Security Taxonomy - Anne & Lynn Wheeler

Concepts

access control, assurance, attack, audit, authentication, authorization, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, cyberspace, evaluation, identity, key management, privacy, requirements, risk, risk management, security, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, users,

Terms

*-property: IncludedBy:Bell-LaPadula security model, property,; PreferredFor:star (*) property,; Related:access control, model,; Synonym:confinement property,
2-factor authentication: IncludedBy:3-factor authentication,; Related:process,
3-factor authentication: IncludedBy:authentication,; Includes:2-factor authentication, authentication information,; Related:biometric authentication, challenge/response, passwords, personal identification number, personal identity verification, process, proof of possession protocol, tokens,
ABA Guidelines: Related:association, certificate, digital signature, signature,
abend: Related:control, failure, process, program, test,
abort: Related:computer, failure, program,
Abrams, Jojodia, Podell essays: Related:computer, information, information security, security,
Abstract Syntax Notation One: Includes:Basic Encoding Rules, Distinguished Encoding Rules, object identifier,; Related:certificate, computer, function, information, object, protocols, public-key infrastructure, revocation, standard,
abuse of privilege: IncludedBy:threat,; Related:insider threat, policy, users,
acceptable level of risk: IncludedBy:threat,; Related:analysis, application, assessment, authority, control, countermeasures, critical, network, operation, requirements, vulnerability,
acceptable risk: IncludedBy:risk,; Related:control, system,
acceptable use policy: IncludedBy:policy,; Related:network, system, users,
acceptance criteria: IncludedBy:acceptance procedure, criteria,; Related:authorized, entity, system, users,
acceptance inspection: IncludedBy:acceptance procedure,; Related:information, security testing, software, standard, system, test,
acceptance procedure: IncludedBy:software development, target of evaluation,; Includes:acceptance criteria, acceptance inspection, acceptance testing, object,; Related:control, control systems, process, system, target,
acceptance testing: IncludedBy:acceptance procedure, security testing, test,; Related:criteria, requirements, system, users,
access: Includes:Directory Access Protocol, Internet Message Access Protocol, version 4, Law Enforcement Access Field, Lightweight Directory Access Protocol, Terminal Access Controller Access Control System, access approval, access approval authority, access authority, access category, access control, access control center, access control lists, access control mechanisms, access control officer, access control service, access control system, access eligibility determination, access evaluation, access level, access list, access mediation, access mode, access national agency check and inquiries, access period, access point, access port, access profile, access roster, access termination, access type, access with limited privileges, accesses, accessibility, accessioned records, acknowledged special access program, acquisition special access program, administrative access, approved access control device, attribute-based access control, browse access protection, code division multiple access, common access card, context-dependent access control, controlled access area, controlled access program coordination office, controlled access program oversight committee, controlled access programs, controlled access protection, delete access, demand assigned multiple access, direct access storage device, direct memory access, discretionary access control, execute access, failure access, ferroelectric random access memory, file transfer access management, formal access approval, frequency division multiple access, handle via special access control channels only, identity based access control, intelligence special access program, interim access authorization, last mile broadband access, limited access authorization, local access, logical access, logical access control, mandatory access control, media access control address, merge access, multiple access rights terminal, need for access, network access, network access control, non-discretionary access control, non-volatile random access memory, object, on-access scanning, one-time access, partition rule base access control, peer access approval, peer access enforcement, physical access control, policy-based access control, privileged access, program access request, random access memory, read access, remote access, remote access software, risk-adaptable access control, role-based access control, special access office, special access program, special access program facility, special access program/special access required, special access programs central office, special access programs coordination office, special access required programs oversight committee, subject, surrogate access, tactical special access program facility, temporary access eligibility, time division multiple access, umbrella special access program, unacknowledged special access program, unauthorized access, update access, waived special access program, wi-fi protected access-2, wireless access point, write access,; Related:ACL-based authorization, Automated Information System security, Bell-LaPadula security model, Clark Wilson integrity model, Defense Central Security Index, Defensive Information Operations, Department of Defense National Agency Check Plus Written Inquiries, Escrowed Encryption Standard, Freedom