,
cover
Related:adversary,
cover-coding
Related:information, risk,
coverage
Related:test,
covert
Includes:covert channel, covert channel analysis, covert operation, covert storage channel, covert testing, covert timing channel,
Related:RED team, bandwidth, confinement channel, espionage, exploitable channel, flooding, leakage, malware, overt channel, rootkit, sniffer,
covert channel
Antonym:overt channel, security-compliant channel,
IncludedBy:channel, covert, exploitable channel,
Includes:covert storage channel, covert timing channel,
PreferredFor:storage channel, timing channel,
Related:access, access control, authorization, authorized, communications, computer security, confinement channel, control, entity, exploit, information, insider, policy, process, resource, response, security, system,
covert channel analysis
IncludedBy:analysis, covert,
Related:access, access control, authorized, information, policy, program, security, unauthorized access,
covert operation
IncludedBy:covert,
Related:clandestine operation, identity,
covert storage channel
IncludedBy:channel, covert, covert channel,
Includes:subject,
Related:process, resource, security,
covert testing
IncludedBy:covert, test,
Related:management,
covert timing channel
IncludedBy:channel, covert, covert channel,
Related:communications, confinement channel, information, policy, process, resource, response, security, system,
CPU time
IncludedBy:automated information system,
Related:process,
crack
IncludedBy:threat,
Includes:crack root, cracker, cracking,
Related:code, cryptography, passwords, security, system, users,
crack root
IncludedBy:crack,
Related:security, system,
cracker
IncludedBy:crack, hackers,
Related:access, access control, attack, authorization, communications, computer, information, intrusion, malicious, security, system, telecommunications,
cracking
IncludedBy:crack,
Related:computer, system,
crash
IncludedBy:threat,
Related:computer, failure, system,
credential service provider
Related:trust,
credentials
IncludedBy:certification authority,
Includes:digital certificate, identity credential, identity credential issuer, ticket,
Related:access, access control, authentication, authority, authorization, certificate, control, entity, evidence, identity, information, model, object, security testing, standard, system, test,
credentials service provider
Related:entity, registration, trust,
credit check
Related:security, subject,
criminal
IncludedBy:illegal,
Includes:criminal activity, criminal groups,
Related:Defense Travel Briefing, attack, dark-side hacker, derogatory information, hybrid threat, hybrid warfare, local agency check, phishing, report of investigation, security environment threat list, threat, vishing,
criminal activity
IncludedBy:criminal,
Related:foreign,
criminal groups
IncludedBy:criminal, threat,
Related:attack, entity, fraud, identity, system, theft,
crisis management
IncludedBy:risk management,
criteria
Includes:Canadian Trusted Computer Product Evaluation Criteria, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, DoD Trusted Computer System Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria Vol. I, Federal Criteria for Information Technology Security, IT Security Evaluation Criteria, Information Technology Security Evaluation Criteria, NIAP Common Criteria Evaluation and Validation Scheme, Trusted Computer System Evaluation Criteria, acceptance criteria, common criteria, common criteria version 1.0, common criteria version 2.0, criteria of control, evaluation criteria,
Related:British Standard 7799, FIPS approved security method, Federal Standard 1027, IT Security Evaluation Methodology, IT security certification, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Orange book, Red book, Scope of Accreditation, Yellow book, acceptance testing, accreditation, accreditation range, assurance, assurance level, audit, authentication, beyond A1, certification, certified TEMPEST technical authority, component extensibility, component hierarchy, component operations, computer, computer security, correctness, descriptive top-level specification, designated, designated laboratories list, designating authority, designation policy, ethernet sniffing, evaluated products list, evaluated system, evaluation, evaluation assurance level, evaluation pass statement, evaluator actions, firewall, information, interpretation, national information assurance partnership, national security system, network component, non-repudiation policy, protection profile, rainbow series, requirements for content and presentation, requirements for evidence, requirements for procedures and standards, risk evaluation, scheme, security, security policy model, security target, sensitive information, target of evaluation, technology, technology area, test case generator, test method, test strategy, testability, trust, trusted functionality, trusted gateway, trusted network interpretation, validated products list, validation report,
criteria of control
IncludedBy:control, criteria,
critical
IncludedBy:risk,
Includes:Protected Critical Infrastructure Information (PCII), critical and sensitive information list, critical asset, critical design review, critical elements, critical financial markets, critical information, critical infrastructure information, critical infrastructures, critical mechanism, critical nuclear weapon design information, critical path method, critical program information, critical security parameters, critical system, critical system files, criticality, criticality assessment, criticality level, criticality/sensitivity, mission critical, mission critical system, protection-critical portions of the TCB, safety-critical software, security-critical mechanisms, technology critical,
Related:COMSEC boundary, Defense Security Service, Suite A, X.509, acceptable level of risk, access, access control, accesses, accreditation disapproval, advanced persistent threats, adversary, adversary collection methodology, alert, anti-tamper, attack, audit, authentication, automated security monitoring, availability, banking and finance, business process reengineering, capability, certificate, certificate policy, certificate validation, class 2, 3, 4, or 5, code amber, code red, compromise, contingency plan, contingency planning, continuity of services and operations, control identification list, control network, counterintelligence assessment, data owner, denial-of-service, destruction, disaster recovery plan, electrical power systems, emergency services, essential secrecy, firewall, function, gas and oil production, storage and transportation, hackers, hot site, incapacitation, information and communications, information security, infrastructure assurance, infrastructure protection, intent, interim accreditation action plan, legacy systems, letter of compelling need, levels of concern, line managers, mandatory access control, national computer security assessment program, national information infrastructure, national security system, natural disaster, network security, non-repudiation service, operations security, operations security indicator, operations security process, partnership, physical protection, physical security, process, protected information, public confidence, public-key infrastructure, reconstitution, remediation, resource, risk analysis, risk assessment, scenario, sector coordinator, sector liaison, security environment threat list, security label, security policy, security strength, semantics, sensitive activities, sensitive position, significant change, single loop controller, single scope background investigation - periodic reinvestigation, special access program, spoofing, system, system retention/backup, terrorists, threat, transportation, users, vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit, water supply system, world class organizations,
critical and sensitive information list
IncludedBy:critical, sensitive information,
critical asset
IncludedBy:critical,
Related:security, vulnerability,
critical design review
IncludedBy:critical,
Related:requirements,
critical elements
IncludedBy:critical,
Related:control, security, system,
critical financial markets
IncludedBy:critical,
Related:foreign, operation,
critical information
IncludedBy:critical,
Related:object,
critical infrastructure information
IncludedBy:critical,
critical infrastructures
IncludedBy:critical, risk management,
Includes:banking and finance, code amber, code green, code red, electrical power systems, emergency services, gas and oil production, storage and transportation, information and communications, infrastructure protection, transportation, utility, water supply system,
Related:capability, cyberspace, destruction, government services, incapacitation, infrastructure assurance, natural disaster, operation, partnership, risk assessment, sector coordinator, sector liaison, system,
critical mechanism
IncludedBy:critical, target of evaluation,
Related:failure, security, target,
critical nuclear weapon design information
IncludedBy:critical,
critical path method
IncludedBy:critical,
critical program information
IncludedBy:critical,
Related:access, compromise,
critical security parameters
IncludedBy:critical, security policy,
Related:authentication, compromise, cryptographic, cryptography, information, key, module, passwords,
critical system
IncludedBy:critical, system,
Includes:critical system files,
Related:access, access control, authorized, information, security,
critical system files
IncludedBy:critical, critical system, file, system,
Related:application, damage, integrity, key, security, software,
criticality
IncludedBy:critical,
Related:function, information, system, threat,
criticality assessment
IncludedBy:assessment, critical,
Related:entity, function, operation, resource, risk assessment, security, system,
criticality level
IncludedBy:critical,
criticality/sensitivity
IncludedBy:critical,
Related:information, operation, process, system,
cross domain solution
IncludedBy:domain,
Related:access, assurance, control, information, security,
cross site scripting
Related:attack, target, vulnerability,
cross-certificate
IncludedBy:certificate,
Related:certification, cross-certification, trust,
cross-certification
IncludedBy:certification authority,
Related:certificate, cross-certificate, key, process, public-key, users, validate,
cross-domain capabilities
Related:security,
cross-talk
Related:communications,
cryptanalysis
IncludedBy:analysis, threat consequence,
Related:algorithm, attack, cipher, cryptographic, cryptography, encryption, key, key management, message, operation, process, security, system,
CRYPTO
Related:classified, communications, communications security, cryptographic, cryptography, identify, information, key, telecommunications,
crypto officer
Related:management,
crypto-alarm
IncludedBy:cryptography,
Related:operation,
crypto-ancillary equipment
IncludedBy:cryptography,
Related:cryptographic, function, operation,
crypto-ignition key
IncludedBy:key,
crypto-ignition plug
IncludedBy:cryptography,
crypto-security
IncludedBy:communications security,
Related:cryptographic system, system,
cryptographic
IncludedBy:cryptography,
Includes:Cryptographic Application Program Interface, Cryptographic Message Syntax, asymmetric cryptographic algorithm, asymmetric cryptographic technique, controlled cryptographic item, cryptographic algorithm, cryptographic algorithm for confidentiality, cryptographic application programming interface, cryptographic boundary, cryptographic card, cryptographic check function, cryptographic check value, cryptographic component, cryptographic device services, cryptographic equipment room, cryptographic functions, cryptographic hash function, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptographic key component, cryptographic key management system, cryptographic logic, cryptographic module, cryptographic module security policy, cryptographic officer, cryptographic randomization, cryptographic service, cryptographic service providers, cryptographic strength, cryptographic synchronization, cryptographic system, cryptographic token, embedded cryptographic system, endorsed cryptographic products list, endorsed for unclassified cryptographic information, endorsed for unclassified cryptographic item, rapid automatic cryptographic equipment, symmetric cryptographic technique,
Related:CAPSTONE chip, CCI assembly, CCI component, CCI equipment, CKMS, COMSEC material, CRYPTO, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Distributed Authentication Security Service, FIPS PUB 140-1, FIPS approved security method, Fortezza, International Traffic in Arms Regulations, MD2, MD4, MD5, PC card, PKCS #11, RED/BLACK separation, RSA algorithm, Rivest-Shamir-Adleman algorithm, S/Key, The Exponential Encryption System, Type 1 key, Type 2 key, Type 4 key, Type 4 product, Type I cryptography, Type II cryptography, Type III cryptography, active state, advanced encryption standard, algorithm, algorithm transition, archive, asymmetric encipherment system, asymmetric signature system, attribute certificate, authentication code, authentication protocol, authorized vendor program, automated key distribution, benign, binding, block chaining, break, certificate domain parameters, challenge-response protocol, check word, checksum, cipher, cipher text auto-key, ciphertext-only attack, class 2, 3, 4, or 5, code, common security, communications security, compromise, compromised state, control information, critical security parameters, cryptanalysis, crypto-ancillary equipment, cryptographic equipment, cryptonet, cryptoperiod, cryptosynchronization, cyclic redundancy check, data authentication code, data encryption key, data encryption standard, data items' representation, data key, deactivated state, decipher, decrypt, digital key, digital signature, digital signature algorithm, domain of interpretation, effective key length, electronic key entry, embedded cryptography, encipher, encipherment, encrypt, encrypted key, encryption, encryption algorithm, encryption certificate, end-to-end encryption, end-to-end security, environmental failure protection, environmental failure testing, escrow, garbled, generation, hardware, hash, hash function, hash value, hashed message authentication code, initialization value, initialization vector, initialize, input data, integrity check, interface, internetwork private line interface, key, key distribution, key entry, key generation, key generator, key length, key lifecycle state, key loader, key management, key management infrastructure, key management/exchange, key output, key owner, key recovery, key space, key updating, key-auto-key, key-encrypting key, key-escrow, keyed hash, keying material, known-plaintext attack, manual cryptosystem, manual key distribution, manual key entry, message authentication code, message authentication code algorithm, message digest, message digest algorithm 5, metadata, mode of operation, non-repudiation, one-time passwords, one-way encryption, one-way function, operations manager, operator, output data, parameters, personal identity verification, personal identity verification card, personal security environment, personalization service, physical protection, plaintext key, port, pretty good privacy, private key, protected channel, public-key, public-key forward secrecy, public-key infrastructure, public-key system, random, recover, rekey, retrieval, revoked state, salt, scheme, secret key, secret-key cryptography, secure hash algorithm, secure hash standard, secure hypertext transfer protocol, security event, security strength, session key, shared secret, signature certificate, signature system, simple network management protocol, split key, split knowledge, status information, strong authentication, symmetric encryption algorithm, symmetric key, tamper, time-stamp token, tokens, transport, trapdoor, trusted path, trusted platform module chip, tunneled password protocol, type 1 products, type 2 product, type 3 key, type 3 product, unforgeable, updating, validate, validate vs. verify, verification key, work factor, zeroize,
cryptographic alarm
cryptographic algorithm
IncludedBy:algorithm, cryptographic,
Related:authentication, cipher, digital signature, encryption, hash, key, process, signature,
cryptographic algorithm for confidentiality
IncludedBy:algorithm, confidentiality, cryptographic,
Related:information,
Cryptographic Application Program Interface
IncludedBy:application, cryptographic, encryption, interface, program, security,
Related:computer, function, standard,
cryptographic application programming interface
IncludedBy:application, cryptographic, interface, program, software,
Related:access, access control, code,
cryptographic binding
cryptographic boundary
IncludedBy:boundary, cryptographic, cryptographic module,
Includes:physical protection,
Related:module, software,
cryptographic card
IncludedBy:cryptographic, tokens,
cryptographic check function
IncludedBy:cryptographic, function,
Related:key,
cryptographic check value
IncludedBy:cryptographic,
Related:function, information,
cryptographic component
IncludedBy:cryptographic,
Related:hash, system,
cryptographic device services
IncludedBy:cryptographic,
cryptographic equipment
IncludedBy:cryptography,
Related:cryptographic,
cryptographic equipment room
IncludedBy:cryptographic,
Related:access control, cryptographic system,
cryptographic functions
IncludedBy:cryptographic, encryption, function, key,
Related:algorithm, message, random,
cryptographic hash function
IncludedBy:cryptographic, function, hash,
Related:domain, hash function, process,
cryptographic ignition key
IncludedBy:cryptographic, key,
Related:encryption, module, tokens,
cryptographic initialization
IncludedBy:cryptographic,
Related:encryption, function, key,
cryptographic key
IncludedBy:cryptographic, key,
Related:adversary, algorithm, authentication, authorized, cipher, code, control, encipherment, encryption, operation, process, random, requirements, signature, verification,
cryptographic key component
IncludedBy:cryptographic, key,
Related:operation,
cryptographic key management system
IncludedBy:cryptographic, key management, system,
Related:backup, metadata, revocation,
cryptographic logic
IncludedBy:cryptographic,
Related:algorithm, process,
cryptographic material
Cryptographic Message Syntax
IncludedBy:cryptographic, message,
Related:certificate, digital signature, encryption, hash, key, key management, public-key infrastructure, signature,
cryptographic module
IncludedBy:cryptographic, module,
Includes:control information, cryptographic boundary, cryptographic module security policy, data path, firmware, hardware, input data, microcode, operator, output data,
Related:algorithm, boundary, establishment, function, key, process, security, software,
cryptographic module security policy
IncludedBy:cryptographic, cryptographic module, module, policy, security policy,
Related:requirements, standard,
cryptographic net
cryptographic officer
IncludedBy:cryptographic, officer,
Related:authorized, function,
cryptographic period
cryptographic product
Related:software, trust,
cryptographic randomization
IncludedBy:cryptographic, random,
Related:function,
cryptographic security
IncludedBy:security,
cryptographic service
IncludedBy:common data security architecture, cryptographic,
Related:encryption, function, hash, key, module, random, software,
cryptographic service providers
IncludedBy:common data security architecture, cryptographic,
cryptographic strength
IncludedBy:cryptographic,
Related:operation,
cryptographic synchronization
IncludedBy:cryptographic,
Related:cipher, encipherment, process,
cryptographic system
IncludedBy:cryptographic, system,
Includes:cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, elliptic curve cryptosystem, embedded cryptographic system, manual cryptosystem, off-line cryptosystem, on-line cryptosystem, one-time cryptosystem,
PreferredFor:cryptosystem,
Related:algorithm, application, assurance, asymmetric cryptographic technique, authentication system, cipher, crypto-security, cryptographic equipment room, digital signature, encryption, encryption strength, hash, key, key management, key stream, message indicator, one-time pad, one-time tape, private key, process, public-key, signature, system indicator, traffic-flow security,
cryptographic system analysis
cryptographic system evaluation
IncludedBy:evaluation,
cryptographic system review
Related:control,
cryptographic system survey
Related:evaluation, management,
cryptographic token
IncludedBy:cryptographic, tokens,
Related:algorithm, control, function, information, key, key management, module, random, users,
cryptography
Includes:FIPS-Validated Cryptography, NSA-approved cryptography, National Cryptologic School, Type I cryptography, Type II cryptography, Type III cryptography, asymmetric cryptography, cipher feedback, computer cryptography, crypto-alarm, crypto-ancillary equipment, crypto-ignition plug, cryptographic, cryptographic equipment, cryptonet control station, cryptosynchronization, elliptic curve cryptography, embedded cryptography, encipherment algorithm, encrypt, manual cryptosystem, minimalist cryptography, private-key cryptography, public-key cryptography, public-key cryptography standards, secret-key cryptography, symmetric cryptography, synchronous crypto-operation,
Related:BLACK, CAPSTONE chip, CCI assembly, CCI component, CCI equipment, COMSEC equipment, COMSEC material, CRYPTO, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Diffie-Hellman, Digital Signature Standard, Distributed Authentication Security Service, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, FIPS PUB 140-1, FIREFLY, Generic Security Service Application Program Interface, IEEE P1363, International Traffic in Arms Regulations, Internet Security Association and Key Management Protocol, MD2, MD4, MD5, MIME Object Security Services, PC card, RED/BLACK separation, The Exponential Encryption System, access control center, algorithm, attribute certificate, authentication, authentication code, authentication system, authorized, authorized vendor, benign, binding, break, brute force attack, certificate domain parameters, check word, checksum, chosen-plaintext attack, cipher, cleartext, code, code division multiple access, cold start, communications, communications security, compromise, controlling authority, crack, critical security parameters, cryptanalysis, cryptology, cut-and-paste attack, cyclic redundancy check, data driven attack, data items' representation, digital signature, domain of interpretation, emissions security, encipherment, encryption, end entity, end-to-end security, entity, environmental failure protection, environmental failure testing, extraction resistance, feedback buffer, fill device, hash, hash function, hashed message authentication code, hybrid encryption, identity, information, initialize, integrity check, intelligent threat, interface, kerberos, key, key agreement, key center, key distribution center, key management, key pair, key translation center, known-plaintext attack, message, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message indicator, modulus, national security system, non-repudiation, one-time pad, one-time passwords, one-time tape, one-way function, operations manager, out-of-band, permuter, personal security environment, personalization service, port, pretty good privacy, primary account number, privacy, private key, public-key, public-key forward secrecy, public-key infrastructure, quadrant, random, rekey, scavenging, seal, secure hash standard, secure socket layer, security, security event, semantic security, shared secret, signature, simple network management protocol, status information, steganography, strong authentication, system indicator, ticket, time-stamp token, token storage key, traffic analysis, traffic padding, traffic-flow security, trapdoor, trusted path, two-person control, unforgeable, updating, user partnership program, validate vs. verify, work factor, wrap, zeroize,
cryptologic
cryptologic information system
cryptology
Related:analysis, communications, cryptography, intelligence, security,
cryptonet
Related:algorithm, cryptographic, key, system,
cryptonet control station
IncludedBy:control, cryptography,
cryptonet key
IncludedBy:key,
cryptoperiod
Related:algorithm, analysis, authorized, certificate, cryptographic, key, process, public-key, public-key infrastructure, rekey, risk, system,
cryptosynchronization
IncludedBy:cryptography,
Related:cryptographic, process,
cryptosystem
HasPreferred:cryptographic system,
cryptosystem analysis
IncludedBy:analysis, cryptographic system, system,
Related:process,
cryptosystem evaluation
IncludedBy:cryptographic system, evaluation, system,
Related:process, vulnerability,
cryptosystem review
IncludedBy:cryptographic system, system,
Related:authority, control,
cryptosystem survey
IncludedBy:cryptographic system, system,
Related:evaluation, information,
cultural assumptions
Related:function,
custodian
Related:classified,
customer
HasPreferred:users,
customer/contractor-supplied software
IncludedBy:software,
cut-and-paste attack
IncludedBy:attack,
Related:cipher, cryptography, integrity,
cyber
HasPreferred:cyberspace,
cyber crime
HasPreferred:cybercrime,
cyber espionage
IncludedBy:cyberspace, espionage,
cyber incident
IncludedBy:cyberspace, incident,
cyber infrastructure
IncludedBy:cyberspace,
cyber security
HasPreferred:cybersecurity,
cyber space
HasPreferred:cyberspace,
cyber system
IncludedBy:cyberspace,
cyberattack
IncludedBy:attack, cyberspace,
Related:control, information, software, technology, vulnerability,
cybercrime
IncludedBy:cyberspace,
PreferredFor:cyber crime,
Related:espionage,
cybersecurity
IncludedBy:cyberspace, security,
PreferredFor:cyber security,
Related:application, assurance, attack, communications, information, risk, risk management, system, telecommunications, users,
cyberspace
IncludedBy:internet,
Includes:cyber espionage, cyber incident, cyber infrastructure, cyber system, cyberattack, cybercrime, cybersecurity, cyberspace operations,
PreferredFor:cyber, cyber space,
Related:US-CERT, advanced persistent threats, blue team, common vulnerabilities and exposures, communications, computer, computer incident response team, control, critical infrastructures, entity-wide security, incident response plan, information, nations, process, risk, system, technology, telecommunications, zero-day exploit,
cyberspace operations
IncludedBy:cyberspace,
Related:computer, computer network, information, object,
cycle time
Related:algorithm, control, process,
cyclic redundancy check
Related:algorithm, code, cryptographic, cryptography, hash, integrity, protocols,
cyclical redundancy check
daemon
Related:process, system,
damage
Includes:damage assessment, damage to physical assets, damage to the national security,
Related:TOP SECRET, adversary, application data backup/recovery, back up vs. backup, biological warfare, classification levels, computer abuse, confidential, continuity of operations plan, critical system files, directed-energy warfare, disaster recovery plan, disruption, emergency action plan, emergency response, environmentally controlled area, hackers, high impact, impact, infrastructure assurance, insider, joint task force-computer network defense, least privilege, logic bombs, low impact, malicious code, moderate impact, physical security, recover, safety, secret, sensitive information, system safety, technical vulnerability, terrorists, threat, threat assessment, token backup, toluene,
