Security Taxonomy - Anne & Lynn Wheeler

Concepts

access control, assurance, attack, audit, authentication, authorization, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, evaluation, identity, key management, privacy, requirements, risk, risk management, security, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, user,

Terms

*-property: IncludedBy:Bell-LaPadula security model,; PreferredFor:star (*) property,; Related:model,; Synonym:confinement property,
2-factor authentication: IncludedBy:3-factor authentication,
3-factor authentication: IncludedBy:authentication,; Includes:2-factor authentication, authentication information,; Related:biometric authentication, challenge/response, passwords, personal identification number, personal identity verification, proof of possession protocol, tokens,
ABA Guidelines: Related:certificate, digital signature,
abend: Related:failure, test,
abort: Related:failure,
Abrams, Jojodia, Podell essays: Related:security,
Abstract Syntax Notation One: Includes:Basic Encoding Rules, Distinguished Encoding Rules, object identifier,; Related:certificate, public-key infrastructure,
abuse of privilege: IncludedBy:threat,
acceptable level of risk: IncludedBy:threat,; Related:assessment, countermeasure, networks,
acceptable risk: IncludedBy:risk,
acceptable use policy: IncludedBy:policy,; Related:networks,
acceptance criteria: IncludedBy:acceptance procedure,; Related:authorized,
acceptance inspection: IncludedBy:acceptance procedure,; Related:security testing, software, test,
acceptance procedure: IncludedBy:software development, target of evaluation,; Includes:acceptance criteria, acceptance inspection, acceptance testing, object,; Related:control system,
acceptance testing: IncludedBy:acceptance procedure, security testing, test,
access: IncludedBy:access control,; Includes:delete access, execute access, merge access, object, read access, remote access, subject, update access,
access category: IncludedBy:access control,; Related:authorized,
access control: IncludedBy:Automated Information System security, authorization, risk management, security, security-relevant event, trusted computing base, user,; Includes:IT default file protection parameters, Terminal Access Controller Access Control System, access, access category, access control center, access control list, access control mechanism, access control officer, access control service, access level, access list, access mode, access period, access port, access profile, access type, access with limited privileges, accessibility, administrative access, browse access protection, centralized authorization, classified information, component reference monitor, context-dependent access control, controlled access area, controlled access protection, controlled sharing, cookies, default file protection, discretionary access control, entry control, failure access, fetch protection, file protection, file security, file transfer access management, formal access approval, granularity, identity based access control, logged in, logical access, logical access control, login, logoff, logon, mandatory access control, media access control address, multiple access rights terminal, need-to-know, network reference monitor, non-discretionary access control, on-access scanning, partition rule base access control, peer access approval, peer access enforcement, physical access control, privileged, random access memory, remote access software, role-based access control, sandboxed environment, secure state, security kernel, security perimeter, sensitivity label, special access office, special access program, special access program facility, system entry, technical policy, unauthorized access, write access,; Related:Bell-LaPadula model, Bell-LaPadula security model, Clark Wilson integrity model, Defensive Information Operations, Escrowed Encryption Standard, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, Internet Protocol security, Network File System, PIV issuer, POSIX, RA domains, Remote Authentication Dial-In User Service, SOCKS, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, accreditation range, active wiretapping, adequate security, administrative security, adversary, application, application program interface, application proxy, archiving, attack, audit, audit trail, authenticate, authentication, authorized, availability, availability service, backdoor, bastion host, benign, between-the-lines-entry, boundary, boundary host, breach, buffer overflow, call back, capability, category, classified, clearance, clearance level, client, client server, common gateway interface, communications, compartment, compartmentalization, compartmented mode, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, controlled security mode, controlled space, covert channel, covert channel analysis, cracker, credentials, critical, critical system, cryptographic application programming interface, cryptographic equipment room, data compromise, data integrity service, data management, dedicated mode, default account, demilitarized zone, demon dialer, denial of service, dictionary attack, directory service, disclosure of information, domain, domain name system, domain parameter, dominated by, dual control, encapsulation, exploit, exploitation, external security controls, external system exposure, extranet, federated identity, federation, fedline, firewall, flooding, formulary, guard, hacker, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, impersonation, inadvertent disclosure, individual accountability, individual electronic accountability, inference, information assurance product, information category, information security, information systems security, integrity, interception, interface, internal security controls, internal system exposure, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection tools, kerberos, key recovery, key-escrow, kiosk, labeled security protections, list-oriented, lock-and-key protection system, lockout, logic bomb, logical completeness measure, maintenance hook, major application, malicious intruder, malicious logic, masquerade, masquerading, minimum essential infrastructure, mode of operation, modes of operation, motivation, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, need to know determination, network component, network security, network weaving, networks, no-lone zone, non-discretionary security, noncomputing security methods, operations manager, operator, packet filtering, partitioned security mode, password system, passwords, peer-to-peer communication, penetration, permissions, personal identification number, personnel security, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, policy, pop-up box, privacy, probe, protected network, protection ring, protection-critical portions of the TCB, proximity, proxy server, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, remote administration tool, repository, resource encapsulation, restricted area, rootkit, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, scoping guidance, screen scraping, secure single sign-on, security clearance, security compromise, security controls, security domain, security incident, security intrusion, security label, security management, security management infrastructure, security policy, security safeguards, security violation, segregation of duties, sensitive compartmented information, sensitive information, signature, simple network management protocol, simple security condition, simple security property, single sign-on, social engineering, software, source program, spoof, spoofing, star (*) property, storage object, subject security level, subset-domain, system high mode, system resources, system software, system-high security mode, tcpwrapper, technological attack, term rule-based security policy, theft, threat, threat consequence, ticket, ticket-oriented, timing attacks, tokens, transaction, trap door, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, uniform resource locator, unprotected network, user PIN, verification, virus, vulnerability, web browser cache, website, wide-area network, wireless gateway server, wiretapping, workstation, world wide web,
access control center: IncludedBy:access control,; Related:cryptography, key,
access control list: IncludedBy:access control,; Includes:ACL-based authorization,; PreferredFor:access list,; Related:authorized, communications security,
access control mechanism: IncludedBy:access control,; Related:authorized, software, unauthorized access,
access control officer: IncludedBy:access control,
access control service: IncludedBy:access control,; Related:authorized, unauthorized access,
access level: IncludedBy:access control, security level,; Related:identify,
access list: HasPreferred:access control list,; IncludedBy:access control,; Related:authorized,
access mediation: Related:authorized,
access mode: IncludedBy:access control, automated information system,
access period: IncludedBy:access control,
access port: IncludedBy:access control,
access profile: IncludedBy:access control,
access type: IncludedBy:access control,
access with limited privileges: IncludedBy:access control,
accessibility: IncludedBy:access control,
account aggregation
account authority digital signature: IncludedBy:public-key infrastructure,; Related:authentication,
account fraud: IncludedBy:identity theft,; PreferredFor:account hijacking, account takeover,
account hijacking: HasPreferred:account fraud,
account management
account takeover: HasPreferred:account fraud,
accountability: IncludedBy:security goals,; Includes:automated information system, identification, object, user,; Related:audit, communications security, deterrence, failure, fault isolation, identify, intrusion, intrusion detection, intrusion prevention, minimum essential infrastructure, nonrepudiation, quality, recovery, trust,
accounting legend code: Related:communications security, control system,
accounting number: Related:communications security,
accredit: HasPreferred:accreditation,
accreditation: IncludedBy:certification,; Includes:DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation boundary, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation,; PreferredFor:accredit,; Related:Common Criteria Testing Laboratory, National Information Assurance Partnership, accredited, approved technologies list, approved test methods list, assessment, authorization, cascading, certificate, certificate revocation list, certification phase, certifier, controlled security mode, dedicated security mode, evaluation, external security controls, multilevel security mode, networks, partitioned security mode, pre-certification phase, risk, security evaluation, security testing, site certification, system-high security mode, test, trust, trusted computer system,
accreditation authority: IncludedBy:accreditation,; Related:trust,
accreditation body: IncludedBy:National Information Assurance Partnership, accreditation,
accreditation boundary: IncludedBy:accreditation,; Related:security,; Synonym:security perimeter,
accreditation disapproval: IncludedBy:accreditation,; Related:risk, security,
accreditation multiplicity parameter: IncludedBy:accreditation,
accreditation package: IncludedBy:accreditation,
accreditation phase: IncludedBy:accreditation,; Related:assessment, risk, security,
accreditation range: IncludedBy:accreditation,; Related:access control, computer security, evaluation, networks, risk, security, trust, trusted computer system,
accredited: Related:accreditation, evaluation,
accrediting authority
accuracy: Related:assessment,
ACH debit fraud: IncludedBy:fraud, identity theft,; Related:authorized,
ACL-based authorization: IncludedBy:access control list, authorization,; Includes:distributed computing environment,
acquirer: IncludedBy:Secure Electronic Transaction,; Related:authorization,
acquisition plan: Related:analysis,
acquisition strategy
active attack: IncludedBy:attack,; Related:authentication, impersonation,
active content
active security testing: IncludedBy:security testing,
active wiretapping: IncludedBy:wiretapping,; Related:access control, authorized, communications,
activity analysis: IncludedBy:analysis, security software,
activity-based costing: IncludedBy:business process,
actuator
ad hoc
ad hoc testing: IncludedBy:security testing, test,
ad-lib test: IncludedBy:test,
adaptive predictive coding
add-on security: IncludedBy:security,; Related:software,
address
address indicator group
address of record
address spoofing: IncludedBy:masquerade, spoofing,; Includes:ip spoofing,; Related:impersonation, networks,
adequate security: IncludedBy:security,; Related:access control, authorized, risk, unauthorized access,
administration documentation: IncludedBy:target of evaluation,
administrative access: IncludedBy:access control,; Related:authorized,
administrative security: HasPreferred:procedural security,; IncludedBy:security,; Related:access control, authorized, unauthorized access,
administrator: IncludedBy:target of evaluation,
advanced development model: IncludedBy:software development,
advanced encryption standard: IncludedBy:National Institute of Standards and Technology, symmetric cryptography,; Related:classified, encryption,
advanced intelligence network: IncludedBy:networks,
advanced intelligent network: IncludedBy:networks,
Advanced Mobile Phone Service: IncludedBy:user,
advanced narrowband digital voice terminal
Advanced Research Projects Agency Network: IncludedBy:networks,
advanced self-protection jammer: IncludedBy:communications security,; Related:assurance,
adversary: IncludedBy:security,; Related:access control, threat,
advisory: Related:threat,
agency
agent: Related:attack, intrusion, intrusion detection,
aggregation: Related:security,
aggressive mode: Related:Internet Protocol security,
alarm: Related:countermeasure,
alarm reporting: Related:fault, identification, networks, security software,
alarm surveillance: Related:analysis, fault, networks, security software,
alert: Related:attack, audit, communications security, identify, networks, security,
algorithm: Includes:International Data Encryption Algorithm, Rivest-Shamir-Adelman algorithm, asymmetric algorithm, crypto-algorithm, digital signature algorithm, message digest algorithm 5, secure hash algorithm, symmetric algorithm,; Related:Data Encryption Standard, cryptanalysis, cryptographic key, cryptographic module, cryptography, cyclic redundancy check, initialization vector, key-escrow system, metric,
alias: Related:anonymous, masquerade,
alignment
allowed traffic: Related:bit forwarding rate, ruleset, test,
alternate COMSEC custodian: IncludedBy:communications security,
alternative work site
American institute of certified public accountants
American National Standards Institute: Related:automated information system,
American Standard Code for Information Interchange: Related:automated information system,
analog signal
analysis: Includes:SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit, cost/benefit analysis, cost/benefit estimate, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, gap analysis, information sharing and analysis center, mutation analysis, network behavior analysis system, requirements analysis, risk analysis, risk reduction analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, stateful protocol analysis, static analysis, target identification and analysis techniques, threat analysis, traffic analysis, value analysis, vulnerability analysis,; Related:Federal Standard 1027, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, countermeasure, cryptology, cryptoperiod, data historian, diagnostics, electronic security, elliptic curve cryptography, emanations security, emissions security, error seeding, evaluation assurance, fault injection, flaw hypothesis methodology, flooding, functional test case design, global requirements, hashed message authentication code, independent validation and verification, instrumentation, intelligence, judgment sample, known-plaintext attack, local requirements, model, national computer security assessment program, network sniffing, one-time pad, privacy impact assessment, reference monitor, reference validation mechanism, risk assessment, risk identification, risk management, security test and evaluation, symbolic execution, system development, system development methodologies, target vulnerability validation techniques, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, vulnerability,; Synonym:evaluation, test,
analysis of alternatives: IncludedBy:analysis,
ankle-biter: IncludedBy:threat,
anomaly: Related:bug, failure, fault, software,
anomaly detection: IncludedBy:security software,; Related:countermeasure, intrusion,
anomaly detection model: IncludedBy:model, security policy model,; Related:intrusion,
anonymity: IncludedBy:user,; Related:identification,
anonymous: Related:alias, attack, authorized, privacy, security,
anonymous and guest login: IncludedBy:login,; Related:authentication,
anonymous login: IncludedBy:internet, login,; Related:passwords, threat,
anti-jam: IncludedBy:communications security,
anti-jamming: IncludedBy:communications security,
anti-spoof: Antonym:spoofing,; Related:security software,
antivirus software: IncludedBy:security software, virus,; Related:countermeasure, identify, integrity, intrusion, intrusion detection,
antivirus tools: IncludedBy:virus,; Related:countermeasure,
appendix
applet: Related:world wide web,
applicant
applicant assertion: Related:identity,
application: IncludedBy:software,; Related:access control,
application controls: Related:authorized, security controls,
application data backup/recovery: IncludedBy:availability, backup,
application entity
application gateway firewall: IncludedBy:firewall,
application generator: Related:software,
application level gateway: Related:firewall,; Synonym:application proxy,
application program interface: IncludedBy:security, software,; Related:access control, networks,
application programming interface: Related:software,
application proxy: IncludedBy:firewall, proxy,; Includes:gateway,; Related:access control, audit,; Synonym:application level gateway,
application server attack: IncludedBy:attack,; Related:authorized, availability, compromise, integrity, user,
application software: IncludedBy:software,
application system: Related:automated information system,
application-level firewall: IncludedBy:firewall, security,
approach
approval for service use
approval/accreditation: IncludedBy:accreditation,; Related:TEMPEST, authorization, communications security, evaluation, security, software,
approved
approved technologies list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance Partnership,; Related:accreditation, computer security, evaluation, test,
approved test methods list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance Partnership, test,; Related:accreditation, authorized, computer security, evaluation,
architectural design: IncludedBy:software development, target of evaluation,
architecture: Related:user,
archive: IncludedBy:recovery,; Related:audit, backup, certificate, digital signature, integrity, key, public-key infrastructure,; Synonym:archiving,
archiving: Related:access control, backup,; Synonym:archive,
area interswitch rekeying key: IncludedBy:key, rekey,
areas of control
areas of potential compromise: IncludedBy:compromise, vulnerability,; Related:minimum essential infrastructure,
ARPANET: IncludedBy:internet, networks,
as is process model: IncludedBy:model,; Related:baseline, business process,
assessment: Includes:computer incident assessment capability, criticality assessment, independent assessment, national computer security assessment program, privacy impact assessment, qualitative risk assessment, risk assessment, threat assessment, vulnerability assessment, web risk assessment,; Related:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, acceptable level of risk, accreditation, accreditation phase, accuracy, analysis, authorize processing, binding of functionality, certification, certification package, certification phase, cost-risk analysis, deliverable, ease of use, evaluation, evaluation pass statement, evaluator, metric, monitoring and evaluation, operations security, pre-certification phase, process assurance, rating, risk analysis, risk management, scheme, security, security category, security fault analysis, site certification, strength of mechanisms, suitability of functionality, threat monitoring, verification,
asset: IncludedBy:target of evaluation,; Related:countermeasure,
assignment: IncludedBy:protection profile,
association: Related:risk,
assurance: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, security goals, target of evaluation,; Includes:assurance approach, assurance authority, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, assure, automated information system, confidence, configuration management, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, evidence, high assurance guard, identification and authentication, information assurance, infrastructure assurance, integrity, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, software quality assurance, test,; Related:Common Criteria, advanced self-protection jammer, augmentation, authentication, availability, bebugging, closed security environment, communications deception, component dependencies, component extensibility, component hierarchy, computer security, computing security methods, confidentiality, controlled access protection, data privacy, demilitarized zone, electronic protection, environmental failure protection, error seeding, exploit, extension, fetch protection, file protection, functional protection requirements, hardening, identity, information protection policy, information systems security manager, infrastructure protection, level of protection, lock-and-key protection system, minimum level of protection, network security, nonrepudiation, object, open security environment, package, physical protection, port protection device, privacy protection, product rationale, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, public-key infrastructure, purge, quality of protection, security evaluation, security objectives, security target, suspicious activity report, trusted computer system, trusted computing system, user, validation,
assurance approach: IncludedBy:assurance,
assurance authority: IncludedBy:assurance,
assurance component: IncludedBy:Common Criteria for Information Technology Security Evaluation, assurance, component,
assurance element: IncludedBy:assurance,
assurance level: IncludedBy:assurance,; Related:confidence, federation,
assurance method: IncludedBy:assurance,
assurance profile: IncludedBy:assurance,; Related:confidence,
assurance results: IncludedBy:assurance,
assurance scheme: IncludedBy:assurance,
assurance stage: IncludedBy:assurance,
assure: IncludedBy:assurance,; Related:ensure,
assured software
asymmetric algorithm: IncludedBy:algorithm, asymmetric cryptography,; Includes:Diffie-Hellman, Rivest-Shamir-Adleman, elliptic curve cryptosystem, private key, public key, public-key cryptography standards,
asymmetric cipher: IncludedBy:asymmetric cryptography, cipher,
asymmetric cryptographic algorithm: IncludedBy:encryption, key,
asymmetric cryptographic technique: IncludedBy:asymmetric cryptography,; Related:cipher, cryptographic system,
asymmetric cryptography: IncludedBy:cryptography,; Includes:asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public key derivation function, public key information, public key system,; Related:authentication, confidentiality, digital signature, encryption, integrity, key,
asymmetric encipherment system: IncludedBy:asymmetric cryptography, cipher, system,
asymmetric encryption algorithm: IncludedBy:asymmetric cryptography,; Related:cipher,
asymmetric key pair: IncludedBy:asymmetric cryptography,
asymmetric keys
asymmetric signature system: IncludedBy:asymmetric cryptography, system,
asynchronous attacks: IncludedBy:attack,
asynchronous communication: IncludedBy:communications,
asynchronous transfer mode: IncludedBy:security,; Related:networks,
attack: Antonym:security software,; IncludedBy:incident, risk, security, threat,; Includes:Attack Sensing and Warning, C2-attack, ICMP flood, IP splicing/hijacking, SYN flood, Star Trek attack, TTY watcher, active attack, application server attack, asynchronous attacks, attack potential, attack signature, attackers, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial of service, dictionary attack, eavesdropping, eavesdropping attack, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, keystroke monitoring, killer packets, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle, man-in-the-middle attack, masquerade attack, masquerading, mimicking, nak attack, off-line attack, on-line attack, online guessing attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attack, rootkit, scanning, scavenging, session hijack attack, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping,; Related:Diffie-Hellman, POP3 APOP, SOF-basic, SOF-high, SOF-medium, access control, agent, alert, anonymous, attack signature recognition, authentication header, authorization, authorized, availability, bastion host, blinding, checksum, compromise, computer emergency response team/ coordination center, cookies, countermeasure, cryptanalysis, elliptic curve cryptography, entropy, evasion, exploit, flaw hypothesis methodology, guessing entropy, handler, hash function, hijacking, honeypot, impact, indicator, internet, jamming, kerberos, key validation, mailbombing, manipulation detection code, min-entropy, networks, nonce, pharming, precursor, privacy system, protected checksum, remote administration tool, risk value, salt, scenario, security audit, security management infrastructure, signature, strength of a requirement, strength of function, strength of mechanisms, survivability, threat consequence, tiger team, traceability, trusted process, victim, vulnerability, vulnerability assessment, zombie,
attack potential: IncludedBy:attack,
Attack Sensing and Warning: IncludedBy:attack,; Related:authorized,