of Information Act, IA product, IT security policy, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, KOA agent, Network File System, PHF, PIV issuer, POSIX, Post Office Protocol, version 3, RA domains, SOCKS, SSO PIN, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, USENET, accreditation range, accredited security parameter, acoustic security, activation data, active wiretapping, ad hoc network, adequate security, adjudication, adjudication authority, adversary, adverse information, alternative compensatory control measures, anonymous and guest login, anonymous login, appeal, applicant, application, application program interface, application proxy, application server attack, archiving, associated markings, attack, attack signature, attribute-based authorization, audit, audit trail, authenticate, authentication, authentication mechanism, authentication period, authority, authorization, authorized, authorized adjudicative agency, authorized investigative agency, authorized person, authorized user, automated information system media control system, availability, availability service, backdoor, balanced magnetic switch, base station, bastion host, benign, between-the-lines-entry, billets, boundary, brute force password attack, buffer overflow, call back, capability, carve-out, category, central office, centralized authorization, certification practice statement, classified, classified contract, classified information procedures act, classified visit, clearance, clearance certification, clearance level, cleared escort, client, client server, closed storage, cloud computing, co-utilization, collateral information, common gateway interface, communications, compartment, compartmentalization, compartmentation, compartmented intelligence, compartmented mode, compelling need, component reference monitor, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, console logon, continuous operation, contractor/command program security officer, control, controlled security mode, controlled sharing, controlled space, cookies, covert channel, covert channel analysis, cracker, credentials, critical, critical program information, critical system, cross domain solution, cryptographic application programming interface, data asset, data compromise, data integrity service, data management, debriefing, dedicated mode, default account, default file protection, demilitarized zone, demon dialer, denial-of-service, determination authority, device distribution profile, dictionary attack, directory service, disclosure of information, disclosure record, diskette, distributed plant, domain, domain name system, domain parameter, dominated by, dual control, eligibility, encapsulation, entry control, exception, exploit, exploitation, external security controls, external system exposure, extranet, extraordinary security measures, facility security clearance, failed logon, false acceptance, false acceptance rate, false rejection rate, federated identity, federation, fedline, fetch protection, file encryption, file protection, file security, file series, firewall, flooding, flow, foreign disclosure, foreign ownership, control, or influence, foreign travel briefing, foreign visit, formulary, full disk encryption, government-approved facility, granularity, guard, guest system, hackers, high assurance guard, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, immediate family member, impersonation, inadvertent disclosure, inadvertent disclosure incident, incident of security concern, individual accountability, individual electronic accountability, indoctrination, inference, information, information assurance, information assurance product, information category, information security, information security risk, information sharing environment, information steward, information systems security, inside threat, insider, insider threat, integrity, intercept, interception, interface, internal security controls, internal system exposure, internal vulnerability, internet protocol security, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection and prevention system, intrusion detection systems, intrusion detection tools, isolator, joint personnel adjudication system, kerberos, key recovery, key-escrow, kiosk, labeled security protections, least privilege, letter of compelling need, list-oriented, local logon, lock-and-key protection system, lockout, logged in, logic bombs, logical completeness measure, login, logoff, logon, maintenance hook, major application, malicious intruder, malicious logic, management client, masquerade, masquerading, minor application, mission critical, mode of operation, modes of operation, motivation, multi-releasable, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, need-to-know, need-to-know determination, network component, network reference monitor, network security, network weaving, nicknames, no-lone zone, non-disclosure agreement, non-discretionary security, non-discussion area, noncomputing security methods, office of personnel management, online attack, open storage area, operations and support, operations manager, operator, overwriting, packet filter, packet filtering, partitioned security mode, password protected, password system, passwords, peer-to-peer communication, penetration, penetration testing, perimeter-based security, permanent records, permissions, personal computer system, personal identification number, personnel security, personnel security - issue information, personnel security clearance, personnel security exceptions, personnel security interview, personnel security investigation, personnel security program, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, pii confidentiality impact level, platform it interconnection, point-to-point tunneling protocol, policy, pop-up box, port, portal, primary services node (prsn), privacy, privilege management, privileged accounts, privileged user, probe, procedural security, process, program channels or program security channels, program material, program office, program security officer, programmable read-only memory, protected network, protection ring, protection-critical portions of the TCB, protective security service, proximity, proxy, proxy server, public-key certificate, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, reinstatement, relying party, remote administration tool, remote authentication dial-in user service, remote login, replay attacks, repository, requirements, resource, resource encapsulation, response force, restricted area, revocation, risk avoidance, rootkit, routine changes, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, sandboxed environment, sandboxing, scattered castles, scoping guidance, screen scraping, secure data device, secure single sign-on, secure state, secure working area, security, security assurance, security attribute, security banner, security clearance, security compromise, security controls, security director, security domain, security incident, security intrusion, security kernel, security label, security level, security management, security management infrastructure, security policy, security safeguards, security service, security violation, security-relevant event, segregation of duties, senior foreign official, senior review group, sensitive activities, sensitive compartmented information, sensitive compartmented information courier, sensitive information, sensitivity label, service, signature, simple network management protocol, simple security condition, simple security property, single scope background investigation - periodic reinvestigation, single sign-on, social engineering, software, software-based fault isolation, source program, special program review group, sponsoring agency, spoof, spoofing, storage object, store, subcontract, subject security level, subset-domain, suspicious contact, system, system entry, system high mode, system resources, system software, system-high security mode, target vulnerability validation techniques, tcpwrapper, technical countermeasures, technical policy, technological attack, technology, technology control plan, temporary help/job shopper, term rule-based security policy, theft, threat, ticket, ticket-oriented, timing attacks, tokens, transaction, trapdoor, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, unauthorized disclosure, unauthorized person, unclassified internet protocol router network, unclassified sensitive, unfavorable personnel security determination, uniform resource locator, unprotected network, user PIN, users, vault, verification, virus, vulnerability, war driving, web browser cache, web content filtering software, website, wide-area network, wimax, wireless gateway server, wiretapping, workstation, world wide web, write,
access approval: IncludedBy:access,; Related:authorization, classified, security clearance,
access approval authority: IncludedBy:access,
access authority: IncludedBy:access,
access category: IncludedBy:access,; Related:authorized, process, program, resource, users,
access control: IncludedBy:Automated Information System security, access, authorization, control, risk management, security, security-relevant event, trusted computing base, users,; Includes:IT default file protection parameters, centralized authorization, classified information, component reference monitor, controlled sharing, cookies, default file protection, entry control, fetch protection, file protection, file security, granularity, logged in, login, logoff, logon, need-to-know, network reference monitor, privileged, sandboxed environment, secure state, security kernel, security perimeter, sensitivity label, system entry, technical policy,; Related:*-property, Bell-LaPadula security model, Clark Wilson integrity model, Defensive Information Operations, Escrowed Encryption Standard, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, Network File System, PIV issuer, POSIX, RA domains, SOCKS, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, accreditation range, active wiretapping, adequate security, adversary, application, application program interface, application proxy, archiving, attack, audit, audit trail, authenticate, authentication, authorized, availability, availability service, backdoor, bastion host, benign, between-the-lines-entry, boundary, boundary host, breach, buffer overflow, call back, capability, category, classified, clearance level, client, client server, common gateway interface, communications, compartment, compartmentalization, compartmented mode, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, controlled security mode, controlled space, covert channel, covert channel analysis, cracker, credentials, critical, critical system, cryptographic application programming interface, cryptographic equipment room, data compromise, data integrity service, data management, dedicated mode, default account, demilitarized zone, demon dialer, denial-of-service, dictionary attack, directory service, disclosure of information, domain, domain name system, domain parameter, dominated by, dual control, encapsulation, exploit, exploitation, external security controls, external system exposure, extranet, federated