damage assessment
IncludedBy:assessment, damage,
Related:analysis, authorized, classified, security,
damage to physical assets
IncludedBy:damage, operational risk loss,
damage to the national security
IncludedBy:damage, security,
Related:authorized, foreign,
dangling threat
IncludedBy:threat,
Related:vulnerability,
dangling vulnerability
IncludedBy:vulnerability,
Related:risk,
dark-side hacker
IncludedBy:threat,
Related:criminal, malicious,
data
IncludedBy:automated information system,
Related:computer, information, process,
data administration
IncludedBy:automated information system,
data aggregation
IncludedBy:automated information system,
Related:adversary, classified, information, system,
data architecture
IncludedBy:automated information system,
Related:information, process,
data asset
Related:access,
Data Authentication Algorithm
IncludedBy:algorithm, authentication,
Related:cipher, function, hash, key,
data authentication code
IncludedBy:National Institute of Standards and Technology, authentication, code, integrity,
Related:algorithm, cryptographic, function, hash function, key, message, standard,
Synonym:message authentication code,
data authentication code vs. Data Authentication Code
IncludedBy:authentication, code,
Related:algorithm, hash, key, message, message authentication code, standard,
data communications
IncludedBy:communications,
Related:information, system,
data compromise
IncludedBy:compromise, incident,
Related:access, access control, authorized, information, security, security incident, unauthorized access,
data confidentiality
IncludedBy:confidentiality, data privacy,
Related:authorized, confidence, entity, information, process, property, system,
data confidentiality service
IncludedBy:confidentiality,
Related:authorized, security,
data contamination
IncludedBy:automated information system,
Related:integrity, process,
data control language
IncludedBy:automated information system, control,
data custodian
Related:information, owner,
data definition language
IncludedBy:automated information system,
data dictionary
IncludedBy:automated information system,
Related:application, file, program,
data diddling
IncludedBy:attack,
data driven attack
IncludedBy:attack,
Related:code, cryptography, process, software, system, users,
data element
data encryption algorithm
IncludedBy:algorithm, encryption, symmetric cryptography,
Related:cipher, key, standard,
data encryption key
IncludedBy:encryption, key,
Includes:data key,
Related:application, cipher, cryptographic, integrity, message, signature,
data encryption security association type indicator
IncludedBy:security,
data encryption standard
IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, encryption, key, standard, symmetric algorithm,
Includes:initialization vector,
Related:algorithm, classified, computer, cryptographic, function, information, integrity, message, policy, process, technology,
data flow control
IncludedBy:control, flow,
Related:information,
data flow diagram
IncludedBy:automated information system, flow,
data historian
Related:analysis, control, process,
data input
IncludedBy:automated information system,
Related:domain, function, key, message, process, signature,
data integrity
IncludedBy:data security, integrity,
Related:authorized, computer, confidence, destruction, entity, information, malicious, process, property, quality, subject, trust,
data integrity service
IncludedBy:integrity,
Related:access, access control, association, authentication, authorized, entity, identity, malicious, security, system, users, verification,
data items' representation
Related:cryptographic, cryptography, hash,
data key
IncludedBy:data encryption key, key, key recovery,
Related:authentication, cryptographic, process,
data loss
data management
IncludedBy:automated information system,
Related:access, access control, computer, control,
data manipulation language
IncludedBy:automated information system,
data origin authentication
IncludedBy:authentication,
Related:verification,
data origin authentication service
IncludedBy:authentication,
Related:association, connection, digital signature, entity, identity, integrity, key, public-key, signature, system,
data owner
IncludedBy:owner,
Related:critical,
data path
IncludedBy:cryptographic module,
data privacy
IncludedBy:data security, privacy,
Includes:data confidentiality,
Related:assurance, confidentiality,
data processing
IncludedBy:automated information system, process,
Related:computer, program,
data reengineering
IncludedBy:automated information system,
Related:process, system,
data security
IncludedBy:security,
Includes:data integrity, data privacy,
Related:authorized, confidentiality, integrity,
data source
Includes:users,
Related:connection, firewall, interface, network,
data storage
IncludedBy:automated information system,
Related:authority, information,
data string
Related:function, hash,
data structure
IncludedBy:automated information system,
data synchronization
Related:automated information system, file, information,
data transfer device
Related:communications security, key, program, system,
data validation
IncludedBy:automated information system, validation,
database
Related:information, process,
database administration
IncludedBy:automated information system,
database management system
IncludedBy:system,
Includes:consistency, metadata, transaction, view, view definition,
Related:Directory Access Protocol, computer, control, function, information, integrity, retrieval, security, software, users,
database server
Related:information,
datagram
Related:entity, establishment, information, network,
dc servo drive
Related:code,
DD 254 - Final
Related:authorized, classified, requirements, security,
DD 254 - Original
Related:classified, requirements, security,
deactivated state
Antonym:active state,
IncludedBy:key lifecycle state,
Related:cryptographic, key, lifecycle, process,
dead bolt
deadlock
IncludedBy:threat,
Related:process,
Synonym:deadly embrace,
deadlocking panic hardware
deadly embrace
IncludedBy:threat,
Related:process,
Synonym:deadlock,
debilitated
IncludedBy:risk,
debriefing
Related:access,
debug
Related:computer, fault, software,
debugger
debugging
IncludedBy:automated information system,
deception
IncludedBy:threat consequence,
Related:adversary, authorized, case officer, communications, denial, entity, evidence, telecommunications,
decertification
IncludedBy:certification,
Related:revocation,
decibel
decipher
IncludedBy:cipher,
Related:cryptographic, key, system,
decipherment
IncludedBy:cipher,
Related:encipherment,
decision support systems
IncludedBy:system,
declassification
Related:authorized, classified,
declassification authority
Related:classified,
declassification guide
Related:security,
declassification of AIS storage media
Includes:automated information system, subject,
Related:security,
decode
IncludedBy:code,
decomposition
IncludedBy:protection profile,
Related:file, process, profile,
decrypt
Related:algorithm, application, cipher, code, control, cryptographic, encryption, information, key,
decryption
Antonym:encryption,
Related:cipher, encipherment, process,
dedicated loop encryption device
IncludedBy:encryption,
dedicated mode
Related:access, access control, classified, computer security, control, information, operation, process, program, security, system, users,
dedicated security mode
IncludedBy:modes of operation, security,
Related:accreditation, authorization, classification levels, classified, control, information, operation, policy, process, system, system-high security mode, users,
default account
Related:access, access control, computer, login, passwords, system, users,
default classification
IncludedBy:classification levels, classified,
Includes:object,
Related:process, system,
default file protection
IncludedBy:access control, file,
Related:access, control, owner, system,
defect
IncludedBy:risk,
Related:bug, failure, fault, requirements,
defense
Related:confidence, threat,
defense articles
Defense Central Index of Investigations
Related:security,
Defense Central Security Index
IncludedBy:security,
Related:access, authorized, classified,
defense communications system
IncludedBy:communications, system,
defense courier service
Defense Industrial Security Clearance Office
IncludedBy:security,
Defense Information Infrastructure
IncludedBy:information,
Related:application, command and control, communications, computer, control, intelligence, network, process, security, system, telecommunications, users,
Defense Information System Network
IncludedBy:information, network, system,
Defense Information Systems Network
IncludedBy:network,
Related:classified, requirements, security, users,
Defense Information Systems Network Designated Approving Authority
IncludedBy:network,
Related:intelligence, risk, security,
defense message system
IncludedBy:message, system,
Defense Office of Hearings and Appeals
Defense Personnel Exchange Program
Related:foreign,
Defense Security Service
IncludedBy:security,
Related:critical, intelligence,
Defense Security Service Personnel Investigations Center
IncludedBy:security,
Defense Services
Related:foreign,
defense switched network
IncludedBy:network,
Defense Travel Briefing
Related:criminal, security, target,
Defense Treaty Inspection Readiness Program
Related:security,
defense-in-breadth
Related:development, risk,
defense-in-depth
IncludedBy:security,
Related:application, assurance, attack, availability, confidence, confidentiality, control, information, integrity, operation, resource, risk, system, technology,
defense-wide information assurance program
IncludedBy:information, information assurance, program,
Related:authentication, availability, confidentiality, integrity, non-repudiation, resource,
Defensive Information Operations
IncludedBy:information, operation,
Related:access, access control, assurance, exploit, information assurance, intelligence, process, security, system, technology,
degauss
IncludedBy:erasure,
Includes:degaussing,
Related:application, process,
degausser
IncludedBy:National Security Agency, degausser products list,
Related:computer security, information, system,
degausser products list
IncludedBy:Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership,
Includes:degausser,
Related:computer security, information, system,
degaussing
IncludedBy:degauss,
degrees of freedom
Related:random,
delegated accrediting authority
IncludedBy:authority,
delegated development program
IncludedBy:development, program,
Related:communications, telecommunications,
delegation
IncludedBy:authorization,
delegation of disclosure authority letter
Related:authorized, foreign, subject,
delete access
IncludedBy:access,
Related:program,
deleted file
deliberate compromise of classified information
IncludedBy:classified, compromise,
Related:authorized, object,
deliberate exposure
IncludedBy:threat consequence,
Related:authorized, entity,
deliverable
Related:assessment, assurance, file, object, process, profile, security, security target, standard, system, target,
deliverables list
IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership, target of evaluation,
Related:IT security, computer security, security, security target, target,
delivery
IncludedBy:target of evaluation,
Related:process, target,
delivery authority
IncludedBy:authority,
Related:evidence, trust,
delta CRL
IncludedBy:public-key infrastructure,
Related:X.509, certificate, revoked state,
demand assigned multiple access
IncludedBy:access,
demilitarized zone
IncludedBy:firewall,
Includes:protected network, unprotected network,
Related:access, access control, assurance, attack, computer, information, internet, policy, resource, ruleset, security, trust,
demon dialer
IncludedBy:attack,
Related:access, access control, authorized, denial-of-service, malicious, program,
denial
Related:deception, denial-of-service,
denial time
Related:risk,
denial-of-service
IncludedBy:attack, exploit, incident,
Includes:distributed denial-of-service,
PreferredFor:interdiction,
Related:Automated Information System security, ICMP flood, SYN flood, access, access control, application, authorized, availability, availability service, bot-network operators, computer, computer abuse, cookies, critical, demon dialer, denial, function, information systems security, internet, letterbomb, logic bombs, message, operation, ping of death, resource, smurf, spam, system, tamper, users,
deny by default
Related:malware, router, security,
Department of Defense Components
Department of Defense Information System
Department of Defense National Agency Check Plus Written Inquiries
Related:access, security,
department/agency/organization code
dependency
IncludedBy:trusted computing base,
Related:object, requirements,
depends
IncludedBy:trusted computing base,
depot maintenance
IncludedBy:full maintenance,
depth
derf
IncludedBy:threat,
Related:exploit, terminal hijacking,
derivative classification
Related:classified,
derogatory information
Related:connection, criminal, foreign, security, trust,
descriptive top-level specification
IncludedBy:top-level specification,
Related:computer, criteria, evaluation, information, system, trust,
design controlled spare parts
IncludedBy:control,
Related:communications security,
designated
Related:IT security, authorized, computer security, criteria, evaluation, security, validation,
designated accrediting authority
IncludedBy:authority,
Related:risk,
designated approval authority
IncludedBy:authority,
Related:risk, system,
designated approving authority
IncludedBy:accreditation, authority, risk,
Includes:automated information system,
Related:information, network, operation, system,
designated approving authority representative
Related:requirements, security,
designated disclosure authority
Related:classified,
designated intelligence disclosure official
IncludedBy:intelligence,
Related:foreign,
designated laboratories list
IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership,
Related:IT security, authorized, computer security, criteria, evaluation, security, validation,
designating authority
IncludedBy:Common Criteria Testing Laboratory, authority,
Related:criteria, evaluation, validation,
designation policy
IncludedBy:Common Criteria Testing Laboratory, policy,
Related:application, criteria, evaluation, process, requirements, security, validation,
designer
Related:authority, system,
destroyed
HasPreferred:destruction,
destroyed compromised state
IncludedBy:compromise, destruction, key lifecycle state,
Related:key, lifecycle, metadata,
destroyed state
IncludedBy:destruction, key lifecycle state,
Related:key, lifecycle, metadata,
destroying
HasPreferred:destruction,
destruction
IncludedBy:risk,
Includes:destroyed compromised state, destroyed state,
PreferredFor:destroyed, destroying,
Related:Rivest-Shamir-Adleman algorithm, certificate management, critical, critical infrastructures, data integrity, erasure, garbled, integrity, key lifecycle state, key management, one-time pad, recover,
detailed design
IncludedBy:software development, target of evaluation,
Related:process, target,
detectable actions
determination authority
Related:access, intelligence,
deterministic
Related:random,
deterrence
Related:accountability, fear, uncertainty, or doubt,
developer
IncludedBy:target of evaluation,
Related:system, target,
developer security
IncludedBy:security,
Related:control,
development
Includes:delegated development program, system development lifecycle,
Related:IT security training, administrative safeguards, advisory, certification test and evaluation, common control provider, configuration control board, continuous monitoring, defense-in-breadth, easter egg, environment, information system lifecycle, information system owner, maintenance hook, major information system, management controls, proprietary information, security engineering, system owner, traditional INFOSEC program, user partnership program,
development assurance
IncludedBy:assurance, development process,
Includes:software development methodologies,
Related:evidence, operation, process, requirements, test,
development assurance component
IncludedBy:assurance, component,
Related:requirements,
development assurance package
IncludedBy:assurance,
development assurance requirements
IncludedBy:assurance, requirements,
Related:evidence, file, process, profile,
development environment
IncludedBy:development process, target of evaluation,
Related:standard, target,
development process
IncludedBy:process, software development, target of evaluation,
Includes:development assurance, development environment, hierarchical decomposition, informal specification, security specifications, top-level specification, validation, verification,
Related:requirements, software, target,
deviation
Related:personnel security exceptions,
device distribution profile
Related:access, control, management,
device registration manager
Related:management, users,
diagnostics
Related:analysis, information,
dial back
Related:computer, connection, identify, system,
dial-up
Includes:dial-up line, dial-up security,
Related:communications, computer,
dial-up capability
Related:remote logon, standard, system, users,
dial-up line
IncludedBy:dial-up,
Related:communications, computer, internet, system,
dial-up security
IncludedBy:dial-up, security,
Related:computer,
diameter
Related:security,
dictionary attack
IncludedBy:attack,
Related:access, access control, authentication, encryption, key, message, password cracker, passwords, software, system, users,
differential power analysis
Diffie-Hellman
IncludedBy:asymmetric algorithm,
Related:algorithm, attack, authentication, cryptography, encryption, establishment, key, key management, operation, privacy, protocols, public-key,
diffie-hellman group
Related:encryption, key,
digest
HasPreferred:message digest,
digital certificate
IncludedBy:certificate, credentials, key,
Related:authority, backup, certification, computer, digital signature, entity, identity, object, public-key, security, signature,
digital certification
IncludedBy:certification,
Related:key, public-key,
digital document
Related:automated information system, information, object,
digital envelope
Related:algorithm, confidentiality, encryption, key, message, public-key,
digital evidence
digital forensics
Related:analysis, application, identification, information, integrity,
digital id
IncludedBy:public-key infrastructure,
Related:authentication, certificate, entity, identification, identity, information, key, public-key,
digital key
IncludedBy:key,
Related:cryptographic,
digital notary
Related:digital signature, signature, trust,
digital signature
IncludedBy:key, public-key infrastructure, signature,
Includes:Digital Signature Standard, digital signature algorithm,
Related:ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman algorithm, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, algorithm, archive, asymmetric cryptography, attribute certificate, authentic signature, authenticate, authentication, backup, bind, brand CRL identifier, certificate, certificate validation, certification path, computer, cryptographic, cryptographic algorithm, cryptographic system, cryptography, data origin authentication service, digital certificate, digital notary, digitized signature, dual signature, electronic signature, elliptic curve cryptography, encryption, encryption certificate, end entity, entity, file, function, hash, identity, information, integrity, invalidity date, key pair, merchant certificate, message, network, no prior relationship, non-repudiation, object, operation, personality label, pre-signature, pretty good privacy, private signature key, process, program, public-key, public-key certificate, revocation date, seal, security mechanism, sign, signature certificate, signature equation, signature function, signature key, signature process, signature system, signer, symmetric cryptography, system, triple DES, unforgeable, valid signature, validate vs. verify, verification,
digital signature algorithm
IncludedBy:Digital Signature Standard, algorithm, digital signature, signature,
Related:cryptographic, entity, hash, identity, integrity, key, message, public-key, secure hash algorithm, standard,
Digital Signature Standard
IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, digital signature, signature, standard,
Includes:Elliptic Curve Digital Signature Algorithm, digital signature algorithm,
Related:algorithm, cryptography, information, process, technology,
digital subscriber voice terminal
digital telephony
Related:communications, system, technology,
digital watermarking
PreferredFor:watermarking,
Related:control, function, integrity, owner, property,
digitized signature
IncludedBy:signature,
Related:digital signature,
digraph and/or trigraph
diplomatic telecommunications service
IncludedBy:communications, telecommunications,
Related:network,
direct access storage device
IncludedBy:access,
Related:automated information system,
direct data feed
Related:information, process,
direct memory access
IncludedBy:access, automated information system,
direct shipment
Related:communications security, users,
directed-energy warfare
IncludedBy:warfare,
Related:damage,
direction finding
directive
directly trusted CA
IncludedBy:public-key infrastructure, trust,
Related:application, entity, key, public-key,
directly trusted CA key
IncludedBy:key, public-key infrastructure, trust,
Related:certificate, entity, public-key,
Director Central Intelligence Directive
IncludedBy:intelligence,
Director of Central Intelligence Directive
IncludedBy:intelligence,
directory
HasPreferred:directory vs. Directory,
Directory Access Protocol
IncludedBy:access, protocols,
Related:database management system, system, users,
directory information base
IncludedBy:information,
directory service
Related:access, access control, certificate, information, object, public-key infrastructure,
directory user agent
IncludedBy:users,
directory vs. Directory
PreferredFor:directory,
Related:certificate, entity, information, public-key infrastructure, system,
disaster plan
IncludedBy:contingency plan,
Related:authorized, threat,
disaster recovery
IncludedBy:contingency plan, recovery, risk management,
Includes:cold site, hot site,
Related:file, operation, process, reconstitution, users,
disaster recovery plan
IncludedBy:contingency plan, recovery,
Related:application, critical, damage, management, operation, process, risk, risk management, software, system,
disclosure
Related:release,
disclosure of information
IncludedBy:information,
Related:access, access control, authorized,
disclosure record
Related:access,
disconnection
Related:attack,
discrete event simulation
Related:computer, model, system,
discrete process
IncludedBy:process,
Related:entity, identity,
discretionary access control
Antonym:non-discretionary access control,
IncludedBy:access, control,
Includes:surrogate access,
Related:authorization, authorized, entity, file, identity, object, owner, policy, privileged, process, resource, security, subject, system, users,
disinfecting
Related:file, malware, security,
disk imaging
diskette
Related:access,
dispersion
Related:standard,
disposition
disruption
IncludedBy:threat consequence,
Related:damage, function, operation, system,
dissemination
Related:intelligence,
Distinguished Encoding Rules
IncludedBy:Abstract Syntax Notation One, Basic Encoding Rules,
Related:application, certificate, code, digital signature, signature,
distinguished name
IncludedBy:public-key infrastructure,
Includes:subordinate distinguished name,
Related:X.509, certificate, entity, identify, identity, information, key, object, public-key, subject,
distinguishing identifier
Related:authentication, entity, information, non-repudiation, process,
Distributed Authentication Security Service
IncludedBy:authentication, internet, security protocol,
Related:cryptographic, cryptography, protocols,
distributed computing environment
IncludedBy:ACL-based authorization, Generic Security Service Application Program Interface,
Includes:kerberos,
Related:application, audit, authentication, interface, system,
distributed control system
IncludedBy:control, control systems, system,
Related:intelligence, process,
distributed data
Related:computer, network,
distributed database
Related:computer, control, network, process, system,
distributed dataprocessing
IncludedBy:automated information system, process,
Related:computer network, control, function,
distributed denial-of-service
IncludedBy:denial-of-service, exploit,
Related:computer, system, worm,
distributed plant
Related:access, internet,
distributed processing
IncludedBy:automated information system, process,
Related:communications, computer, network, operation, system,
distribution point
IncludedBy:public-key infrastructure,
Related:X.509, authority, certificate, information, key, public-key, revocation, revoked state,
disturbance
Related:control, system,
DNS spoofing
IncludedBy:domain name system, masquerade, spoof, spoofing,
Related:compromise, domain, system,
document
documentary information
documentation
IncludedBy:target of evaluation,
Related:application, control, information, operation, security, software, system, target, users,
DoD Information Technology Security Certification and Accreditation Process
IncludedBy:accreditation, computer security, information, process, requirements, technology,
Related:identify, information security, standard, system,
DoD Trusted Computer System Evaluation Criteria
IncludedBy:computer, criteria, evaluation, system, trust,
domain
IncludedBy:multilevel information systems security initiative, object, subject,
Includes:RA domains, certificate domain, certificate domain parameters, cross domain solution, domain controller, domain modulus, domain name, domain name service server, domain name system, domain of interpretation, domain parameter, domain verification exponent, public domain software, security domain, subset-domain,
Related:DNS spoofing, Internet Corporation for Assigned Names and Numbers, access, access control, access with limited privileges, boundary value analysis, boundary value testing, certificate, control, country code, cryptographic hash function, data input, executive state, firewall, hash function, hash token, identification data, identity, internet, metadata, model, one-way function, packet filtering, pharming, policy, policy creation authority, policy mapping, program, public-key certificate, public-key derivation function, public-key infrastructure, realm, registration, resource, revoked state, security, security authority, security perimeter, security policy information file, signature function, signature process, system, transport, trust relationship, uniform resource locator, users, validate, verification process,
domain controller
IncludedBy:control, domain,
Related:identification, information, passwords,
domain modulus
IncludedBy:domain,
Related:trust,
domain name
IncludedBy:domain, domain name system,
Related:code, internet, resource, system,
domain name service server
IncludedBy:domain, internet,
Related:computer, protocols,
domain name system
IncludedBy:domain, internet, system,
Includes:DNS spoofing, domain name,
Related:access, access control, authentication, control, information, integrity, key, operation, program, protocols, public-key, resource, response, software, users,
domain of interpretation
IncludedBy:domain,
Related:algorithm, cryptographic, cryptography, information, internet protocol security, internet security protocol, security,
domain parameter
IncludedBy:domain,