attack signature: IncludedBy:attack, attack signature recognition,; Related:audit,
attack signature recognition: IncludedBy:security software,; Includes:attack signature, virus signature,; Related:attack,
attackers: IncludedBy:attack,; Related:min-entropy,
attribute: Related:quality,
attribute authority: IncludedBy:public-key infrastructure,; Related:certificate, trust,
attribute certificate: IncludedBy:certificate,; Related:cryptography, digital signature, identification, key,
attribute sampling
audit: IncludedBy:security,; Includes:audit charter, audit data, audit plan, audit program, audit record, audit service, audit software, audit trail, audit/review, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, multihost based auditing, security audit, test, vulnerability audit,; Related:Identification Protocol, access control, accountability, alert, application proxy, archive, attack signature, confidence, distributed computing environment, functional component, gap analysis, host based, identify, independence, intrusion detection, intrusion detection system, key management, key-escrow, keystroke monitoring, login, network based, network component, population, sas 70 report, secure single sign-on, security features, security software, sniffer, system security officer, threat monitoring, trust, vulnerability analysis, work program,
audit charter: IncludedBy:audit,
audit data: IncludedBy:audit,
audit plan: IncludedBy:audit,
audit program: IncludedBy:audit,
audit record: IncludedBy:audit,
audit service: IncludedBy:audit,
audit software: IncludedBy:audit, software,
audit trail: IncludedBy:audit, threat monitoring,; Includes:automated information system, console logs, security audit trail,; Related:access control, authorized, communications security, computer security, evidence, login, user,; Synonym:logging,
audit/review: IncludedBy:audit,; Related:identify,
auditing tool: IncludedBy:audit,; Related:networks, passwords,
augmentation: Related:assurance,
authentic signature: Related:digital signature, trust,
authenticate: IncludedBy:authentication,; Related:access control, authorized, certificate, digital signature, identity, integrity, networks, public-key infrastructure, user,
authentication: IncludedBy:quality of protection, security,; Includes:3-factor authentication, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, SAML authentication assertion, Simple Authentication and Security Layer, authenticate, authentication code, authentication data, authentication exchange, authentication header, authentication header protocol, authentication protocol, authentication service, authentication system, authentication token, authentication tools, biometric authentication, challenge and reply authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, electronic authentication, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification, identification authentication, implicit key authentication from A to B, key authentication, logon, low-cost encryption/authentication device, message authentication code, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication,; Related:COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Protocol security, Internet Security Association and Key Management Protocol, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access control, account authority digital signature, active attack, anonymous and guest login, assurance, asymmetric cryptography, authenticity, authorization, authorized, biometric measurement, biometrics, call back, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge-response protocol, challenge/response, claimant, code, common data security architecture, communications security, computer cryptography, confidence, credentials, critical security parameters, crypto-algorithm, cryptographic key, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distributed computing environment, domain name system, dongle, eavesdropping attack, electronic credentials, encapsulating security payload, entity, exchange multiplicity parameter, fingerprint, fraud, handshaking procedures, hash function, impersonation, individual electronic accountability, information assurance, information systems security, integrity, interleaving attack, keyed hash, keyed hash algorithm, keying material, man-in-the-middle, man-in-the-middle attack, masquerading, message integrity code, network component, non-repudiation service, nonce, nonrepudiation, object, off-line attack, on-line attack, one-time passwords, origin authenticity, passive attack, password system, passwords, point-to-point protocol, practice statement, pretty good privacy, privacy enhanced mail, proof of possession protocol, protection suite, proxy, proxy server, public-key forward secrecy, public-key infrastructure, realm, registration, registration authority, replay attack, sandboxed environment, secret, secure shell, secure socket layer, secure sockets layer, security assertion mark-up language, security association identifier, security controls, security mechanism, session hijack attack, shared secret, simple network management protocol, single sign-on, software, spoofing, symmetric key, system entity, system entry, test, third party trusted host model, tokens, transport layer security, trust, trusted third party, user, user identifier, validate vs. verify, verifier, verifier impersonation attack, vulnerability, zero-knowledge password protocol,
authentication code: IncludedBy:authentication,; Related:cryptography, encryption, integrity, software,
authentication data: IncludedBy:authentication,; Related:identity,
authentication exchange: IncludedBy:authentication,; Related:identity,
authentication header: IncludedBy:Internet Protocol security, authentication, security protocol,; Related:attack, confidentiality, integrity,; Synonym:authentication header protocol,
authentication header protocol: IncludedBy:authentication,; Related:Internet Protocol security,; Synonym:authentication header,
authentication information: IncludedBy:3-factor authentication,; Related:identity,
authentication protocol: IncludedBy:authentication,; Related:identity,
authentication service: IncludedBy:authentication,; Related:identity, networks,
authentication system: IncludedBy:authentication, system,; Related:cryptographic system, cryptography,
authentication token: IncludedBy:authentication, tokens,
authentication tools: IncludedBy:authentication, security software,
authenticator: Related:identity,
authenticity: IncludedBy:integrity,; Related:authentication, confidence, identity, trust,
authority: Related:certificate, certification, public-key infrastructure,
authority certificate: IncludedBy:certificate,; Related:certification,
authority revocation list: Related:certificate, key,
authorization: IncludedBy:user,; Includes:ACL-based authorization, access control, authorization to process, authorize processing, authorized, delegation, list-oriented, multilevel security, need to know determination, permissions, pre-authorization, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented,; Related:Bell-LaPadula security model, Identification Protocol, RA domains, Remote Authentication Dial-In User Service, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, accreditation, acquirer, approval/accreditation, attack, authentication, category, certificate update, closed security environment, covert channel, cracker, credentials, dedicated security mode, eavesdropping, hacker, identity, insider, interface control document, interim accreditation, internal system exposure, intruder, intrusion, intrusion detection, key-escrow system, management controls, mode of operation, modes of operation, multilevel secure, multilevel security mode, open security environment, partitioned security mode, passwords, payment gateway, periods processing, personality label, personnel security, privilege management infrastructure, registration, risk index, risk management, security, security assertion mark-up language, security clearance, security intrusion, security management infrastructure, simple network management protocol, system-high security mode, trojan horse, trust, user partnership program, vulnerability,
authorization to process: IncludedBy:authorization,
authorize processing: IncludedBy:authorization,; Related:assessment, risk,
authorized: IncludedBy:authorization,; Includes:authorized person, authorized user, authorized vendor, authorized vendor program, unauthorized disclosure,; Related:ACH debit fraud, Attack Sensing and Warning, Automated Information System security, Bell-LaPadula model, Bell-LaPadula security model, COMSEC equipment, COMSEC facility, Escrowed Encryption Standard, FIPS PUB 140-1, IP splicing/hijacking, IS related risk, IT security database, IT security incident, IT-related risk, PIV issuer, SOCKS, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, U.S.-controlled facility, U.S.-controlled space, acceptance criteria, access category, access control, access control list, access control mechanism, access control service, access list, access mediation, active wiretapping, adequate security, administrative access, administrative security, anonymous, application controls, application server attack, approved test methods list, attack, audit trail, authenticate, authentication, automated security incident measurement, availability, between-the-lines-entry, browse access protection, call back, call back security, capability, certification, certification authority, change control and life cycle management, classified, classified information, clearance, client server, communications security, compromise, compromised key list, computer abuse, computer intrusion, computer security intrusion, confidentiality, configuration control, control zone, controlled access area, controlled space, covert channel, covert channel analysis, critical system, cryptography, cryptoperiod, data compromise, data confidentiality, data confidentiality service, data integrity, data integrity service, data security, deception, deliberate exposure, demon dialer, denial of service, designated, designated laboratories list, disaster plan, disclosure of information, discretionary access control, downgrade, eavesdropping, egress point, electronic security, emanations security, emissions security, encryption, entry control, exposure, extranet, failure access, false acceptance rate, falsification, fetch protection, file protection, file security, firewall, fishbowl, frequency hopping, guard, hacker, hacking, honeypot, human error, identity, impact, impersonation, implant, inadvertent disclosure, inference, information assurance product, information security, information systems security, insertion, insider, integrity, integrity policy, intelligence activities, interception, internal security controls, intranet, intrusion, intrusion detection, intrusion detection system, intrusion detection tools, issuer, key distribution service, key recovery, leakage, least privilege, list-oriented, logic bomb, logical access, logical access control, logoff, logon, major application, malicious applets, malicious code, malicious logic, malicious program, malware, masquerade, masquerading, media protection, misappropriation, mission critical, mode of operation, modes of operation, motivation, national security information, need to know determination, network security, no-lone zone, open storage, operational data security, overt channel, passive, passive attack, passive threat, passwords, penetration, permissions, phage, physical and environmental protection, physical security, piggyback, piggyback entry, privacy, privileged access, privileged process, probe, protected network, protection ring, regrade, remote access, risk, rogue device, safeguarding statement, scavenging, secrecy policy, secret, secure state, security, security compromise, security incident, security violation, segregation of duties, sensitive information, session hijacking, signature, social engineering, split knowledge, sponsor, spoof, spoofing, subcommittee on Automated Information System security, subcommittee on telecommunications security, subject, substitution, superuser, system integrity, system integrity service, system security officer, system-high security mode, tamper, tamper resisting, tampering, tcpwrapper, theft of data, theft of functionality, theft of service, threat, ticket-oriented, time bomb, traditional INFOSEC program, trespass, trojan horse, trusted agent, trusted computing base, trusted identification forwarding, two-person control, two-person integrity, unclassified, unforgeable, user representative, usurpation, violation of permissions, vulnerability,
authorized person: IncludedBy:authorized,; Related:classified,; Synonym:authorized user,
authorized user: IncludedBy:authorized,; Synonym:authorized person,
authorized vendor: IncludedBy:authorized,; Related:cryptography,
authorized vendor program: IncludedBy:authorized,
authorizing official: Related:risk,
auto-manual system: IncludedBy:system,
automated clearing house
automated data processing: HasPreferred:automated information system,
automated data processing security: HasPreferred:Automated Information System security,
automated data processing system: IncludedBy:automated information system, system,; Related:software,
automated information system: IncludedBy:accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, modes of operation, security, system,; Includes:Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed data processing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, life cycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, networks, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation,; PreferredFor:IT system, automated data processing,; Related:American National Standards Institute, American Standard Code for Information Interchange, PCMCIA, application system, backus-naur form, computer, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, network protocol stack, nibble, object code, object-oriented programming, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload,
Automated Information System security: IncludedBy:automated information system, risk management, subcommittee on Automated Information System security, system,; Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards,; PreferredFor:automated data processing security,; Related:authorized, denial of service, security software, software,; Synonym:computer security,
automated key distribution: IncludedBy:key, key management,; Related:networks,
automated key management center: IncludedBy:key,
automated key management system: IncludedBy:key, system,
automated logon sequences: IncludedBy:logon,; Related:user,
automated office support systems: IncludedBy:system,
automated security incident measurement: IncludedBy:incident, security software,; Related:authorized, networks,
automated security monitoring: IncludedBy:risk management, security software,; Related:classified, software,
automatic digital network: IncludedBy:networks,
automatic key distribution center: IncludedBy:key,
automatic key distribution/rekeying control unit: IncludedBy:key, rekey,
automatic log-on
automatic remote rekeying: IncludedBy:key, rekey,
autonomous message switch
auxiliary power unit
auxiliary vector
availability: IncludedBy:risk management, security, security goals,; Includes:application data backup/recovery, availability of data, availability service, business continuity plan, business impact analysis, contingency planning, continuity of operations, environmentally controlled area, fire barrier, fire suppression system, object, privacy, authentication, integrity, non-repudiation, recovery, system retention/backup, token backup,; Related:Common Criteria for Information Technology Security, IT security, IT security controls, IT security incident, National Computer Security Center, access control, application server attack, assurance, attack, authorized, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial of service, entry-level certification, failure, fault tolerant, hardening, high-impact system, impact, incident, information assurance, information security, intrusion, levels of concern, line managers, low-impact system, maintainability, malware, mid-level certification, minimum essential infrastructure, mirroring, moderate-impact system, post-accreditation phase, potential impact, redundant control server, reliability, remediation, requirements for procedures and standards, resource starvation, retro-virus, security category, security controls, security event, security policy, security requirements, simple network management protocol, software, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, user, vaulting, vulnerability,
availability of data: IncludedBy:availability,; Related:user,
availability service: IncludedBy:availability,; Related:access control,
back up vs. backup: IncludedBy:backup, contingency plan,
backdoor: IncludedBy:malicious code,; Related:access control, login, privileged, risk, security, software,; Synonym:trap door,
backup: IncludedBy:recovery,; Includes:application data backup/recovery, back up vs. backup, backup generations, backup operations, backup plan, backup procedures, card backup, system retention/backup, token backup,; Related:archive, archiving, contingency plan, contingency planning, fallback procedures, key recovery, mirroring, operations manager, redundancy, redundant control server, remediation, retro-virus, security event, token management, vaulting,
backup generations: IncludedBy:backup, contingency plan,
backup operations: IncludedBy:backup, contingency plan,; Related:business process,
backup plan: IncludedBy:backup, contingency plan,
backup procedures: IncludedBy:backup, recovery,; Related:failure,
backus-naur form: Related:automated information system,
baggage: IncludedBy:Secure Electronic Transaction,; Related:encryption,
bandwidth: PreferredFor:information rate,; Related:channel capacity, communications, networks,
bank identification number: IncludedBy:Secure Electronic Transaction, identification,; Related:identify,
banking and finance: IncludedBy:critical infrastructures,
banner
banner grabbing
bar code
barograph
barometer
baseline: IncludedBy:security,; Includes:baseline architecture, baseline controls, baseline management, baselining, security requirements baseline,; Related:as is process model, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version,
baseline architecture: IncludedBy:baseline,
baseline controls: IncludedBy:baseline,; Related:security controls,
baseline management: IncludedBy:baseline, configuration management,; Related:identify,
baselining: IncludedBy:baseline,
basic component: IncludedBy:component,
Basic Encoding Rules: IncludedBy:Abstract Syntax Notation One,; Includes:Distinguished Encoding Rules,
bastion host: IncludedBy:automated information system, firewall,; Related:access control, attack, networks, software,
batch mode: IncludedBy:automated information system,
batch process: Related:subject,
batch processing: IncludedBy:automated information system,
bebugging: Related:assurance, test,; Synonym:error seeding,
Bell-LaPadula model: HasPreferred:Bell-LaPadula security model,; Related:access control, authorized, classified,
Bell-LaPadula security model: IncludedBy:formal security policy model, model, security model,; Includes:*-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject,; PreferredFor:Bell-LaPadula model, tranquility property,; Related:access control, authorization, authorized, classification level, classified, computer security, confinement property,
benchmark: Related:business process, evaluation, software, test,
benchmarking: Related:identify, quality,
benign: Related:access control, compromise, countermeasure, cryptography,
benign environment: Related:countermeasure, security,
best practices: IncludedBy:risk management,; Related:business process, identify, recommended practices,
between-the-lines-entry: IncludedBy:attack,; Includes:piggyback,; Related:access control, authorized, unauthorized access,
beyond A1: IncludedBy:trusted computer system,; Related:evaluation, security,
bias
Biba Integrity model: IncludedBy:formal security policy model, integrity, model,; Synonym:Biba model,
Biba model: IncludedBy:model,; Related:integrity, trust,; Synonym:Biba Integrity model,
big-endian: IncludedBy:automated information system,
bilateral trust: IncludedBy:public-key infrastructure, trust,; Related:business process,
bill payment: Related:internet,
bill presentment: Related:internet,
bind: Related:certificate, digital signature, key, public-key infrastructure,
binding: Related:cryptography, identity, key, security, trust,
binding of functionality: IncludedBy:target of evaluation,; Related:assessment, security,
binding of security functionality: IncludedBy:security,
biometric authentication: IncludedBy:authentication, biometrics,; Includes:thumbprint,; Related:3-factor authentication,
biometric information: IncludedBy:biometrics,
biometric measurement: IncludedBy:biometrics,; Related:authentication, identity, user,
biometric system: IncludedBy:biometrics,; Related:identity, user,
biometric template: IncludedBy:biometrics,
biometrics: IncludedBy:security,; Includes:biometric authentication, biometric information, biometric measurement, biometric system, biometric template, capture, comparisons, false acceptance rate, match, minutiae,; Related:authentication, identify, identity,
bit: IncludedBy:automated information system,
bit error rate: Related:communications,
bit forwarding rate: Related:allowed traffic, goodput, illegal traffic, rejected traffic, test, unit of transfer,
BLACK: Related:cipher, classified, communications security, cryptography, security,
black-box testing: IncludedBy:security testing, test,; Related:analysis, functional test case design, functional testing, software, stress testing,
blacklist: Related:threat,
blended attack: IncludedBy:attack,
blinding: Related:attack,
block
block chaining: Related:cipher,; Synonym:cipher block chaining,
block cipher: IncludedBy:cipher,; Related:encryption, key,
block cipher key: IncludedBy:cipher, key,
Blowfish: IncludedBy:symmetric cryptography,; Related:cipher, key,
blue box devices: IncludedBy:threat,
blue team: Related:security, security testing,
bomb: IncludedBy:threat,; Related:failure, software,
boot sector virus: IncludedBy:virus,
bounce: Related:email,
boundary: Related:access control,
boundary host: Related:access control,
boundary value: Related:stress testing,
boundary value analysis: IncludedBy:analysis,; Related:security testing, test,
boundary value coverage: Related:test,
boundary value testing: IncludedBy:security testing, test,
branch coverage: Related:test,
brand: IncludedBy:Secure Electronic Transaction,; Related:networks,
brand certification authority: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certification,
brand CRL identifier: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:digital signature,
breach: IncludedBy:threat,; Related:access control, penetration, security,
break: Related:analysis, cryptography, encryption, key, networks,
brevity list
bridge: Related:router,
British Standard 7799: Related:certification, security,
broadband network: IncludedBy:networks,
broadcast
brouters: Related:networks,
browse access protection: IncludedBy:access control,; Related:authorized,
browser: IncludedBy:world wide web,
browsing: IncludedBy:attack,
brute force: IncludedBy:attack,; Related:analysis, cipher, cryptography, key,
brute force attack: IncludedBy:attack,; Related:analysis, cipher, cryptography,
buffer overflow: IncludedBy:threat,; Related:access control,
bug: IncludedBy:threat,; Related:anomaly, defect, error, exception, fault,
bulk encryption: IncludedBy:encryption,
bulletin board services (systems): IncludedBy:system,
business areas
business case: IncludedBy:business process,; Related:analysis, risk,
business continuity plan: IncludedBy:availability, business process,; Related:risk,
business disruption and system failures: IncludedBy:operational risk loss,
business impact analysis: IncludedBy:analysis, availability, business process, risk analysis,; Related:identify,
business process: Includes:activity-based costing, business case, business continuity plan, business impact analysis, business process improvement, business process reengineering, constructive cost model, cost reimbursement contract, cost-risk analysis, cost/benefit, cost/benefit analysis, rolling cost forecasting technique,; Related:as is process model, backup operations, benchmark, best practices, bilateral trust, change management, contingency plan, continuity of services and operations, core or key process, hardening, integrity, legacy systems, mission critical system, process management approach, recovery site, remediation, simulation modeling, to be process model, total quality management, workload, world class organizations,
business process improvement: IncludedBy:business process, quality,
business process reengineering: IncludedBy:business process,; Related:quality,
bypass label processing
byte: IncludedBy:automated information system,
C2-attack: IncludedBy:attack,; Related:C2-protect,
C2-protect: IncludedBy:Orange book, security,; Related:C2-attack, command and control,
CA certificate: IncludedBy:certificate,; Related:digital signature, key,
call back: IncludedBy:security,; Related:access control, authentication, authorized, identify,
call back security: IncludedBy:security,; Related:authorized, identify,
Canadian Trusted Computer Product Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, trust,
candidate TCB subset: IncludedBy:trusted computing base,; Includes:object, subject,; Related:evaluation, identification, software,
canister
capability: Includes:object,; Related:access control, authorized, certificate, critical infrastructures, public-key infrastructure, risk, tokens,
capacity
CAPSTONE chip: IncludedBy:National Security Agency,; Related:Fortezza, cryptography, key,
capture: IncludedBy:biometrics,; Related:user,
card backup: HasPreferred:token backup,; IncludedBy:backup,
card initialization: Related:tokens,