identity, federation, fedline, firewall, flooding, formulary, function, guard, hackers, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, impersonation, inadvertent disclosure, individual accountability, individual electronic accountability, inference, information, information assurance product, information category, information security, information systems security, integrity, interception, interface, internal security controls, internal system exposure, internet protocol security, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection tools, kerberos, key recovery, key-escrow, kiosk, labeled security protections, list-oriented, lock-and-key protection system, lockout, logic bombs, logical completeness measure, maintenance hook, major application, malicious intruder, malicious logic, masquerade, masquerading, minimum essential infrastructure, mode of operation, modes of operation, motivation, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, network, network component, network security, network weaving, no-lone zone, non-discretionary security, noncomputing security methods, operations manager, operator, packet filtering, partitioned security mode, password system, passwords, peer-to-peer communication, penetration, permissions, personal identification number, personnel security, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, policy, pop-up box, privacy, probe, procedural security, process, program, protected network, protection ring, protection-critical portions of the TCB, proximity, proxy server, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, remote administration tool, remote authentication dial-in user service, repository, resource, resource encapsulation, restricted area, rootkit, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, scoping guidance, screen scraping, secure single sign-on, security clearance, security compromise, security controls, security domain, security incident, security intrusion, security label, security management, security management infrastructure, security policy, security safeguards, security violation, segregation of duties, sensitive compartmented information, sensitive information, signature, simple network management protocol, simple security condition, simple security property, single sign-on, social engineering, software, source program, spoof, spoofing, storage object, subject security level, subset-domain, system, system high mode, system resources, system software, system-high security mode, tcpwrapper, technological attack, technology, term rule-based security policy, theft, threat, threat consequence, ticket, ticket-oriented, timing attacks, tokens, transaction, trapdoor, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, uniform resource locator, unprotected network, user PIN, verification, virus, vulnerability, web browser cache, website, wide-area network, wireless gateway server, wiretapping, workstation, world wide web,
access control center: IncludedBy:access, control,; Related:computer, cryptography, key, policy, security, system,
access control lists: IncludedBy:access,; Includes:ACL-based authorization,; PreferredFor:access list,; Related:authorized, communications security, computer, control, object, process, program, resource, subject, system, users,
access control mechanisms: IncludedBy:access, control,; Related:authorized, management, security, software, system, unauthorized access,
access control officer: IncludedBy:access, control,
access control service: IncludedBy:access, control,; Related:authorized, entity, policy, resource, security, system, unauthorized access,
access control system: IncludedBy:access,; Related:security,
access eligibility determination: IncludedBy:access,; Related:classified, requirements, security,
access evaluation: IncludedBy:access, evaluation,; Related:security,
access level: IncludedBy:access, security level,; Related:authorization, identify, object, users,
access list: HasPreferred:access control lists,; IncludedBy:access,
access mediation: IncludedBy:access,; Related:authorized, control, policy, process, resource,
access mode: IncludedBy:access, automated information system,; Related:object, operation, process, subject, system,
access national agency check and inquiries: IncludedBy:access,; Related:classified, security,
access period: IncludedBy:access,
access point: IncludedBy:access,
access port: IncludedBy:access,; Related:computer,
access profile: IncludedBy:access, file, profile,; Related:object, users,
access roster: IncludedBy:access,
access termination: IncludedBy:access,
access type: IncludedBy:access,; Related:authorization, file, management, object, program, users,
access with limited privileges: IncludedBy:access,; Related:application, control, domain, process, security, system, users,
accesses: IncludedBy:access,; Related:classified, critical, requirements, security,
accessibility: IncludedBy:access,; Related:computer, resource, system,
accessioned records: IncludedBy:access,
account aggregation: Related:entity, information, target,
account authority digital signature: IncludedBy:authority, public-key infrastructure, signature,; Related:authentication, key, public-key,
account fraud: IncludedBy:fraud, identity theft,; PreferredFor:account hijacking, account takeover,; Related:entity, theft,
account hijacking: HasPreferred:account fraud,
account management: Related:information,
account takeover: HasPreferred:account fraud,
accountability: IncludedBy:security goals,; Includes:automated information system, identification, object, users,; Related:audit, authority, communications security, computer, control, deterrence, entity, failure, fault isolation, identify, information, intrusion, intrusion detection, intrusion prevention, key, minimum essential infrastructure, non-repudiation, owner, policy, process, property, quality, recovery, resource, security objectives, system, trust,