Related:access, access control, function, hash, message, policy, security, tokens,
domain verification exponent
IncludedBy:domain, verification,
dominated by
Antonym:dominates,
Includes:object,
Related:access, access control, classification levels, classified, integrity, policy, security, trust,
dominates
Antonym:dominated by,
Related:classification levels, classified, computer security, security,
dongle
IncludedBy:tokens,
Related:authentication, computer, information, key, program, software,
downgrade
IncludedBy:requirements, security,
Related:authorized, classification levels, classified, file, information, network,
downgrading
Related:classified,
download
Related:computer, file, process,
draft RFC
IncludedBy:Request for Comment,
drop accountability
Related:communications security,
Drug Enforcement Agency
dual citizen
Related:United States citizen,
dual control
IncludedBy:control, security,
Related:access, access control, entity, function, information, process, resource, system,
dual driver service
dual signature
IncludedBy:Secure Electronic Transaction, signature,
Related:digital signature, encryption, hash, integrity, key, message, operation, verification,
dual technology
Related:intrusion,
dual-homed gateway firewall
IncludedBy:firewall, gateway,
Related:application, interface, internet, network,
dual-use certificate
due care
Related:control, information, information security, security, system,
dump
Related:computer, failure,
dumpster diving
IncludedBy:threat,
PreferredFor:trashing,
Related:computer, identity theft, information,
duplicate digital evidence
duration
dynamic analysis
IncludedBy:analysis,
Related:code, process, program, system, testing,
dynamic binding
IncludedBy:backup,
Related:association, message, object,
dynamic subsystem
e-banking
IncludedBy:internet,
e-government
e-mail server
IncludedBy:internet,
Related:computer,
ease of use
IncludedBy:target of evaluation,
Related:assessment, target, users,
easter egg
Related:development, threat,
eavesdropping
IncludedBy:attack,
Related:adversary, authorization, authorized, emanation, emanations security, information, message, shoulder surfing,
eavesdropping attack
IncludedBy:attack,
Related:authentication, information, protocols,
economic intelligence
IncludedBy:intelligence,
economy of mechanism
IncludedBy:security,
Related:operation, policy, system,
EE
Related:encryption, entity, escrow, standard,
effective key length
IncludedBy:encryption, key,
Related:algorithm, cryptographic,
effectiveness
IncludedBy:assurance,
Related:file, function, operation, profile, property, requirements, risk, security target, target, threat,
egress filtering
Related:internet, process, protocols, security,
egress point
Related:authorized,
El Gamal algorithm
IncludedBy:algorithm,
Related:cipher, code, cryptography, digital signature, encryption, signature,
elapsed time
electrical power systems
IncludedBy:critical infrastructures, system,
Related:critical, function, users,
electromagnetic compatibility
Related:response, system,
electromagnetic emanations
IncludedBy:emanation, emanations security,
electromagnetic interference
IncludedBy:risk,
Related:system,
electronic attack
IncludedBy:attack,
Related:communications security, jamming,
electronic authentication
IncludedBy:authentication,
Related:information, process, system, users,
electronic benefit transfer
Related:network,
electronic business (e-business)
electronic codebook
IncludedBy:code,
electronic commerce
IncludedBy:Secure Electronic Transaction,
Related:communications, computer, electronic data interchange, email, function, information, internet, technology,
electronic counter-countermeasures
IncludedBy:countermeasures,
electronic countermeasures
IncludedBy:countermeasures,
electronic credentials
Related:authentication, entity, identity,
electronic data interchange
Related:communications, computer, electronic commerce, standard, value-added network,
electronic document management system
IncludedBy:system,
electronic evidence
electronic fill device
electronic funds transfer system
IncludedBy:system,
electronic generation, accounting, and distribution system
IncludedBy:system,
electronic intelligence
IncludedBy:intelligence,
Related:foreign,
electronic key entry
IncludedBy:key management,
Related:cryptographic, module, users,
electronic key management system
IncludedBy:key management, system,
Related:communications, communications security,
electronic messaging services
Related:function, internet, management, quality, requirements,
electronic personnel security questionnaire
IncludedBy:security,
electronic protection
Related:assurance,
electronic questionnaire for investigative processing
Related:security,
electronic security
IncludedBy:security,
Related:analysis, authorized, communications, information,
electronic signature
IncludedBy:signature,
Related:digital signature, information, message,
electronic surveillance
Related:Foreign Intelligence Surveillance Act,
electronic transmission
electronic warfare
IncludedBy:warfare,
Includes:electronic warfare support,
Related:attack, control,
electronic warfare support
IncludedBy:electronic warfare, warfare,
Related:control, identify, information, intelligence, operation, target, threat,
electronically generated key
IncludedBy:key,
Related:algorithm, communications security, software,
element
Related:communications security, security,
eligibility
Related:access, security,
elliptic curve cryptography
IncludedBy:cryptography,
Related:algorithm, analysis, attack, digital signature, key, signature,
elliptic curve cryptosystem
IncludedBy:asymmetric algorithm, cryptographic system, system,
Related:encryption, key, public-key,
Elliptic Curve Digital Signature Algorithm
IncludedBy:Digital Signature Standard, algorithm, signature,
Related:cryptography, digital signature, standard,
email
IncludedBy:internet,
Includes:email packages, email security software, letterbomb, mailbomb, multipurpose internet mail extensions, privacy enhanced mail, secure multipurpose internet mail extensions, spam,
Related:SET qualifier, Secure Data Network System, X.400, application, bounce, communications, computer, electronic commerce, gateway, message, message authentication code vs. Message Authentication Code, message handling system, message integrity code, pretty good privacy, simple mail transfer protocol, system,
email packages
IncludedBy:email,
Includes:email security software,
Related:encryption, function, interface, signature, users,
email security software
IncludedBy:email, email packages, security software, software,
Includes:pretty good privacy,
Related:encryption, message, network, signature, users,
emanation
IncludedBy:TEMPEST, emanations security, threat,
Includes:electromagnetic emanations, emanations analysis,
Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, eavesdropping, implant, information, intelligence, operation, procedural security, process, security architecture, suppression measure, system,
Synonym:RED signal,
emanations analysis
IncludedBy:analysis, emanation, threat consequence,
Related:system,
emanations security
IncludedBy:TEMPEST,
Includes:compromising emanation performance requirement, compromising emanations, electromagnetic emanations, emanation, undesired signal data emanations,
Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, analysis, application, authorized, compromise, eavesdropping, implant, information, procedural security, security architecture, suppression measure, system, technology,
Synonym:emissions security,
embedded computer
IncludedBy:computer,
Related:system,
embedded cryptographic system
IncludedBy:cryptographic, cryptographic system, system,
Related:control, function,
embedded cryptography
IncludedBy:cryptography,
Related:cryptographic, function, system,
embedded system
IncludedBy:system,
Related:control, function,
emergency action message
IncludedBy:message,
emergency action plan
Related:attack, damage, intelligence,
emergency plan
IncludedBy:contingency plan,
Related:threat,
emergency response
IncludedBy:response,
Related:computer, damage, operation, property, threat,
emergency response time
IncludedBy:response,
emergency services
IncludedBy:critical infrastructures,
Related:critical, function, recovery, response, system,
emergency shutdown controls
IncludedBy:control, risk management,
Related:IT security, computer, system, vulnerability,
emission security
IncludedBy:security,
Related:analysis, authorized,
emissions security
IncludedBy:Automated Information System security, TEMPEST, communications security, computer security,
Related:RED signal, analysis, authorized, compromise, cryptography, information, system, telecommunications,
Synonym:emanations security,
employee
employment practices and workplace safety
IncludedBy:operational risk loss,
empty position
encapsulating security payload
IncludedBy:internet protocol security, security protocol,
Related:association, authentication, confidentiality, connection, flow, gateway, integrity, internet, internet security protocol, message, protocols, tunnel,
encapsulating security payload protocol
IncludedBy:protocols, security,
Related:encryption, integrity, internet protocol security, internet security protocol,
encapsulation
Related:access, access control, object, program, protocols, resource, users,
encipher
IncludedBy:cipher, encryption,
Related:cryptographic, system,
encipherment
IncludedBy:cipher, encryption,
Includes:asymmetric encipherment system, encipherment algorithm, public encipherment key, public encipherment transformation, symmetric encipherment algorithm,
Related:algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, ciphertext, cryptographic, cryptographic key, cryptographic synchronization, cryptography, decipherment, decryption, encryption algorithm, feedback buffer, information, initializing value, key, private decipherment transformation, private key, public-key, public-key certificate,
encipherment algorithm
IncludedBy:algorithm, cipher, cryptography, encipherment,
Related:encryption,
enclave
Related:assurance, authority, control, policy, security,
enclave boundary
IncludedBy:boundary,
encode
IncludedBy:code, encryption,
Related:cipher, information, system,
encrypt
encrypt
IncludedBy:cipher, cryptography, encryption,
Related:algorithm, code, cryptographic,
encrypt for transmission only
Related:encryption, network,
encrypted key
IncludedBy:cipher, key, key recovery,
PreferredFor:ciphertext key,
Related:cryptographic, passwords, security,
encrypted network
IncludedBy:network,
encryption
Antonym:cleartext, decryption,
IncludedBy:Secure Electronic Transaction, privacy enhanced mail,
Includes:Cryptographic Application Program Interface, Escrowed Encryption Standard, International Data Encryption Algorithm, NULL encryption algorithm, The Exponential Encryption System, advanced encryption standard, asymmetric cryptographic algorithm, asymmetric encryption algorithm, bulk encryption, cipher, cryptographic functions, data encryption algorithm, data encryption key, data encryption standard, dedicated loop encryption device, effective key length, encipher, encipherment, encode, encrypt, encryption algorithm, encryption certificate, encryption software, encryption strength, encryption tools, end-to-end encryption, endorsed data encryption standard products list, file encryption, full disk encryption, hybrid encryption, key-encryption-key, link encryption, low-cost encryption/authentication device, one-way encryption, pretty good privacy, secure multipurpose internet mail extensions, superencryption, symmetric algorithm, symmetric encryption algorithm, tactical trunk encryption device, tamper, traffic encryption key, trunk encryption device,
Related:CAST, COMSEC control program, Clipper chip, Cryptographic Message Syntax, Diffie-Hellman, EE, El Gamal algorithm, Federal Standard 1027, Fortezza, IEEE P1363, IP splicing/hijacking, Internet Security Association and Key Management Protocol, Law Enforcement Access Field, MIME Object Security Services, Network Layer Security Protocol, Rivest Cipher 2, Rivest Cipher 4, Rivest-Shamir-Adleman algorithm, SET private extension, SOCKS, Secure/MIME, Simple Key-management for Internet Protocols, Skipjack, Terminal Access Controller Access Control System, Transport Layer Security Protocol, algorithm, application, application controls, asymmetric algorithm, asymmetric cryptography, asymmetric encipherment system, asymmetric keys, authentication code, authorized, baggage, block cipher, break, cardholder certificate, certificate revocation list, ciphertext, code, code book, common data security architecture, communications, computer cryptography, container, control, cooperative key generation, cryptanalysis, cryptographic, cryptographic algorithm, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptographic service, cryptographic system, cryptography, decrypt, dictionary attack, diffie-hellman group, digital envelope, digital signature, dual signature, elliptic curve cryptosystem, email packages, email security software, encapsulating security payload protocol, encipherment algorithm, encrypt for transmission only, in the clear, indistinguishability, information, information systems security, information systems security equipment modification, initialization vector, initialize, intelligent threat, internet protocol security, key, key agreement, key center, key distribution center, key generator, key logger, key pair, key recovery, key translation center, key transport, key-encrypting key, key-escrow system, keyed hash, keys used to encrypt and decrypt files, merchant certificate, message authentication code vs. Message Authentication Code, message integrity code, mode of operation, off-line cryptosystem, on-line cryptosystem, one-time pad, operation, over-the-air key transfer, over-the-air rekeying, password system, per-call key, personality label, privacy programs, privacy system, process, protected communications, protected distribution systems, protection suite, public-key cryptography, public-key forward secrecy, salt, secret-key cryptography, secure shell, secure socket layer, security, security management infrastructure, security mechanism, security strength, semantic security, session key, signature certificate, standard, start-up KEK, stream cipher, symmetric cryptographic technique, symmetric cryptography, symmetric key, system, system indicator, threat consequence, tokens, traffic analysis, triple DES, tunnel, unencrypted, version, virtual private network, wrap,
encryption algorithm
IncludedBy:algorithm, encryption,
Related:cipher, communications security, confidentiality, control, cryptographic, encipherment, key, process, version,
encryption certificate
IncludedBy:certificate, encryption,
Related:X.509, cryptographic, digital signature, function, key, public-key, signature,
encryption software
IncludedBy:encryption, software,
Related:file, function, message, users,
encryption strength
IncludedBy:encryption, quality of protection,
PreferredFor:strength of encryption,
Related:algorithm, cryptographic system, key, system,
encryption tools
IncludedBy:encryption, security software,
end cryptographic unit
Related:management, security,
end entity
IncludedBy:entity,
Related:X.509, application, certificate, cryptography, digital signature, key, policy, public-key, public-key infrastructure, role, signature, subject, system,
end system
IncludedBy:system,
Related:computer, internet, network, protocols,
end-item accounting
end-to-end encryption
IncludedBy:encryption,
Related:communications, computer, cryptographic, flow, information, network, router, system, telecommunications,
end-to-end security
IncludedBy:security,
Related:cryptographic, cryptography, information, system,
end-user
IncludedBy:target of evaluation, users,
Related:application, computer, entity, network, operation, public-key infrastructure, resource, system, target,
end-user computing
IncludedBy:users,
endorsed cryptographic products list
IncludedBy:cryptographic,
endorsed data encryption standard products list
IncludedBy:encryption, standard,
endorsed for unclassified cryptographic information
IncludedBy:classified, cryptographic, information,
endorsed for unclassified cryptographic item
IncludedBy:classified, cryptographic,
Related:information,
Endorsed TEMPEST Products List
IncludedBy:TEMPEST,
endorsed tools list
IncludedBy:Information Systems Security products and services catalogue, formal verification, national information assurance partnership,
Related:computer, computer security, system, trust, verification,
endorsement
Related:information, security,
energy-efficient computer equipment
IncludedBy:computer,
Related:model, users,
enforcement vector
Engineering
Related:requirements, security,
engineering development model
enhanced hierarchical development methodology
IncludedBy:software development methodologies,
Related:program, security,
enrollment manager
Related:management,
enrollment service
Related:certificate, entity, process,
ensure
Related:IT security, assure, program, security,
enterprise
Related:management, operation, process, risk, security,
enterprise architecture
Related:security,
enterprise resource planning
IncludedBy:resource,
enterprise risk management
IncludedBy:management, risk,
Related:threat, trust,
enterprise service
Related:users,
entity
Includes:application entity, end entity, entity authentication, entity authentication of A to B, entity-wide security, external it entity, federated identity, identity, identity based access control, identity credential, identity credential issuer, identity management systems, identity proofing, identity theft, identity token, identity validation, identity verification, identity-based security policy, mutual entity authentication, peer entity authentication, peer entity authentication service, personal identity verification, personal identity verification card, redundant identity, system entity,
Related:COMSEC account, Challenge Handshake Authentication Protocol, EE, Identification Protocol, Internet Corporation for Assigned Names and Numbers, MISSI user, OAKLEY, PIV issuer, PIV registrar, PKCS #10, X.509, X.509 public-key certificate, acceptance criteria, access control service, account aggregation, account fraud, accountability, accreditation authority, accreditation multiplicity parameter, adversary, alias, anonymous, applicant, applicant assertion, assurance, asymmetric cryptographic technique, attack, attribute, attribute authority, authenticate, authentication, authentication data, authentication exchange, authentication information, authentication protocol, authentication service, authenticator, authenticity, authority, authorization, authorized, availability, binding, biometric measurement, biometric system, biometrics, brand, capability, cardholder, certificate, certificate holder, certificate owner, certificate user, certification, certification authority, certification path, certification practice statement, certification request, certify, challenge/response, checksum, claimant, class 2, 3, 4, or 5, client, communications security, comparisons, component, compromise, configuration item, covert channel, credentials, credentials service provider, criminal groups, criticality assessment, cryptography, data confidentiality, data integrity, data integrity service, data origin authentication service, datagram, deception, deliberate exposure, digital certificate, digital id, digital signature, digital signature algorithm, directly trusted CA, directly trusted CA key, directory vs. Directory, discrete process, discretionary access control, distinguished name, distinguishing identifier, dual control, electronic credentials, end-user, enrollment service, evidence requester, evidence subject, exchange multiplicity parameter, explicit key authentication from A to B, exposures, false acceptance, false rejection, false rejection rate, falsification, flooding, fraud, help desk, human error, identification, identification and authentication, identification authentication, identification data, identifier, implicit key authentication from A to B, individual accountability, inference, insertion, insider, interception, intruder, intrusion, investigation service, issuing authority, judicial authority, kerberos, key confirmation, key confirmation from A to B, key distribution center, key establishment, key owner, key token, key translation centre, key transport, least privilege, login, malicious code, malware, mandatory access control, masquerade, masquerade attack, masquerading, misappropriation, mutual authentication, mutual suspicion, nations, non-repudiation, non-repudiation of creation, non-repudiation service, object, one-time passwords, organizational registration authority, origin authenticity, originator, outsourcing, password system, passwords, perpetrator, personal identification number, personal security environment, phishing, physical access control, practice statement, pre-authorization, principal, privacy, private accreditation information, private key, proprietary, protected channel, proxy server, pseudonym, public-key, public-key certificate, public-key derivation function, public-key information, public-key infrastructure, randomizer, recipient, references, registration, registration authority, relying party, repudiation, response, risk, risk management, role-based access control, root, router, salt, secret, secure envelope, secure socket layer, security authority, server, signature key, signer, simple authentication, site accreditation, source authentication, sponsor, spoof, strong authentication, subject, substitution, theft of service, threat, ticket, time variant parameter, time-stamp requester, time-stamp verifier, tokens, transaction intermediary, trapdoor, trojan horse, trust, trusted agent, unilateral authentication, users, usurpation, validate vs. verify, validation service, vendor, verification, verification key, verified name, verifier, violation of permissions, witness,
entity authentication
IncludedBy:authentication, entity,
entity authentication of A to B
IncludedBy:authentication, entity,
Related:assurance, identity,
entity-wide security
IncludedBy:entity, security,
Related:control, cyberspace, risk,
entrance national agency check
Related:security,
entrapment
IncludedBy:risk management,
Related:exploit, penetration, system,
entropy
Related:attack,
entry control
IncludedBy:access control, control,
Related:access, authorized, controlled access area, process, resource,
entry label
Related:information,
entry-level certification
IncludedBy:certification,
Related:availability, confidentiality, integrity, system,
environment
Includes:object,
Related:development, operation, system, users,
environment of operation
Related:risk, security, threat,
environmental failure protection
IncludedBy:failure, risk management,
Related:assurance, compromise, cryptographic, cryptography, module,
environmental failure testing
IncludedBy:failure, security testing, test,
Related:compromise, cryptographic, cryptography, module,
environmentally controlled area
IncludedBy:availability, control,
Related:damage,
ephemeral key
IncludedBy:key,
Related:public-key, requirements,
equipment radiation TEMPEST zone
IncludedBy:TEMPEST,
equity
Related:classified,
erasable programmable readonly memory
erasure
Includes:degauss, overwrite procedure,
Related:destruction, information, process,
error
Related:bug, fault, operation, process, program, system, version,
error analysis
IncludedBy:analysis,
error detection and correction
error detection code
IncludedBy:code, integrity,
Includes:check character,
Related:information,
error guessing
Related:test,
error seeding
Related:analysis, assurance, computer, mutation analysis, process, program,
Synonym:bebugging,
escort
Related:classified,
escrow
Includes:Escrowed Encryption Standard, key-escrow, key-escrow system,
Related:CAPSTONE chip, Clipper chip, EE, Law Enforcement Access Field, Skipjack, cryptographic, key, key management, key recovery, public-key infrastructure, retrieval, trust,
Escrowed Encryption Standard
IncludedBy:encryption, escrow, standard,
Related:access, access control, algorithm, authorized, classified, communications, key, system, telecommunications,
espionage
IncludedBy:threat,
Includes:cyber espionage,
Related:covert, cybercrime, intelligence,
essential elements of friendly information
essential elements of information
essential secrecy
Related:critical,
establishment
Includes:connection establishment, connection establishment time, key establishment, point-to-point key establishment,
Related:Diffie-Hellman, FIPS PUB 140-1, IPsec Key Exchange, Internet Security Association and Key Management Protocol, OAKLEY, Photuris, aggressive mode, configuration control, connection overhead, cookies, cryptographic module, datagram, filtering router, identity proofing, key agreement, key confirmation, key recovery, key transport, main mode, peer entity authentication service, privacy protection, public law 100-235, public-key forward secrecy, quick mode, security, security association, subcommittee on Automated Information System security, subcommittee on telecommunications security, testability, unit of transfer,
Estelle
Related:computer, computer network, network, protocols,
ethernet meltdown
IncludedBy:threat,
Related:gateway, illegal, network,
ethernet sniffing
IncludedBy:sniffing,
Related:criteria, file, interface, login, packet sniffer, passwords, promiscuous mode, software, users,
Europay, MasterCard, Visa
Related:application, tokens,
European Information Technology Security Evaluation Criteria
IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, information, target of evaluation, technology,
Includes:assurance, correctness,
Related:target, version,
European quality award
IncludedBy:quality,
evaluated products list
IncludedBy:Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership,
Related:computer, computer security, criteria, evaluation, information, software, system, trust, trusted computer system,
evaluated system
IncludedBy:evaluation, system,
Related:criteria, security,
evaluation
IncludedBy:certification,
Includes:Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology, DoD Trusted Computer System Evaluation Criteria, IT Security Evaluation Criteria, IT Security Evaluation Methodology, Information Technology Security Evaluation Criteria, Monitoring of Evaluations, Trusted Computer System Evaluation Criteria, Trusted Products Evaluation Program, access evaluation, assurance, certification and accreditation, certification test and evaluation, cryptographic system evaluation, cryptosystem evaluation, evaluated system, evaluation authority, evaluation facility, evaluation pass statement, evaluation products list, evaluation scheme, evaluation technical report, evaluation work plan, independent review and evaluation, monitoring and evaluation, program evaluation and review technique, quality of protection, risk evaluation, security evaluation, security test & evaluation, software system test and evaluation process, strength of a requirement, target of evaluation, technical surveillance countermeasures surveys and evaluations, training effectiveness evaluation, validation, verification,