card personalization: Related:tokens,
cardholder: IncludedBy:Secure Electronic Transaction,; Related:software,
cardholder certificate: IncludedBy:Secure Electronic Transaction, certificate,; Related:encryption, tokens,
cardholder certification authority: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certificate, certification, tokens,
cascading: Related:accreditation, networks,
CASE tools: Related:model, security testing, software, test,
CAST: IncludedBy:symmetric cryptography,; Related:encryption,
category: Includes:object,; Related:access control, authorization, privileged, security,
cause and effect diagram: HasPreferred:fishbone diagram,
CCI assembly: Related:communications security, cryptography,
CCI component: Related:communications security, cryptography,
CCI equipment: Related:communications, communications security, cryptography,
CCITT: IncludedBy:ITU-T,
cell
cellular telephone
cellular transmission: Related:communications, networks,
center for information technology excellence
central office of record: Related:communications security,
central processing unit: IncludedBy:automated information system,
centralized authorization: IncludedBy:access control,
centralized data processing: IncludedBy:automated information system,
centralized operations
centrally-administered network: IncludedBy:networks,
certificate: IncludedBy:Secure Electronic Transaction, certification authority, multilevel information systems security initiative, pretty good privacy, privacy enhanced mail, user, web of trust,; Includes:CA certificate, X.509 attribute certificate, X.509 certificate, X.509 public-key certificate, attribute certificate, authority certificate, cardholder certificate, cross-certificate, digital certificate, encryption certificate, merchant certificate, organizational certificate, public-key certificate, root certificate, self-signed certificate, signature certificate, trusted certificate, v1 certificate, v2 certificate, v3 certificate, valid certificate,; Related:ABA Guidelines, Abstract Syntax Notation One, Cryptographic Message Syntax, Distinguished Encoding Rules, Federal Public-key Infrastructure, MISSI user, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, RA domains, SET private extension, SET qualifier, X.500 Directory, X.509, X.509 authority revocation list, X.509 certificate revocation list, accreditation, archive, attribute authority, authenticate, authority, authority revocation list, bind, capability, cardholder certification authority, certificate authority, certificate chain, certificate chain validation, certificate creation, certificate expiration, certificate extension, certificate holder, certificate management, certificate owner, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate revocation list, certificate revocation tree, certificate serial number, certificate status responder, certificate update, certificate user, certificate validation, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, certify, common name, compromised key list, critical, cross-certification, cryptoperiod, delta CRL, digital id, directory vs. Directory, distinguished name, distribution point, domain, end entity, evaluation, extension, geopolitical certificate authority, hierarchy management, identity, indirect certificate revocation list, invalidity date, issue, issuer, key, key lifetime, key material identifier, merchant certification authority, mesh PKI, online certificate status protocol, organizational registration authority, path discovery, path validation, payment gateway certification authority, personality label, policy, policy approving authority, policy creation authority, policy mapping, privilege management infrastructure, registration, registration authority, relying party, repository, revocation, revocation date, root, secure hypertext transfer protocol, security event, security testing, slot, strong authentication, subject, subordinate certification authority, test, ticket, token management, trust-file PKI, trusted key, unforgeable, v1 CRL, v2 CRL, valid signature, validate vs. verify, validity period, world wide web,
certificate authority: HasPreferred:certification authority,; IncludedBy:public-key infrastructure,; Related:certificate, certification, test,
certificate authority workstation
certificate chain: Related:certificate, certification, public-key infrastructure,
certificate chain validation: Related:certificate, public-key infrastructure,
certificate creation: IncludedBy:public-key infrastructure,; Related:certificate,
certificate directory: IncludedBy:public-key infrastructure,
certificate domain: Related:security,
certificate domain parameters: Related:cryptography, public-key infrastructure,
certificate expiration: PreferredFor:expire,; Related:certificate, public-key infrastructure,
certificate extension: IncludedBy:extension,; Related:certificate,
certificate holder: Related:certificate,
certificate management: IncludedBy:public-key infrastructure,; Related:certificate, key, rekey,
certificate management services: Related:public-key infrastructure,
certificate owner: Related:certificate, world wide web,
certificate policy: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:authentication, certificate, key, trust,
certificate policy qualifier: IncludedBy:public-key infrastructure,; Related:certificate, key,
certificate reactivation: IncludedBy:public-key infrastructure,; Related:certificate,
certificate rekey: IncludedBy:multilevel information systems security initiative, public-key infrastructure, rekey,; Related:certificate, key,
certificate renewal: IncludedBy:public-key infrastructure,; PreferredFor:renew,; Related:certificate, key, rekey,
certificate request: IncludedBy:public-key infrastructure,; Related:certificate, certification,
certificate revocation: IncludedBy:public-key infrastructure,; Includes:revocation,; PreferredFor:revoke,; Related:certificate,
certificate revocation list: IncludedBy:certification authority, user,; Related:accreditation, authentication, certificate, evaluation, identify, key,
certificate revocation tree: Related:certificate, hash,
certificate serial number: PreferredFor:serial number,; Related:certificate,
certificate status responder: IncludedBy:public-key infrastructure,; Related:authentication, certificate, trust,
certificate update: IncludedBy:public-key infrastructure,; Related:authorization, certificate, key, rekey,
certificate user: IncludedBy:user,; Related:certificate, key,
certificate validation: IncludedBy:public-key infrastructure,; Related:certificate, certification, digital signature, key, trust,
certification: IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative,; Includes:IT security certification, accreditation, automated information system, certification agent or certifier, certification authority, certification body, certification package, certification phase, entry-level certification, evaluation, mid-level certification, payment gateway certification authority, pre-certification phase, requirements, security certification level, site certification, top-level certification,; Related:British Standard 7799, Internet Policy Registration Authority, MISSI user, PIV registrar, RA domains, SET qualifier, SSO PIN, assessment, authority, authority certificate, authorized, brand certification authority, cardholder certification authority, certificate authority, certificate chain, certificate request, certificate validation, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, computer security, extension, external security controls, geopolitical certificate authority, hierarchical PKI, hierarchy management, hierarchy of trust, key, merchant certification authority, path discovery, path validation, penetration test, policy approving authority, policy certification authority, policy creation authority, pre-authorization, privacy enhanced mail, public-key certificate, public-key infrastructure, root, root certificate, security event, security program manager, security test & evaluation, security testing, subordinate certification authority, test, top CA, trust, trust chain, trust hierarchy, trust-file PKI, trusted certificate, trusted key, validate vs. verify,
certification agent or certifier: IncludedBy:certification,; Related:risk, security,
certification and accreditation: IncludedBy:accreditation, evaluation, requirements, risk,
certification authority: IncludedBy:certification, public-key infrastructure, trust,; Includes:certificate, certificate revocation list, credentials, cross-certification, nonrepudiation, root CA,; PreferredFor:certificate authority,; Related:PIV issuer, authorized, identity, identity credential issuer, key, user,
certification authority digital signature: IncludedBy:public-key infrastructure,; Related:authentication,
certification authority workstation: IncludedBy:public-key infrastructure,; Related:certificate, certification,
certification body: IncludedBy:certification,
certification hierarchy: IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative, public-key infrastructure,; Related:certificate, certification, internet, key,
certification package: IncludedBy:certification,; Related:assessment,
certification path: IncludedBy:public-key infrastructure,; Related:certificate, certification, digital signature, key, trust,
certification phase: IncludedBy:certification,; Related:accreditation, assessment, security, verification,
certification policy: Related:certificate, certification, public-key infrastructure,
certification practice statement: IncludedBy:public-key infrastructure,; Related:certificate, certification, trust,
certification request: IncludedBy:public-key infrastructure,; Related:certificate, certification, key,
certification service: IncludedBy:public-key infrastructure,
certification test and evaluation: IncludedBy:evaluation, test,
certificaton authority: IncludedBy:public-key infrastructure,
certified information systems security professional: IncludedBy:computer security, system,
certified TEMPEST technical authority: IncludedBy:TEMPEST,
certifier: Related:accreditation, identify, risk,
certify: Related:certificate, identity, key, public-key infrastructure,
CGI scripts: IncludedBy:common gateway interface, software, threat, world wide web,
chain letter: IncludedBy:threat,; Related:user,
challenge: IncludedBy:challenge/response,
challenge and reply authentication: IncludedBy:authentication,
Challenge Handshake Authentication Protocol: IncludedBy:authentication, challenge/response, security protocol,; Related:cryptography, hash, key,
Challenge-Response Authentication Mechanism: IncludedBy:authentication, challenge/response,; Related:hash, key, shared secret,
challenge-response protocol: Related:authentication,
challenge/response: IncludedBy:user,; Includes:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, challenge,; Related:3-factor authentication, Extensible Authentication Protocol, IMAP4 AUTHENTICATE, POP3 AUTH, authentication, identity, tokens,
change control and life cycle management: IncludedBy:software development,; Related:authorized,
change management: Related:business process, security testing, test,
channel: Includes:communication channel, covert channel, covert storage channel, covert timing channel, exploitable channel, internal communication channel, overt channel, security-compliant channel, trusted channel,
channel capacity: Related:bandwidth, communications,
channel scanning: Related:intrusion, intrusion detection,
check character: IncludedBy:error detection code,; Includes:check character system,
check character system: IncludedBy:check character, system,
check digits
check word: Related:cipher, cryptography, check_password
check_password: IncludedBy:attack,; Related:passwords,
checksum: IncludedBy:integrity,; Related:attack, confidence, countermeasure, cryptography, hash, networks,
Chernobyl packet: IncludedBy:threat,; Related:networks,
chief information agency officer
chief information officer
chosen-ciphertext attack: IncludedBy:attack, cipher,; Related:analysis, key,
chosen-plaintext attack: IncludedBy:attack,; Related:analysis, cipher, cryptography, key,
cipher: IncludedBy:encryption,; Includes:Rivest Cipher 2, Rivest Cipher 4, asymmetric cipher, asymmetric encipherment system, block cipher, block cipher key, chosen-ciphertext attack, cipher block chaining, cipher feedback, cipher text auto-key, ciphertext, ciphertext key, ciphertext-only attack, decipher, decipherment, encipher, encipherment, encipherment algorithm, n-bit block cipher, private decipherment key, private decipherment transformation, public encipherment key, public encipherment transformation, stream cipher, symmetric encipherment algorithm,; Related:BLACK, Blowfish, Data Authentication Algorithm, Data Encryption Algorithm, El Gamal algorithm, RED/BLACK separation, Rivest-Shamir-Adleman, Skipjack, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, brute force, brute force attack, check word, chosen-plaintext attack, ciphony, cleartext, code, controlled access area, cryptanalysis, crypto-algorithm, cryptographic key, cryptographic synchronization, cryptographic system, cryptography, cut-and-paste attack, data encryption key, decrypt, decryption, encode, encrypt, encryption algorithm, feedback buffer, initialization value, initialization vector, initializing value, intelligent threat, key, key generator, key stream, known-plaintext attack, message authentication code vs. Message Authentication Code, mode of operation, one-time pad, one-way encryption, out-of-band, plain text, private key, public key, public-key certificate, public-key cryptography, secret-key cryptography, semantic security, superencryption, traffic encryption key, triple DES,
cipher block chaining: IncludedBy:cipher,; Synonym:block chaining,
cipher feedback: IncludedBy:cipher, cryptography,
cipher text auto-key: IncludedBy:cipher, key,
ciphertext: IncludedBy:cipher,; Related:encryption,
ciphertext key: HasPreferred:encrypted key,; IncludedBy:cipher,
ciphertext-only attack: IncludedBy:attack, cipher,; Related:analysis, key,
ciphony: Related:cipher,
circuit control officer
circuit level gateway: Related:firewall,; Synonym:circuit proxy,
circuit proxy: IncludedBy:firewall, proxy,; Synonym:circuit level gateway,
circuit switching: Related:communications, networks,
civil liberties
claimant: Related:authentication, identity,
Clark Wilson integrity model: IncludedBy:integrity, model,; Related:access control, software,
class 2, 3, 4, or 5: IncludedBy:public-key infrastructure,; Related:classified, identification, key, tokens,
class
class hierarchy: Related:networks,
class object
classification: HasPreferred:classification level,; IncludedBy:classified,
classification level: Includes:default classification, secret, sensitive, sensitive but unclassified, trust level,; PreferredFor:classification,; Related:Bell-LaPadula security model, Internet Protocol Security Option, clearance level, compartment, confinement property, controlled security mode, dedicated security mode, dominated by, dominates, downgrade, lattice model, mode of operation, modes of operation, multilevel security, multilevel security mode, non-discretionary security, regrade, risk index, sanitize, security, security label, security level, security situation, sensitivity label, system-high security mode, user,
classified: IncludedBy:security,; Includes:classification, classified information, default classification,; Related:BLACK, Bell-LaPadula model, Bell-LaPadula security model, CRYPTO, Data Encryption Standard, Escrowed Encryption Standard, FIPS PUB 140-1, Federal Public-key Infrastructure, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, National Institute of Standards and Technology, National Security Agency, RED, Skipjack, Trusted Computer System Evaluation Criteria, Type I cryptography, Type II cryptography, access control, advanced encryption standard, authorized, authorized person, automated security monitoring, class 2, 3, 4, or 5, clearing, compartment, compartmentalization, confidentiality, confinement property, contamination, controlled cryptographic item, controlled security mode, data aggregation, dedicated mode, dedicated security mode, dominated by, dominates, downgrade, false positive, information category, inspectable space, key-escrow system, lattice model, mandatory access control, mission critical, mode of operation, modes of operation, multilevel security, multilevel security mode, multiuser mode of operation, national security information, national security system, non-discretionary security, operations security, periods processing, personnel security, protected distribution systems, purge, regrade, risk index, safeguarding statement, sanitize, secret key, secure operating system, security clearance, security incident, security label, security level, security situation, sensitive information, sensitivity label, stratified random sample, system-high security mode, trusted computer system, type 1 product, type 2 product,
classified information: IncludedBy:access control, classified,; Related:authorized,
classified information spillage
clean system: IncludedBy:system,; Related:compromise, risk, security, software, trust,
clearance: HasPreferred:security clearance,; Related:access control, authorized,
clearance level: Related:access control, classification level, security, security clearance,
clearing: Related:classified,
cleartext: Antonym:encryption,; PreferredFor:plain text,; Related:cipher,
client: Related:access control,
client server: IncludedBy:automated information system,; Related:access control, authorized, communications, model,
clients, products, and business practices: IncludedBy:operational risk loss,; Related:requirements,
Clipper chip: IncludedBy:National Institute of Standards and Technology, National Security Agency,; Includes:Law Enforcement Access Field,; Related:cryptography, encryption, key, tamper,
closed security environment: IncludedBy:security, software development,; Related:assurance, authorization,
closed user group: IncludedBy:user,
cluster controller
cluster sample
coaxial cable
code: Related:authentication, cipher, communications security, encryption, hash, message authentication code,
code amber: IncludedBy:critical infrastructures, threat,
code book: Related:encryption,
code coverage: Related:analysis, test,
code division multiple access: IncludedBy:security,; Related:cryptography,
code green: IncludedBy:critical infrastructures,
code group
code red: IncludedBy:critical infrastructures, threat,
code vocabulary
coded switch system: IncludedBy:system,
coding: Related:software,
coefficient of variation
cold site: IncludedBy:disaster recovery,; Related:hot site,
cold start: Related:cryptography, user,
collaborative computing
collision-resistant hash function: IncludedBy:hash,
color change
command and control: IncludedBy:control,; Includes:command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, global command and control system, nuclear command and control document,; Related:C2-protect, Defense Information Infrastructure,
command and control warfare: IncludedBy:command and control, warfare,; Related:security,
command authority
command, control, and communications: IncludedBy:command and control, communications,
command, control, communications and computers: IncludedBy:command and control, communications,
command, control, communications and intelligence: IncludedBy:command and control, communications,
Commercial COMSEC: IncludedBy:communications security,; Related:evaluation,
Commercial COMSEC Endorsement Program: IncludedBy:communications security,
Commercial COMSEC Evaluation Program: IncludedBy:communications security,
commercial off the shelf: Includes:COTS software,
commercial off the shelf software: Synonym:COTS software,
commercial software: IncludedBy:software,
Committee of sponsoring organizations (of the Treadway Commission)
Common Criteria: Related:assurance, computer security, information assurance,; Synonym:Common Criteria for Information Technology Security,
Common Criteria for Information Technology Security: IncludedBy:National Institute of Standards and Technology, computer security, security,; Includes:Common Criteria for Information Technology Security Evaluation, National Information Assurance Partnership,; Related:National Security Agency, assessment, availability, confidentiality, cryptography, emanation, emanations security, evaluation, integrity, networks, software, threat, trust,; Synonym:Common Criteria,
Common Criteria for Information Technology Security Evaluation: IncludedBy:Common Criteria for Information Technology Security, computer security, criteria, evaluation,; Includes:Canadian Trusted Computer Product Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria, assurance component, common criteria version 1.0, common criteria version 2.0, component dependencies, component extensibility, component hierarchy, component operations, evaluation assurance level, functional component, protection profile, security target, trusted gateway,; Related:assessment, risk,
Common Criteria Testing Laboratory: IncludedBy:National Information Assurance Partnership, security testing, test,; Includes:Monitoring of Evaluations, Scope of Accreditation, Validation Certificate, approved technologies list, approved test methods list, deliverables list, designated laboratories list, designating authority, designation policy, evaluation technical report, evaluation work plan, observation reports,; Related:accreditation, computer security, evaluation,
Common Criteria Testing Program: IncludedBy:National Information Assurance Partnership, security testing, test,; Related:evaluation,
common criteria version 1.0: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Related:computer security,
common criteria version 2.0: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Related:computer security,
common data security: IncludedBy:common data security architecture,
common data security architecture: Includes:common data security, common security, common security services manager, cryptographic service, cryptographic service providers,; PreferredFor:communication and data security architecture,; Related:authentication,
Common Evaluation Methodology: IncludedBy:National Information Assurance Partnership, evaluation,
common fill device
common gateway interface: IncludedBy:world wide web,; Includes:CGI scripts,; Related:access control,
common interswitch rekeying key: IncludedBy:key, rekey,
Common IP Security Option: IncludedBy:security,
common name: IncludedBy:public-key infrastructure,; Related:certificate, key,
common security: IncludedBy:common data security architecture,; Related:integrity, public-key infrastructure, trust,
common security services manager: IncludedBy:common data security architecture,
common vulnerabilities and exposures: IncludedBy:exposure, vulnerability,
communication and data security architecture: HasPreferred:common data security architecture,
communication channel: IncludedBy:channel, communications,; Includes:internal communication channel,; Related:networks,
communication equipment room: IncludedBy:communications,
communication link: IncludedBy:communications,
communications: IncludedBy:communications security, networks,; Includes:asynchronous communication, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, communication channel, communication equipment room, communication link, communications cover, communications electronics operating instruction, communications profile, communications protocol, data communications, defense communications system, imitative communications, internal communication channel, private communication technology, protected communications, telecommunications,; Related:CCI equipment, Integrated services digital network, OSI architecture, access control, active wiretapping, bandwidth, bit error rate, cellular transmission, channel capacity, circuit switching, client server, cross-talk, dial-up, dial-up line, digital telephony, distributed processing, electronic commerce, electronic data interchange, extraction resistance, frequency hopping, gateway, help desk, host, information processing standard, information superhighway, information technology, information technology system, interface, internet control message protocol, internet protocol, internetwork, line conditioning, line conduction, link, local loop, local-area network, message indicator, multicast, network architecture, network configuration, network device, network management architecture, network management protocol, network weaving, open system interconnection model, operations code, outage, privacy system, protocol, protocol suite, remote access, remote terminal emulation, secure hypertext transfer protocol, secure socket layer, signaling, simple network management protocol, subnetwork, telecommuting, teleprocessing, trusted gateway, tunnel, user data protocol, virtual private network, wide-area network,
communications cover: IncludedBy:communications,
communications deception: IncludedBy:security,; Related:assurance,
communications electronics operating instruction: IncludedBy:communications,
communications profile: IncludedBy:communications,; Related:communications security,
communications protocol: IncludedBy:communications,