accounting legend code: IncludedBy:code,; Related:communications security, control, control systems, security, system,
accounting number: Related:communications security, control,
accreditation: IncludedBy:certification,; Includes:DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation boundary, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, identification and accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation,; PreferredFor:accredited,; Related:Common Criteria Testing Laboratory, approved technologies list, approved test methods list, assessment, association, authority, authorization, cascading, certificate, certificate revocation list, certification phase, certifier, classified, computer, control, controlled security mode, criteria, dedicated security mode, evaluation, external security controls, function, information, intelligence, multilevel security mode, national information assurance partnership, network, operation, partitioned security mode, pre-certification phase, process, requirements, risk, security evaluation, security testing, site certification, standard, system, system-high security mode, test, trust, trusted computer system, type certification,
accreditation authority: IncludedBy:accreditation, authority,; Related:entity, information, trust,
accreditation body: IncludedBy:accreditation, national information assurance partnership,; Related:standard,
accreditation boundary: IncludedBy:accreditation, boundary,; Related:information, resource, security, system, users,; Synonym:security perimeter,
accreditation disapproval: IncludedBy:accreditation,; Related:control, critical, operation, requirements, risk, security, system,
accreditation multiplicity parameter: IncludedBy:accreditation,; Related:authority, entity, information,
accreditation package: IncludedBy:accreditation,; Related:security, system,
accreditation phase: IncludedBy:accreditation,; Related:assessment, process, risk, security, system, update,
accreditation range: IncludedBy:accreditation,; Related:access, access control, authority, computer, computer security, control, criteria, evaluation, network, operation, process, requirements, risk, security, system, trust, trusted computer system,
accredited: HasPreferred:accreditation,
accredited security parameter: IncludedBy:security,; Related:access,
accrediting authority: IncludedBy:authority,; Related:security,
accuracy: Related:assessment,
ACH debit fraud: IncludedBy:fraud, identity theft,; Related:authorized,
acknowledged special access program: IncludedBy:access,; Related:authorized, classified, compromise, risk, vulnerability,
ACL-based authorization: IncludedBy:access control lists, authorization,; Includes:distributed computing environment,; Related:access,
acoustic intelligence: IncludedBy:intelligence,; Related:acoustic security, analysis,
acoustic security: IncludedBy:security,; Related:access, acoustic intelligence, classified,
acoustic warfare: IncludedBy:warfare,
acquirer: IncludedBy:Secure Electronic Transaction,; Related:authorization, process, system,
acquisition: Related:control,
acquisition plan: Related:analysis, requirements,
acquisition program
acquisition special access program: IncludedBy:access,; Related:evaluation, intelligence, requirements,
acquisition strategy: Related:control, object, system,
acquisition systems protection: Related:authorized, compromise, foreign, intelligence, security,
activation data: Related:access,
active attack: IncludedBy:attack,; Related:authentication, impersonation, protocols,
active content: Related:program, software,
active security testing: IncludedBy:security testing, test,; Related:system, target, vulnerability,
active state: Antonym:deactivated state,; IncludedBy:key lifecycle state,; Related:algorithm, application, cryptographic, key, lifecycle, security,
active wiretapping: IncludedBy:wiretapping,; Related:access, access control, authorized, communications, computer, control, message, users,
activities
activity
activity analysis: IncludedBy:analysis, security software,; Related:process,
activity security manager: IncludedBy:security,; Related:classified, information security, security incident,
activity-based costing: IncludedBy:business process,
actuator
ad hoc
ad hoc network: IncludedBy:network,; Related:access,
ad hoc testing: IncludedBy:security testing, test,
ad-lib test: IncludedBy:test,
adaptive predictive coding
add-on security: IncludedBy:security,; Related:computer, operation, process, software, system,
address
address indicator group
address of record
address spoofing: IncludedBy:masquerade, spoof, spoofing,; Includes:ip spoofing,; Related:impersonation, network, system,
adequate security: IncludedBy:security,; Related:access, access control, authorized, availability, control, information, integrity, management, operation, risk, system, unauthorized access,
adjudication: Related:access, classified, evaluation, security, trust,
adjudication authority: Related:access,
adjudicative process: Related:risk, security,
adjudicator: Related:security,
administration documentation: IncludedBy:target of evaluation,; Related:information, target,
administrative access: IncludedBy:access,; Related:authorized, function, system,
administrative account: Related:computer, users,
administrative safeguards: Related:development, security,
administrative security: HasPreferred:procedural security,; IncludedBy:security,