Related:Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, FIPS approved security method, Government Accountability Office, IT security, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Orange book, Red book, Scope of Accreditation, Yellow book, accreditation, accreditation range, acquisition special access program, adjudication, approval/accreditation, approved technologies list, approved test methods list, assessment, benchmark, beyond A1, blue team, candidate TCB subset, certificate, certificate revocation list, certification agent or certifier, certification authority, common criteria, computer security, controlled access program oversight committee, controlled access protection, criteria, cryptographic system survey, cryptosystem survey, descriptive top-level specification, designated, designated laboratories list, designating authority, designation policy, evaluated products list, file, flaw hypothesis methodology, function, independent assessment, intelligence, interface control document, interim approval to operate, network component, observation reports, operations security assessment, penetration test, policy, preproduction model, process, profile, protection philosophy, quality, requirements for content and presentation, requirements for evidence, risk analysis, risk assessment, risk avoidance, risk management, risk treatment, security, security control assessment, security environment threat list, security policy model, security-compliant channel, self-inspection, source selection, sponsor, subset-domain, system, target, technology area, test method, test procedure, testing, threat assessment, training assessment, trusted network interpretation, trusted path, type certification, validated products list,
Synonym:analysis,
evaluation and validation scheme
IncludedBy:validation,
Related:authority, function, standard, system,
evaluation assurance
IncludedBy:assurance,
Includes:evaluation assurance level,
Related:analysis, target, threat,
evaluation assurance component
IncludedBy:assurance, component,
Related:requirements,
evaluation assurance level
IncludedBy:Common Criteria for Information Technology Security Evaluation, evaluation assurance, requirements,
Includes:evaluation criteria, evaluator, evaluator actions,
Related:boundary, criteria, network, system,
evaluation assurance package
IncludedBy:assurance,
evaluation assurance requirements
IncludedBy:assurance, requirements,
Related:file, profile,
evaluation authority
IncludedBy:authority, evaluation,
Related:quality, standard,
evaluation criteria
IncludedBy:criteria, evaluation assurance level,
Related:system,
evaluation facility
IncludedBy:evaluation,
evaluation pass statement
IncludedBy:evaluation,
Related:assessment, criteria, standard,
evaluation products list
IncludedBy:evaluation,
Related:assurance,
evaluation scheme
IncludedBy:evaluation,
Related:authority,
evaluation technical report
IncludedBy:Common Criteria Testing Laboratory, evaluation,
Related:validation,
evaluation work plan
IncludedBy:Common Criteria Testing Laboratory, evaluation,
Related:IT security, computer security, security,
evaluator
IncludedBy:evaluation assurance level,
Related:assessment, officer, security, system,
evaluator actions
IncludedBy:evaluation assurance level,
Related:criteria, identify, information,
evasion
Related:attack, malicious, target,
event
Related:incident, system,
evidence
IncludedBy:assurance,
Includes:evidence requester, evidence subject, requirements for evidence,
Related:audit trail, correctness, credentials, deception, delivery authority, development assurance, development assurance requirements, failure, forced entry, information, logging, monitor, non-repudiation, non-repudiation information, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, notarization, notary, operations security, operations security survey, proof, records, secure envelope, security audit trail, security environment threat list, security target, statistical estimate, surreptitious entry, time-stamping authority, time-stamping service, trust, trusted time stamping authority, validate vs. verify, validation, validation report, verifier, witness,
evidence requester
IncludedBy:evidence,
Related:entity, trust,
evidence subject
IncludedBy:evidence, subject,
Related:entity,
examination
examine
Related:control, security,
exception
Related:access, bug, classified, fault, flow, operation, program, security, subject,
exchange multiplicity parameter
Related:authentication, entity, message,
exculpatory evidence
executable code
IncludedBy:code,
Related:computer, program,
execute access
IncludedBy:access,
Related:program, software,
execution, delivery, and process management
IncludedBy:operational risk loss, process,
executive information systems
IncludedBy:information, system,
executive order
executive state
Includes:privileged instructions,
PreferredFor:supervisor state,
Related:domain, operation, privileged, software, system, users,
executive steering committee
Related:information, process,
exempted
exercise key
IncludedBy:key,
Related:communications,
exercised
Related:program, test,
exhaustive testing
IncludedBy:security testing, test,
Related:program,
expanded national agency check
expanded steel
expansibility
expected output
Related:security,
expert review team
Related:identify, information, resource, security, system,
expire
HasPreferred:certificate expiration,
explain
Related:information, requirements,
explicit key authentication from A to B
IncludedBy:authentication, key,
Related:assurance, entity,
exploit
IncludedBy:threat,
Includes:denial-of-service, distributed denial-of-service, exploit tools, logic bombs, phishing, sniffer, trojan horse, virus, vishing, war driving, worm, zero-day exploit,
Related:Defensive Information Operations, access, access control, assurance, attack, code, covert channel, derf, entrapment, exploitable channel, firewall, flaw hypothesis methodology, information, information assurance, information superiority, information warfare, intelligent threat, non-technical countermeasure, object, operations security, penetration testing, port scan, program, security, security threat, smurf, system, technical vulnerability, threat agent, vulnerability,
exploit code
Related:attack,
exploit tools
IncludedBy:exploit,
Related:system, vulnerability,
exploitable channel
IncludedBy:channel, threat, trusted computing base,
Includes:covert channel, subject,
Related:computer, covert, exploit, information, policy, security, system,
exploitation
IncludedBy:vulnerability,
PreferredFor:exploitation of vulnerability,
Related:access, access control, control, intelligence, operation, policy, security, system,
exploitation of vulnerability
HasPreferred:exploitation,
IncludedBy:vulnerability,
export
Related:foreign,
export license
Related:authorization, security,
export license application
Related:foreign,
exposures
IncludedBy:threat consequence,
Includes:common vulnerabilities and exposures, external system exposure, internal system exposure,
Related:authorized, entity, inadvertent disclosure, levels of concern, media protection, risk, risk assessment, system, unauthorized disclosure,
extended industry standard architecture
IncludedBy:standard,
Related:automated information system,
extensibility
Related:function, interface, protocols, system,
extensible
Related:control, program,
Extensible Authentication Protocol
IncludedBy:authentication, protocols, security protocol,
Related:challenge/response, network, passwords, response, router,
extensible markup language
IncludedBy:standard generalized markup language,
Related:application, computer, object, process, program, validation,
extension
IncludedBy:public-key infrastructure,
PreferredFor:private extension,
Related:X.509, application, assurance, certificate, certification, function, information, key, policy, public-key, requirements, revocation, security, standard, subject,
external fraud
IncludedBy:fraud, operational risk loss,
Related:property,
external it entity
IncludedBy:entity, target of evaluation,
Related:system, target, trust,
external label
Related:identify,
external network
IncludedBy:network,
Related:control,
external security controls
IncludedBy:control, protection profile, risk management, security controls,
Related:access, access control, accreditation, boundary, certification, file, process, profile,
external security testing
IncludedBy:security testing, test,
Related:security perimeter,
external system exposure
IncludedBy:exposures, system,
Related:access, access control, connection, internet, users,
external throughput rate
extraction resistance
Related:communications, cryptography, key, telecommunications,
extranet
IncludedBy:internet,
Related:access, access control, application, authorized, computer, computer network, network, technology, users, virtual private network,
extraordinary security measures
IncludedBy:security,
Related:access, authorized,
facilities
Related:information, process, resource, technology,
facilities accreditation
Related:classified, security,
facilities certification
IncludedBy:certification,
Related:classified, security,
facility
facility manager
Related:security, system,
facility security clearance
IncludedBy:security,
Related:access, classified,
facsimile
fail safe
IncludedBy:failure control,
Related:failure, operation, process, program, software, system,
fail soft
IncludedBy:automated information system, failure control,
Related:application, failure, function, process, software, system,
failed logon
IncludedBy:logon, threat,
Related:access, resource, users,
failover
failure
IncludedBy:risk,
Includes:environmental failure protection, environmental failure testing, failure access, failure control, mean-time-between-failure, mean-time-between-outages, mean-time-to-fail,
Related:IS related risk, abend, abort, accountability, anomaly, availability, backup procedures, bomb, contingency plan, crash, critical mechanism, defect, dump, evidence, fail safe, fail soft, fallback procedures, flooding, function, mean-time-to-repair, mean-time-to-service-restoral, operation, outage, problem, program, recovery procedures, requirements, software, software reliability, strength of a requirement, system, uninterruptible power supply, vulnerability,
Synonym:fault,
failure access
IncludedBy:access, failure, threat,
Related:authorized, incident, software, system, unauthorized access,
failure control
IncludedBy:control, failure, risk management,
Includes:fail safe, fail soft,
Related:function, process, recovery, software, system,
fallback procedures
Related:backup, failure, process, system,
false acceptance
Related:access, entity, identity, security, system, users,
false acceptance rate
IncludedBy:biometrics,
Related:access, authorized, system, users,
false denial of origin
IncludedBy:threat consequence,
false denial of receipt
IncludedBy:threat consequence,
false negative
IncludedBy:risk,
Related:identify, intrusion, intrusion detection, malicious, system, technology, threat,
false positive
IncludedBy:risk,
Related:classified, intrusion, intrusion detection, malicious, system, technology,
false rejection
Related:entity, identity, security, system,
false rejection rate
Related:access, entity, identity, security, system,
falsification
IncludedBy:threat consequence,
Related:authorized, entity,
family
Related:object, security,
fault
IncludedBy:threat,
Includes:fault injection, fault isolation, fault management, fault tolerance, fault tolerant, security fault analysis,
Related:Federal Standard 1027, alarm reporting, alarm surveillance, anomaly, bug, communications, computer, correctness, debug, defect, error, exception, function, maintenance, network, network management, problem, process, program, software, software reliability, system, trap,
Synonym:failure,
fault injection
IncludedBy:fault,
Related:analysis, code, program, software,
fault isolation
IncludedBy:fault,
Related:accountability, function,
fault management
IncludedBy:fault,
fault tolerance
IncludedBy:fault,
Related:operation, process, risk, software, system,
Synonym:fault tolerant,
fault tolerant
IncludedBy:fault,
Related:availability, function, software, system,
Synonym:fault tolerance,
fear, uncertainty, or doubt
Related:deterrence,
Federal Criteria for Information Technology Security
IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, information, technology,
Includes:Federal Criteria Vol. I, assurance, correctness,
Related:system, trust,
Federal Criteria Vol. I
IncludedBy:Federal Criteria for Information Technology Security, National Institute of Standards and Technology, criteria,
Includes:protection profile,
Related:computer security, file, information, profile, standard, technology, version,
federal enterprise architecture
Related:management,
Federal Information Processing Standards
IncludedBy:National Institute of Standards and Technology, information, process, standard,
Includes:Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Information Processing Standards Publication 140, data encryption standard,
Related:computer, computer security, property, security, system, technology,
Federal Information Processing Standards Publication 140
IncludedBy:Federal Information Processing Standards, information, process, standard,
Synonym:FIPS PUB 140-1,
federal information system
federal personnel manual
Federal Public-key Infrastructure
IncludedBy:key, public-key, public-key infrastructure,
Related:application, certificate, classified, communications security,
federal record
Federal Reserve Banks
federal secure telephone service
Federal Standard 1027
IncludedBy:National Institute of Standards and Technology, standard,
Related:FIPS PUB 140-1, National Security Agency, analysis, classified, criteria, emanation, emanations security, encryption, fault, information, key, key management, security, tamper,
federal telecommunications system
IncludedBy:communications, system, telecommunications,
federated identity
IncludedBy:entity, identity,
Related:access, access control, federation, system, users,
federation
Related:access, access control, assurance level, federated identity, relying party, system, users,
fedline
Related:access, access control,
fedwire
Related:process, system,
feedback buffer
Related:cipher, cryptography, encipherment, process,
ferroelectric random access memory
IncludedBy:access,
fetch protection
IncludedBy:access control,
Includes:contamination,
Related:access, assurance, authorized, file, process, program, system, unauthorized access,
fiber distributed data interface
IncludedBy:interface,
Related:automated information system,
fiber-optics
Related:information,
field
Related:computer, file,
field device
Related:communications,
field site
Related:communications, system,
fieldbus
Related:control, message, protocols,
file
Includes:CKMS profile, COMSEC profile, IT default file protection parameters, Network File System, access profile, assurance profile, communications profile, critical system files, default file protection, file encryption, file infector virus, file integrity checker, file integrity checking, file protection, file security, file transfer, file transfer access management, file transfer protocol, keys used to encrypt and decrypt files, master file, profile, profile assurance, protection profile, protection profile family, secure profile inspector, security policy information file, system files, system profile, transaction file, trust-file PKI, user profile,
Related:Federal Criteria Vol. I, Minimum Interoperability Specification for PKI Components, PHF, PKIX, Tripwire, access type, anonymous login, antivirus software, archiving, assignment, attack signature recognition, audit, audit software, audit trail, authentication, authorization, backup, backup generations, backup procedures, batch mode, browse access protection, capability, card initialization, clean system, component, computer, computer fraud, connection, container, cookies, correctness, data dictionary, data synchronization, decomposition, deliverable, development assurance requirements, digital signature, disaster recovery, discretionary access control, disinfecting, downgrade, download, effectiveness, encryption software, ethernet sniffing, evaluation, evaluation assurance requirements, external security controls, fetch protection, field, firewall, functional protection requirements, general controls, gopher, granularity, hash function, hash totals, honeypot, hypertext markup language, integration test, intrusion detection systems, key-escrow, logic bombs, login, macro virus, malicious applets, mandatory access control, message digest, metadata, multipartite virus, multipurpose internet mail extensions, national computer security assessment program, national information assurance partnership, object, off-line attack, on-access scanning, output, permissions, personal security environment, pretty good privacy, product rationale, programmable logic controller, prowler, purge, purging, push technology, quarantine, quarantining, real-time system, recovery procedures, redundancy, refinement, register, review techniques, rootkit, sampling frame, sandboxed environment, sanitize, script, secure hash algorithm, security certificate, security label, security target, security-relevant event, server, snarf, social engineering, stateful protocol analysis, superuser, suspicious activity report, system administrator privileges, system resources, system software, tracking cookie, trigger, trojan horse, trusted certificate, trusted key, uniform resource locator, upload, users, utility programs, virus, virus signature, web browser cache, web of trust, work product,
file encryption
IncludedBy:encryption, file,
Related:access, authentication, process,
file infector virus
IncludedBy:file, virus,
Related:application, computer, process, program,
file integrity checker
IncludedBy:file, integrity,
Related:message, software,
file integrity checking
IncludedBy:file, integrity,
Related:compromise, message, software,
file name anomaly
file protection
IncludedBy:access control, file,
Includes:contamination,
Related:access, assurance, authorized, process, system, unauthorized access,
file security
IncludedBy:access control, file,
Related:access, authorized, computer,
file series
Related:access, subject,
file series exemption
file transfer
IncludedBy:file,
Related:computer, network, process, protocols, system,
file transfer access management
IncludedBy:access, file,
Related:network,
file transfer protocol
IncludedBy:file, internet, protocols,
Related:application, computer, network, standard,
fill device
Related:communications security, cryptography, key,
fill device interface unit
IncludedBy:interface,
filtering router
IncludedBy:router,
Related:control, establishment, internet, network, packet filter, policy, security,
Synonym:screening router,
finality
financial crimes enforcement network
IncludedBy:network,
Related:analysis,
financial disclosure
Related:security, subject,
fingerprint
Related:authentication, hash, key, public-key,
finite population correction factor
finite state machine
Related:function, model,
FIPS approved security method
IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, security policy,
Related:algorithm, authentication, criteria, cryptographic, evaluation, key,
FIPS PUB 140-1
IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology,
Includes:random number generator,
Related:Federal Standard 1027, algorithm, application, authorized, classified, communications security, computer, cryptographic, cryptography, establishment, information, interface, key, key management, module, requirements, role, security, security testing, software, standard, system, test, zeroization, zeroize,
Synonym:Federal Information Processing Standards Publication 140,
FIPS PUB
FIPS-Validated Cryptography
IncludedBy:cryptography,
Related:requirements,
fire barrier
IncludedBy:availability,
fire suppression system
IncludedBy:availability, system,
FIREFLY
Related:cryptography, key, key management, management, protocols, public-key,
firewall
IncludedBy:front-end security filter, gateway, guard, internet, security filter, security software,
Includes:application gateway firewall, application proxy, application-level firewall, bastion host, circuit proxy, connection, demilitarized zone, dual-homed gateway firewall, firewall machine, goodput, homed, host-based firewall, illegal traffic, logging, network address translation, network level firewall, packet filter, packet filtering, packet filtering firewall, protected network, proxy, rejected traffic, router-based firewall, ruleset, screened host firewall, screened subnet firewall, stateful packet filtering, trusted gateway, unprotected network,
Related:access, access control, application, application level gateway, attack, authorization, authorized, boundary, circuit level gateway, computer, computer network, control, countermeasures, criteria, critical, data source, domain, exploit, file, flow, identification, interface, network, operation, policy, process, protocols, resource, router, screening router, software, spoof, system, threat, unauthorized access, unit of transfer, users, vulnerability,
firewall control proxy
IncludedBy:control,
firewall machine
IncludedBy:firewall,
Related:connection, security,
firmware
IncludedBy:cryptographic module,
Related:application, computer, program, software,
fishbone diagram
PreferredFor:cause and effect diagram,
Related:identify,
fishbowl
Related:authorized, information, system, users,
fixed COMSEC facility
Related:communications security,
fixed disk
fixed price contract
flash memory
flaw
IncludedBy:threat,
Related:system,
flaw hypothesis methodology
IncludedBy:risk management,
Related:analysis, attack, compromise, computer, control, evaluation, exploit, penetration, security testing, system, test,
flexibility
Related:operation, program,
flooding
IncludedBy:attack, incident,
Related:access, access control, analysis, computer, covert, entity, failure, flow, information, message, process, system,
flow
Includes:buffer overflow, data flow control, data flow diagram, information flow, information flow control, modeling or flowcharting, security flow analysis, traffic flow confidentiality, traffic-flow security, underflow, workflow,
Related:Bell-LaPadula security model, Gypsy verification environment, access, boundary host, cascading, coding, concurrent connections, confidentiality, contact interface, contactless interface, continuous process, controlled interface, encapsulating security payload, end-to-end encryption, exception, firewall, flooding, hierarchical development methodology, identify, information superiority, infrastructure, interface, internet protocol, internet protocol security, intrusion, intrusion detection, lattice model, link encryption, mandatory access control, network behavior analysis system, packet filtering, ping of death, pressure sensor, program, read, read access, sensor, subject, system, topology, traffic analysis, user data protocol, valve, vulnerability, wiretapping, workgroup computing, write,
flow control
HasPreferred:information flow control,
flush
Related:security,
focused testing
foe
IncludedBy:threat,
for official use only
Related:classified,
For Official Use Only Certified TEMPEST Technical Authority
Related:certification, requirements, security,
forced entry
Related:authorized, evidence,
foreground information
foreign
Includes:Foreign Intelligence Surveillance Act, Office of Foreign Assets Control, foreign contact, foreign disclosure, foreign disclosure point of contact, foreign exchange personnel, foreign government information, foreign intelligence, foreign intelligence service, foreign interest, foreign liaison officer, foreign military sales, foreign national, foreign owned, controlled or influenced, foreign ownership, control, or influence, foreign person, foreign relations of the united states, foreign representative, foreign travel briefing, foreign visit, representative of a foreign interest, senior foreign official,
Related:Defense Personnel Exchange Program, Defense Services, U.S. person, United States national, acquisition systems protection, caveat, communications intelligence, controlled information, cooperative program personnel, counterintelligence, counterintelligence assessment, criminal activity, critical financial markets, damage to the national security, delegation of disclosure authority letter, derogatory information, designated intelligence disclosure official, electronic intelligence, export, export license application, formerly restricted data, government-to-government transfer, intelligence, intelligence community, long-haul telecommunications, national security system, national security-related information, oral/visual disclosure, program protection plan, psychological operations, release prefix, security assurance, security policy automation network, senior intelligence officer, sensitive information, special access required programs oversight committee, special activity, tear line, technical security, technology control plan, technology transfer, telemetry intelligence, threat, unclassified sensitive,
foreign contact
IncludedBy:foreign,
Related:United States citizen,
foreign disclosure
IncludedBy:foreign,
Related:access, authorized, classified, security,
foreign disclosure point of contact
IncludedBy:foreign,
Related:classified,
foreign exchange personnel
IncludedBy:foreign,
foreign government information
IncludedBy:foreign,
foreign intelligence
IncludedBy:foreign, intelligence,
foreign intelligence service
IncludedBy:foreign, intelligence,
Foreign Intelligence Surveillance Act
IncludedBy:foreign, intelligence,
Related:electronic surveillance,
foreign interest
IncludedBy:foreign,
Related:trust,
foreign liaison officer
IncludedBy:foreign,
Related:authorized, connection, security,
foreign military sales
IncludedBy:foreign,
Related:authorized, security,
foreign national
IncludedBy:foreign,
foreign owned, controlled or influenced
IncludedBy:control, foreign,
foreign ownership, control, or influence
IncludedBy:foreign,
Related:access, authorized, classified,
foreign person
IncludedBy:foreign,
Related:trust,
foreign relations of the united states
IncludedBy:foreign,
Related:classified,
foreign representative
IncludedBy:foreign,
foreign travel briefing
IncludedBy:foreign,
Related:access, classified, security,
foreign visit
IncludedBy:foreign,
Related:access, classified,
forensic copy
forensic specialist
forensics
HasPreferred:computer forensics,
fork bomb
IncludedBy:threat,
Related:code, process, system,
formal
Antonym:informal,
Includes:formal access approval, formal development methodology, formal model of security policy, formal proof, formal security policy model, formal specification, formal top-level specification, formal verification,
Related:semantics,
formal access approval
IncludedBy:access, formal,
Related:classified, information, owner, privacy, process, requirements, security,
formal development methodology
IncludedBy:formal, software development methodologies,
Related:identification, model, program, requirements, security, software, system, verification,
formal language
Related:analysis, application, computer, program,
formal method
Related:policy, security, system,
formal model of security policy
IncludedBy:formal, model, policy, security, target of evaluation,
Synonym:formal security policy model,
formal proof
IncludedBy:formal, formal verification,
Related:computer, process, program, verification,
formal security policy
IncludedBy:policy, security,
formal security policy model
IncludedBy:formal, formal verification, model, policy, security policy, trusted computing base,
Includes:Bell-LaPadula security model, Biba Integrity model,
Related:computer, control, interface, operation, semantics, system,
Synonym:formal model of security policy,
formal specification
Antonym:informal specification,
IncludedBy:formal, formal verification,
Includes:formal top-level specification,
Related:computer, function, semantics, software, system,