communications security: IncludedBy:Automated Information System security,; Includes:COMSEC Material Control System, COMSEC Parent Switch, COMSEC Resources Program, COMSEC Subordinate Switch, COMSEC Utility Program, COMSEC account, COMSEC account audit, COMSEC aid, COMSEC boundary, COMSEC chip set, COMSEC control program, COMSEC custodian, COMSEC end-item, COMSEC equipment, COMSEC facility, COMSEC incident, COMSEC insecurity, COMSEC manager, COMSEC material, COMSEC modification, COMSEC module, COMSEC monitoring, COMSEC profile, COMSEC survey, COMSEC system data, COMSEC training, Commercial COMSEC, Commercial COMSEC Endorsement Program, Commercial COMSEC Evaluation Program, Internet Protocol security, National COMSEC Advisory Memorandum, National COMSEC Information Memorandum, National COMSEC Instruction, advanced self-protection jammer, alternate COMSEC custodian, anti-jam, anti-jamming, communications, communications security element, cryptosecurity, emissions security, meaconing, intrusion, jamming, and interference, network security, network security architecture, network security architecture and design, network security officer, subcommittee on telecommunications security, telecommunications security,; Related:BLACK, CCI assembly, CCI component, CCI equipment, CRYPTO, FIPS PUB 140-1, Federal Public-key Infrastructure, RED, RED/BLACK separation, Secure Data Exchange, TSEC nomenclature, access control list, accountability, accounting legend code, accounting number, alert, approval/accreditation, audit trail, authentication, authorized, central office of record, code, communications profile, computer emergency response team, confidentiality, cryptography, data transfer device, design controlled spare parts, direct shipment, drop accountability, electronic attack, electronic key management system, electronically generated key, element, encryption algorithm, fill device, fixed COMSEC facility, frequency hopping, incident, information security, integrity, key, key distribution center, limited maintenance, local management device/key processor, long title, mandatory modification, network sponsor, optional modification, procedural security, protective packaging, repair action, security architecture, security incident, security net control station, short title, supersession, systems security steering group, test key, time-compliance date, transmission security, trusted path, two-person integrity, updating, user representative,
communications security element: IncludedBy:communications security,
community risk: IncludedBy:risk,
community string: Related:passwords,
comparisons: IncludedBy:biometrics,; Related:identity,
compartment: Related:access control, classification level, classified,
compartment key: IncludedBy:key,
compartmentalization: Related:access control, classified,
compartmented mode: Related:access control, user,
compensating security controls: IncludedBy:control, security,; Related:countermeasure,
competition
compiled viruses: IncludedBy:virus,
compiler: IncludedBy:software development,; Related:source code,
completeness: Related:software,
compliance-based: Related:security,
component: IncludedBy:component dependencies, component extensibility, component hierarchy, component operations, component reference monitor, construction of TOE requirements, target of evaluation,; Includes:assurance component, basic component, development assurance component, evaluation assurance component, functional component, functional unit, network component,; Related:identity, networks, security testing, software, test,
component dependencies: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component,; Related:assurance,
component extensibility: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component, security target,; Related:assurance,
component hierarchy: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component,; Related:assurance,
component operations: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component, security policy, threat,
component reference monitor: IncludedBy:access control,; Includes:component, object, subject,
compromise: IncludedBy:incident,; Includes:areas of potential compromise, compromised key list, compromising emanation performance requirement, compromising emanations, data compromise, security compromise,; Related:DNS spoofing, TEMPEST, TEMPEST shielded, TEMPEST test, application server attack, attack, authorized, benign, clean system, control zone, cost-risk analysis, critical security parameters, cryptography, emanations security, emissions security, environmental failure protection, environmental failure testing, file integrity checking, flaw hypothesis methodology, insider, intrusion, invalidity date, key, leapfrog attack, malware, multilevel device, object, ohnosecond, payment gateway certification authority, privacy, protective technologies, public-key forward secrecy, revocation, revocation date, rootkit, security, security audit, security event, security incident, security management infrastructure, suppression measure, tri-homed, trusted recovery, vulnerability, vulnerability assessment, warehouse attack,
compromised key list: IncludedBy:compromise, key, multilevel information systems security initiative, public-key infrastructure, threat, user,; Related:authorized, certificate, identification,
compromising emanation performance requirement: IncludedBy:compromise, emanations security, risk,
compromising emanations: IncludedBy:TEMPEST, compromise, emanations security, threat,
computer: Related:automated information system,
computer abuse: IncludedBy:automated information system, threat,; Related:authorized, availability, confidentiality, denial of service, fraud, integrity,
computer architecture: IncludedBy:security architecture,; Includes:object,; Related:software,
computer cryptography: Related:authentication,
computer emergency response team: IncludedBy:security,; Includes:Forum of Incident Response and Security Teams, computer emergency response teams' coordination center,; Related:Computer Incident Advisory Capability, availability, communications security, computer security, computer security incident response team, incident, integrity, internet, networks, threat,
computer emergency response team/ coordination center: Related:attack, internet,
computer emergency response teams' coordination center: IncludedBy:computer emergency response team,
computer forensics: PreferredFor:Forensics,; Related:integrity,
computer fraud: IncludedBy:fraud,; Related:software,
Computer Incident Advisory Capability: IncludedBy:incident,; Related:computer emergency response team,
computer incident assessment capability: IncludedBy:assessment, incident,
computer intrusion: IncludedBy:attack, incident, intrusion,; Related:access control, authorized, unauthorized access,
computer network: IncludedBy:networks,; Related:internet,
computer network attack: IncludedBy:attack, networks,
computer network defense: IncludedBy:networks,
computer operations, audit, and security technology: IncludedBy:audit,; Related:computer security,
computer oracle and password system: IncludedBy:security software, system,; Related:networks, passwords, software,
computer related controls: Related:availability, confidentiality, integrity, security controls,
computer related crime: IncludedBy:threat,
computer security: IncludedBy:security,; Includes:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Computer Security Objects Register, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IS security architecture, IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security certification, IT security policy, IT security product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, National Computer Security Center, National Computer Security Center glossary, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, certified information systems security professional, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computing security methods, emissions security, information system security officer, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, multilevel information systems security initiative, national computer security assessment program, national telecommunications and information system security directives, program automated information system security incident support team, subcommittee on Automated Information System security,; Related:Bell-LaPadula security model, Common Criteria, Common Criteria Testing Laboratory, Federal Criteria Vol. I, Federal Information Processing Standards, Forum of Incident Response and Security Teams, National Security Decision Directive 145, National Voluntary Laboratory Accreditation Program, Orange book, Scope of Accreditation, Trusted Computer System Evaluation Criteria, Yellow book, access control, accreditation range, approved technologies list, approved test methods list, assurance, audit trail, availability, certification, common criteria version 1.0, common criteria version 2.0, computer emergency response team, computer operations, audit, and security technology, confidentiality, conformant validation certificate, control, correctness, covert channel, criteria, dedicated mode, degausser, degausser products list, deliverables list, designated, designated laboratories list, dominates, endorsed tools list, evaluated products list, evaluation, evaluation work plan, integrity, observation reports, partitioned security mode, party, preferred products list, procedural security, protection profile, public law 100-235, residual risk, risk treatment, security architecture, security purpose, security requirements, security target, security-compliant channel, sensitive information, software, subcommittee on telecommunications security, suspicious event, system high mode, systems security steering group, tamper, technology area, trusted network interpretation,; Synonym:Automated Information System security, IT security, information systems security,
computer security emergency response team: IncludedBy:computer security,
computer security incident: IncludedBy:computer security, incident,; Related:intrusion,
computer security incident response capability: IncludedBy:computer security, incident,
computer security incident response team: IncludedBy:computer security, incident,; Related:computer emergency response team,
computer security intrusion: IncludedBy:computer security, intrusion,; Related:access control, authorized, penetration, unauthorized access,
computer security object: IncludedBy:computer security,; Related:security software,
Computer Security Objects Register: IncludedBy:National Institute of Standards and Technology, computer security,
computer security subsystem: IncludedBy:computer security, system,
computer security technical vulnerability reporting program: IncludedBy:computer security, vulnerability,; Related:login, software,
computer-aided software engineering: IncludedBy:software,
computer-assisted audit technique: IncludedBy:audit,; Related:software, test,
computing environment
computing security methods: IncludedBy:computer security,; Related:assurance, networks, requirements, software,
COMSEC account: IncludedBy:communications security,
COMSEC account audit: IncludedBy:communications security,
COMSEC aid: IncludedBy:communications security,; Related:key,
COMSEC assembly
COMSEC boundary: IncludedBy:communications security,; Related:key,
COMSEC chip set: IncludedBy:communications security,
COMSEC control program: IncludedBy:communications security,; Related:authentication, encryption, key,
COMSEC custodian: IncludedBy:communications security,
COMSEC demilitarization
COMSEC element
COMSEC end-item: IncludedBy:communications security,
COMSEC equipment: IncludedBy:communications security,; Related:authentication, authorized, cryptography,
COMSEC facility: IncludedBy:communications security,; Related:authorized,
COMSEC incident: IncludedBy:communications security, incident,
COMSEC insecurity: IncludedBy:communications security,; Related:incident,
COMSEC manager: IncludedBy:communications security,
COMSEC material: IncludedBy:communications security,; Related:control system, cryptography, key,
COMSEC Material Control System: IncludedBy:communications security, control system, system,
COMSEC modification: IncludedBy:communications security, information systems security equipment modification,
COMSEC module: IncludedBy:communications security,
COMSEC monitoring: IncludedBy:communications security,
COMSEC Parent Switch: IncludedBy:communications security,
COMSEC profile: IncludedBy:communications security,
COMSEC Resources Program: IncludedBy:communications security,
COMSEC Subordinate Switch: IncludedBy:communications security,
COMSEC survey: IncludedBy:communications security,
COMSEC system data: IncludedBy:communications security,; Related:key,
COMSEC training: IncludedBy:communications security,
COMSEC Utility Program: IncludedBy:communications security,
concealment system: IncludedBy:system,; Related:confidentiality, security,
concept of operations: IncludedBy:security,; Related:internet,
concurrency control
concurrent connections: IncludedBy:connection,; Related:test,
confidence: IncludedBy:assurance, trust,; Includes:confidence coefficient, confidence interval, confidence level, confidence limits, public confidence,; Related:IT Security Evaluation Criteria, IT Security Evaluation Methodology, Monitoring of Evaluations, National Information Assurance Partnership, assurance level, assurance profile, audit, authentication, authenticity, checksum, confidentiality, data confidentiality, data integrity, defense, defense-in-depth, infrastructure assurance, interval estimate, profile assurance, quality assurance, reference monitor, reliability, robustness, sampling error, software quality assurance, source integrity, state delta verification system, trusted channel, trusted computing system, trusted path,
confidence coefficient: IncludedBy:confidence,
confidence interval: IncludedBy:confidence,
confidence level: IncludedBy:confidence,
confidence limits: IncludedBy:confidence,
confidentiality: IncludedBy:privacy, security goals,; Includes:cryptographic algorithm for confidentiality, data confidentiality, data confidentiality service, traffic flow confidentiality,; Related:Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, Internet Protocol security, NULL encryption algorithm, Secure Electronic Transaction, access control, assurance, asymmetric cryptography, authentication header, authorized, classified, communications security, computer abuse, computer related controls, computer security, concealment system, confidence, data privacy, data security, defense-in-depth, defense-wide information assurance program, digital envelope, encapsulating security payload, encryption algorithm, entry-level certification, hybrid encryption, information assurance, information security, internet, intrusion, key recovery, levels of concern, line managers, mid-level certification, networks, object, passive, penetration, post-accreditation phase, privacy enhanced mail, privacy programs, privacy protection, public-key infrastructure, requirements for procedures and standards, secure shell, secure socket layer, security controls, security event, security policy, simple network management protocol, symmetric cryptography, top-level certification, transmission security, vulnerability, wrap,
configuration: IncludedBy:configuration management, target of evaluation,; Related:software,
configuration control: IncludedBy:configuration management, control, target of evaluation,; Includes:object,; Related:authorized, identification, integrity, software,
configuration identification: IncludedBy:configuration management, identification,
configuration item: IncludedBy:configuration management,; Related:software,
configuration management: IncludedBy:assurance, risk management, software development,; Includes:baseline management, configuration, configuration control, configuration identification, configuration item, secure configuration management,; Related:identify, software, test,
confinement: Includes:confinement channel, confinement property,; Related:risk,
confinement channel: IncludedBy:confinement,; Related:covert channel, covert timing channel,
confinement property: IncludedBy:confinement,; Related:Bell-LaPadula security model, access control, classification level, classified,; Synonym:*-property,
conformance testing: IncludedBy:security testing,
conformant validation certificate: Related:computer security, security, validation,
congruence
connection: IncludedBy:firewall,; Includes:concurrent connections, connection establishment, connection establishment time, connection maintenance, connection overhead, connection teardown, connection teardown time,; Related:data source, networks,
connection establishment: IncludedBy:connection,; Related:identify, security association, test,
connection establishment time: IncludedBy:connection,
connection maintenance: IncludedBy:connection,; Related:identify,
connection overhead: IncludedBy:connection,
connection teardown: IncludedBy:connection,; Related:identify, test,
connection teardown time: IncludedBy:connection,
connectionless data integrity service: IncludedBy:integrity,
connectivity: IncludedBy:target of evaluation,
consequence management: IncludedBy:risk management,
consistency: IncludedBy:database management system,
console: Related:intrusion, intrusion detection, user,
console logon: IncludedBy:logon,; Related:privileged, user,
console logs: IncludedBy:audit trail,
constant surveillance service
construction: IncludedBy:target of evaluation,
construction of TOE requirements: IncludedBy:requirements, target of evaluation,; Includes:component, security target,
constructive cost model: IncludedBy:business process,
consumers: IncludedBy:user,
contact interface
contactless interface
contactless smart card: IncludedBy:smartcards,
contamination: IncludedBy:fetch protection, file protection, incident, risk,; Related:classified,
context-dependent access control: IncludedBy:access control,
contingency key: IncludedBy:key,
contingency plan: IncludedBy:contingency planning,; Includes:back up vs. backup, backup generations, backup operations, backup plan, disaster plan, disaster recovery, disaster recovery plan, emergency plan, recovery procedures, redundancy,; Related:backup, business process, failure, recovery,
contingency planning: IncludedBy:availability,; Includes:contingency plan,; Related:backup, recovery,
continuity of operations: IncludedBy:availability,
continuity of operations plan
continuity of services and operations: IncludedBy:risk management,; Related:business process, minimum essential infrastructure, recovery,
continuous process
continuous process improvement: IncludedBy:quality,
continuous signature service
contract
contracting officer representative
contractor special security officer: IncludedBy:security,
control: Includes:command and control, compensating security controls, configuration control, control algorithm, control center, control loop, control network, control server, control system, controlled variable, controller, distributed control system, domain controller, machine controller, management controls, motion control network, operational controls, process controller, programmable logic controller, redundant control server, security controls, single loop controller, statistical process control, supervisory control, supervisory control and data acquisition, technical controls,; Related:computer security, security,
control algorithm: IncludedBy:control,
control center: IncludedBy:control,
control class: Related:security,
control family: Related:security,
control identification list: Related:security,
control information: IncludedBy:cryptographic module,
control loop: IncludedBy:control,
control network: IncludedBy:control,; Related:critical,
control objectives: IncludedBy:risk management,
control objectives for information and related technology
control server: IncludedBy:control,; Related:control system,
control system: IncludedBy:control,; Includes:COMSEC Material Control System, Terminal Access Controller Access Control System, distributed control system, global command and control system, supervisory control and data acquisition,; Related:COMSEC material, acceptance procedure, accounting legend code, control server, controlled variable, cookies, login, machine controller, national security information, physical access control, programmable logic controller, salt, sensitive compartmented information,
control zone: IncludedBy:security,; Related:authorized, compromise,
controlled access area: IncludedBy:access control,; Related:authorized, cipher, entry control,
controlled access protection: IncludedBy:access control,; Related:assurance, evaluation, trust,
controlled cryptographic item: IncludedBy:cryptography,; Related:classified,
controlled interface
controlled security mode: IncludedBy:multilevel security,; Related:access control, accreditation, classification level, classified, software,
controlled sharing: IncludedBy:access control,
controlled space: Related:access control, authorized,
controlled variable: IncludedBy:control,; Related:control system,
controller: IncludedBy:control,
controlling authority: Related:cryptography,
conversion: Related:software,
cookies: IncludedBy:access control,; Related:Internet Protocol security, attack, control system, internet, privacy, world wide web,
cooperative key generation: IncludedBy:key,; Related:encryption,
cooperative remote rekeying
coordinated universal time: Related:GeneralizedTime, UTCTime,
core or key process: Related:business process,
corporate security policy: IncludedBy:policy, security policy,
correctness: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, integrity,; Includes:correctness integrity, correctness proof,; Related:analysis, computer security, evidence, fault, security target, software,
correctness integrity: IncludedBy:correctness,
correctness proof: IncludedBy:correctness, security,
corruption: IncludedBy:threat consequence,
cost reimbursement contract: IncludedBy:business process,
cost-risk analysis: IncludedBy:analysis, business process, risk analysis,; Related:assessment, compromise, cost/benefit analysis,
cost/benefit: IncludedBy:analysis, business process,; Related:cost/benefit analysis, cost/benefit estimate,
cost/benefit analysis: IncludedBy:analysis, business process,; Related:cost-risk analysis, cost/benefit, risk, risk management,
cost/benefit estimate: IncludedBy:analysis,; Related:cost/benefit,
COTS software: IncludedBy:commercial off the shelf, software,; Related:mass-market software,; Synonym:commercial off the shelf software,
counter
counterintelligence: Related:countermeasure,
countermeasure: IncludedBy:risk management, threat,; Includes:electronic counter-countermeasures, electronic countermeasures, non-technical countermeasure, security countermeasures, technical countermeasure, technical surveillance countermeasures,; Related:acceptable level of risk, alarm, analysis, anomaly detection, antivirus software, antivirus tools, asset, attack, benign, benign environment, checksum, compensating security controls, counterintelligence, firewall, information systems security engineering, internet, intrusion detection, intrusion prevention, key, layered solution, level of protection, management controls, physical security, residual risk, risk analysis, risk assessment, security audit, security software, security testing, technology, threat analysis, threat assessment, virus definitions, vulnerability, work factor,
country code
coverage: Related:test,
covert channel: Antonym:overt channel, security-compliant channel,; IncludedBy:channel, exploitable channel,; Includes:covert storage channel, covert timing channel,; PreferredFor:storage channel, timing channel,; Related:access control, authorization, authorized, computer security, confinement channel, exploit,
covert channel analysis: IncludedBy:analysis,; Related:access control, authorized, unauthorized access,
covert storage channel: IncludedBy:channel, covert channel,; Includes:subject,
covert timing channel: IncludedBy:channel, covert channel,; Related:confinement channel,
CPU time: IncludedBy:automated information system,
crack: IncludedBy:threat,; Includes:crack root, cracker, cracking,; Related:cryptography, passwords,
crack root: IncludedBy:crack,
cracker: IncludedBy:crack, hacker,; Related:access control, authorization, intrusion,
cracking: IncludedBy:crack,
crash: IncludedBy:threat,; Related:failure,
credentials: IncludedBy:certification authority,; Includes:digital certificate, identity credential, identity credential issuer, ticket,; Related:access control, authentication, authorization, evidence, identity, model, object, security testing,
credentials service provider: Related:trust,
credit theft: IncludedBy:identity theft, theft,
crisis management: IncludedBy:risk management,
criteria: Includes:Canadian Trusted Computer Product Evaluation Criteria, Common Criteria for Information Technology Security Evaluation, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria,; Related:computer security, evaluation, security, trust,
criteria of control
critical: IncludedBy:risk,; Includes:criticality, criticality assessment, mission critical,; Related:access control, availability, certificate, control network, disaster recovery plan, national security system, public-key infrastructure, single loop controller,
critical asset: Related:vulnerability,
critical elements: Related:security,
critical financial markets
critical infrastructures: IncludedBy:risk management,; Includes:banking and finance, code amber, code green, code red, electrical power systems, emergency services, gas and oil production, storage and transportation, information and communications, infrastructure protection, transportation, utility, water supply system,; Related:capability, destruction, government services, incapacitation, infrastructure assurance, natural disaster, partnership, risk assessment, sector coordinator, sector liaison,
critical mechanism: IncludedBy:target of evaluation,; Related:failure, security,
critical path method
critical security parameters: IncludedBy:security policy,; Related:authentication, compromise, cryptography, key, passwords,
critical system: IncludedBy:system,; Includes:critical system files,; Related:access control, authorized, risk, security,
critical system files: IncludedBy:critical system,; Related:integrity, security,
criticality: IncludedBy:critical,; Related:threat,
criticality assessment: IncludedBy:assessment, critical,; Related:risk assessment, security,
criticality/sensitivity
cross domain solution
cross-certificate: IncludedBy:certificate,; Related:cross-certification,
cross-certification: IncludedBy:certification authority,; Related:certificate, cross-certificate, key,
cross-talk: Related:communications,
cryptanalysis: IncludedBy:analysis, threat consequence,; Related:algorithm, attack, cipher, encryption, key,
CRYPTO: Related:classified, communications security, identify, key,
crypto-alarm: IncludedBy:cryptography,
crypto-algorithm: IncludedBy:algorithm,; Related:authentication, cipher, encryption,
crypto-ancillary equipment: IncludedBy:cryptography,
crypto-equipment: IncludedBy:cryptography,
crypto-ignition key: IncludedBy:key,
crypto-ignition plug: IncludedBy:cryptography,
cryptographic: IncludedBy:cryptography,
cryptographic algorithm: Related:digital signature, encryption, hash, key,
cryptographic algorithm for confidentiality: IncludedBy:confidentiality, cryptography,
Cryptographic Application Program Interface: IncludedBy:encryption, security,
cryptographic application programming interface: IncludedBy:software,; Related:access control,
cryptographic boundary: IncludedBy:cryptographic module,; Includes:physical protection,
cryptographic card: IncludedBy:tokens,
cryptographic check function: IncludedBy:cryptography,
cryptographic check value: IncludedBy:cryptography,
cryptographic component: Related:hash,
cryptographic device services: IncludedBy:cryptography,
cryptographic equipment room: IncludedBy:cryptography,; Related:access control, cryptographic system,
cryptographic functions: IncludedBy:encryption, key,
cryptographic hash function: IncludedBy:hash,; Related:hash function,
cryptographic ignition key: IncludedBy:key,; Related:encryption, tokens,
cryptographic initialization: Related:encryption,
cryptographic key: IncludedBy:key,; Related:algorithm, authentication, cipher, encryption, requirements,
cryptographic key component: IncludedBy:cryptography,
cryptographic logic: IncludedBy:cryptography,
Cryptographic Message Syntax: Related:certificate, digital signature, encryption, hash, key, public-key infrastructure,
cryptographic module: Includes:control information, cryptographic boundary, cryptographic module security policy, data path, firmware, hardware, input data, microcode, operator, output data,; Related:algorithm, software,
cryptographic module security policy: IncludedBy:cryptographic module, policy, security policy,
cryptographic randomization: IncludedBy:cryptography,
cryptographic service: IncludedBy:common data security architecture,; Related:hash, software,
cryptographic service providers: IncludedBy:common data security architecture,
cryptographic synchronization: IncludedBy:cryptography,; Related:cipher,
cryptographic system: IncludedBy:system,; Includes:cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, elliptic curve cryptosystem, embedded cryptographic system, manual cryptosystem, off-line cryptosystem, on-line cryptosystem, one-time cryptosystem,; PreferredFor:cryptosystem,; Related:asymmetric cryptographic technique, authentication system, cipher, cryptographic equipment room, cryptosecurity, digital signature, encryption strength, hash, key, key stream, message indicator, one-time pad, one-time tape, private key, public key, system indicator, traffic-flow security,
cryptographic token: IncludedBy:tokens,; Related:key,
cryptography: Includes:National Cryptologic School, Type III cryptography, asymmetric cryptography, cipher feedback, controlled cryptographic item, crypto-alarm, crypto-ancillary equipment, crypto-equipment, crypto-ignition plug, cryptographic, cryptographic algorithm for confidentiality, cryptographic check function, cryptographic check value, cryptographic device services, cryptographic equipment room, cryptographic key component, cryptographic logic, cryptographic randomization, cryptographic synchronization, cryptonet control station, cryptosynchronization, embedded cryptographic system, embedded cryptography, encipherment algorithm, encrypt, endorsed cryptographic products list, endorsed for unclassified cryptographic information, manual cryptosystem, public-key cryptography, rapid automatic cryptographic equipment, symmetric cryptography, synchronous crypto-operation,; Related:BLACK, CAPSTONE chip, CCI assembly, CCI component, CCI equipment, COMSEC equipment, COMSEC material, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Distributed Authentication Security Service, FIPS PUB 140-1, IEEE P1363, International Traffic in Arms Regulations, Internet Security Association and Key Management Protocol, MD2, MD4, MD5, MIME Object Security Services, PC card, QUADRANT, RED/BLACK separation, access control center, algorithm, attribute certificate, authentication code, authentication system, authorized, authorized vendor, benign, binding, break, brute force, brute force attack, certificate domain parameters, check word, checksum, chosen-plaintext attack, cipher, code division multiple access, cold start, communications security, compromise, controlling authority, crack, critical security parameters, cut-and-paste attack, cyclic redundancy check, data driven attack, data items' representation, domain of interpretation, emissions security, end entity, end-to-end security, environmental failure protection, environmental failure testing, extraction resistance, feedback buffer, fill device, hash, hash function, hashed message authentication code, information, initialize, integrity check, intelligent threat, interface, known-plaintext attack, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message indicator, national security system, nonrepudiation, one-time pad, one-time passwords, one-time tape, one-way function, operations manager, out-of-band, permuter, personal security environment, personalization service, plain text, port, primary account number, privacy, random, rekey, scavenging, seal, secure hash standard, security event, semantic security, shared secret, simple network management protocol, status information, steganography, strong authentication, system indicator, ticket, time-stamp token, traffic analysis, traffic padding, traffic-flow security, trap door, trusted path, two-person control, unforgeable, updating, user partnership program, validate vs. verify, work factor, wrap, zeroize,
cryptologic
cryptology: Related:analysis, security,
cryptonet: Related:key,
cryptonet control station: IncludedBy:cryptography,
cryptonet key: IncludedBy:key,
cryptoperiod: Related:analysis, authorized, certificate, key, public-key infrastructure, rekey,
cryptosecurity: IncludedBy:communications security,; Related:cryptographic system,
cryptosynchronization: IncludedBy:cryptography,
cryptosystem: HasPreferred:cryptographic system,; IncludedBy:system,; Related:encryption,
cryptosystem analysis: IncludedBy:analysis, cryptographic system, system,
cryptosystem evaluation: IncludedBy:cryptographic system, evaluation, system,
cryptosystem review: IncludedBy:cryptographic system, system,
cryptosystem survey: IncludedBy:cryptographic system, system,; Related:evaluation,
cultural assumptions
customer: HasPreferred:user,
customer/contractor-supplied software
cut-and-paste attack: IncludedBy:attack,; Related:cipher, cryptography, integrity,
cyberattack: IncludedBy:attack,
cyberspace: IncludedBy:internet,
cycle time
cyclic redundancy check: Related:algorithm, cryptography, hash, integrity,
daemon
damage to physical assets: IncludedBy:operational risk loss,
dangling threat: IncludedBy:threat,
dangling vulnerability: IncludedBy:vulnerability,; Related:risk,
dark-side hacker: IncludedBy:threat,
data: IncludedBy:automated information system,
data administration: IncludedBy:automated information system,
data aggregation: IncludedBy:automated information system,; Related:classified,
data architecture: IncludedBy:automated information system,
Data Authentication Algorithm: IncludedBy:authentication,; Related:cipher, hash, key,
data authentication code: IncludedBy:National Institute of Standards and Technology, authentication, integrity,; Related:hash function, key,; Synonym:message authentication code,
data authentication code vs. Data Authentication Code: IncludedBy:authentication,; Related:hash, key, message authentication code,
data communications: IncludedBy:communications,
data compromise: IncludedBy:compromise, incident,; Related:access control, authorized, unauthorized access,
data confidentiality: IncludedBy:confidentiality, data privacy,; Related:authorized, confidence,
data confidentiality service: IncludedBy:confidentiality,; Related:authorized,
data contamination: IncludedBy:automated information system,; Related:integrity,
data control language: IncludedBy:automated information system,
data custodian
data definition language: IncludedBy:automated information system,
data dictionary: IncludedBy:automated information system,
data diddling: IncludedBy:attack,
data driven attack: IncludedBy:attack,; Related:cryptography, software,
Data Encryption Algorithm: IncludedBy:symmetric cryptography,; Related:cipher, encryption, key,
data encryption key: IncludedBy:encryption, key,; Includes:data key,; Related:cipher, integrity,
Data Encryption Standard: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, encryption, key, symmetric algorithm,; Includes:initialization vector,; Related:algorithm, classified, integrity,
data flow control
data flow diagram: IncludedBy:automated information system,
data historian: Related:analysis,
data input: IncludedBy:automated information system,
data integrity: IncludedBy:data security, integrity,; Related:authorized, confidence, quality, trust,
data integrity service: IncludedBy:integrity,; Related:access control, authentication, authorized, identity,
data items' representation: Related:cryptography, hash,
data key: IncludedBy:data encryption key, key, key recovery,; Related:authentication,
data management: IncludedBy:automated information system,; Related:access control,
data manipulation language: IncludedBy:automated information system,
data origin authentication: IncludedBy:authentication,
data origin authentication service: IncludedBy:authentication,; Related:digital signature, identity, integrity, key,
data owner: IncludedBy:user,
data path: IncludedBy:cryptographic module,
data privacy: IncludedBy:data security, privacy,; Includes:data confidentiality,; Related:assurance, confidentiality,
data processing: IncludedBy:automated information system,
data reengineering: IncludedBy:automated information system,
data security: IncludedBy:security,; Includes:data integrity, data privacy,; Related:authorized, confidentiality, integrity,
data source: Includes:user,; Related:connection, firewall, networks,
data storage: IncludedBy:automated information system,
data string: Related:hash,
data structure: IncludedBy:automated information system,
data synchronization: Related:automated information system,
data transfer device: Related:communications security,
data validation: IncludedBy:automated information system,
database
database administration: IncludedBy:automated information system,
database management system: IncludedBy:system,; Includes:consistency, metadata, transaction, view, view definition,; Related:Directory Access Protocol, integrity, security, software,
database server
datagram: Related:networks,
dc servo drive
deadlock: IncludedBy:threat,; Synonym:deadly embrace,
deadly embrace: IncludedBy:threat,; Synonym:deadlock,
debilitated: IncludedBy:risk,
debug: Related:fault, software,
debugger
debugging: IncludedBy:automated information system,
deception: IncludedBy:threat consequence,; Related:authorized,
decertification
decipher: IncludedBy:cipher,; Related:key,
decipherment: IncludedBy:cipher,
decision support systems: IncludedBy:system,
declassification of AIS storage media: Includes:automated information system, subject,; Related:security,
decode
decomposition: IncludedBy:protection profile,
decrypt: Related:cipher, encryption,
decryption: Antonym:encryption,; Related:cipher,
dedicated loop encryption device: IncludedBy:encryption,
dedicated mode: Related:access control, classified, computer security, user,
dedicated security mode: IncludedBy:modes of operation, security,; Related:accreditation, authorization, classification level, classified,
default account: Related:access control, login, passwords,
default classification: IncludedBy:classification level, classified,; Includes:object,
default file protection: IncludedBy:access control,
defect: IncludedBy:risk,; Related:bug, failure, fault,
defense: Related:confidence, threat,
defense communications system: IncludedBy:communications, system,
defense courier service
Defense Information Infrastructure: Related:command and control, networks, security,
Defense Information System Network: IncludedBy:networks, system,
defense message system: IncludedBy:system,
defense switched network: IncludedBy:networks,
defense-in-depth: IncludedBy:security,; Related:availability, confidence, confidentiality, integrity,
defense-wide information assurance program: IncludedBy:information assurance,; Related:authentication, availability, confidentiality, integrity, nonrepudiation,
Defensive Information Operations: Related:access control, exploit, information assurance, security,
degauss: IncludedBy:erasure,
degausser: IncludedBy:National Security Agency, degausser products list,; Related:computer security,
degausser products list: IncludedBy:Information Systems Security products and services catalogue, National Information Assurance Partnership, National Security Agency,; Includes:degausser,; Related:computer security,
degaussing
degrees of freedom
delegated accrediting authority
delegated development program
delegation: IncludedBy:authorization,
delete access: IncludedBy:access,
deliberate exposure: IncludedBy:threat consequence,; Related:authorized,
deliverable: Related:assessment, security, security target,
deliverables list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance Partnership, target of evaluation,; Related:computer security, security target,
delivery: IncludedBy:target of evaluation,
delivery authority: Related:evidence, trust,
delta CRL: IncludedBy:public-key infrastructure,; Related:certificate,
demand assigned multiple access
demilitarized zone: IncludedBy:firewall,; Includes:protected network, unprotected network,; Related:access control, assurance, ruleset,
demon dialer: IncludedBy:attack,; Related:access control, authorized, denial of service,
denial of service: IncludedBy:attack, incident, user,; Includes:distributed denial of service,; PreferredFor:interdiction,; Related:Automated Information System security, ICMP flood, SYN flood, access control, authorized, availability, computer abuse, demon dialer, information systems security, letterbomb, logic bomb, ping of death, smurf, spam, tamper,
denial time: Related:risk,
deny by default: Related:security,
dependency: IncludedBy:trusted computing base,
depends: IncludedBy:trusted computing base,
depot maintenance: IncludedBy:full maintenance,
derf: IncludedBy:threat,; Related:exploit, terminal hijacking,
descriptive top-level specification: IncludedBy:top-level specification,; Related:evaluation, trust,
design controlled spare parts: Related:communications security,
designated: Related:authorized, computer security, evaluation, security,
designated accrediting authority: Related:risk,
designated approval authority
designated approving authority: IncludedBy:accreditation, risk,; Includes:automated information system,; Related:networks,
designated laboratories list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance Partnership,; Related:authorized, computer security, evaluation,
designating authority: IncludedBy:Common Criteria Testing Laboratory,; Related:evaluation,
designation policy: IncludedBy:Common Criteria Testing Laboratory, policy,; Related:evaluation, security,
destruction: IncludedBy:risk,; Related:critical infrastructures,
detailed design: IncludedBy:software development, target of evaluation,
deterministic
deterrence: Related:accountability,
developer: IncludedBy:target of evaluation,
developer security: IncludedBy:security,
development assurance: IncludedBy:assurance, development process,; Includes:software development methodologies,; Related:evidence, test,
development assurance component: IncludedBy:assurance, component,
development assurance package: IncludedBy:assurance,
development assurance requirements: IncludedBy:assurance, requirements,; Related:evidence,
development environment: IncludedBy:development process, target of evaluation,
development process: IncludedBy:software development, target of evaluation,; Includes:development assurance, development environment, hierarchical decomposition, informal specification, security specifications, top-level specification, validation, verification,; Related:software,
deviation
diagnostics: Related:analysis,
dial back: Related:identify,
dial-up: Includes:dial-up line, dial-up security,; Related:communications,
dial-up capability: Related:remote logon, user,
dial-up line: IncludedBy:dial-up,; Related:communications, internet,
dial-up security: IncludedBy:dial-up, security,
dictionary attack: IncludedBy:attack,; Related:access control, authentication, encryption, key, password cracker, passwords,
Diffie-Hellman: IncludedBy:asymmetric algorithm,; Related:attack, authentication, encryption, key, privacy,
diffie-hellman group
digest: HasPreferred:message digest,
digital certificate: IncludedBy:certificate, credentials, key,; Related:digital signature, identity,
digital certification: Related:key,
digital document: Related:automated information system,
digital envelope: Related:confidentiality, encryption, key,
digital id: IncludedBy:public-key infrastructure,; Related:authentication, certificate, identification, identity, key,
digital key: IncludedBy:key,
digital notary: Related:digital signature, trust,
digital signature: IncludedBy:key, public-key infrastructure, signature,; Includes:Digital Signature Standard, digital signature algorithm,; Related:ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, archive, asymmetric cryptography, attribute certificate, authentic signature, authenticate, authentication, bind, brand CRL identifier, certificate validation, certification path, cryptographic algorithm, cryptographic system, data origin authentication service, digital certificate, digital notary, digitized signature, dual signature, electronic signature, elliptic curve cryptography, encryption, encryption certificate, end entity, hash, identity, integrity, invalidity date, key pair, merchant certificate, networks, no prior relationship, nonrepudiation, personality label, pre-signature, pretty good privacy, private signature key, public-key certificate, revocation date, seal, security mechanism, sign, signature certificate, signature equation, signature function, signature key, signature process, signature system, signer, symmetric cryptography, triple DES, unforgeable, valid signature, validate vs. verify,
digital signature algorithm: IncludedBy:Digital Signature Standard, algorithm, digital signature,; Related:hash, identity, integrity, secure hash algorithm,
Digital Signature Standard: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, digital signature,; Includes:Elliptic Curve Digital Signature Algorithm, digital signature algorithm,
digital subscriber voice terminal
digital telephony: Related:communications,
digital watermarking: PreferredFor:watermarking,; Related:integrity,
digitized signature: Related:digital signature,
diplomatic telecommunications service: Related:networks,
direct access storage device: Related:automated information system,
direct data feed
direct memory access: IncludedBy:automated information system,
direct shipment: Related:communications security, user,
directly trusted CA: IncludedBy:public-key infrastructure, trust,
directly trusted CA key: IncludedBy:key, public-key infrastructure, trust,
Director Central Intelligence Directive
directory: HasPreferred:directory vs. Directory,
Directory Access Protocol: Related:database management system,
directory information base
directory service: Related:access control, public-key infrastructure,
directory user agent
directory vs. Directory: PreferredFor:directory,; Related:certificate, public-key infrastructure,
disaster plan: IncludedBy:contingency plan,; Related:authorized, threat,
disaster recovery: IncludedBy:contingency plan, recovery, risk management,; Includes:cold site, hot site,; Related:reconstitution,
disaster recovery plan: IncludedBy:contingency plan, recovery,; Related:critical, risk management,
disclosure of information: Related:access control, authorized,
discrete event simulation: Related:model,
discrete process: Related:identity,
discretionary access control: Antonym:non-discretionary access control,; IncludedBy:access control,; Includes:surrogate access,; Related:authorized, identity, privileged,
disinfecting: Related:security,
dispersion
disruption: IncludedBy:threat consequence,
Distinguished Encoding Rules: IncludedBy:Abstract Syntax Notation One, Basic Encoding Rules,; Related:certificate, digital signature,
distinguished name: IncludedBy:public-key infrastructure,; Includes:subordinate distinguished name,; Related:certificate, identify, identity, key,
distinguishing identifier: Related:nonrepudiation,
Distributed Authentication Security Service: IncludedBy:authentication, internet, security protocol,; Related:cryptography,
distributed computing environment: IncludedBy:ACL-based authorization, Generic Security Service Application Program Interface,; Includes:kerberos,; Related:audit, authentication,
distributed control system: IncludedBy:control, control system,
distributed data: Related:networks,
distributed data processing: IncludedBy:automated information system,
distributed database: Related:networks,
distributed denial of service: IncludedBy:denial of service,
distributed plant
distributed processing: IncludedBy:automated information system,; Related:communications, networks,
distribution point: IncludedBy:public-key infrastructure,; Related:certificate, key,
disturbance
DNS spoofing: IncludedBy:domain name system, masquerade, spoofing,; Related:compromise,
documentation: IncludedBy:target of evaluation,
DoD Information Technology Security Certification and Accreditation Process: IncludedBy:accreditation, computer security, requirements,; Related:identify,
DoD Trusted Computer System: IncludedBy:system, trust,; Related:evaluation,
DoD Trusted Computer System Evaluation Criteria: IncludedBy:evaluation, system, trust,
domain: IncludedBy:multilevel information systems security initiative, object, subject,; Related:access control, certificate, internet, model, public-key infrastructure, security domain,
domain controller: IncludedBy:control,; Related:passwords,
domain modulus: Related:trust,
domain name: IncludedBy:domain name system,
domain name service server: IncludedBy:internet,
domain name system: IncludedBy:internet, system,; Includes:DNS spoofing, domain name,; Related:access control, authentication, integrity, key, software,
domain of interpretation: Related:Internet Protocol security, cryptography, security,
domain parameter: Related:access control, hash, security, tokens,
domain verification exponent: Related:verification,
dominated by: Antonym:dominates,; Includes:object,; Related:access control, classification level, classified, integrity, security, trust,
dominates: Antonym:dominated by,; Related:classification level, classified, computer security, security,
dongle: Related:authentication, key, software,
downgrade: IncludedBy:requirements, security,; Related:authorized, classification level, classified, networks,
download
draft RFC: IncludedBy:Request for Comment,
drop accountability: Related:communications security,
dual control: IncludedBy:security,; Related:access control,
dual driver service
dual signature: IncludedBy:Secure Electronic Transaction,; Related:digital signature, encryption, hash, integrity, key,
dual-homed gateway firewall: IncludedBy:firewall,; Related:networks,
due care: Related:security,
dump: Related:failure,
dumpster diving: IncludedBy:threat,; PreferredFor:trashing,; Related:identity theft,
dynamic analysis: IncludedBy:analysis,; Related:testing,
dynamic binding
e-banking: IncludedBy:internet,
e-mail server: IncludedBy:internet,
ease of use: IncludedBy:target of evaluation,; Related:assessment,
eavesdropping: IncludedBy:attack,; Related:authorization, authorized, emanation, emanations security, shoulder surfing,
eavesdropping attack: IncludedBy:attack,; Related:authentication,
economy of mechanism: IncludedBy:security,
EE
effective key length: IncludedBy:encryption, key,
effectiveness: IncludedBy:assurance,; Related:risk, security target, threat,
egress filtering: Related:internet, security,
egress point: Related:authorized,
El Gamal algorithm: Related:cipher, digital signature, encryption,
elapsed time
electrical power systems: IncludedBy:critical infrastructures,
electromagnetic compatibility
electromagnetic emanations: IncludedBy:emanation, emanations security,
electromagnetic interference: IncludedBy:risk,
electronic attack: IncludedBy:attack,; Related:communications security,
electronic authentication: IncludedBy:authentication,; Related:user,
electronic benefit transfer: Related:networks,
electronic codebook
electronic commerce: IncludedBy:Secure Electronic Transaction,; Related:communications, electronic data interchange, email, internet,
electronic counter-countermeasures: IncludedBy:countermeasure,
electronic countermeasures: IncludedBy:countermeasure,
electronic credentials: Related:authentication, identity,
electronic data interchange: Related:communications, electronic commerce, value-added network,
electronic document management system: IncludedBy:system,
electronic fill device
electronic funds transfer system: IncludedBy:system,
electronic generation, accounting, and distribution system: IncludedBy:system,
electronic intelligence
electronic key entry: IncludedBy:key management,
electronic key management system: IncludedBy:key, system,; Related:communications security,
electronic messaging services: Related:internet,
electronic protection: Related:assurance,
electronic security: IncludedBy:security,; Related:analysis, authorized,
electronic signature: IncludedBy:signature,; Related:digital signature,
electronic warfare: IncludedBy:warfare,
electronic warfare support: IncludedBy:warfare,; Related:identify, threat,