formal top-level specification
IncludedBy:formal, formal specification, top-level specification,
Related:computer, model, policy, process, program, requirements, security, system, verification,
formal verification
IncludedBy:formal, verification,
Includes:endorsed tools list, formal proof, formal security policy model, formal specification,
Related:model, policy, process, program, security, system,
format
Related:computer, information, process,
formatting function
formerly restricted data
Related:classified, foreign,
formulary
Related:access, access control, control,
Fortezza
IncludedBy:National Institute of Standards and Technology, National Security Agency,
Related:CAPSTONE chip, MISSI user, SSO PIN, SSO-PIN ORA, algorithm, cryptographic, digital signature, encryption, hash, key, no-PIN ORA, personal identification number, personality label, signature, slot, software, tokens, user PIN, user-PIN ORA,
Forum of Incident Response and Security Teams
IncludedBy:computer emergency response team, incident, response,
Related:computer, computer security, information, information security, quality, security incident,
forward cipher
forward engineering
Related:process, system,
forward secrecy
Includes:forward secrecy with respect to A, forward secrecy with respect to both A and B individually, mutual forward secrecy, public-key forward secrecy,
PreferredFor:perfect forward secrecy,
Related:compromise, internet protocol security, internet security protocol, key,
forward secrecy with respect to A
IncludedBy:forward secrecy,
Related:key, operation, property,
forward secrecy with respect to both A and B individually
IncludedBy:forward secrecy,
Related:key, operation, property,
frame relay
Related:automated information system, system, technology, users,
framework
Related:computer, system,
framing
Related:information, standard, users,
fraud
IncludedBy:illegal, threat,
Includes:ACH debit fraud, account fraud, computer fraud, external fraud, fraudulent financial reporting, internal fraud,
Related:authentication, authorized, computer abuse, criminal groups, entity, identity theft, invalidity date, pharming, phishing, replay attacks, suspicious activity report, unforgeable,
fraudulent financial reporting
IncludedBy:fraud,
Related:audit,
Freedom of Information Act
Related:access,
freight forwarder
frequency division multiple access
IncludedBy:access,
Related:users,
frequency hopping
Related:algorithm, authorized, communications, communications security, jamming, telecommunications,
friend
friendly
front-end processor
IncludedBy:automated information system, process,
Related:communications, computer,
front-end security filter
IncludedBy:security,
Includes:firewall,
Related:computer, integrity, policy, process, software, system,
full accreditation
IncludedBy:accreditation,
Related:control, process, requirements, security, system,
full disk encryption
IncludedBy:encryption,
Related:access, authentication, computer, process, system,
full maintenance
Includes:depot maintenance,
full-duplex
Related:communications,
function
Includes:IT security support functions, TOE security functions, TOE security functions interface, binding of functionality, binding of security functionality, collision-resistant hash function, cryptographic check function, cryptographic functions, cryptographic hash function, functional component, functional package, functional proponent, functional protection requirements, functional security requirements specification, functional test case design, functional testing, functional unit, functionality, functionality class, hash function, hash function identifier, key derivation function, key generating function, mask generation function, one-way function, public-key derivation function, quality function deployment, reduction-function, round-function, security function policy, security functions, signature function, strength of function, sub-function, suitability of functionality, theft of functionality, trusted functionality, verification function,
Related:Abstract Syntax Notation One, Automated Information System security, CAPSTONE chip, CASE tools, CCI assembly, CCI component, CCI equipment, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC module, Common Criteria for Information Technology Security, Cryptographic Application Program Interface, Data Authentication Algorithm, Generic Upper Layer Security, Guidelines and Recommendations for Security Incident Processing, IA architecture, IT security product, Information Technology Security Evaluation Criteria, Internet Corporation for Assigned Names and Numbers, Internet Security Association and Key Management Protocol, Monitoring of Evaluations, Network File System, Open Systems Interconnection Reference model, PC card, PKCS #11, POSIX, Rivest-Shamir-Adleman algorithm, S/Key, SOF-basic, SOF-high, SOF-medium, SSO PIN, SSO-PIN ORA, Terminal Access Controller Access Control System, The Exponential Encryption System, Type 4 key, access control, accreditation, administrative access, alarm, alarm surveillance, application, application program interface, application system, approved, architecture, assignment, assurance, assurance profile, asymmetric cryptographic technique, attribute certificate, audit, audit charter, audit program, audit/review, authentication code, authorizing official, automated information system, back up vs. backup, best practices, black-box testing, block, break, bug, business areas, business case, centralized operations, certificate management, certification authority workstation, checksum, claimant, code amber, code red, command and control, common criteria, communications profile, completeness, component, component dependencies, component extensibility, component hierarchy, computer operations, audit, and security technology, computer security, computing security methods, configuration, configuration identification, configuration item, configuration management, continuity of operations plan, control loop, controlled access protection, cooperative key generation, correctness, corruption, cost/benefit, countermeasures, critical, criticality, criticality assessment, crypto-ancillary equipment, cryptographic check value, cryptographic initialization, cryptographic module, cryptographic officer, cryptographic randomization, cryptographic service, cryptographic token, cultural assumptions, data authentication code, data encryption standard, data input, data string, database management system, denial-of-service, digital signature, digital watermarking, disruption, distributed dataprocessing, domain parameter, dual control, effectiveness, electrical power systems, electronic commerce, electronic messaging services, email packages, embedded cryptographic system, embedded cryptography, embedded system, emergency services, encryption certificate, encryption software, evaluation, evaluation and validation scheme, extensibility, extension, fail soft, failure, failure control, fault, fault isolation, fault tolerant, finite state machine, formal specification, gateway, general support system, generation, global command and control system, granularity of a requirement, group user id, hardening, hash code, hash result, hash token, hash value, hashed message authentication code, human error, informal security policy, information architecture, information processing standard, information systems security equipment modification, information technology, information warfare, infrastructure, initial transformation, initializing value, integrity, intelligent electronic device, inter-TSF transfers, interface, internal subject, joint task force-computer network defense, key, key agreement, keyed hash, lines of business, logical access, logical system definition, maintenance, major application, malicious applets, malicious logic, man-in-the-middle attack, matrix, message authentication code algorithm, message authentication code vs. Message Authentication Code, message digest, message representative, metrics, misuse, mockingbird, modes of operation, mutual suspicion, mutually suspicious, national information assurance partnership, national security system, natural disaster, network security, no-PIN ORA, off-line cryptosystem, on-line cryptosystem, one-time passwords, open system interconnection model, operating system, operational integrity, organizational registration authority, output transformation, package, packet filtering, plug-in, point-to-point tunneling protocol, port, pre-signature, privilege, privileged process, privileged user, process, product, product rationale, programmable logic controller, protection profile, protection profile family, protection-critical portions of the TCB, protocols, proxy, public-key infrastructure, public-key system, quality of protection, randomizer, reference monitor, reference validation mechanism, registration authority, reliability, requirements, requirements traceability matrix, resource, restructuring, reusability, revision, risk, risk assessment, risk management, robustness, role, role-based access control, rootkit, salt, sector, secure hash standard, secure operating system, security, security certification level, security features, security management infrastructure, security mechanism, security policy, security relevant, security target, security testing, separation of duties, signaling, signaling system 7, signature certificate, signature equation, significant change, site certification, smartcards, software, software assurance, software enhancement, software reliability, software system test and evaluation process, stovepipe systems, stream cipher, strength of a requirement, structural testing, subassembly, subsystem, support software, system, system files, system integrity, system security officer, tamper, tampering, technology area, teleprocessing, testability, thrashing, threat, to-be-process model, token management, tokens, top-level specification, trapdoor, trojan horse, trust, trusted channel, trusted path, trustworthy system, turnaround time, unforgeable, user PIN, user-PIN ORA, usurpation, verifier, version, violation of permissions, website, white-box testing, word, workload,
functional component
IncludedBy:Common Criteria for Information Technology Security Evaluation, component, function, security target,
Includes:object,
Related:audit, requirements,
functional package
IncludedBy:function,
Includes:security target,
functional proponent
IncludedBy:function, network sponsor,
functional protection requirements
IncludedBy:function, protection profile,
Related:assurance, file, profile,
functional security requirements specification
IncludedBy:function, requirements, security,
functional test case design
IncludedBy:function, test,
Related:analysis, black-box testing,
functional testing
IncludedBy:function, security testing, test,
Related:black-box testing, computer, operation, response, system,
functional unit
IncludedBy:component, function,
functionality
IncludedBy:function, target of evaluation,
Related:requirements, security,
functionality class
IncludedBy:function, target of evaluation,
Related:policy, security, system, target,
future narrow band digital terminal
IncludedBy:security,
Related:message, network,
gap analysis
IncludedBy:analysis, risk analysis,
Related:audit, vulnerability analysis,
garbled
Related:cryptographic, destruction, key,
gas and oil production, storage and transportation
IncludedBy:critical infrastructures,
Related:critical, process, role, system,
gateway
IncludedBy:application proxy,
Includes:application gateway firewall, application level gateway, circuit level gateway, common gateway interface, dual-homed gateway firewall, firewall, gateway server, payment gateway, payment gateway certification authority, security gateway, trusted gateway, wireless gateway server,
Related:Chernobyl packet, authentication header, bastion host, break, cardholder certification authority, certification hierarchy, code, communications, component, computer, computer network, email, encapsulating security payload, ethernet meltdown, function, geopolitical certificate authority, guard, interface, internet control message protocol, internetwork, local-area network, merchant certification authority, network, operation, program, protocols, router, screened host firewall, screened subnet firewall, secure network server, security, system, transport mode vs. tunnel mode, tunnel, virtual private network, wiretapping,
gateway server
IncludedBy:gateway, internet,
Related:computer,
gauss
general accounting office
general controls
IncludedBy:control,
Related:IT security, application, computer, file, integrity, object, operation, policy, program, recovery, security, system,
General Services Administration
general support system
IncludedBy:system,
Related:application, communications, control, function, information, management, resource, software, users,
general-purpose system
IncludedBy:system,
Related:computer,
GeneralizedTime
Related:UTCTime, coordinated universal time,
generally accepted system security principles
IncludedBy:security, system,
generation
Related:cryptographic, function, key, metadata,
Generic Security Service Application Program Interface
IncludedBy:application, interface, internet, program, security protocol,
Includes:distributed computing environment, security support programming interface,
Related:authentication, code, confidentiality, cryptography, integrity, non-repudiation, privacy, process, protocols, standard, system, tokens,
generic SIO class
generic threat
IncludedBy:threat,
Related:vulnerability,
Generic Upper Layer Security
IncludedBy:security,
Related:application, confidentiality, function, information, integrity, standard,
geopolitical certificate authority
IncludedBy:Secure Electronic Transaction, authority, certificate,
Related:certification, gateway, public-key infrastructure,
geosynchronous orbit
global command and control system
IncludedBy:command and control, control, control systems, security, system,
Related:function, information, network, process,
global information grid
IncludedBy:information, security,
Related:application, communications, policy, process, software, system,
global information infrastructure
IncludedBy:information,
Related:communications, connection, system,
global network information environment
IncludedBy:information, network, security,
Related:process, system,
global positioning system
IncludedBy:system,
global requirements
Antonym:local requirements,
IncludedBy:requirements, trusted computing base,
Related:analysis, system,
global telecommunications service
IncludedBy:communications, telecommunications,
Related:network,
goodput
IncludedBy:firewall,
Related:bit forwarding rate, interface, network, protocols, test,
gopher
Related:computer, file, network, protocols, users,
Government Accountability Office
Related:audit, evaluation,
government contracting activity
government emergency telecommunications service
IncludedBy:communications, telecommunications,
Related:network,
government program manager
government services
Related:critical infrastructures,
government-approved facility
Related:access,
government-off-the-shelf
government-to-government transfer
Related:classified, foreign,
graduated security
IncludedBy:security,
Related:risk, system, technology, threat,
granularity
IncludedBy:access control,
Includes:object,
Related:access, control, file,
granularity of a requirement
IncludedBy:requirements, trusted computing base,
Includes:object, subject,
Related:function, users,
graphical-user interface
IncludedBy:interface, users,
Related:computer, key, program,
GRC senior staff
Related:program,
Green book
IncludedBy:rainbow series,
Related:information, interface, internet, passwords, process, program, standard, system,
ground wave emergency network
IncludedBy:network,
group
Related:users,
group key encryption key
IncludedBy:key,
group of users
IncludedBy:users,
Related:security, software,
group traffic encryption key
IncludedBy:key,
group user id
IncludedBy:user id,
Related:function, risk,
guard (system)
guard
IncludedBy:security,
Includes:firewall,
Related:United States citizen, access, access control, authorized, classified, computer, gateway, information, integrity, network, process, system, trust, users,
guerrilla warfare
IncludedBy:warfare,
guessing entropy
Related:attack, passwords, random, system,
guest system
Related:access,
guideline
Related:policy,
Guidelines and Recommendations for Security Incident Processing
IncludedBy:incident, process, security incident,
Related:function, internet, network, response, role, technology,
Gypsy verification environment
IncludedBy:software development methodologies, verification,
Related:flow, information, process, program, users,
hackers
IncludedBy:threat,
Includes:cracker, hacking, script bunny,
Related:Samurai, access, access control, attack, authorization, authorized, computer, computer network, critical, damage, hacking run, information, intelligence, internet, malicious, network, program, protocols, security, system, users,
hacking
IncludedBy:hackers,
Related:authorized, information, network, security, system,
hacking run
Related:hackers,
half-block
handcarrier
Related:authorized, classified, connection,
handle
Related:operation, process,
handle via special access control channels only
IncludedBy:access,
Related:classified, requirements, security,
handler
Related:attack, control, incident, program, response,
handshaking procedures
Related:authentication, computer, identify, program, users,
hard copy key
IncludedBy:key,
Related:program,
hard disk
hard-copy output
hardened unique storage
hardened unique storage Key
IncludedBy:key,
hardening
Related:assurance, availability, business process, computer, function, process, security,
hardware
IncludedBy:cryptographic module,
Related:computer, cryptographic, module, process, program, software, system,
hardware and system software maintenance
IncludedBy:software, system,
Related:control, operation, security,
hardware or software error
IncludedBy:software, threat consequence,
Related:operation, system,
hardware token
HasPreferred:tokens,
hardwired key
IncludedBy:key,
hash
IncludedBy:security,
Includes:collision-resistant hash function, cryptographic hash function, hash algorithm, hash code, hash function, hash function identifier, hash result, hash token, hash totals, hash value, hashed message authentication code, hashing, hashword, keyed hash, keyed hash algorithm, secure hash algorithm, secure hash standard,
Related:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Cryptographic Message Syntax, Data Authentication Algorithm, Fortezza, MD2, MD4, MD5, POP3 APOP, Rivest-Shamir-Adleman algorithm, S/Key, SET private extension, SET qualifier, algorithm, certificate revocation tree, challenge-response protocol, checksum, code, cryptographic, cryptographic algorithm, cryptographic component, cryptographic service, cryptographic system, cryptography, cyclic redundancy check, data authentication code vs. Data Authentication Code, data items' representation, data string, digital signature, digital signature algorithm, domain parameter, dual signature, fingerprint, imprint, initializing value, integrity, integrity check, matrix, message, message authentication code vs. Message Authentication Code, message digest, message integrity code, one-time passwords, one-way function, output transformation, public-key forward secrecy, reduction-function, round-function, secure socket layer, thumbprint, witness, word,
hash algorithm
IncludedBy:algorithm, hash,
Related:message,
hash code
IncludedBy:code, hash,
Related:function, hash function, subject,
hash function
IncludedBy:function, hash,
Related:algorithm, application, attack, authentication, cryptographic, cryptographic hash function, cryptography, data authentication code, domain, file, hash code, hash result, hash value, message, message authentication code, object, property, random, requirements, subject,
hash function identifier
IncludedBy:function, hash,
Related:identify,
hash result
IncludedBy:hash,
Related:function, hash function, message, process,
hash token
IncludedBy:hash, tokens,
Related:code, control, domain, function, identify, signature,
hash totals
IncludedBy:hash,
Related:file, information,
hash value
IncludedBy:hash,
Related:cryptographic, function, hash function, message,
hashed message authentication code
IncludedBy:code, hash, message, message authentication code,
Related:analysis, cryptographic, cryptography, function, key, software,
hashing
IncludedBy:hash,
hashword
IncludedBy:hash,
hazard
head of department of defense component
health information exchange
help desk
Related:communications, computer, entity,
hierarchical decomposition
IncludedBy:development process,
Related:system,
hierarchical development methodology
IncludedBy:software development methodologies,
Related:flow, information, process, program,
hierarchical input process output
IncludedBy:process,
hierarchical PKI
IncludedBy:public-key infrastructure,
Related:certification,
hierarchy management
IncludedBy:public-key infrastructure,
Related:certificate, certification, key, process, public-key,
hierarchy of trust
IncludedBy:public-key infrastructure, trust,
Related:certification,
high assurance guard
IncludedBy:assurance,
Related:access, classified, control, message, software,
high availability
IncludedBy:availability,
high impact
Related:availability, damage, security, threat,
high-impact system
IncludedBy:system,
Related:availability, information, integrity, object, security,
hijack attack
IncludedBy:attack,
Related:IP splicing/hijacking, association, control, hijacking, pagejacking, spoofing, terminal hijacking,
hijacking
Related:application, attack, hijack attack, response, session hijack attack, system, users,
hoax
IncludedBy:threat,
Related:social engineering, system, users,
home office facility
homed
IncludedBy:firewall,
Includes:tri-homed,
Related:interface, network, security testing, test,
honeypot
Related:attack, authorized, file, resource, system, users,
host
IncludedBy:automated information system,
Related:access, access control, application, communications, computer, computer network, information, internet, network, protocols, software, system, users,
host based
IncludedBy:automated information system,
Related:audit, information, intrusion,
host to front-end protocol
IncludedBy:automated information system, protocols,
Related:control,
host-based firewall
IncludedBy:automated information system, firewall,
Related:application, computer, network, software,
host-based intrusion prevention system
IncludedBy:intrusion, system,
Related:identify, program,
host-based security
IncludedBy:security,
Related:attack, system, version,
hot site
IncludedBy:disaster recovery,
Related:cold site, critical, software, system,
hot wash
Related:test,
https
Related:access, access control, internet, protocols, security,
human error
IncludedBy:threat consequence,
Related:authorized, entity, function, system,
human intelligence
IncludedBy:intelligence,
human user
IncludedBy:target of evaluation, users,
human-machine interface
IncludedBy:interface,
Related:control, software,
hybrid encryption
IncludedBy:encryption,
Related:algorithm, application, confidentiality, cryptography, key,
hybrid security control
IncludedBy:control, security,
hybrid threat
IncludedBy:threat,
Related:criminal, hybrid warfare, information, object, warfare,
hybrid warfare
IncludedBy:warfare,
Related:criminal, hybrid threat, threat,
hydrometer
hydrophone
hydroscope
Related:object,
hygrograph
hygrometer
hygroscope
hyperlink
IncludedBy:world wide web,
Related:access, access control, information, link, object, users,
hypermedia
Related:internet, object,
hypertext
Related:access, access control, computer, internet, standard generalized markup language, world wide web,
hypertext markup language
IncludedBy:standard generalized markup language, world wide web,
Related:application, file, semantics, system,
hypertext transfer protocol
IncludedBy:protocols, world wide web,
Related:application, internet, network, response, secure socket layer,
IA architecture
IncludedBy:information assurance,
Related:function, operation, security, system,
IA infrastructure
Related:management, risk, security,
IA product
Related:access, authentication, control, security,
IA-enabled information technlogogy product
IncludedBy:information,
Related:role, router, security, system, technology, trust,
IA-enabled information technology product
IncludedBy:information, information assurance, technology,
IA-enabled product
Related:security, trust,
ICMP flood
IncludedBy:attack,
Related:denial-of-service, protocols,
identification
IncludedBy:accountability, authentication,
Includes:Identification Protocol, bank identification number, configuration identification, control identification list, identification and accreditation, identification and authentication, identification authentication, identification data, identification, friend or foe, identification, friend, foe, or neutral, identify, identity, identity based access control, identity-based security policy, key management identification number, personal identification number, privacy, authentication, integrity, identification, non-repudiation, radio frequency identification, risk identification, target identification and analysis techniques, terminal identification, trusted identification forwarding,
Related:Attack Sensing and Warning, IT security support functions, SSO PIN, access, access control, alarm reporting, anonymity, anti-spoof, attribute certificate, bar code, biometric system, candidate TCB subset, certificate, class 2, 3, 4, or 5, comparisons, compromised key list, configuration control, digital forensics, digital id, domain controller, entity, firewall, formal development methodology, identity credential, identity credential issuer, individual electronic accountability, information systems security, information systems security equipment modification, key tag, network component, network sniffing, operations security, personal identity verification, pre-certification phase, primary account number, process, public-key derivation function, redundant identity, registration authority, relying party, repair action, resource, risk analysis, risk assessment, risk management, security controls, spoofing, system, target vulnerability validation techniques, threat assessment, token device, trusted agent, uniform resource identifier, user PIN, users, validate vs. verify, verification, vulnerability assessment,
identification and accreditation
IncludedBy:accreditation, identification,
identification and authentication
IncludedBy:assurance, identification,
Related:access, access control, control, entity, identity, system, users,
identification authentication
IncludedBy:identification,
Related:access, access control, code, computer, entity, identity, process, resource, response, users,
identification data
IncludedBy:identification,
Related:domain, entity, identify, identity credential, key, policy, process, security, signature,
Identification Protocol
IncludedBy:identification, internet, protocols, security protocol,
Related:access, access control, audit, authorization, connection, control, entity, identity, information, owner, system, users,
identification, friend or foe
IncludedBy:identification,
identification, friend, foe, or neutral
IncludedBy:identification,
identifier
Related:entity, identity, key,
identify
IncludedBy:identification,