electronically generated key: IncludedBy:key,; Related:communications security,
element: Related:communications security, security,
elliptic curve cryptography: Related:analysis, attack, digital signature, key,
elliptic curve cryptosystem: IncludedBy:asymmetric algorithm, cryptographic system, system,
Elliptic Curve Digital Signature Algorithm: IncludedBy:Digital Signature Standard,; Related:digital signature,
email: IncludedBy:internet,; Includes:email packages, email security software, letterbomb, mailbomb, multipurpose internet mail extensions, privacy enhanced mail, secure multipurpose internet mail extensions, spam,; Related:SET qualifier, Secure Data Network System, X.400, bounce, electronic commerce, message authentication code vs. Message Authentication Code, message handling system, message integrity code, pretty good privacy, simple mail transfer protocol,
email packages: IncludedBy:email,; Includes:email security software,
email security software: IncludedBy:email, email packages, security software, software,; Includes:pretty good privacy,; Related:networks,
emanation: IncludedBy:TEMPEST, emanations security, threat,; Includes:electromagnetic emanations, emanations analysis,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, eavesdropping, implant, procedural security, security architecture, suppression measure,; Synonym:RED signal,
emanations analysis: IncludedBy:analysis, emanation, threat consequence,
emanations security: IncludedBy:TEMPEST,; Includes:compromising emanation performance requirement, compromising emanations, electromagnetic emanations, emanation, undesired signal data emanations,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, analysis, authorized, compromise, eavesdropping, implant, procedural security, security architecture, suppression measure,; Synonym:emissions security,
embedded computer
embedded cryptographic system: IncludedBy:cryptographic system, cryptography,
embedded cryptography: IncludedBy:cryptography,
embedded system: IncludedBy:system,
emergency action message
emergency plan: IncludedBy:contingency plan,; Related:threat,
emergency response: Related:threat,
emergency response time
emergency services: IncludedBy:critical infrastructures,; Related:recovery,
emergency shutdown controls: IncludedBy:risk management,; Related:vulnerability,
emissions security: IncludedBy:Automated Information System security, TEMPEST, communications security, computer security,; Related:RED signal, analysis, authorized, compromise, cryptography, telecommunications,; Synonym:emanations security,
employment practices and workplace safety: IncludedBy:operational risk loss,
empty position
encapsulating security payload: IncludedBy:Internet Protocol security, security protocol,; Related:authentication, confidentiality, integrity,
encapsulating security payload protocol: IncludedBy:security,; Related:Internet Protocol security,
encapsulation: Related:access control,
encipher: IncludedBy:cipher, encryption,
encipherment: IncludedBy:cipher, encryption,
encipherment algorithm: IncludedBy:cipher, cryptography,
enclave
enclave boundary
encode: IncludedBy:encryption,; Related:cipher,
encrypt: IncludedBy:cryptography,; Related:cipher,
encrypt: IncludedBy:encryption,
encrypt for transmission only: Related:encryption, networks,
encrypted key: IncludedBy:key, key recovery,; PreferredFor:ciphertext key,; Related:passwords,
encryption: Antonym:cleartext, decryption,; IncludedBy:Secure Electronic Transaction, privacy enhanced mail,; Includes:Cryptographic Application Program Interface, Data Encryption Standard, asymmetric cryptographic algorithm, bulk encryption, cipher, cryptographic functions, data encryption key, dedicated loop encryption device, effective key length, encipher, encipherment, encode, encrypt, encryption algorithm, encryption software, end-to-end encryption, key-encryption-key, link encryption, one-way encryption, pretty good privacy, secure multipurpose internet mail extensions, superencryption, symmetric algorithm, tamper,; Related:CAST, COMSEC control program, Clipper chip, Cryptographic Message Syntax, Data Encryption Algorithm, Diffie-Hellman, El Gamal algorithm, Escrowed Encryption Standard, Federal Standard 1027, Fortezza, IEEE P1363, Internet Protocol security, Internet Security Association and Key Management Protocol, Law Enforcement Access Field, MIME Object Security Services, NULL encryption algorithm, Rivest-Shamir-Adelman algorithm, Rivest-Shamir-Adleman, SET private extension, Secure/MIME, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, The Exponential Encryption System, Transport Layer Security Protocol, advanced encryption standard, asymmetric cryptography, authentication code, authorized, baggage, block cipher, break, cardholder certificate, ciphertext, code, code book, cooperative key generation, cryptanalysis, crypto-algorithm, cryptographic algorithm, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptosystem, decrypt, dictionary attack, digital envelope, digital signature, dual signature, encrypt for transmission only, encryption certificate, endorsed data encryption standard products list, hybrid encryption, in the clear, indistinguishability, information systems security, initialization vector, initialize, intelligent threat, key, key agreement, key center, key distribution center, key generator, key pair, key recovery, key translation center, key transport, key-encrypting key, key-escrow system, keyed hash, low-cost encryption/authentication device, merchant certificate, message authentication code vs. Message Authentication Code, message integrity code, mode of operation, off-line cryptosystem, on-line cryptosystem, one-time pad, over-the-air key transfer, over-the-air rekeying, password system, per-call key, personality label, privacy system, protected communications, protected distribution systems, public-key cryptography, public-key forward secrecy, salt, secret-key cryptography, secure shell, secure socket layer, security management infrastructure, security mechanism, semantic security, session key, signature certificate, start-up KEK, stream cipher, symmetric cryptography, symmetric key, system indicator, tactical trunk encryption device, threat consequence, traffic analysis, triple DES, trunk encryption device, tunnel, unencrypted, virtual private network, wrap,
encryption algorithm: IncludedBy:encryption,; Related:cipher, communications security, confidentiality,
encryption certificate: IncludedBy:certificate,; Related:digital signature, encryption, key,
encryption software: IncludedBy:encryption, software,
encryption strength: IncludedBy:quality of protection,; PreferredFor:strength of encryption,; Related:cryptographic system,
encryption tools: IncludedBy:security software,
end entity: Related:certificate, cryptography, digital signature, key, public-key infrastructure,
end system: IncludedBy:system,; Related:internet, networks,
end-item accounting
end-to-end encryption: IncludedBy:encryption,; Related:networks,
end-to-end security: IncludedBy:security,; Related:cryptography,
end-user: IncludedBy:target of evaluation, user,; Related:networks, public-key infrastructure,
end-user computing: IncludedBy:user,
endorsed cryptographic products list: IncludedBy:cryptography,
endorsed data encryption standard products list: Related:encryption,
endorsed for unclassified cryptographic information: IncludedBy:cryptography,
endorsed for unclassified cryptographic item
Endorsed TEMPEST Products List: IncludedBy:TEMPEST,
endorsed tools list: IncludedBy:Information Systems Security products and services catalogue, National Information Assurance Partnership, formal verification,; Related:computer security, trust,
endorsement
energy-efficient computer equipment: Related:model,
enforcement vector
engineering development model
enhanced hierarchical development methodology: IncludedBy:software development methodologies,; Related:security,
enrollment service
ensure: Related:assure, security,
enterprise
enterprise resource planning
entity: HasPreferred:system entity,; Related:authentication, object, subject,
entity authentication: IncludedBy:authentication,
entity authentication of A to B: IncludedBy:authentication,; Related:identity,
entity-wide security: IncludedBy:security,
entrapment: IncludedBy:risk management,; Related:exploit, penetration,
entropy: Related:attack,
entry control: IncludedBy:access control,; Related:authorized, controlled access area,
entry label
entry-level certification: IncludedBy:certification,; Related:availability, confidentiality, integrity,
environment: Includes:object,
environmental failure protection: IncludedBy:failure, risk management,; Related:assurance, compromise, cryptography,
environmental failure testing: IncludedBy:failure, security testing, test,; Related:compromise, cryptography,
environmentally controlled area: IncludedBy:availability,
ephemeral key: IncludedBy:key,
equipment radiation TEMPEST zone: IncludedBy:TEMPEST,
erasure: Includes:degauss, overwrite procedure,
error: Related:bug, fault,
error analysis: IncludedBy:analysis,
error detection and correction
error detection code: IncludedBy:integrity,; Includes:check character,
error guessing: Related:test,
error seeding: Related:analysis, assurance, mutation analysis,; Synonym:bebugging,
Escrowed Encryption Standard: Related:access control, authorized, classified, encryption, key,
Estelle: Related:networks,
ethernet meltdown: IncludedBy:threat,; Related:networks,
ethernet sniffing: IncludedBy:sniffing,; Related:login, packet sniffer, passwords, promiscuous mode, software,
Europay, MasterCard, Visa: Related:tokens,
European Information Technology Security Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, target of evaluation,; Includes:assurance, correctness,
European quality award: IncludedBy:quality,
evaluated products list: IncludedBy:Information Systems Security products and services catalogue, National Information Assurance Partnership, National Security Agency,; Related:computer security, evaluation, software, trust, trusted computer system,
evaluated system: IncludedBy:evaluation, system,; Related:security,
evaluation: IncludedBy:certification,; Includes:Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology, DoD Trusted Computer System Evaluation Criteria, IT Security Evaluation Criteria, IT Security Evaluation Methodology, Information Technology Security Evaluation Criteria, Monitoring of Evaluations, NIAP Common Criteria Evaluation and Validation Scheme, Trusted Computer System Evaluation Criteria, Trusted Products Evaluation Program, assurance, certification and accreditation, certification test and evaluation, cryptosystem evaluation, evaluated system, evaluation and validation scheme, evaluation authority, evaluation facility, evaluation pass statement, evaluation scheme, evaluation technical report, evaluation work plan, independent review and evaluation, monitoring and evaluation, program evaluation and review technique, quality of protection, risk evaluation, security evaluation, software system test and evaluation process, strength of a requirement, target of evaluation, validation, verification,; Related:Commercial COMSEC, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, DoD Trusted Computer System, FIPS approved security method, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Red book, Scope of Accreditation, Validation Certificate, Yellow book, accreditation, accreditation range, accredited, approval/accreditation, approved technologies list, approved test methods list, assessment, benchmark, beyond A1, candidate TCB subset, certificate, certificate revocation list, computer security, controlled access protection, criteria, cryptosystem survey, descriptive top-level specification, designated, designated laboratories list, designating authority, designation policy, evaluated products list, flaw hypothesis methodology, intelligence, interface control document, network component, observation reports, penetration test, preproduction model, protection philosophy, quality, requirements for content and presentation, requirements for evidence, risk analysis, risk management, risk treatment, security, security policy model, security-compliant channel, source selection, sponsor, subset-domain, technology area, test method, test procedure, testing, threat assessment, trusted network interpretation,; Synonym:analysis,
evaluation and validation scheme: IncludedBy:evaluation,
evaluation assurance: IncludedBy:assurance,; Includes:evaluation assurance level,; Related:analysis, threat,
evaluation assurance component: IncludedBy:assurance, component,
evaluation assurance level: IncludedBy:Common Criteria for Information Technology Security Evaluation, evaluation assurance, requirements,; Includes:evaluation criteria, evaluator, evaluator actions,; Related:networks,
evaluation assurance package: IncludedBy:assurance,
evaluation assurance requirements: IncludedBy:assurance,
evaluation authority: IncludedBy:evaluation,; Related:quality,
evaluation criteria: IncludedBy:evaluation assurance level,
evaluation facility: IncludedBy:evaluation,
evaluation pass statement: IncludedBy:evaluation,; Related:assessment,
evaluation scheme: IncludedBy:evaluation,
evaluation technical report: IncludedBy:Common Criteria Testing Laboratory, evaluation,
evaluation work plan: IncludedBy:Common Criteria Testing Laboratory, evaluation,; Related:computer security, security,
evaluator: IncludedBy:evaluation assurance level,; Related:assessment,
evaluator actions: IncludedBy:evaluation assurance level,; Related:identify,
evasion: Related:attack,
event: Related:incident,
evidence: IncludedBy:assurance,; Includes:evidence requester, evidence subject, requirements for evidence,; Related:audit trail, correctness, credentials, delivery authority, development assurance, development assurance requirements, failure, logging, monitor, non-repudiation information, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, nonrepudiation, notarization, notary, operations security, proof, records, secure envelope, security audit trail, security target, statistical estimate, time-stamping authority, time-stamping service, trust, trusted time stamping authority, validate vs. verify, validation, validation report, verifier, witness,
evidence requester: IncludedBy:evidence,; Related:trust,
evidence subject: IncludedBy:evidence,
exception: Related:bug, fault,
exchange multiplicity parameter: Related:authentication,
executable code
execute access: IncludedBy:access,
execution, delivery, and process management: IncludedBy:operational risk loss,
executive information systems: IncludedBy:system,
executive state: Includes:privileged instructions,; PreferredFor:supervisor state,; Related:privileged, software,
executive steering committee
exercise key: IncludedBy:key,
exercised: Related:test,
exhaustive testing: IncludedBy:security testing, test,
expansibility
expert review team: Related:identify,
expire: HasPreferred:certificate expiration,
explain
explicit key authentication from A to B: IncludedBy:authentication,; Related:key,
exploit: IncludedBy:threat,; Related:Defensive Information Operations, access control, assurance, attack, covert channel, derf, entrapment, exploitable channel, firewall, flaw hypothesis methodology, information assurance, information superiority, information warfare, intelligent threat, non-technical countermeasure, operations security, penetration testing, port scan, security threat, smurf, technical vulnerability, threat agent, trojan horse, vulnerability,
exploitable channel: IncludedBy:channel, threat, trusted computing base,; Includes:covert channel, subject,; Related:exploit,
exploitation: PreferredFor:exploitation of vulnerability,; Related:access control, security, vulnerability,
exploitation of vulnerability: HasPreferred:exploitation,
exposure: IncludedBy:threat consequence,; Includes:common vulnerabilities and exposures, external system exposure, internal system exposure,; Related:authorized, inadvertent disclosure, levels of concern, media protection, risk assessment, unauthorized disclosure,
extended industry standard architecture: Related:automated information system,
extensibility
extensible
Extensible Authentication Protocol: IncludedBy:authentication, security protocol,; Related:challenge/response, networks, passwords,
extensible markup language: IncludedBy:standard generalized markup language,; Related:object,
extension: IncludedBy:public-key infrastructure,; Includes:certificate extension,; PreferredFor:private extension,; Related:assurance, certificate, certification, key,
external fraud: IncludedBy:fraud, operational risk loss,
external it entity: IncludedBy:target of evaluation,; Related:trust,
external label: Related:identify,
external security controls: IncludedBy:protection profile, risk management, security controls,; Related:access control, accreditation, certification,
external security testing: IncludedBy:security testing,; Related:security perimeter,
external system exposure: IncludedBy:exposure,; Related:access control, internet,
external throughput rate
extraction resistance: Related:communications, cryptography,
extranet: IncludedBy:internet,; Related:access control, authorized, networks, virtual private network,
facilities
facility manager: Related:security,
facsimile
fail safe: IncludedBy:failure control,; Related:failure, software,
fail soft: IncludedBy:automated information system, failure control,; Related:failure, software,
failed logon: IncludedBy:logon, threat,; Related:user,
failure: IncludedBy:risk,; Includes:environmental failure protection, environmental failure testing, failure access, failure control, mean-time-between-failure, mean-time-between-outages, mean-time-to-fail,; Related:IS related risk, abend, abort, accountability, anomaly, availability, backup procedures, bomb, contingency plan, crash, critical mechanism, defect, dump, evidence, fail safe, fail soft, fallback procedures, flooding, mean-time-to-repair, mean-time-to-service-restoral, outage, problem, recovery procedures, software, software reliability, strength of a requirement, uninterruptible power supply, vulnerability,; Synonym:fault,
failure access: IncludedBy:access control, failure, threat,; Related:authorized, incident, software, unauthorized access,
failure control: IncludedBy:failure, risk management,; Includes:fail safe, fail soft,; Related:recovery, software,
fallback procedures: Related:backup, failure,
false acceptance rate: IncludedBy:biometrics,; Related:authorized, user,
false denial of origin: IncludedBy:threat consequence,
false denial of receipt: IncludedBy:threat consequence,
false negative: IncludedBy:risk,; Related:identify, intrusion, intrusion detection, threat,
false positive: IncludedBy:risk,; Related:classified, intrusion, intrusion detection,
falsification: IncludedBy:threat consequence,; Related:authorized,
family: Related:security,
fault: IncludedBy:threat,; Includes:fault management, fault tolerance, security fault analysis,; Related:Federal Standard 1027, alarm reporting, alarm surveillance, anomaly, bug, correctness, debug, defect, error, exception, maintenance, network management, networks, problem, software reliability, trap,; Synonym:failure,
fault injection: Related:analysis,
fault isolation: Related:accountability,
fault management: IncludedBy:fault,
fault tolerance: IncludedBy:fault,; Related:risk, software,
fault tolerant: Related:availability,
Federal Criteria for Information Technology Security: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria,; Includes:Federal Criteria Vol. I, assurance, correctness,; Related:trust,
Federal Criteria Vol. I: IncludedBy:Federal Criteria for Information Technology Security, National Institute of Standards and Technology,; Includes:protection profile,; Related:computer security,
Federal Information Processing Standards: IncludedBy:National Institute of Standards and Technology,; Includes:Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Information Processing Standards Publication 140,; Related:computer security, security,
Federal Information Processing Standards Publication 140: IncludedBy:Federal Information Processing Standards,; Synonym:FIPS PUB 140-1,
Federal Public-key Infrastructure: IncludedBy:public-key infrastructure,; Related:certificate, classified, communications security, key,
Federal Reserve Banks
federal secure telephone service
Federal Standard 1027: IncludedBy:National Institute of Standards and Technology,; Related:FIPS PUB 140-1, National Security Agency, analysis, classified, emanation, emanations security, encryption, fault, key, security, tamper,
federal telecommunications system: IncludedBy:system,
federated identity: IncludedBy:identity,; Related:access control, federation,
federation: Related:access control, assurance level, federated identity, relying party,
fedline: Related:access control,
fedwire
feedback buffer: Related:cipher, cryptography,
fetch protection: IncludedBy:access control,; Includes:contamination,; Related:assurance, authorized, unauthorized access,
fiber distributed data interface: Related:automated information system,
fiber-optics
field
field device
field site
fieldbus
file
file infector virus: IncludedBy:virus,
file integrity checker: IncludedBy:integrity,
file integrity checking: IncludedBy:integrity,; Related:compromise,
file protection: IncludedBy:access control,; Includes:contamination,; Related:assurance, authorized, unauthorized access,
file security: IncludedBy:access control,; Related:authorized,
file transfer: Related:networks,
file transfer access management: IncludedBy:access control,; Related:networks,
file transfer protocol: IncludedBy:internet,; Related:networks,
fill device: Related:communications security, cryptography,
fill device interface unit
filtering router: IncludedBy:router,; Related:networks, packet filter, security,; Synonym:screening router,
finality
fingerprint: Related:authentication, hash, key,
finite population correction factor
finite state machine: Related:model,
FIPS approved security method: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, security policy,; Related:authentication, evaluation,
FIPS PUB 140-1: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology,; Includes:random number generator,; Related:Federal Standard 1027, authorized, classified, communications security, cryptography, key, security, security testing, software, test, zeroization, zeroize,; Synonym:Federal Information Processing Standards Publication 140,
fire barrier: IncludedBy:availability,
fire suppression system: IncludedBy:availability,
FIREFLY: Related:key,
firewall: IncludedBy:front-end security filter, gateway, guard, internet, security filter, security software,; Includes:application gateway firewall, application proxy, application-level firewall, bastion host, circuit proxy, connection, demilitarized zone, dual-homed gateway firewall, goodput, homed, host-based firewall, illegal traffic, logging, network address translation, network level firewall, packet filter, packet filtering, packet filtering firewall, protected network, proxy, rejected traffic, router-based firewall, ruleset, screened host firewall, screened subnet firewall, stateful packet filtering, trusted gateway, unprotected network,; PreferredFor:firewall machine,; Related:access control, application level gateway, authorized, circuit level gateway, countermeasure, data source, exploit, networks, policy, screening router, threat, unauthorized access, unit of transfer,
firewall machine: HasPreferred:firewall,
firmware: IncludedBy:cryptographic module,; Related:software,
fishbone diagram: PreferredFor:cause and effect diagram,; Related:identify,
fishbowl: Related:authorized,
fixed COMSEC facility: Related:communications security,
fixed price contract
flaw: IncludedBy:threat,
flaw hypothesis methodology: IncludedBy:risk management,; Related:analysis, attack, compromise, evaluation, exploit, penetration, security testing, test,
flexibility
flooding: IncludedBy:attack, incident,; Related:access control, analysis, failure,
flow: Related:identify, intrusion, intrusion detection,
flow control: HasPreferred:information flow control,
for official use only
foreign owned, controlled or influenced
Forensics: HasPreferred:computer forensics,
fork bomb: IncludedBy:threat,
formal: Antonym:informal,; Includes:formal access approval, formal development methodology, formal model of security policy, formal proof, formal security policy model, formal specification, formal top-level specification, formal verification,
formal access approval: IncludedBy:access control, formal,
formal development methodology: IncludedBy:formal, software development methodologies,; Related:identification, model,
formal method
formal model of security policy: IncludedBy:formal, model, policy, security, target of evaluation,; Synonym:formal security policy model,
formal proof: IncludedBy:formal, formal verification,
formal security policy
formal security policy model: IncludedBy:formal, formal verification, model, security policy, trusted computing base,; Includes:Bell-LaPadula security model, Biba Integrity model,; Related:policy,; Synonym:formal model of security policy,
formal specification: Antonym:informal specification,; IncludedBy:formal, formal verification,; Includes:formal top-level specification,; Related:software,
formal top-level specification: IncludedBy:formal, formal specification, top-level specification,; Related:model, security,
formal verification: IncludedBy:formal, verification,; Includes:endorsed tools list, formal proof, formal security policy model, formal specification,; Related:model, security,
format
formulary: Related:access control,
Fortezza: IncludedBy:National Institute of Standards and Technology, National Security Agency,; Related:CAPSTONE chip, MISSI user, SSO PIN, SSO-PIN ORA, digital signature, encryption, hash, key, no-PIN ORA, personal identification number, personality label, slot, software, tokens, user PIN, user-PIN ORA,
Forum of Incident Response and Security Teams: IncludedBy:computer emergency response team, incident,; Related:computer security, quality,