Related:CRYPTO, DoD Information Technology Security Certification and Accreditation Process, PKIX private extension, SATAN, SWOT analysis, TSEC nomenclature, Tripwire, access level, accountability, alert, antivirus software, audit, audit/review, bank identification number, baseline management, benchmarking, best practices, biometrics, business impact analysis, call back, call back security, certificate revocation list, certifier, configuration management, connection establishment, connection maintenance, connection teardown, dial back, distinguished name, electronic warfare support, evaluator actions, expert review team, external label, false negative, fishbone diagram, flow, handshaking procedures, hash function identifier, hash token, host-based intrusion prevention system, identification data, identity, identity credential, identity theft, individual accountability, information security, information systems security engineering, inspectable space, interface control document, intrusion detection, intrusion detection systems, intrusion detection tools, management server, mass mailing worm, message identifier, network behavior analysis system, network-based intrusion prevention system, observation reports, operations security, penetration signature, penetration test, penetration testing, persistent cookie, registration service, requirements for content and presentation, requirements for procedures and standards, reverse engineering, risk analysis, risk assessment, risk evaluation, risk identification, risk management, root cause analysis, security association identifier, security policy model, short title, signature, smartcards, sniffer, spyware detection and removal utility, stateful protocol analysis, system indicator, system security authorization agreement, system testing, terminal identification, test, test design, threat analysis, triangulation, uniform resource identifier, user id, user identifier, vulnerability analysis, vulnerability assessment, vulnerability audit, wireless intrusion detection and prevention system,
identity
IncludedBy:entity, identification,
Includes:federated identity, identity based access control, identity binding, identity credential, identity credential issuer, identity management systems, identity proofing, identity registration, identity theft, identity token, identity validation, identity verification, identity-based security policy, personal identity verification, redundant identity, tradecraft identity, workcraft identity,
Related:Identification Protocol, KMI-aware device, KOA agent, OAKLEY, applicant assertion, assurance, attribute authority, authenticate, authentication data, authentication exchange, authentication information, authentication mechanism, authentication protocol, authentication service, authenticator, authenticity, authorization, authorized, automated information system media control system, binding, biometric measurement, biometric system, biometrics, cardholder, certificate, certification authority, certify, challenge/response, claimant, comparisons, component, covert operation, credentials, criminal groups, cryptography, data integrity service, data origin authentication service, digital certificate, digital id, digital signature, digital signature algorithm, discrete process, discretionary access control, distinguished name, domain, electronic credentials, entity authentication of A to B, false acceptance, false rejection, false rejection rate, identification and authentication, identification authentication, identifier, identify, individual accountability, information, interoperability, key owner, masquerade attack, masquerading, mutual authentication, mutual entity authentication, non-repudiation, object, one-time passwords, organizational registration authority, password system, passwords, peer entity authentication service, personal identification number, personally identifiable information, phishing, physical access control, policy-based access control, principal, private accreditation information, protected channel, proxy server, pseudonym, public-key certificate, public-key infrastructure, references, registration, registration authority, relying party, response, role-based access control, secure socket layer, security, simple authentication, source authentication, strong authentication, subject, ticket, tokens, trust, undercover operation, unilateral authentication, users, validate vs. verify, verification, verified name, verifier, witness,
identity based access control
IncludedBy:access, control, entity, identification, identity,
Related:authorization,
identity binding
IncludedBy:identity,
identity credential
IncludedBy:credentials, entity, identity,
Related:identification, identification data, identify, identity credential issuer, information, users,
identity credential issuer
IncludedBy:credentials, entity, identity,
Related:PIV issuer, access, access control, certification authority, identification, identity credential, resource, users, validate,
identity management systems
IncludedBy:entity, identity, system,
Related:application, process, validation, verification,
identity proofing
IncludedBy:entity, identity,
Related:authority, establishment, information, process, registration, validate,
identity registration
IncludedBy:identity,
identity theft
IncludedBy:entity, identity, theft,
Includes:ACH debit fraud, account fraud,
Related:dumpster diving, fraud, identify, information, keystroke logger, phishing, shoulder surfing, social engineering, spyware, subject,
identity token
IncludedBy:entity, identity, tokens,
Related:key, object,
identity validation
IncludedBy:entity, identity, validation,
Related:resource, test, users,
identity verification
IncludedBy:entity, identity, verification,
Related:access, access control, process, system,
identity-based security policy
IncludedBy:entity, identification, identity, policy, security,
Related:access, access control, object, process, resource, subject, system, users,
IEEE 802.10
Related:network, security, standard,
IEEE P1363
Related:cryptography, digital signature, encryption, key, public-key, signature, standard,
illegal
IncludedBy:risk,
Includes:criminal, fraud, illegal drug use, illegal traffic, theft,
Related:computer related crime, ethernet meltdown, suspicious contact, unclassified controlled nuclear information,
illegal drug use
IncludedBy:illegal,
Related:authorized,
illegal traffic
IncludedBy:firewall, illegal,
Related:bit forwarding rate, ruleset,
Synonym:rejected traffic,
image
imagery
Related:object,
imagery intelligence
IncludedBy:intelligence,
Related:object,
imaging system
IncludedBy:system,
Related:computer,
IMAP4 AUTHENTICATE
Related:authentication, challenge/response, key, protocols, response, security,
imitative communications
IncludedBy:communications,
Related:message,
imitative communications deception
Related:adversary,
immediate family member
Related:access,
immigrant alien
impact
Related:attack, authorized, availability, damage, incident, information, risk assessment, system,
impact level
Related:availability, security,
impact value
Related:availability,
impersonating
Related:spoof,
Synonym:impersonation,
impersonation
IncludedBy:attack,
Includes:verifier impersonation attack,
Related:access, access control, active attack, address spoofing, authentication, authorized, computer, ip spoofing, man-in-the-middle attack, masquerading, mimicking, network, replay attacks, social engineering, spoofing, system, users,
Synonym:impersonating, masquerade,
implant
Related:authorized, emanation, emanations security, information,
implementation
IncludedBy:target of evaluation,
Related:process, software, target,
implementation under test
IncludedBy:test,
Related:protocols, security testing,
implementation vulnerability
IncludedBy:vulnerability,
Related:software,
implicit key authentication from A to B
IncludedBy:authentication, key,
Related:assurance, entity,
imported software
IncludedBy:software,
imprint
Related:code, hash,
improved emergency message automatic transmission system
IncludedBy:message, system,
in the clear
Related:encryption,
inadvertent disclosure
IncludedBy:incident,
Related:access, access control, authorized, exposures, information, risk,
inadvertent disclosure incident
Related:access, authorized, classified, security, security incident,
inappropriate usage
IncludedBy:threat,
incapacitation
IncludedBy:risk, threat consequence,
Related:critical, critical infrastructures, operation, system,
incident
IncludedBy:threat,
Includes:COMSEC incident, Computer Incident Advisory Capability, Forum of Incident Response and Security Teams, Guidelines and Recommendations for Security Incident Processing, IT security incident, attack, automated security incident measurement, compromise, computer incident assessment capability, computer intrusion, computer security incident, computer security incident response capability, computer security incident response team, contamination, cyber incident, data compromise, denial-of-service, flooding, inadvertent disclosure, incident handling, incident response capability, multiple component incident, probe, program automated information system security incident support team, security incident, security intrusion, suspicious event,
Related:COMSEC insecurity, antivirus software, availability, classified information spillage, communications security, computer, computer emergency response team, event, failure access, handler, impact, indication, information, infrastructure assurance, integrity, intrusion, intrusion detection, intrusion detection and prevention, intrusion prevention, intrusion prevention system, joint task force-computer network defense, mitigation, precursor, process, protective technologies, response, security, security controls, security event, security policy, signature, spyware detection and removal utility, standard, system, vulnerability,
incident handling
IncludedBy:incident, response,
PreferredFor:incident response,
Related:security,
incident of security concern
IncludedBy:security,
Related:access, attack, authorized, classified,
incident response
HasPreferred:incident handling,
incident response capability
IncludedBy:incident, response,
Related:control, operation, security, system,
incident response plan
Related:attack, cyberspace,
incomplete parameter checking
IncludedBy:threat,
Related:penetration, system,
inculpatory evidence
independence
Related:audit,
independent assessment
IncludedBy:assessment,
Related:control, evaluation, security, system,
independent research and development
independent review and evaluation
IncludedBy:evaluation,
Related:system,
independent validation and verification
IncludedBy:validation, verification,
Related:analysis, requirements, security testing, software, software development, test, users,
independent validation authority
Related:control, requirements, risk, security, software,
indication
Related:incident, malware, security,
Synonym:signature,
indicator
Related:adversary, attack,
indirect certificate revocation list
IncludedBy:certificate, public-key infrastructure, revocation,
Related:X.509,
indistinguishability
Related:algorithm, encryption, security,
individual accountability
Related:access, access control, computer, entity, identify, identity, system, users,
individual electronic accountability
Related:access, access control, authentication, identification, system, users,
individuals
Related:privacy,
indoctrination
Related:access,
industrial control system
IncludedBy:control,
industrial espionage
industrial security
IncludedBy:security,
Related:classified, information security,
industry standard architecture
IncludedBy:standard,
Related:automated information system,
infection
IncludedBy:threat,
Related:malicious, virus, worm,
inference
IncludedBy:threat consequence,
Related:access, access control, authorized, communications, entity,
informal
Antonym:formal,
Includes:informal specification,
informal security policy
IncludedBy:policy, security,
Related:function,
informal specification
Antonym:formal specification,
IncludedBy:development process, informal,
information
Includes:American Standard Code for Information Interchange, Automated Information System security, Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Defense Information Infrastructure, Defense Information System Network, Defensive Information Operations, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Federal Information Processing Standards, Federal Information Processing Standards Publication 140, IA-enabled information technlogogy product, IA-enabled information technology product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, National COMSEC Information Memorandum, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Administration, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, authentication information, automated information system, bandwidth, biometric information, center for information technology excellence, certified information systems security professional, chief information agency officer, chief information officer, classified information, classified information spillage, control information, control objectives for information and related technology, defense-wide information assurance program, directory information base, disclosure of information, endorsed for unclassified cryptographic information, executive information systems, global information grid, global information infrastructure, global network information environment, information and communications, information architecture, information assurance, information assurance manager, information assurance officer, information assurance product, information category, information center, information engineering, information environment, information flow, information flow control, information operations, information owner, information processing standard, information protection policy, information ratio, information resources, information security, information security policy, information security testing, information sharing and analysis center, information superhighway, information superiority, information system, information system security officer, information systems audit and control association, information systems audit and control foundation, information systems security, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, information systems security product, information systems/technology, information technology, information technology system, information type, information warfare, major information system, management information base, multilevel information systems security initiative, national information assurance partnership, national information infrastructure, national security information, national telecommunications and information system security directives, network information services, non-repudiation information, official information, operational vulnerability information, private accreditation information, program automated information system security incident support team, proprietary information, public information, public-key information, request for information, security information object, security information object class, security policy information file, sensitive compartmented information, sensitive compartmented information facility, sensitive information, special information operations, status information, subcommittee on Automated Information System security, technical vulnerability information, wide area information service,
Related:Abrams, Jojodia, Podell essays, Abstract Syntax Notation One, BLACK, Bell-LaPadula security model, British Standard 7799, C2-attack, C2-protect, CASE tools, CCI equipment, COMSEC equipment, COMSEC insecurity, COMSEC modification, COMSEC survey, COMSEC system data, CRYPTO, Digital Signature Standard, FIPS PUB 140-1, Federal Criteria Vol. I, Federal Standard 1027, Forum of Incident Response and Security Teams, Generic Upper Layer Security, Green book, Gypsy verification environment, IS related risk, IT Security Evaluation Criteria, IT security, IT security controls, IT security database, IT security incident, IT security policy, IT-related risk, Identification Protocol, Integrated CASE tools, International Traffic in Arms Regulations, International organization for standardization, Internet Corporation for Assigned Names and Numbers, Internet Protocol Security Option, NIAP Common Criteria Evaluation and Validation Scheme, National Institute of Standards and Technology, National Security Agency, National Security Decision Directive 145, PKCS #11, PKIX, POSIX, RED, RED signal, RED team, RED/BLACK concept, RED/BLACK separation, SAML authentication assertion, SET private extension, SET qualifier, Secure Electronic Transaction, TEMPEST, TOE security functions interface, Tripwire, Type 1 key, Type 2 key, Type I cryptography, Type II cryptography, Type III cryptography, Wassenaar Arrangement, X.500 Directory, acceptance inspection, access, access control, account aggregation, account management, accountability, accreditation, accreditation authority, accreditation boundary, accreditation multiplicity parameter, adequate security, administration documentation, adversary, aggregation, alarm reporting, alarm surveillance, analysis of alternatives, anonymity, anti-jam, applicant assertion, application data backup/recovery, application server attack, approval/accreditation, approved technologies list, architecture, archive, assessment, asset, association, assurance, asynchronous communication, attack, attackers, attribute certificate, audit record, audit service, audit trail, authentication, authentication code, authentication data, authentication exchange, authenticity, authorized person, authorizing official, automated security incident measurement, availability, banner grabbing, bar code, binding, biometric authentication, bit, block chaining, boundary host, breach, browser, browsing, buffer overflow, business areas, byte, capability, cardholder, cascading, category, certificate, certificate policy qualifier, certificate status responder, certificate user, certification, certification authority, certification path, challenge, challenge/response, channel, channel capacity, checksum, ciphertext, ciphony, class 2, 3, 4, or 5, classification levels, classified, clearance level, cleartext, code, collaborative computing, color change, command and control warfare, common criteria, common criteria version 1.0, common criteria version 2.0, communication channel, communications cover, communications protocol, communications security, compartment, compartmentalization, compartmented mode, compensating security controls, compromise, compromising emanations, computer abuse, computer cryptography, computer emergency response team, computer intrusion, computer network attack, computer network defense, computer network exploitation, computer security, computer security incident, computer security incident response team, computer security intrusion, computer security technical vulnerability reporting program, concealment system, confidentiality, configuration control, connection, contactless smart card, control, control objectives, control zone, controlled cryptographic item, controlled interface, controlled security mode, cookies, corporate security policy, correctness, correctness integrity, counterintelligence, countermeasures, cover-coding, covert channel, covert channel analysis, covert timing channel, cracker, credentials, criteria, critical security parameters, critical system, criticality, criticality/sensitivity, cross domain solution, cryptographic algorithm for confidentiality, cryptographic check value, cryptographic token, cryptography, cryptosystem survey, cyberattack, cybersecurity, cyberspace, cyberspace operations, data, data aggregation, data architecture, data communications, data compromise, data confidentiality, data custodian, data encryption standard, data flow control, data integrity, data storage, data synchronization, database, database management system, database server, datagram, decrypt, dedicated mode, dedicated security mode, defense-in-depth, degausser, degausser products list, demilitarized zone, descriptive top-level specification, designated approving authority, diagnostics, digital document, digital forensics, digital id, digital signature, direct data feed, directory service, directory vs. Directory, distinguished name, distinguishing identifier, distribution point, documentation, domain controller, domain name system, domain of interpretation, dongle, downgrade, dual control, due care, dumpster diving, eavesdropping, eavesdropping attack, electronic authentication, electronic commerce, electronic security, electronic signature, electronic warfare support, emanation, emanations security, emissions security, encipherment, encode, encryption, end-to-end encryption, end-to-end security, endorsed for unclassified cryptographic item, endorsement, entry label, erasure, error detection code, evaluated products list, evaluator actions, evidence, executive steering committee, expert review team, explain, exploit, exploitable channel, extension, facilities, fiber-optics, fishbowl, flooding, formal access approval, format, framing, general support system, global command and control system, guard, hackers, hacking, hash totals, hierarchical development methodology, high-impact system, host, host based, hybrid threat, hyperlink, identity, identity credential, identity proofing, identity theft, impact, implant, inadvertent disclosure, incident, input data, inspectable space, instrumentation, integrity, integrity policy, intelligence, interconnection security agreements, interface, interference, interim accreditation, interim approval to operate, interim approval to test, interleaving attack, internal system exposure, internet control message protocol, interoperability, interoperability standards/protocols, intranet, intrusion, intrusion detection, intrusion detection systems, key agreement, key establishment, key exchange, key tag, key wrapping, keying material, laboratory attack, leapfrog attack, legacy data, legacy systems, level of protection, levels of concern, lifecycle management, lines of business, link encryption, logical system definition, low-impact system, magnetic remanence, major application, malware, man-in-the-middle attack, management controls, management server, mandatory access control, master file, match, memory scavenging, merchant, message externals, metadata, mission critical, mobile code, mode of operation, moderate-impact system, modes of operation, multi-security level, multicast, multilevel mode, multilevel secure, multilevel security, multilevel security mode, multimedia, multiuser mode of operation, national computer security assessment program, national security system, nations, need-to-know, need-to-know determination, network, network connection, network management protocol, network security, network security officer, network sniffing, non-discretionary security, non-repudiation, non-repudiation exchange, non-technical countermeasure, object, object identifier, on ramp, one-part code, one-time passwords, online certificate status protocol, open storage, open systems interconnection, operational controls, operational documentation, operational key, operations security, oracle, organisational security policy, out-of-band, output, output data, packet, packet filtering, packet switching, partitioned security mode, passive, passive threat, passwords, payload, people, periods processing, personalization service, personnel security, pharming, phishers, phishing, phreaking, physical security, post-accreditation phase, preferred products list, privacy, privacy impact assessment, privacy protection, private accreditation exponent, private data, private key, probe, process, product rationale, promiscuous mode, proprietary, protected distribution systems, protection needs elicitation, protective distribution system, protective technologies, protocol converter, protocol data unit, protocols, psychological operations, public law 100-235, public-key, public-key certificate, public-key infrastructure, purge, purging, radio frequency identification, read, read access, real-time, records, recovery site, redundancy, references, register, register entry, registration authority, regrade, reliability, relying party, remanence, remote access, remote authentication dial-in user service, remote diagnostics, repository, repudiation, requirements for content and presentation, residual risk, residue, resource, review techniques, risk, risk analysis, risk assessment, risk management, rootkit, routing, rules of engagement, sample, sanitization, sanitize, sanitizing, scanning, screen scraping, secrecy policy, secret, sector coordinator, sector liaison, secure channel, security, security assertion markup language, security association, security attribute, security breach, security category, security certificate, security clearance, security controls, security domain, security evaluation, security event, security flow analysis, security incident, security label, security level, security management, security management infrastructure, security plan, security policy, security policy model, security requirements, security situation, security strength, security tag, security violation, semantic security, sensitive, sensitive label, sensitivity, sensitivity label, signaling, significant change, simple authentication, simple network management protocol, single-level device, smartcards, sniffer, social engineering, soft TEMPEST, solicitation, source integrity, spammers, special access program, special access program facility, spillage, split knowledge, spoofing, spread spectrum, spyware, state, stateful packet filtering, strong authentication, sub-function, subcommittee on telecommunications security, subject, subsystem, superencryption, system, system entity, system high mode, system low, system retention/backup, system security, system security engineering, system security officer, system security policy, system-high security mode, systems security steering group, tamper, target identification and analysis techniques, target vulnerability validation techniques, technical controls, technical countermeasures, technical security policy, telecommunications, teleprocessing, terrorists, threat, threat agent, threat analysis, threat assessment, threat monitoring, token backup, token copy, token device, tokens, topology, traceroute, traffic analysis, transaction, transmission, transmission security, trapdoor, trojan horse, trust, trusted channel, trusted computer system, trusted gateway, trusted identification forwarding, trusted path, trusted platform module chip, trusted subject, trusted time stamp, type 1 products, type 2 product, type 3 key, type 3 product, type certification, unauthorized disclosure, unclassified, uniform resource locator, user documentation, user partnership program, user representative, users, validate vs. verify, validated products list, vaulting, verification, verifier impersonation attack, virtual departments or divisions, virtual private network, vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit, web bug, website, wireless technology, wiretapping, workflow, workstation, world wide web, worm, write,
information and communications
IncludedBy:communications, critical infrastructures, information,
Related:critical, process, software, telecommunications,
information architecture
IncludedBy:automated information system, information,
Related:function, interface,
information assurance
IncludedBy:assurance, information,
Includes:IA architecture, IA-enabled information technology product, defense-wide information assurance program, information assurance manager, information assurance officer, information assurance product, national information assurance partnership,
Related:Defensive Information Operations, access, adversary, authentication, authorized, availability, certification, common criteria, confidentiality, exploit, information security, information systems security manager, integrity, intrusion, level of protection, levels of concern, malicious, non-repudiation, object, operation, requirements, system, trust, vulnerability,
information assurance component
IncludedBy:assurance,
Related:software,
information assurance manager
IncludedBy:information, information assurance,
Related:system,
information assurance officer
IncludedBy:information, information assurance, officer,
Related:network security officer, system, system administrator,
information assurance product
IncludedBy:information, information assurance,
Related:access, access control, authentication, authorized, control, integrity, intrusion, intrusion detection, malicious, system, technology, vulnerability,
information category
IncludedBy:information,
Related:access, access control, classified, control, process, security, system, technology,
information center
IncludedBy:automated information system, information,
information domain
Related:security,
information engineering
IncludedBy:automated information system, information,
Related:system,
information environment
IncludedBy:automated information system, information,
Related:process, system,
information flow
IncludedBy:automated information system, flow, information,
Related:computer, system,
information flow control
IncludedBy:control, flow, information,
Includes:object,
PreferredFor:flow control,
Related:security, system,
information integrity
information management
IncludedBy:management,
Related:control,
information operations
IncludedBy:automated information system, information, operation,
Related:adversary, system,
information owner
IncludedBy:information, owner,
Related:authority, control, operation, process,
information processing standard
IncludedBy:information, process, standard,
Related:communications, function, interoperability, operation, security testing, software, telecommunications, test,
information protection policy
IncludedBy:information, policy,
Related:assurance, operation, security policy, threat,
information rate
HasPreferred:bandwidth,
information ratio
IncludedBy:automated information system, information,
information resources
IncludedBy:information, resource,
Related:technology,
information security
IncludedBy:information, security,
Includes:information security oversight office, information security policy, information security testing, information systems security,
Related:Abrams, Jojodia, Podell essays, British Standard 7799, DoD Information Technology Security Certification and Accreditation Process, Forum of Incident Response and Security Teams, International Traffic in Arms Regulations, National Institute of Standards and Technology, National Security Agency, Sensitive Information Computer Security Act of 1987, access, access control, activity security manager, attack, authorized, availability, communications security, computer, confidentiality, contractor special security officer, control, critical, due care, identify, industrial security, information assurance, information system security officer, integrity, management controls, mission critical, national information assurance partnership, national security system, non-technical countermeasure, process, public-key infrastructure, review techniques, risk, rules of engagement, security policy, system, target identification and analysis techniques, target vulnerability validation techniques, technical countermeasures, threat, users, vulnerability,
information security architect
IncludedBy:security,
Related:requirements,
information security architecture
IncludedBy:security,
information security oversight office
IncludedBy:information security,
Related:classified,
information security policy
IncludedBy:information, information security, policy,
information security program plan
IncludedBy:security,
Related:control, management, requirements,
information security risk
IncludedBy:risk,
Related:access,
information security testing
IncludedBy:information, information security, security testing, test,
Related:control, process, requirements, system,
information sharing
Related:requirements,
information sharing and analysis center
IncludedBy:analysis, information,
Related:intrusion, threat, vulnerability,
information sharing environment
Related:access, control, security, trust,
information steward
Related:access, control, management, security,
information superhighway
IncludedBy:information,
Related:communications, system,
information superiority
IncludedBy:information,
Related:adversary, exploit, flow, process,
information system
IncludedBy:information, system,
Related:computer, control, process, resource,
information system and network security
IncludedBy:network, security,
Related:availability,
information system lifecycle
Related:development,
information system owner
Related:development,
information system resilience
Related:attack,
information system security engineer/system design security officer
IncludedBy:security,
Related:requirements,
information system security officer
IncludedBy:computer security, information, officer, system, system security officer,
Related:authority, information security, operation, owner, program,
information system storage device
information systems audit and control association
IncludedBy:association, audit, control, information, system,
information systems audit and control foundation
IncludedBy:audit, control, information, system,
information systems security
IncludedBy:information, information security, system, threat,
Includes:network security, system security, system security engineering, telecommunications security,
Related:access, access control, authentication, authorized, denial-of-service, encryption, identification, process, unauthorized access, users,
Synonym:computer security,
information systems security association
IncludedBy:association, computer security, information, system,
information systems security engineering
IncludedBy:computer security, information, requirements, system, threat,
Related:communications, countermeasures, identify, process, risk management, vulnerability,
information systems security equipment modification
IncludedBy:computer security, information, system,
Includes:COMSEC modification,
Related:authentication, control, encryption, function, identification, key, message, policy, software,
information systems security manager
IncludedBy:computer security, information, system,
Related:assurance, information assurance, program,
information systems security officer
IncludedBy:computer security, information, officer, system,
Includes:network security officer,
Related:operation, program,
information systems security product
IncludedBy:information, security, system,
Related:module,
Information Systems Security products and services catalogue
IncludedBy:computer security, information, system,
Includes:degausser products list, endorsed tools list, evaluated products list, preferred products list,
information systems security representative
IncludedBy:security,
information systems/technology
IncludedBy:information, system, technology,
information technology
IncludedBy:automated information system, information, technology,
Related:communications, computer, control, function, management, process, resource, software, system, telecommunications,
Information Technology Security Evaluation Criteria
IncludedBy:computer security, criteria, evaluation, information, technology,
Related:assurance, function, standard,
information technology system
IncludedBy:automated information system, information, system, technology,
Related:communications, computer,
information type
IncludedBy:information,
Related:policy, privacy, security,
information warfare
IncludedBy:information, threat, warfare,
Related:adversary, exploit, function, object, operation, process, system,
infrastructure
Related:flow, function, security, system,
infrastructure assurance
IncludedBy:assurance,
Related:confidence, critical, critical infrastructures, damage, incident, response, risk, risk management, threat,
infrastructure protection
IncludedBy:critical infrastructures,
Related:assurance, critical, risk, threat, vulnerability,
ingress filtering
Related:internet, process, security,
inheritance
Related:object,
initial operating capability
Related:requirements,
initial transformation
Related:algorithm, function, network,
initialization value
Related:algorithm, cipher, cryptographic, key, message, process,
Synonym:initialization vector,
initialization vector
IncludedBy:data encryption standard,
Related:algorithm, cipher, cryptographic, encryption, operation, process,
Synonym:initialization value,
initialize
Related:cryptographic, cryptography, encryption, key,
initializing value
Related:cipher, encipherment, function, hash, process,
initiator
Related:authentication,
inline sensor
input
Related:resource,
input data
IncludedBy:cryptographic module,
Related:cryptographic, information, module,
input preparation cycle
Related:operation, process,
input/output
Related:automated information system,
insertion
IncludedBy:threat consequence,
Related:authorized, entity,
inside threat
IncludedBy:threat,
Related:access,
insider
IncludedBy:threat,
Includes:insider attack, insider threat,
Related:access, attack, authorization, authorized, compromise, computer, covert channel, damage, entity, malicious intruder, resource, security, security perimeter, system,
insider attack
IncludedBy:attack, insider,
Related:insider threat, network,
insider threat
IncludedBy:insider,
Related:abuse of privilege, access, insider attack, internal vulnerability, security,
inspectable space
Related:TEMPEST, authority, classified, control, identify, information, process,
instance
Related:object,
instantiate
Institute of Electrical and Electronics Engineers, Inc
institute of internal auditors
IncludedBy:audit,
instrument
Related:operation, security testing, software, system, test,
instrumentation
Related:analysis, code, information, operation, program, software, system,
integral file block
Integrated CASE tools
Related:analysis, code, information, software,
integrated logistics support
Integrated services digital network
IncludedBy:network,
Related:communications, computer, interface, standard, system, users,
integrated test facility
IncludedBy:test,
Related:software development,
integration test
IncludedBy:test,
Related:file, interface, process, program, software development,
integrity
IncludedBy:assurance, quality of protection, security goals,
Includes:Biba Integrity model, Clark Wilson integrity model, authenticity, checksum, connectionless data integrity service, correctness, correctness integrity, data authentication code, data integrity, data integrity service, error detection code, file integrity checker, file integrity checking, integrity check, integrity check value, integrity policy, integrity-checking tools, message integrity code, operational integrity, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, secure hash algorithm, source integrity, system and data integrity, system integrity, system integrity service, two-person integrity,
Related:Biba model, Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, Rivest-Shamir-Adleman algorithm, Secure Electronic Transaction, access, access control, adequate security, antivirus software, application server attack, archive, asymmetric cryptography, attack, authenticate, authentication, authentication code, authentication header, authentication header protocol, authorized, business process, common security, communications security, computer, computer abuse, computer emergency response team, computer forensics, computer related controls, computer security, configuration control, critical system files, cut-and-paste attack, cyclic redundancy check, data contamination, data encryption key, data encryption standard, data origin authentication service, data security, database management system, defense-in-depth, defense-wide information assurance program, destruction, digital forensics, digital signature, digital signature algorithm, digital watermarking, domain name system, dominated by, dual signature, encapsulating security payload, encapsulating security payload protocol, entry-level certification, front-end security filter, function, general controls, guard, hash, high-impact system, incident, information, information assurance, information assurance product, information security, internet protocol security, intrusion, kerberos, key wrapping, level of concern, levels of concern, line managers, low-impact system, malicious, malicious code, malware, message authentication code, message authentication code vs. Message Authentication Code, message digest, mid-level certification, moderate-impact system, network management, network security, non-repudiation, object, post-accreditation phase, potential impact, privacy enhanced mail, process, property, protected channel, protection suite, public-key certificate, public-key infrastructure, quality, reference monitor, requirements for procedures and standards, review techniques, sandboxed environment, seal, secure DNS, secure envelope, secure hypertext transfer protocol, secure shell, secure single sign-on, secure socket layer, security category, security controls, security event, security objectives, security policy, security requirements, signature, signed applet, simple key management for IP, simple network management protocol, software, supervisory control and data acquisition, system, threat, top-level certification, transmission, trojan horse, trust, trusted channel, trusted computer system, verification, virtual private network, vulnerability,
integrity check
IncludedBy:integrity,
Related:cryptographic, cryptography, hash,
integrity check value
IncludedBy:integrity,
integrity policy
IncludedBy:integrity, policy,
Related:authorized, information, security, security policy, users,
integrity-checking tools
IncludedBy:integrity, security software,
intellectual property
IncludedBy:property,
Related:control,
intelligence
Includes:Director Central Intelligence Directive, Director of Central Intelligence Directive, Foreign Intelligence Surveillance Act, acoustic intelligence, advanced intelligence network, command, control, communications and intelligence, communications intelligence, compartmented intelligence, counterintelligence, counterintelligence assessment, designated intelligence disclosure official, economic intelligence, electronic intelligence, foreign intelligence, foreign intelligence service, human intelligence, imagery intelligence, intelligence activities, intelligence activity, intelligence collection, intelligence community, intelligence community classification and control markings implementation, intelligence cycle, intelligence information, intelligence sources and methods, intelligence special access program, intelligence system, measurement and signature intelligence, national intelligence, open source intelligence, senior intelligence officer, senior officials of the intelligence community, special intelligence, telemetry intelligence,
Related:Defense Information Infrastructure, Defense Information Systems Network Designated Approving Authority, Defense Security Service, Defensive Information Operations, National Security Agency, accreditation, acquisition special access program, acquisition systems protection, adversary, alternative compensatory control measures, analysis, asset, authorized adjudicative agency, authorized classification and control markings register, authorized investigative agency, brute force attack, case officer, classification markings and implementation working group, cognizant security agency, command and control warfare, compromising emanations, computer network exploitation, controlled access program coordination office, controlled access program oversight committee, controlled access programs, cryptology, determination authority, dissemination, distributed control system, electronic warfare support, emanation, emergency action plan, espionage, evaluation, exploitation, foreign, hackers, information, internal vulnerability, national security information, national security system, non-disclosure agreement, operations security, packet switching, personnel security exceptions, physical security waiver, principal accrediting authority, process, program protection plan, reciprocity, report of investigation, risk avoidance, scattered castles, security environment threat list, senior review group, sensitive activities, sensitive compartmented information, sensitive compartmented information facility, sensitive compartmented information facility accreditation, sensitive compartmented information facility database, signal flags, single scope background investigation - periodic reinvestigation, special access program, special access required programs oversight committee, special activity, special security center, sponsoring agency, suspicious contact, systems security steering group, tear line, technical threat analysis, threat assessment, traffic analysis, unconventional warfare,
intelligence activities
IncludedBy:intelligence,
Related:authorized,
intelligence activity
IncludedBy:intelligence,
Related:authorized,
intelligence collection
IncludedBy:intelligence,
intelligence community
IncludedBy:intelligence,
Related:foreign, program, security,
intelligence community classification and control markings implementation
IncludedBy:intelligence,
Related:authorized,
intelligence cycle
IncludedBy:intelligence,
Related:users,
intelligence information
IncludedBy:intelligence,
intelligence sources and methods
IncludedBy:intelligence,
Related:analysis, authorization,
intelligence special access program
IncludedBy:access, intelligence,
intelligence system
IncludedBy:intelligence,
intelligent electronic device
Related:control, function, process,
intelligent threat
IncludedBy:threat,
Related:adversary, algorithm, cipher, cryptography, encryption, exploit, key, operation, vulnerability,
intending citizen
intent
Related:critical, object, security,
intention
inter-TSF transfers
IncludedBy:TOE security functions, target of evaluation,
Related:function, trust,
interactive mode
Related:computer, response,
interarea interswitch rekeying key
IncludedBy:key, rekey,
intercept
IncludedBy:threat,
Related:access, interception,
interception
IncludedBy:threat consequence,
Related:access, access control, authorized, entity, intercept,
interconnected network
IncludedBy:network,
interconnection security agreements
IncludedBy:connection, security,
Related:authorization, control, information, requirements, risk, system,
interdependence
Related:risk,
interdependency
interdiction
HasPreferred:denial-of-service,
interface
Includes:Cryptographic Application Program Interface, Generic Security Service Application Program Interface, TOE security functions interface, application program interface, application programming interface, common gateway interface, contact interface, contactless interface, controlled interface, cryptographic application programming interface, fiber distributed data interface, fill device interface unit, graphical-user interface, human-machine interface, interface control document, interface control unit, interface testing, internetwork private line interface, layer management interface, network interface card, secure digital net radio interface unit, security support programming interface, user interface, user interface system,
Related:FIPS PUB 140-1, Green book, Integrated services digital network, PC card, PKCS #11, POSIX, TTY watcher, access, access control, application, architecture, bit forwarding rate, block cipher, boundary, buffer overflow, code, communications, computer, connection, connection establishment time, connection teardown time, console, cryptographic, cryptography, data source, distributed computing environment, dual-homed gateway firewall, email packages, ethernet sniffing, extensibility, firewall, flow, formal security policy model, function, gateway, goodput, homed, information, information architecture, integration test, line conditioning, line conduction, module, on-line system, payment gateway, process, program, promiscuous mode, protocol data unit, proximity, remote terminal emulation, ruleset, scope of a requirement, significant change, smartcards, software, software system test and evaluation process, stealth mode, subnetwork, system, teleprocessing, tri-homed, trusted agent, user representative, users,
interface control document
IncludedBy:control, interface,
Related:authorization, baseline, evaluation, identify, lifecycle, operation,
interface control unit
IncludedBy:automated information system, control, interface,
interface testing
IncludedBy:interface, security testing, test,
Related:control, system,
interference
IncludedBy:threat consequence,
Related:communications, control, information, operation, system, users,
interim access authorization
IncludedBy:access, authorization,
Related:temporary access eligibility,
interim accreditation
IncludedBy:accreditation,
Related:authorization, information, process, security, system,
interim accreditation action plan
IncludedBy:accreditation,
Related:control, critical, operation, owner, program, resource, risk, security, system,
interim approval to operate
Related:authorization, classified, evaluation, information, process, security, system,
interim approval to test
IncludedBy:test,
Related:authorization, information, operation, system,
interim security clearance
IncludedBy:security,
Related:requirements, temporary access eligibility,
interleaving attack
IncludedBy:attack,
Related:authentication, information,
internal communication channel
IncludedBy:channel, communication channel, communications, target of evaluation,
internal control questionnaire
IncludedBy:control,
internal fraud
IncludedBy:fraud, operational risk loss,
Related:policy, property,
internal label
internal network
IncludedBy:network,
Related:control, security,
internal rate of return
internal security controls
IncludedBy:control, risk management, security controls,
Includes:subject,
Related:access, access control, authorized, program, resource, software, system,
internal security testing
IncludedBy:security testing, test,
Related:security perimeter,
internal subject
IncludedBy:subject,
Related:function, process, system, users,
internal system exposure
IncludedBy:exposures, system,
Related:access, access control, assurance, authorization, information, process, security,
internal throughput time
internal TOE transfer
IncludedBy:target of evaluation,
internal vulnerability
IncludedBy:vulnerability,
Related:access, classified, insider threat, intelligence, trust,
International Data Encryption Algorithm
IncludedBy:algorithm, encryption, symmetric algorithm,
Related:key,
international organization
International organization for standardization
IncludedBy:automated information system, standard,
Includes:Open Systems Interconnection Reference model,
Related:ITU-T, information, process, system, technology,
international standards organization
IncludedBy:standard,
international telecommunication union
Related:network,
International Traffic in Arms Regulations
Related:TEMPEST, authority, control, cryptographic, cryptography, information, information security, security, system, technology,
internet
Includes:ARPANET, Distributed Authentication Security Service, Generic Security Service Application Program Interface, IP address, Identification Protocol, Internet Architecture Board, Internet Assigned Numbers Authority, Internet Corporation for Assigned Names and Numbers, Internet Draft, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Message Access Protocol, version 4, Internet Policy Registration Authority, Internet Protocol Security Option, Internet Security Association and Key Management Protocol, Internet Society, Internet Society Copyright, Internet Standard, Internet Standards document, Internet worm, MIME Object Security Services, PKIX, POP3 AUTH, Post Office Protocol, version 3, Rexd, SOCKS, Secure/MIME, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, USENET, anonymous login, cyberspace, domain name service server, domain name system, e-banking, e-mail server, email, extranet, file transfer protocol, firewall, gateway server, internet control message protocol, internet key exchange protocol, internet protocol, internet protocol security, internet service provider, internet vs. Internet, internetwork, internetwork private line interface, intranet, listserv, mailing list, management information base, markup language, multipurpose internet mail extensions, point-to-point protocol, port, pretty good privacy, proxy server, router, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure shell, simple mail transfer protocol, simple network management protocol, sniffer, telnet, traceroute, transmission control protocol, transmission control protocol/internet protocol, transport layer security, tunnel, uniform resource identifier, uniform resource locator, uniform resource name, user data protocol, virtual private network, wide area information service, world wide web, worm,
Related:Green book, Guidelines and Recommendations for Security Incident Processing, IPsec Key Exchange, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Message Security Protocol, Open Systems Interconnection Reference model, Request for Comment, Secure Electronic Transaction, ankle-biter, application gateway firewall, attack, authentication header, bill payment, bill presentment, certification hierarchy, communications, computer, computer emergency response team, computer emergency response teams' coordination center, computer network, concept of operations, confidentiality, connection, control, cookies, countermeasures, demilitarized zone, denial-of-service, dial-up line, distributed plant, domain, domain name, dual-homed gateway firewall, egress filtering, electronic commerce, electronic messaging services, encapsulating security payload, end system, external system exposure, filtering router, hackers, host, https, hypermedia, hypertext, hypertext transfer protocol, ingress filtering, interoperability standards/protocols, lurking, message, national information infrastructure, network, network address translation, network connection, network worm, object identifier, one-time passwords, online certificate status protocol, open systems security, packet assembly and disassembly, password sniffing, peer-to-peer communication, personal communications network, phishing, point-to-point tunneling protocol, policy certification authority, pop-up box, port scanning, privacy enhanced mail, protocols, public-key forward secrecy, remote authentication dial-in user service, repudiation, rules of behavior, scan, secure socket layer, security assertion markup language, spam, system, trojan horse, trusted gateway, users, validate vs. verify, vendor, virtual mall, vishing, web server, website hosting,
Internet Architecture Board
IncludedBy:Internet Society, internet,
Related:advisory, protocols, standard, trust,
Internet Assigned Numbers Authority
IncludedBy:Internet Society, authority, internet,
Related:network, protocols, registration,
internet control message protocol