forward engineering
forward secrecy: Includes:forward secrecy with respect to A, forward secrecy with respect to both A and B individually, mutual forward secrecy, public-key forward secrecy,; PreferredFor:perfect forward secrecy,
forward secrecy with respect to A: IncludedBy:forward secrecy,
forward secrecy with respect to both A and B individually: IncludedBy:forward secrecy,
frame relay: Related:automated information system,
framing
fraud: IncludedBy:threat,; Includes:ACH debit fraud, computer fraud, external fraud, internal fraud,; Related:authentication, computer abuse, identity theft, invalidity date, pharming, phishing, replay attack, suspicious activity report, unforgeable,
frequency division multiple access: IncludedBy:user,
frequency hopping: Related:authorized, communications, communications security,
front-end processor: IncludedBy:automated information system,
front-end security filter: IncludedBy:security,; Includes:firewall,; Related:integrity, software,
full accreditation: IncludedBy:accreditation,; Related:security,
full maintenance: Includes:depot maintenance,
full-duplex
function
functional component: IncludedBy:Common Criteria for Information Technology Security Evaluation, component, security target,; Includes:object,; Related:audit,
functional package: Includes:security target,
functional proponent: IncludedBy:network sponsor,
functional protection requirements: IncludedBy:protection profile,; Related:assurance,
functional security requirements specification: IncludedBy:security,
functional test case design: IncludedBy:test,; Related:analysis, black-box testing,
functional testing: IncludedBy:security testing, test,; Related:black-box testing,
functional unit: IncludedBy:component,
functionality: IncludedBy:target of evaluation,; Related:security,
functionality class: IncludedBy:target of evaluation,; Related:security,
future narrow band digital terminal: IncludedBy:security,; Related:networks,
gap analysis: IncludedBy:analysis, risk analysis,; Related:audit, vulnerability analysis,
gas and oil production, storage and transportation: IncludedBy:critical infrastructures,
gateway: IncludedBy:application proxy,; Includes:firewall, trusted gateway,; Related:communications, networks,
gateway server: IncludedBy:internet,
general accounting office
general controls: Related:integrity, recovery,
general support system: IncludedBy:system,
general-purpose system: IncludedBy:system,
GeneralizedTime: Related:UTCTime, coordinated universal time,
generally accepted system security principles: IncludedBy:security, system,
Generic Security Service Application Program Interface: IncludedBy:internet, security protocol,; Includes:distributed computing environment, security support programming interface,; Related:authentication, confidentiality, integrity, nonrepudiation, privacy, tokens,
generic SIO class
generic threat: IncludedBy:threat,
Generic Upper Layer Security: IncludedBy:security,; Related:confidentiality, integrity,
geopolitical certificate authority: IncludedBy:Secure Electronic Transaction,; Related:certificate, certification, public-key infrastructure,
geosynchronous orbit
global command and control system: IncludedBy:command and control, control system, security, system,; Related:networks,
Global Information Grid: IncludedBy:security,
global information infrastructure
global network information environment: IncludedBy:networks, security,
global positioning system: IncludedBy:system,
global requirements: Antonym:local requirements,; IncludedBy:requirements, trusted computing base,; Related:analysis,
global telecommunications service: Related:networks,
goodput: IncludedBy:firewall,; Related:bit forwarding rate, networks, test,
gopher: Related:networks,
government emergency telecommunications service: Related:networks,
government services: Related:critical infrastructures,
graduated security: IncludedBy:security,; Related:risk, threat,
granularity: IncludedBy:access control,; Includes:object,
granularity of a requirement: IncludedBy:requirements, trusted computing base,; Includes:object, subject,
graphical-user interface: IncludedBy:user,
GRC senior staff
Green book: IncludedBy:rainbow series,; Related:internet, passwords,
ground wave emergency network: IncludedBy:networks,
group
group of users: IncludedBy:user,; Related:software,
group user id: IncludedBy:user id,; Related:risk,
guard: IncludedBy:security,; Includes:firewall,; Related:access control, authorized, integrity, networks, trust,
guessing entropy: Related:attack, passwords,
guideline
Guidelines and Recommendations for Security Incident Processing: IncludedBy:incident, security,; Related:internet, networks,
Gypsy verification environment: IncludedBy:software development methodologies,
hacker: IncludedBy:user,; Includes:cracker, hacking, script bunny,; Related:Samurai, access control, authorization, authorized, hacking run, networks,
hacking: IncludedBy:hacker, threat,; Related:authorized, networks,
hacking run: Related:hacker,
half-block
handle
handler: Related:attack, incident,
handshaking procedures: Related:authentication, identify,
hard copy key: IncludedBy:key,
hard-copy output
hardened unique storage
hardened unique storage Key: IncludedBy:key,
hardening: Related:assurance, availability, business process,
hardware: IncludedBy:cryptographic module,
hardware and system software maintenance: Related:security,
hardware or software error: IncludedBy:threat consequence,
hardware token: HasPreferred:tokens,
hardwired key: IncludedBy:key,
hash: IncludedBy:security,; Includes:collision-resistant hash function, cryptographic hash function, hash code, hash function, hash function identifier, hash result, hash token, hash value, keyed hash, secure hash algorithm, secure hash standard,; Related:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Cryptographic Message Syntax, Data Authentication Algorithm, Fortezza, MD2, MD4, MD5, POP3 APOP, Rivest-Shamir-Adleman, S/Key, SET private extension, SET qualifier, certificate revocation tree, checksum, code, cryptographic algorithm, cryptographic component, cryptographic service, cryptographic system, cryptography, cyclic redundancy check, data authentication code vs. Data Authentication Code, data items' representation, data string, digital signature, digital signature algorithm, domain parameter, dual signature, fingerprint, hashed message authentication code, initializing value, integrity, integrity check, matrix, message authentication code vs. Message Authentication Code, message digest, message integrity code, one-time passwords, one-way function, output transformation, public-key forward secrecy, reduction-function, round-function, secure socket layer, thumbprint, witness, word,
hash algorithm
hash code: IncludedBy:hash,; Related:hash function,
hash function: IncludedBy:hash,; Related:attack, authentication, cryptographic hash function, cryptography, data authentication code, hash code, hash result, hash value, message authentication code,
hash function identifier: IncludedBy:hash,; Related:identify,
hash result: IncludedBy:hash,; Related:hash function,
hash token: IncludedBy:hash, tokens,; Related:identify,
hash totals
hash value: IncludedBy:hash,; Related:hash function,
hashed message authentication code: IncludedBy:message authentication code,; Related:analysis, cryptography, hash, key, software,
hashing
hashword
help desk: Related:communications,
hierarchical decomposition: IncludedBy:development process,
hierarchical development methodology: IncludedBy:software development methodologies,
hierarchical input process output
hierarchical PKI: IncludedBy:public-key infrastructure,; Related:certification,
hierarchy management: IncludedBy:public-key infrastructure,; Related:certificate, certification, key,
hierarchy of trust: IncludedBy:public-key infrastructure, trust,; Related:certification,
high assurance guard: IncludedBy:assurance,
high-impact system: Related:availability, integrity, object, security,
hijack attack: IncludedBy:attack,; Related:IP splicing/hijacking, hijacking, pagejacking, session hijacking, spoofing, terminal hijacking,
hijacking: Related:attack, hijack attack,
hoax: IncludedBy:threat,; Related:user,
homed: IncludedBy:firewall,; Includes:tri-homed,; Related:networks, security testing, test,
honeypot: Related:attack, authorized,
host: IncludedBy:automated information system,; Related:access control, communications, internet, networks, software,
host based: IncludedBy:automated information system,; Related:audit, intrusion,
host to front-end protocol: IncludedBy:automated information system,
host-based firewall: IncludedBy:automated information system, firewall,; Related:networks, software,
host-based intrusion prevention system: IncludedBy:intrusion,; Related:identify,
host-based security: IncludedBy:security,
hot site: IncludedBy:disaster recovery,; Related:cold site,
https: Related:access control, internet, security,
human error: IncludedBy:threat consequence,; Related:authorized,
human user: IncludedBy:target of evaluation, user,
human-machine interface
hybrid encryption: Related:confidentiality, encryption, key,
hydrometer
hydrophone
hydroscope
hygrograph
hygrometer
hygroscope
hyperlink: IncludedBy:world wide web,; Related:access control, link,
hypermedia: Related:internet,
hypertext: Related:access control, internet, standard generalized markup language, world wide web,
hypertext markup language: IncludedBy:standard generalized markup language, world wide web,
hypertext transfer protocol: IncludedBy:world wide web,; Related:networks, secure socket layer,
IA architecture
IA architecuture: IncludedBy:information assurance,
IA-enabled information technlogogy product
IA-enabled information technology product: IncludedBy:information assurance,
ICMP flood: IncludedBy:attack,; Related:denial of service,
identification: IncludedBy:accountability, authentication,; Includes:Identification Protocol, bank identification number, configuration identification, identification and accreditation, identification and authentication, identification data, identification, friend or foe, identification, friend, foe, or neutral, identify, identity, identity based access control, identity-based security policy, personal identification number, privacy, authentication, integrity, identification, non-repudiation, risk identification, terminal identification, trusted identification forwarding,; Related:SSO PIN, access control, alarm reporting, anonymity, attribute certificate, candidate TCB subset, class 2, 3, 4, or 5, compromised key list, configuration control, digital id, formal development methodology, identity credential, identity credential issuer, information systems security, key tag, network component, personal identity verification, primary account number, public key derivation function, redundant identity, registration authority, relying party, repair action, risk analysis, token device, uniform resource identifier, user, user PIN, validate vs. verify, verification,
identification and accreditation: IncludedBy:identification,
identification and authentication: IncludedBy:assurance, identification,; Related:access control, identity,
identification authentication: IncludedBy:authentication,; Related:access control, identity, user,
identification data: IncludedBy:identification,; Related:identify, identity credential,
Identification Protocol: IncludedBy:identification, internet, security protocol,; Related:access control, audit, authorization, identity,
identification, friend or foe: IncludedBy:identification,
identification, friend, foe, or neutral: IncludedBy:identification,
identifier: Related:identity,
identify: IncludedBy:identification,; Related:CRYPTO, DoD Information Technology Security Certification and Accreditation Process, PKIX private extension, SATAN, SWOT analysis, TSEC nomenclature, Tripwire, access level, accountability, alert, antivirus software, audit, audit/review, bank identification number, baseline management, benchmarking, best practices, biometrics, business impact analysis, call back, call back security, certificate revocation list, certifier, configuration management, connection establishment, connection maintenance, connection teardown, dial back, distinguished name, electronic warfare support, evaluator actions, expert review team, external label, false negative, fishbone diagram, flow, handshaking procedures, hash function identifier, hash token, host-based intrusion prevention system, identification data, identity, identity credential, identity theft, individual accountability, information security, information systems security engineering, inspectable space, interface control document, intrusion detection, intrusion detection system, intrusion detection tools, management server, mass mailing worm, message identifier, network behavior analysis system, network-based intrusion prevention system, observation reports, operations security, penetration signature, penetration test, penetration testing, persistent cookie, registration service, requirements for content and presentation, requirements for procedures and standards, reverse engineering, risk analysis, risk assessment, risk evaluation, risk identification, risk management, root cause analysis, security association identifier, security policy model, short title, signature, smartcards, sniffer, spyware detection and removal utility, stateful protocol analysis, system indicator, system security authorization agreement, system testing, terminal identification, test, test design, threat analysis, triangulation, uniform resource identifier, user id, user identifier, vulnerability analysis, vulnerability assessment, vulnerability audit, wireless intrusion detection and prevention system,
identity: IncludedBy:identification,; Includes:federated identity, identity based access control, identity credential, identity credential issuer, identity management systems, identity proofing, identity theft, identity token, identity validation, identity verification, identity-based security policy, personal identity verification, redundant identity,; Related:Identification Protocol, OAKLEY, applicant assertion, assurance, authenticate, authentication data, authentication exchange, authentication information, authentication protocol, authentication service, authenticator, authenticity, authorization, authorized, binding, biometric measurement, biometric system, biometrics, certificate, certification authority, certify, challenge/response, claimant, comparisons, component, credentials, data integrity service, data origin authentication service, digital certificate, digital id, digital signature, digital signature algorithm, discrete process, discretionary access control, distinguished name, electronic credentials, entity authentication of A to B, identification and authentication, identification authentication, identifier, identify, individual accountability, masquerade attack, masquerading, mutual authentication, mutual entity authentication, nonrepudiation, object, one-time passwords, organizational registration authority, password system, passwords, peer entity authentication service, personal identification number, physical access control, principal, private accreditation information, protected channel, proxy server, pseudonym, public-key certificate, references, registration, registration authority, relying party, response, role-based access control, secure socket layer, security, simple authentication, source authentication, strong authentication, subject, ticket, tokens, unilateral authentication, validate vs. verify, verification, verified name, verifier, witness,
identity based access control: IncludedBy:access control, identification, identity,
identity credential: IncludedBy:credentials, identity,; Related:identification, identification data, identify, identity credential issuer,
identity credential issuer: IncludedBy:credentials, identity,; Related:PIV issuer, access control, certification authority, identification, identity credential,
identity management systems: IncludedBy:identity,
identity proofing: IncludedBy:identity,
identity theft: IncludedBy:identity, theft,; Includes:ACH debit fraud, account fraud, credit theft,; Related:dumpster diving, fraud, identify, keystroke logger, phishing, shoulder surfing, social engineering, spyware,
identity token: IncludedBy:identity, tokens,
identity validation: IncludedBy:identity,; Related:test,
identity verification: IncludedBy:identity,; Related:access control,
identity-based security policy: IncludedBy:identification, identity, policy, security,; Related:access control, object, subject,
IEEE 802.10: Related:networks, security,
IEEE P1363: Related:cryptography, digital signature, encryption, key,
illegal traffic: IncludedBy:firewall,; Related:bit forwarding rate, ruleset,; Synonym:rejected traffic,
imaging system: IncludedBy:system,
IMAP4 AUTHENTICATE: Related:authentication, challenge/response, key,
imitative communications: IncludedBy:communications,
impact: Related:attack, authorized, availability, incident, risk assessment,
impersonating: Synonym:impersonation,
impersonation: IncludedBy:attack,; Includes:verifier impersonation attack,; Related:access control, active attack, address spoofing, authentication, authorized, ip spoofing, masquerading, mimicking, networks, replay attack, social engineering, spoofing,; Synonym:impersonating, masquerade,
implant: Related:authorized, emanation, emanations security,
implementation: IncludedBy:target of evaluation,; Related:software,
implementation under test: IncludedBy:test,; Related:security testing,
implementation vulnerability: IncludedBy:vulnerability,
implicit key authentication from A to B: IncludedBy:authentication,; Related:key,
imported software
imprint
improved emergency message automatic transmission system: IncludedBy:system,
in the clear: Related:encryption,
inadvertent disclosure: IncludedBy:incident,; Related:access control, authorized, exposure, risk,
inappropriate usage
incapacitation: IncludedBy:risk, threat consequence,; Related:critical infrastructures,
incident: IncludedBy:threat,; Includes:COMSEC incident, Computer Incident Advisory Capability, Forum of Incident Response and Security Teams, Guidelines and Recommendations for Security Incident Processing, attack, automated security incident measurement, compromise, computer incident assessment capability, computer intrusion, computer security incident, computer security incident response capability, computer security incident response team, contamination, data compromise, denial of service, flooding, inadvertent disclosure, incident handling, incident response capability, multiple component incident, probe, program automated information system security incident support team, security incident, security intrusion, suspicious event,; Related:COMSEC insecurity, availability, communications security, computer emergency response team, event, failure access, handler, impact, indication, infrastructure assurance, integrity, intrusion, joint task force-computer network defense, mitigation, precursor, protective technologies, response, security, security controls, security event, security policy, vulnerability,
incident handling: IncludedBy:incident,; PreferredFor:incident response,
incident response: HasPreferred:incident handling,
incident response capability: IncludedBy:incident,; Related:security,
incomplete parameter checking: IncludedBy:threat,; Related:penetration,
independence: Related:audit,
independent assessment: IncludedBy:assessment,; Related:security,
independent review and evaluation: IncludedBy:evaluation,
independent validation and verification: Related:analysis, security testing, software, test,
indication: Related:incident, security,; Synonym:signature,
indicator: Related:attack,
indirect certificate revocation list: IncludedBy:public-key infrastructure,; Related:certificate,
indistinguishability: Related:encryption, security,
individual: Related:privacy,
individual accountability: Related:access control, identify, identity, user,
individual electronic accountability: Related:access control, authentication, user,
industry standard architecture: Related:automated information system,
infection: IncludedBy:threat,; Related:worm,
inference: IncludedBy:threat consequence,; Related:access control, authorized,
informal: Antonym:formal,; Includes:informal specification,
informal security policy
informal specification: Antonym:formal specification,; IncludedBy:development process, informal,
information: Related:cryptography,
information and communications: IncludedBy:critical infrastructures,
information architecture: IncludedBy:automated information system,
information assurance: IncludedBy:assurance,; Includes:IA architecuture, IA-enabled information technology product, National Information Assurance Partnership, defense-wide information assurance program, information assurance manager, information assurance officer, information assurance product,; Related:Common Criteria, Defensive Information Operations, authentication, availability, confidentiality, exploit, information systems security manager, integrity, level of protection, levels of concern, nonrepudiation,
information assurance manager: IncludedBy:information assurance,
information assurance officer: IncludedBy:information assurance,
information assurance product: IncludedBy:information assurance,; Related:access control, authorized, intrusion, intrusion detection,
information category: Related:access control, classified, security,
information center: IncludedBy:automated information system,
information engineering: IncludedBy:automated information system,
information environment: IncludedBy:automated information system,
information flow: IncludedBy:automated information system,
information flow control: Includes:object,; PreferredFor:flow control,; Related:security,
information operations: IncludedBy:automated information system,
information owner
information processing standard: Related:communications, security testing, software, test,
information protection policy: Related:assurance, security policy, threat,
information rate: HasPreferred:bandwidth,
information ratio: IncludedBy:automated information system,
information resources
information security: IncludedBy:security,; Includes:information systems security,; Related:National Institute of Standards and Technology, National Security Agency, access control, authorized, availability, communications security, confidentiality, identify, integrity,
information security policy
information security testing: IncludedBy:security testing,; Related:requirements,
information sharing and analysis center: IncludedBy:analysis,; Related:intrusion, threat,
information superhighway: Related:communications,
information superiority: Related:exploit,
information system: IncludedBy:system,
information system security officer: IncludedBy:computer security, system security officer,; Related:system,
information systems audit and control association: IncludedBy:audit,
information systems audit and control foundation: IncludedBy:audit,
information systems security: IncludedBy:information security, threat, user,; Includes:network security, system security, system security engineering, telecommunications security,; Related:access control, authentication, authorized, denial of service, encryption, identification, system, unauthorized access,; Synonym:computer security,
information systems security association: IncludedBy:computer security, system,
information systems security engineering: IncludedBy:computer security, requirements, system, threat,; Related:countermeasure, identify,
information systems security equipment modification: IncludedBy:computer security,; Includes:COMSEC modification,
information systems security manager: IncludedBy:computer security, system,; Related:assurance, information assurance,
information systems security officer: IncludedBy:computer security,; Includes:network security officer,
information systems security product
Information Systems Security products and services catalogue: IncludedBy:computer security, system,; Includes:degausser products list, endorsed tools list, evaluated products list, preferred products list,
information systems/technology: IncludedBy:system,
information technology: IncludedBy:automated information system,; Related:communications, software,
Information Technology Security Evaluation Criteria: IncludedBy:computer security, evaluation,
information technology system: IncludedBy:automated information system, system,; Related:communications,
information type: Related:privacy, security,
information warfare: IncludedBy:threat, warfare,; Related:exploit,
infrastructure
infrastructure assurance: IncludedBy:assurance,; Related:confidence, critical infrastructures, incident, risk, threat,
infrastructure protection: IncludedBy:critical infrastructures,; Related:assurance, risk, threat, vulnerability,
ingress filtering: Related:internet, security,
inheritance
initial transformation: Related:networks,
initialization value: Related:cipher, key,; Synonym:initialization vector,
initialization vector: IncludedBy:Data Encryption Standard,; Related:algorithm, cipher, encryption,; Synonym:initialization value,
initialize: Related:cryptography, encryption,
initializing value: Related:cipher, hash,
inline sensor
input
input data: IncludedBy:cryptographic module,
input preparation cycle
input/output: Related:automated information system,
insertion: IncludedBy:threat consequence,; Related:authorized,
insider: IncludedBy:threat,; Related:authorization, authorized, compromise, security, security perimeter,
insider attack: IncludedBy:attack,; Related:networks,
inspectable space: Related:TEMPEST, classified, identify,
instance
instantiate
Institute of Electrical and Electronics Engineers, Inc
institute of internal auditors
instrument: Related:security testing, test,
instrumentation: Related:analysis,
Integrated CASE tools: Related:analysis, software,
integrated logistics support
Integrated services digital network: IncludedBy:networks,; Related:communications,
integrated test facility: IncludedBy:test,; Related:software development,
integration test: IncludedBy:test,; Related:software development,
integrity: IncludedBy:assurance, quality of protection, security goals,; Includes:Biba Integrity model, Clark Wilson integrity model, authenticity, checksum, connectionless data integrity service, correctness, data authentication code, data integrity, data integrity service, error detection code, file integrity checker, file integrity checking, integrity check, integrity check value, integrity policy, message integrity code, operational integrity, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, secure hash algorithm, source integrity, system and data integrity, system integrity, system integrity service, two-person integrity,; Related:Biba model, Common Criteria for Information Technology Security, Data Encryption Standard, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, Internet Protocol security, Rivest-Shamir-Adleman, Secure Electronic Transaction, access control, antivirus software, application server attack, archive, asymmetric cryptography, authenticate, authentication, authentication code, authentication header, authorized, business process, common security, communications security, computer abuse, computer emergency response team, computer forensics, computer related controls, computer security, configuration control, critical system files, cut-and-paste attack, cyclic redundancy check, data contamination, data encryption key, data origin authentication service, data security, database management system, defense-in-depth, defense-wide information assurance program, digital signature, digital signature algorithm, digital watermarking, domain name system, dominated by, dual signature, encapsulating security payload, entry-level certification, front-end security filter, general controls, guard, hash, high-impact system, incident, information assurance, information security, intrusion, kerberos, levels of concern, line managers, low-impact system, malware, message authentication code, message authentication code vs. Message Authentication Code, message digest, mid-level certification, network management, network security, nonrepudiation, object, post-accreditation phase, potential impact, privacy enhanced mail, protected channel, public-key certificate, public-key infrastructure, reference monitor, requirements for procedures and standards, review techniques, sandboxed environment, seal, secure envelope, secure hypertext transfer protocol, secure shell, secure single sign-on, secure socket layer, security category, security controls, security event, security policy, signature, signed applet, simple key management for IP, simple network management protocol, software, supervisory control and data acquisition, threat, top-level certification, transmission, trojan horse, trust, trusted channel, trusted computer system, virtual private network, vulnerability,
integrity check: IncludedBy:integrity,; Related:cryptography, hash,
integrity check value: IncludedBy:integrity,
integrity policy: IncludedBy:integrity, policy,; Related:authorized, security policy,
integrity-checking tools: IncludedBy:security software,
intelligence: Related:analysis, evaluation,
intelligence activities: Related:authorized,
intelligence community: Related:security,
intelligent electronic device
intelligent threat: IncludedBy:threat,; Related:cipher, cryptography, encryption, exploit, key,
intent
inter-TSF transfers: IncludedBy:TOE security functions, target of evaluation,; Related:trust,
interactive mode
interarea interswitch rekeying key: IncludedBy:key, rekey,
interception: IncludedBy:threat consequence,; Related:access control, authorized,
interconnection security agreements: IncludedBy:security,; Related:risk,
interdependence: Related:risk,
interdiction: HasPreferred:denial of service,
interface: Related:access control, communications, cryptography,
interface control document: Related:authorization, baseline, evaluation, identify,
interface control unit: IncludedBy:automated information system,
interface testing: IncludedBy:security testing, test,
interference: IncludedBy:threat consequence,
interim accreditation: IncludedBy:accreditation,; Related:authorization, security,
interim accreditation action plan: IncludedBy:accreditation,; Related:risk, security,
interim approval to operate
Interim approval to test
interleaving attack: IncludedBy:attack,; Related:authentication,
internal communication channel: IncludedBy:channel, communication channel, communications, target of evaluation,
internal control questionnaire
internal fraud: IncludedBy:fraud, operational risk loss,
internal label
internal rate of return
internal security controls: IncludedBy:risk management, security controls,; Includes:subject,; Related:access control, authorized, software,
internal security testing: IncludedBy:security testing,; Related:security perimeter,
internal subject: IncludedBy:subject,
internal system exposure: IncludedBy:exposure,; Related:access control, authorization, security,
internal throughput time
internal TOE transfer: IncludedBy:target of evaluation,
International Data Encryption Algorithm: IncludedBy:algorithm, symmetric algorithm,
International organization for standardization: IncludedBy:automated information system,; Includes:Open Systems Interconnection Reference model,; Related:ITU-T,
international standards organization
international telecommunication union: Related:networks,
International Traffic in Arms Regulations: Related:TEMPEST, cryptography, security,
internet: Includes:ARPANET, Distributed Authentication Security Service, Generic Security Service Application Program Interface, IP address, Identification Protocol, Internet Corporation for Assigned Names and Numbers, Internet Draft, Internet Message Access Protocol, version 4, Internet Protocol Security Option, Internet Protocol security, Internet Security Association and Key Management Protocol, Internet Society, Internet Standard, MIME Object Security Services, PKIX, POP3 AUTH, Post Office Protocol, version 3, Rexd, SOCKS, Secure/MIME, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, USENET, anonymous login, cyberspace, domain name service server, domain name system, e-banking, e-mail server, email, extranet, file transfer protocol, firewall, gateway server, internet control message protocol, internet protocol, internet service provider, internet vs. Internet, internetwork, intranet, listserv, mailing list, management information base, markup language, point-to-point protocol, port, pretty good privacy, proxy server, router, secure hypertext transfer protocol, secure shell, simple mail transfer protocol, simple network management protocol, sniffer, telnet, traceroute, transmission control protocol, transmission control protocol/internet protocol, transport layer security, tunnel, uniform resource identifier, uniform resource locator, uniform resource name, user data protocol, virtual private network, wide area information service, world wide web, worm,; Related:Green book, Guidelines and Recommendations for Security Incident Processing, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Message Security Protocol, Open Systems Interconnection Reference model, Secure Electronic Transaction, attack, bill payment, bill presentment, certification hierarchy, computer emergency response team, computer emergency response team/ coordination center, computer network, concept of operations, confidentiality, cookies, countermeasure, dial-up line, domain, egress filtering, electronic commerce, electronic messaging services, end system, external system exposure, host, https, hypermedia, hypertext, ingress filtering, interoperability standards/protocols, lurking, network connection, network worm, networks, object identifier, one-time passwords, online certificate status protocol, open systems security, packet assembly and disassembly, password sniffing, peer-to-peer communication, personal communications network, policy certification authority, pop-up box, port scanning, protocol, public-key forward secrecy, repudiation, rules of behavior, trojan horse, validate vs. verify, vendor,
Internet Architecture Board: IncludedBy:Internet Society,; Related:trust,
Internet Assigned Numbers Authority: IncludedBy:Internet Society,; Related:networks,
internet control message protocol: IncludedBy:internet, security,; Related:communications, networks,
Internet Corporation for Assigned Names and Numbers: IncludedBy:internet,; Related:key,
Internet Draft: IncludedBy:internet,
Internet Engineering Steering Group: IncludedBy:Internet Society,; Related:trust,
Internet Engineering Task Force: IncludedBy:Internet Society,; Related:access control, authentication, security,
internet key exchange protocol: Related:security,
Internet Message Access Protocol, version 4: IncludedBy:internet,
Internet Policy Registration Authority: IncludedBy:Internet Society,; Related:certification, public-key infrastructure,
internet protocol: IncludedBy:internet,; Related:communications, networks,
Internet Protocol security: IncludedBy:communications security, internet, security protocol,; Includes:IPsec Key Exchange, authentication header, encapsulating security payload, transport mode vs. tunnel mode, tunnel mode,; Related:Internet Security Association and Key Management Protocol, NULL encryption algorithm, OAKLEY, Photuris, access control, aggressive mode, authentication, authentication header protocol, confidentiality, cookies, domain of interpretation, encapsulating security payload protocol, encryption, integrity, key, main mode, perfect forward secrecy, pre-shared key, protection suite, quick mode, secure socket layer, security association, security gateway, security parameters index, transport mode, triple DES,
Internet Protocol Security Option: IncludedBy:internet, security protocol,; Related:National Security Agency, access control, classification level, classified, networks,
Internet Security Association and Key Management Protocol: IncludedBy:internet, security protocol,; Related:Internet Protocol security, authentication, cryptography, digital signature, encryption, key,
internet service provider: IncludedBy:internet,; Related:access control,
Internet Society: IncludedBy:internet,; Includes:Internet Architecture Board, Internet Assigned Numbers Authority, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Policy Registration Authority, Internet Society Copyright, Request for Comment,; Related:trust,
Internet Society Copyright: IncludedBy:Internet Society,
Internet Standard: IncludedBy:internet,; Related:Request for Comment,
Internet Standards document: IncludedBy:Request for Comment,
internet vs. Internet: IncludedBy:internet,; Related:model, networks,
Internet worm: IncludedBy:worm,; Related:networks,
internetwork: IncludedBy:internet, networks,; Related:communications,
internetwork private line interface
interoperability: Synonym:interoperable,
interoperability standards/protocols: Related:internet,
interoperable: Related:software,; Synonym:interoperability,
interoperate
interpersonal messaging
interpretation
interpreted virus: IncludedBy:virus,
interswitch rekeying key: IncludedBy:key, rekey,
interval estimate: Related:confidence,
interval variable
intranet: IncludedBy:internet,; Related:access control, authorized, networks,
intruder: IncludedBy:intrusion,; Related:access control, authorization,
intrusion: IncludedBy:threat consequence,; Includes:Intrusion Detection In Our Time, SATAN, computer intrusion, computer security intrusion, host-based intrusion prevention system, intruder, intrusion detection, intrusion detection and prevention, intrusion detection system, intrusion detection system load balancer, intrusion detection tools, intrusion prevention, intrusion prevention system, meaconing, intrusion, jamming, and interference, network-based intrusion prevention system, penetration, security intrusion, wireless intrusion detection and prevention system,; Related:access control, accountability, agent, anomaly detection, anomaly detection model, antivirus software, authorization, authorized, availability, channel scanning, compromise, computer security incident, confidentiality, console, cracker, false negative, false positive, flow, host based, incident, information assurance product, information sharing and analysis center, integrity, management server, misuse detection model, multihost based auditing, network based, network behavior analysis system, rules based detection, sensor, shim, stealth mode, stealth probe, subversion, trustworthy system, tuning, unauthorized access,
intrusion detection: IncludedBy:intrusion,; Includes:Intrusion Detection In Our Time, intrusion detection and prevention, intrusion detection system, intrusion detection system load balancer, intrusion detection tools, wireless intrusion detection and prevention system,; Related:access control, accountability, agent, antivirus software, audit, authorization, authorized, channel scanning, console, countermeasure, false negative, false positive, flow, identify, information assurance product, intrusion prevention system, management server, network behavior analysis system, networks, rules based detection, sensor, shim, software, stealth mode, stealth probe, tuning,
intrusion detection and prevention: IncludedBy:intrusion, intrusion detection,
Intrusion Detection In Our Time: IncludedBy:intrusion, intrusion detection, security software,
intrusion detection system: IncludedBy:intrusion, intrusion detection, security software, system,; Related:audit, authorized, identify, networks,
intrusion detection system load balancer: IncludedBy:intrusion, intrusion detection,
intrusion detection tools: IncludedBy:intrusion, intrusion detection, security software,; Related:access control, authorized, identify, unauthorized access,
intrusion prevention: IncludedBy:intrusion,; Includes:intrusion prevention system,; Related:accountability, countermeasure,
intrusion prevention system: IncludedBy:intrusion, intrusion prevention,; Related:intrusion detection, target,
invalidity date: IncludedBy:public-key infrastructure,; Related:certificate, compromise, digital signature, fraud, key, nonrepudiation,
investigation service
IP address: IncludedBy:internet,; Related:networks,
ip payload compression protocol
IP splicing/hijacking: IncludedBy:attack,; Related:authentication, authorized, hijack attack, networks, session hijacking,
ip spoofing: IncludedBy:address spoofing, masquerade, spoofing,; Related:impersonation, networks,
IPsec Key Exchange: IncludedBy:Internet Protocol security,; Related:authentication, key,
IS related risk: IncludedBy:risk,; Related:authorized, failure, threat, vulnerability,
IS security architecture: IncludedBy:computer security,
isolation: Includes:object, subject,
issue: Related:certificate, public-key infrastructure,
issuer: IncludedBy:Secure Electronic Transaction,; Related:authorized, certificate, public-key infrastructure,
issuing authority
IT default file protection parameters: IncludedBy:access control,
IT resources
IT security: IncludedBy:Automated Information System security,; Related:authentication, availability, confidentiality, integrity, nonrepudiation,; Synonym:computer security,
IT security achitecture: IncludedBy:security,
IT security certification: IncludedBy:Automated Information System security, certification, computer security, target of evaluation,
IT security controls: IncludedBy:security,; Related:availability, confidentiality, integrity, security controls,
IT security database: IncludedBy:security,; Related:authorized,
IT Security Evaluation Criteria: IncludedBy:Automated Information System security, computer security, evaluation,; Related:confidence,
IT Security Evaluation Methodology: IncludedBy:Automated Information System security, computer security, evaluation,; Related:confidence,
IT security goal: HasPreferred:security goals,; IncludedBy:security,
IT security incident: IncludedBy:security,; Related:authorized, availability, confidentiality, integrity, security-relevant event, threat, user, vulnerability,
IT security objective: HasPreferred:security objectives,; IncludedBy:object, security,
IT security plan: IncludedBy:security,
IT security policy: IncludedBy:computer security, policy,
IT security product: IncludedBy:computer security,; Related:software,
IT security support functions: IncludedBy:security,; Related:user,
IT system: HasPreferred:automated information system,
IT-related risk: IncludedBy:risk,; Related:authorized, threat, vulnerability,
iteration
ITU-T: Includes:CCITT, Open Systems Interconnection Reference model,; Related:International organization for standardization,
jamming: Related:attack,
Java: IncludedBy:software,; Related:networks,
jitter
joint task force-computer network defense: Related:incident, threat,
JTC1 Registration Authority
judgment sample: Related:analysis,
judicial authority
kerberos: IncludedBy:Simple Authentication and Security Layer, distributed computing environment, security software,; Includes:key distribution center, session key, third party trusted host model,; Related:access control, attack, integrity, networks, passwords, privacy, trust, user,
kernelized secure operating system: IncludedBy:system,
key: IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative, security,; Includes:Data Encryption Standard, MAC algorithm key, Programmable key storage device, S/Key, SAVILLE Advanced Remote Keying, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, area interswitch rekeying key, asymmetric cryptographic algorithm, automated key distribution, automated key management center, automated key management system, automatic key distribution center, automatic key distribution/rekeying control unit, automatic remote rekeying, block cipher key, cipher text auto-key, common interswitch rekeying key, compartment key, compromised key list, contingency key, cooperative key generation, crypto-ignition key, cryptographic functions, cryptographic ignition key, cryptographic key, cryptonet key, data encryption key, data key, digital certificate, digital key, digital signature, directly trusted CA key, effective key length, electronic key management system, electronically generated key, encrypted key, ephemeral key, exercise key, hard copy key, hardened unique storage Key, hardwired key, interarea interswitch rekeying key, interswitch rekeying key, key card, key distribution center, key list, key management, key management application service element, key management center, key management identification number, key management infrastructure, key management ordering and distribution center, key management protocol data unit, key management system, key management system Agent, key management user agent, key pair, key processor, key production key, key recovery, key storage device, key stream, key tag, key tape, key updating, key variable generator, key-auto-key, key-encrypting key, key-encryption-key, key-escrow, key-escrow system, keying material, keys used to encrypt and decrypt files, local management device/key processor, lock-and-key protection system, loop key generator, maintenance key, manual remote rekeying, master crypto-ignition key, operational key, over-the-air key distribution, over-the-air key transfer, over-the-air rekeying, per-call key, plaintext key, point-to-point key establishment, post-nuclear event key, pretty good privacy, private decipherment key, private key, private signature key, public encipherment key, public key, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key infrastructure, rekey, remote rekeying, reserve keying material, root key, secret key, secret-key cryptography, secure multipurpose internet mail extensions, security management infrastructure, seed key, session key, signature key, single point keying, split key, symmetric algorithm, symmetric key, test key, token storage key, tokens, traffic encryption key, transmission security key, trusted key, unique interswitch rekeying key, verification key, virtual private network,; Related:Blowfish, CA certificate, CAPSTONE chip, COMSEC aid, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC system data, CRYPTO, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Clipper chip, Cryptographic Message Syntax, Data Authentication Algorithm, Data Encryption Algorithm, Diffie-Hellman, Escrowed Encryption Standard, FIPS PUB 140-1, FIREFLY, Federal Public-key Infrastructure, Federal Standard 1027, Fortezza, IEEE P1363, IMAP4 AUTHENTICATE, IPsec Key Exchange, Internet Corporation for Assigned Names and Numbers, Internet Protocol security, Internet Security Association and Key Management Protocol, Key Exchange Algorithm, Key Management Protocol, MIME Object Security Services, MISSI user, OAKLEY, PKCS #10, PKCS #11, PKIX, POP3 APOP, Photuris, Rivest Cipher 2, Rivest Cipher 4, Rivest, Shamir, and Adleman, Rivest-Shamir-Adelman algorithm, Rivest-Shamir-Adleman, SET private extension, Secure Data Network System, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Skipjack, Standards for Interoperable LAN/MAN Security, The Exponential Encryption System, U.S.-controlled space, Wassenaar Arrangement, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate, access control center, archive, asymmetric cryptography, attribute certificate, authority revocation list, bind, binding, block cipher, break, brute force, certificate, certificate management, certificate policy, certificate policy qualifier, certificate rekey, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification hierarchy, certification path, certification request, certify, chosen-ciphertext attack, chosen-plaintext attack, cipher, ciphertext-only attack, class 2, 3, 4, or 5, common name, communications security, compromise, countermeasure, critical security parameters, cross-certification, cryptanalysis, cryptographic algorithm, cryptographic system, cryptographic token, cryptonet, cryptoperiod, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication service, decipher, dictionary attack, digital certification, digital envelope, digital id, distinguished name, distribution point, domain name system, dongle, dual signature, elliptic curve cryptography, encryption, encryption certificate, end entity, explicit key authentication from A to B, extension, fingerprint, hashed message authentication code, hierarchy management, hybrid encryption, implicit key authentication from A to B, initialization value, intelligent threat, invalidity date, key agreement, key authentication, key center, key confirmation, key confirmation from A to B, key control, key derivation function, key distribution, key distribution centre, key distribution service, key establishment, key generating function, key generation, key generation exponent, key generator, key length, key lifetime, key material identifier, key space, key token, key translation center, key translation centre, key transport, key update, key validation, keyed hash, known-plaintext attack, link encryption, man-in-the-middle, merchant certificate, mesh PKI, message authentication code vs. Message Authentication Code, message integrity code, modulus, object, ohnosecond, one-time pad, one-time passwords, one-way encryption, organizational certificate, out-of-band, path discovery, personality label, policy approving authority, policy creation authority, privacy enhanced mail, private component, public component, public-key forward secrecy, random, registration, registration authority, repository, revocation date, root, root certificate, secret, secure hypertext transfer protocol, secure socket layer, security association identifier, security event, self-signed certificate, shared secret, signature certificate, signer, slot, smartcards, split knowledge, start-up KEK, stream cipher, strong authentication, subject, subordinate certification authority, symmetric cryptography, token copy, token management, triple DES, trust, trust-file PKI, trusted certificate, unforgeable, v1 certificate, v2 certificate, v3 certificate, validate vs. verify, validity period, web of trust, zeroize,
key agreement: Related:encryption, key, shared secret,
key authentication: IncludedBy:authentication,; Related:key,
key card: IncludedBy:key,
key center: Related:encryption, key,
key confirmation: Related:key,
key confirmation from A to B: Related:key,
key control: Related:key,
key derivation function: Related:key,
key distribution: Related:key,
key distribution center: IncludedBy:kerberos, key, key management,; Related:communications security, encryption,
key distribution centre: Related:key, trust,
key distribution service: Related:authorized, key,
key establishment: Related:key,
key exchange
Key Exchange Algorithm: Related:National Security Agency, classified, key,
key generating function: Related:key,
key generation: Related:key,
key generation exponent: Related:key, trust,
key generator: Related:cipher, encryption, key,
key length: Related:key,
key lifetime: IncludedBy:multilevel information systems security initiative,; Related:certificate, key, public-key infrastructure,
key list: IncludedBy:key,
key loader: IncludedBy:key management,
key logger: Related:passwords, security,
key management: IncludedBy:key, security,; Includes:Key Management Protocol, automated key distribution, electronic key entry, key distribution center, key loader, key management/exchange, key recovery, key-escrow, manual key distribution, manual key entry,; Related:audit, public-key infrastructure,
key management application service element: IncludedBy:key,
key management center: IncludedBy:key,
key management identification number: IncludedBy:key,
key management infrastructure: IncludedBy:key,; Related:software,
key management ordering and distribution center: IncludedBy:key,
Key Management Protocol: IncludedBy:key management, security protocol,; Related:key,
key management protocol data unit: IncludedBy:key,
key management system: IncludedBy:key, system,
key management system Agent: IncludedBy:key, system,
key management user agent: IncludedBy:key,
key management/exchange: IncludedBy:key management,; Related:privacy,