IncludedBy:control, internet, message, protocols, security,
Related:communications, gateway, information, network, process, router, standard,
Internet Corporation for Assigned Names and Numbers
IncludedBy:internet,
Related:domain, entity, function, information, key, object, protocols, system,
Internet Draft
IncludedBy:internet,
Related:update,
Internet Engineering Steering Group
IncludedBy:Internet Society, internet,
Related:process, standard, trust,
Internet Engineering Task Force
IncludedBy:Internet Society, internet,
Related:access, access control, authentication, message, protocols, random, security, standard, technology, version,
internet key exchange protocol
IncludedBy:internet, key, protocols,
Related:association, security,
Internet Message Access Protocol, version 4
IncludedBy:access, internet, message, protocols, version,
Internet Policy Registration Authority
IncludedBy:Internet Society, authority, internet, policy, registration,
Related:X.509, certification, public-key infrastructure,
internet protocol
IncludedBy:internet, protocols,
Related:communications, computer, control, flow, network, router, standard, system, version,
internet protocol security
IncludedBy:communications security, internet, protocols, security protocol,
Includes:IPsec Key Exchange, authentication header, encapsulating security payload, transport mode vs. tunnel mode, tunnel mode,
Related:Internet Security Association and Key Management Protocol, NULL encryption algorithm, OAKLEY, Photuris, access, access control, aggressive mode, algorithm, association, authentication, authentication header protocol, confidentiality, connection, control, cookies, domain of interpretation, encapsulating security payload protocol, encryption, flow, forward secrecy, integrity, internet security protocol, key, key management, main mode, pre-shared key, process, protection suite, public-key, quick mode, secure socket layer, security association, security gateway, security parameters index, system, transport mode, triple DES, version,
Internet Protocol Security Option
IncludedBy:internet, protocols, security protocol,
Related:National Security Agency, access, access control, authority, classification levels, classified, information, network, process, program, users,
Internet Security Association and Key Management Protocol
IncludedBy:association, internet, key management, protocols, security protocol,
Related:algorithm, authentication, connection, cryptography, digital signature, encryption, establishment, function, internet protocol security, internet security protocol, signature,
internet security protocol
Includes:IPsec Key Exchange,
Related:Internet Security Association and Key Management Protocol, NULL encryption algorithm, OAKLEY, Photuris, aggressive mode, authentication header, authentication header protocol, cookies, domain of interpretation, encapsulating security payload, encapsulating security payload protocol, forward secrecy, internet protocol security, main mode, pre-shared key, protection suite, quick mode, secure socket layer, security association, security gateway, security parameters index, transport mode, transport mode vs. tunnel mode, triple DES, tunnel mode,
internet service provider
IncludedBy:internet,
Related:access, access control,
Internet Society
IncludedBy:internet,
Includes:Internet Architecture Board, Internet Assigned Numbers Authority, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Policy Registration Authority, Internet Society Copyright, Request for Comment,
Related:standard, trust,
Internet Society Copyright
IncludedBy:Internet Society, internet,
Related:process, standard,
Internet Standard
IncludedBy:internet, standard,
Related:Request for Comment, operation, process, protocols,
Internet Standards document
IncludedBy:Request for Comment, internet, standard,
Related:process,
internet vs. Internet
IncludedBy:internet,
Related:application, computer, computer network, model, network, protocols, standard, system, users,
Internet worm
IncludedBy:internet, worm,
Related:computer, connection, network, program, system,
internetwork
IncludedBy:internet, network,
Related:communications, gateway, protocols, system,
internetwork private line interface
IncludedBy:interface, internet, network,
Related:connection, cryptographic,
interoperability
Includes:Minimum Interoperability Specification for PKI Components, Trusted Systems Interoperability Group, interoperability standards/protocols,
Related:PKIX, application programming interface, computer, identity, information, information processing standard, open system environment, open systems, portability, recommended practices, security assertion markup language, semantics, site accreditation, system,
Synonym:interoperable,
interoperability standards/protocols
IncludedBy:interoperability, protocols, standard,
Related:computer, information, internet, program,
interoperable
Related:software,
Synonym:interoperability,
interoperate
Related:system,
interpersonal messaging
interpretation
Related:application, criteria,
interpreted virus
IncludedBy:virus,
Related:application, code,
interswitch rekeying key
IncludedBy:key, rekey,
interval estimate
Related:confidence,
interval variable
interview
Related:control, security,
intranet
IncludedBy:internet,
Related:access, access control, authorized, communications, computer, computer network, information, network, technology, users,
intruder
IncludedBy:intrusion,
Related:access, access control, authorization, entity, resource, system,
intrusion
IncludedBy:threat consequence,
Includes:Intrusion Detection In Our Time, SATAN, computer intrusion, computer security intrusion, host-based intrusion prevention system, intruder, intrusion detection, intrusion detection and prevention, intrusion detection and prevention system, intrusion detection system load balancer, intrusion detection systems, intrusion detection tools, intrusion prevention, intrusion prevention system, meaconing, intrusion, jamming, and interference, network-based intrusion prevention system, penetration, security intrusion, wireless intrusion detection and prevention system,
Related:access, access control, accountability, agent, anomaly detection, anomaly detection model, antivirus software, attack, authorization, authorized, availability, balanced magnetic switch, break-wire detector, channel scanning, compromise, computer, computer security incident, confidentiality, console, cracker, dual technology, entity, false negative, false positive, flow, host based, incident, information, information assurance, information assurance product, information sharing and analysis center, integrity, management server, misuse detection model, multihost based auditing, network based, network behavior analysis system, resource, rules based detection, security, sensor, shim, stealth mode, stealth probe, subversion, system, technology, trustworthy system, tuning, unauthorized access,
intrusion detection
IncludedBy:intrusion,
Includes:Intrusion Detection In Our Time, intrusion detection and prevention, intrusion detection system load balancer, intrusion detection systems, intrusion detection tools, wireless intrusion detection and prevention system,
Related:access, access control, accountability, agent, antivirus software, audit, authorization, authorized, channel scanning, computer, console, countermeasures, false negative, false positive, flow, identify, incident, information, information assurance product, intrusion prevention system, management server, network, network behavior analysis system, process, resource, rules based detection, security, sensor, shim, software, stealth mode, stealth probe, system, tuning,
intrusion detection and prevention
IncludedBy:intrusion, intrusion detection,
Related:computer, incident, process, system,
intrusion detection and prevention system
IncludedBy:intrusion,
Related:access, security,
Intrusion Detection In Our Time
IncludedBy:intrusion, intrusion detection, security software,
Related:system,
intrusion detection system load balancer
IncludedBy:intrusion, intrusion detection, system,
intrusion detection systems
IncludedBy:intrusion, intrusion detection, security software, system,
Related:access, attack, audit, authorized, computer, file, identify, information, network, process, resource, software, target,
intrusion detection tools
IncludedBy:intrusion, intrusion detection, security software,
Related:access, access control, authorized, computer, identify, system, unauthorized access,
intrusion prevention
IncludedBy:intrusion,
Includes:intrusion prevention system,
Related:accountability, computer, countermeasures, incident, process, system,
intrusion prevention system
IncludedBy:intrusion, intrusion prevention, system,
Related:incident, intrusion detection, software, target,
invalidation
Related:classified,
invalidity date
IncludedBy:public-key infrastructure,
Related:X.509, certificate, compromise, digital signature, fraud, key, non-repudiation, revocation, revoked state, signature,
inverse cipher
investigation service
Related:entity,
IP address
IncludedBy:internet,
Related:computer, network, protocols, version,
ip payload compression protocol
IncludedBy:protocols,
IP security
IncludedBy:security,
IP splicing/hijacking
IncludedBy:attack,
Related:authentication, authorized, encryption, hijack attack, network, role, users,
ip spoofing
IncludedBy:address spoofing, masquerade, spoof, spoofing,
Related:impersonation, network, system,
IPsec Key Exchange
IncludedBy:internet protocol security, internet security protocol, key,
Related:association, authentication, establishment, internet, protocols,
irregular warfare
IncludedBy:warfare,
IS related risk
IncludedBy:risk,
Related:authorized, failure, information, malicious, operation, system, threat, vulnerability,
IS security architecture
IncludedBy:computer security,
Related:system,
isolation
Includes:object, subject,
Related:control, system,
isolator
Related:access, security,
issue
Related:certificate, public-key infrastructure, users,
issue case
issuer
IncludedBy:Secure Electronic Transaction,
Related:X.509, authorized, certificate, public-key infrastructure,
issuing authority
IncludedBy:authority,
Related:entity, update,
IT default file protection parameters
IncludedBy:access control, file,
Related:owner, system,
IT resources
IncludedBy:resource,
Related:communications, computer, software, system, telecommunications,
IT security
IncludedBy:Automated Information System security,
Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security achitecture, IT security certification, IT security controls, IT security database, IT security goal, IT security incident, IT security objective, IT security plan, IT security policy, IT security product, IT security support functions,
Related:Common Criteria Testing Laboratory, Common Criteria for Information Technology Security Evaluation, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, approved technologies list, approved test methods list, assure, audit, authentication, availability, center for information technology excellence, certification, compliance-based, confidentiality, conformant validation certificate, contingency plan, deliverables list, designated, designated laboratories list, emergency shutdown controls, ensure, evaluation, evaluation work plan, general controls, information, integrity, management control processes, non-repudiation, observation reports, operation, organization computer security representative, party, protection profile, residual risk, risk treatment, risk-based, security goals, security target, system, technology area, waiver,
Synonym:computer security,
IT security achitecture
IncludedBy:IT security, security,
Related:system,
IT security architecture
IncludedBy:security,
IT security awareness
IncludedBy:security,
IT security certification
IncludedBy:Automated Information System security, IT security, certification, computer security, target of evaluation,
Related:application, certificate, criteria,
IT security controls
IncludedBy:IT security, control, security,
Related:availability, confidentiality, information, integrity, security controls, software,
IT security database
IncludedBy:IT security, security,
Related:authorized, control, information, process, program, system,
IT security education
IncludedBy:security,
IT Security Evaluation Criteria
IncludedBy:Automated Information System security, IT security, computer security, criteria, evaluation,
Related:confidence, information, standard, validation,
IT Security Evaluation Methodology
IncludedBy:Automated Information System security, IT security, computer security, evaluation,
Related:confidence, criteria, standard, validation,
IT security goal
HasPreferred:security goals,
IncludedBy:IT security, security,
IT security incident
IncludedBy:IT security, incident, security incident,
Related:authorized, availability, computer, confidentiality, information, integrity, resource, security-relevant event, system, users, vulnerability,
IT security investment
IncludedBy:security,
IT security metrics
IncludedBy:security,
IT security objective
HasPreferred:security objectives,
IncludedBy:IT security, object, security,
IT security plan
IncludedBy:IT security, security,
Related:system,
IT security policy
IncludedBy:IT security, computer security, policy,
Related:access, control, information, management, risk, system, users,
IT security product
IncludedBy:IT security, computer security,
Related:function, software, system,
IT security support functions
IncludedBy:IT security, function, security,
Related:application, identification, software, system, users,
IT security training
IncludedBy:security,
Related:audit, development, management,
IT system
HasPreferred:automated information system,
IT-related risk
IncludedBy:risk,
Related:authorized, information, malicious, operation, system, technology, threat, vulnerability,
iteration
Related:operation,
ITU-T
Includes:CCITT, Open Systems Interconnection Reference model,
Related:International organization for standardization, communications, protocols, standard, system, telecommunications,
jamming
Includes:advanced self-protection jammer, meaconing, intrusion, jamming, and interference, radio frequency jamming,
Related:anti-jam, anti-jamming, attack, electronic attack, frequency hopping,
Java
IncludedBy:software,
Related:application, network, program, system,
jitter
joint authorization
IncludedBy:authorization,
Related:security,
joint personnel adjudication system
Related:access, authorized, security,
joint task force-computer network defense
IncludedBy:computer, computer network, network,
Related:damage, function, incident, system, threat,
joint use agreement
Related:security,
joint venture
JTC1 Registration Authority
IncludedBy:authority, registration,
Related:object, standard,
judgment sample
Related:analysis, standard,
judicial authority
IncludedBy:authority,
Related:entity,
kerberos
IncludedBy:Simple Authentication and Security Layer, distributed computing environment, security software,
Includes:key distribution center, session key, third party trusted host model,
Related:access, access control, application, attack, authorization, control, cryptography, entity, integrity, key, network, passwords, privacy, protocols, system, technology, trust, users, vulnerability,
kernelized secure operating system
IncludedBy:system,
key
IncludedBy:Secure Electronic Transaction, key management, multilevel information systems security initiative,
Includes:Federal Public-key Infrastructure, IPsec Key Exchange, Key Exchange Algorithm, MAC algorithm key, Programmable key storage device, S/Key, SAVILLE Advanced Remote Keying, Simple Public-Key Infrastructure, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Type 1 key, Type 2 key, Type 4 key, X.509 public-key certificate, advanced key processor, approved key-operated padlock, area interswitch rekeying key, asymmetric cryptographic algorithm, asymmetric key pair, asymmetric keys, authorization key, automated key transport, automatic key distribution center, automatic key distribution/rekeying control unit, automatic remote rekeying, block cipher key, certificate rekey, cipher text auto-key, ciphertext key, common interswitch rekeying key, compartment key, compromised key list, contingency key, cooperative key generation, cooperative remote rekeying, core or key process, crypto-ignition key, cryptographic functions, cryptographic ignition key, cryptographic key, cryptographic key component, cryptonet key, data encryption key, data encryption standard, data key, digital certificate, digital key, digital signature, directly trusted CA key, effective key length, electronically generated key, encrypted key, ephemeral key, exercise key, explicit key authentication from A to B, group key encryption key, group traffic encryption key, hard copy key, hardened unique storage Key, hardwired key, implicit key authentication from A to B, interarea interswitch rekeying key, internet key exchange protocol, interswitch rekeying key, key agreement, key authentication, key bundle, key card, key confirmation, key confirmation from A to B, key control, key derivation function, key distribution, key distribution centre, key distribution service, key entry, key establishment, key exchange, key expansion, key generating function, key generation, key generation exponent, key generation material, key generator, key label, key length, key lifecycle, key lifetime, key list, key logger, key management device, key material identification number, key material identifier, key output, key owner, key pair, key processor, key production key, key resources, key service unit, key space, key state transition, key storage device, key stream, key tag, key tape, key token, key translation center, key translation centre, key transport, key update, key updating, key validation, key variable generator, key wrap, key wrapping, key-auto-key, key-encrypting key, key-encryption-key, key-escrow system, keyed hash, keyed hash algorithm, keying material, keys used to encrypt and decrypt files, keystroke logger, keystroke monitoring, local management device/key processor, lock-and-key protection system, loop key generator, maintenance key, manual key transport, manual remote rekeying, master crypto-ignition key, master crypto-ignition key custodian, master cryptographic ignition key, message authentication key, operational key, over-the-air key distribution, over-the-air key transfer, over-the-air rekeying, per-call key, plaintext key, point-to-point key establishment, post-nuclear event key, pre-shared key, pretty good privacy, private decipherment key, private key, private signature key, private-key cryptography, public encipherment key, public key enabling, public verification key, public-key, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key derivation function, public-key forward secrecy, public-key information, public-key infrastructure, public-key system, rekey, rekey (a certificate), remote rekeying, reserve keying material, root key, round key, secret key, secret-key cryptography, secure multipurpose internet mail extensions, security management infrastructure, seed key, session key, signature key, single point keying, split key, static key, symmetric algorithm, symmetric key, test key, token storage key, tokens, traffic encryption key, transmission security key, trusted key, type 3 key, unique interswitch rekeying key, update (key), verification key, virtual private network,
Related:Blowfish, CA certificate, CAPSTONE chip, CKMS, COMSEC Material Control System, COMSEC aid, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC system data, CRYPTO, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Clipper chip, Cryptographic Message Syntax, Data Authentication Algorithm, Diffie-Hellman, Escrowed Encryption Standard, FIPS PUB 140-1, FIPS approved security method, FIREFLY, Federal Standard 1027, Fortezza, IEEE P1363, IMAP4 AUTHENTICATE, International Data Encryption Algorithm, Internet Corporation for Assigned Names and Numbers, MIME Object Security Services, MISSI user, OAKLEY, PKCS #10, PKCS #11, PKIX, POP3 APOP, Photuris, RED signal, RSA algorithm, Rivest Cipher 2, Rivest Cipher 4, Rivest-Shamir-Adleman algorithm, SET private extension, Secure Data Network System, Simple Authentication and Security Layer, Skipjack, Standards for Interoperable LAN/MAN Security, The Exponential Encryption System, U.S.-controlled space, Wassenaar Arrangement, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, access control center, account authority digital signature, accountability, active state, advanced encryption standard, algorithm, applicant, archive, asymmetric algorithm, asymmetric cryptographic technique, asymmetric cryptography, attribute certificate, authentication protocol, authority revocation list, backup, bind, binding, biometrics, bit, block cipher, bound metadata, break, brute force attack, canister, certificate, certificate directory, certificate domain, certificate management, certificate policy, certificate policy qualifier, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification authority digital signature, certification hierarchy, certification path, certification request, certify, challenge-response protocol, challenge/response, chosen-ciphertext attack, chosen-plaintext attack, cipher, ciphertext-only attack, circuit proxy, class 2, 3, 4, or 5, clearing, cold start, command authority, common fill device, common name, common security, communications security, compromise, compromised state, computer abuse, control, controlling authority, countermeasures, critical security parameters, critical system files, cross-certification, cryptanalysis, cryptographic, cryptographic algorithm, cryptographic check function, cryptographic initialization, cryptographic module, cryptographic service, cryptographic system, cryptographic token, cryptography, cryptonet, cryptoperiod, data authentication code, data authentication code vs. Data Authentication Code, data encryption algorithm, data input, data origin authentication service, data transfer device, deactivated state, decipher, decrypt, destroyed compromised state, destroyed state, dictionary attack, diffie-hellman group, digital certification, digital envelope, digital id, digital signature algorithm, directly trusted CA, distinguished name, distribution point, domain name system, dongle, dual signature, elliptic curve cryptography, elliptic curve cryptosystem, encipherment, encryption, encryption algorithm, encryption certificate, encryption strength, end entity, escrow, extension, extraction resistance, fill device, fingerprint, forward secrecy, forward secrecy with respect to A, forward secrecy with respect to both A and B individually, function, garbled, generation, graphical-user interface, hashed message authentication code, hierarchy management, hybrid encryption, identification data, identifier, identity token, information systems security equipment modification, initialization value, initialize, intelligent threat, internet protocol security, invalidity date, kerberos, known-plaintext attack, link encryption, malicious applets, man-in-the-middle attack, merchant certificate, mesh PKI, message, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message integrity code, message representative, metadata, mode of operation, modulus, mutual forward secrecy, national information infrastructure, non-repudiation, nonce, object, ohnosecond, one-time cryptosystem, one-time pad, one-time passwords, one-time tape, one-way encryption, online certificate status protocol, operation, operations manager, organizational certificate, out-of-band, passwords, path discovery, peripheral equipment, personal digital assistant, personal identity verification, personal identity verification card, personal security environment, personality label, personalization service, physical protection, policy approving authority, policy certification authority, policy creation authority, pre-activation state, print suppression, privacy enhanced mail, private communication technology, private component, private decipherment transformation, proof of possession protocol, protected channel, protective packaging, protective technologies, public component, public encipherment transformation, random, randomizer, recover, registration, registration authority, release prefix, renewal, repository, retrieval, revocation, revocation date, revoked state, root, root certificate, secret, secure envelope, secure hash standard, secure hypertext transfer protocol, secure socket layer, security association identifier, security event, segregation of duties, self-signed certificate, shared secret, signature, signature certificate, signature function, signature generation, signature process, signature verification, signer, slot, smartcards, social engineering, soft TEMPEST, split knowledge, standard, start-up KEK, stream cipher, strong authentication, subject, subordinate certification authority, suspended state, symmetric cryptographic technique, symmetric cryptography, symmetric encipherment algorithm, symmetric encryption algorithm, system indicator, third party trusted host model, ticket, token copy, token management, transport, trapdoor, triple DES, trust, trust anchor, trust-file PKI, trusted certificate, trusted platform module chip, tunneled password protocol, two-person integrity, type 1 products, type 2 product, type 3 product, unforgeable, update, updating, user interface, user representative, users, v1 certificate, v2 certificate, v3 certificate, validate, validate vs. verify, validity period, verification, verification function, verification process, web of trust, workstation, zeroize,
key agreement
IncludedBy:key,
Related:algorithm, cryptography, encryption, establishment, function, information, message, process, public-key, shared secret,
key authentication
IncludedBy:authentication, key,
Related:assurance,
key bundle
IncludedBy:key,
key card
IncludedBy:key,
key center
Related:computer, cryptography, encryption, process, standard, system, users,
key confirmation
IncludedBy:key,
Related:assurance, entity, establishment, protocols,
key confirmation from A to B
IncludedBy:key,
Related:assurance, entity,
key control
IncludedBy:control, key,
key derivation function
IncludedBy:function, key,
key distribution
IncludedBy:key,
Includes:key distribution center, key distribution service,
Related:algorithm, cryptographic, key exchange, key management/exchange, process,
key distribution center
IncludedBy:kerberos, key distribution, key management,
PreferredFor:key distribution centre,
Related:communications security, cryptography, encryption, entity, protocols, standard, trust,
key distribution centre
HasPreferred:key distribution center,
IncludedBy:key,
key distribution service
IncludedBy:key, key distribution,
Related:authorized,
key entry
IncludedBy:key,
Related:cryptographic, module, process,
key establishment
IncludedBy:establishment, key,
Related:association, entity, information, process, security,
key exchange
IncludedBy:key,
Includes:Key Exchange Algorithm,
Related:communications, information, key distribution, process, public-key,
Key Exchange Algorithm
IncludedBy:algorithm, key, key exchange,
Related:National Security Agency, classified,
key expansion
IncludedBy:key,
key generating function
IncludedBy:function, key, key generation,
Related:algorithm, application, property,
key generation
IncludedBy:key,
Includes:key generating function, key generator,
Related:cryptographic, process,
key generation exponent
IncludedBy:key,
Related:trust,
key generation material<