administrator: IncludedBy:target of evaluation,; Related:operation, target,
advanced development model: IncludedBy:software development,
advanced encryption standard: IncludedBy:National Institute of Standards and Technology, encryption, standard, symmetric cryptography,; Related:algorithm, classified, cryptographic, key,
advanced intelligence network: IncludedBy:intelligence, network,
advanced intelligent network: IncludedBy:network,
advanced key processor: IncludedBy:key,; Related:management,
Advanced Mobile Phone Service: Related:standard, system, update, users,
advanced narrowband digital voice terminal
advanced persistent threats: IncludedBy:threat,; Related:attack, critical, cyberspace, target,
Advanced Research Projects Agency Network: IncludedBy:network,
advanced self-protection jammer: IncludedBy:communications security, jamming,; Related:assurance,
adversary: IncludedBy:security,; Includes:adversary collection methodology, adversary threat strategy,; Related:C2-attack, C2-protect, RED team, access, access control, advisory, attack, camouflage, command and control warfare, communications cover, communications deception, compromise, counterintelligence, countermeasures, cover, critical, cryptographic key, damage, data aggregation, deception, eavesdropping, entity, imitative communications deception, indicator, information, information assurance, information operations, information superiority, information warfare, intelligence, intelligent threat, malware, man-in-the-middle attack, motivation, national information infrastructure, non-technical countermeasure, operations security, operations security indicator, perceived collection threat, radio frequency jamming, random, replay attacks, risk, security environment threat list, security threat, social engineering, system, target, threat, threat analysis, traffic analysis, vulnerability, vulnerability analysis, vulnerability assessment,
adversary collection methodology: IncludedBy:adversary,; Related:critical,
adversary threat strategy: IncludedBy:adversary, threat,
adverse action
adverse information: Related:access, classified, security,
advisory: Includes:Computer Incident Advisory Capability, National COMSEC Advisory Memorandum, National Industrial Security Advisory Committee, National Security Telecommunications Advisory Committee, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, TEMPEST advisory group,; Related:Internet Architecture Board, adversary, computer emergency response team, development, target, threat,
affiliate
agency: Related:classified, control,
agent: Related:attack, intrusion, intrusion detection, malicious, program,
agent of the government: Related:authorized,
aggregation: Related:classified, information, security,
aggressive mode: Related:establishment, internet protocol security, internet security protocol, message,
agreement: Related:management, security,
alarm: Related:countermeasures, function,; Synonym:alert,
alarm reporting: Related:fault, identification, information, network, resource, security software,
alarm surveillance: Related:analysis, communications, control, fault, function, information, network, operation, resource, security software,
alert: Related:anomaly, attack, audit, communications security, critical, identify, message, network, process, resource, security,; Synonym:alarm,
algorithm: Includes:Data Authentication Algorithm, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, International Data Encryption Algorithm, Key Exchange Algorithm, MAC algorithm key, NULL encryption algorithm, RSA algorithm, Rivest-Shamir-Adleman algorithm, algorithm transition, asymmetric algorithm, asymmetric cryptographic algorithm, asymmetric encryption algorithm, control algorithm, cryptographic algorithm, cryptographic algorithm for confidentiality, data encryption algorithm, digital signature algorithm, encipherment algorithm, encryption algorithm, hash algorithm, keyed hash algorithm, message authentication code algorithm, message digest algorithm 5, public-key algorithm, secure hash algorithm, symmetric algorithm, symmetric encipherment algorithm, symmetric encryption algorithm,; Related:CAST, Clipper chip, Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security, Computer Security Objects Register, Diffie-Hellman, Digital Signature Standard, Escrowed Encryption Standard, FIPS PUB 140-1, FIPS approved security method, Fortezza, Internet Security Association and Key Management Protocol, OAKLEY, Rivest Cipher 2, Rivest Cipher 4, SET qualifier, Simple Key-management for Internet Protocols, Skipjack, Type 4 product, Type I cryptography, Type II cryptography, Type III cryptography, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, active state, advanced encryption standard, approved, asymmetric cryptography, asymmetric encipherment system, biometric template, block cipher, break, brute force attack, certification request, checksum, cipher, cipher block chaining, cipher feedback, cipher suite, ciphertext, ciphertext-only attack, code, communications security, computer, computer cryptography, cryptanalysis, cryptographic, cryptographic functions, cryptographic key, cryptographic logic, cryptographic module, cryptographic system, cryptographic token, cryptography, cryptonet, cryptoperiod, cycle time, cyclic redundancy check, data authentication code, data authentication code vs. Data Authentication Code, data encryption standard, decrypt, digital envelope, digital signature, domain of interpretation, effective key length, electronically generated key, elliptic curve cryptography, encipherment, encrypt, encryption, encryption strength, frequency hopping, hash, hash function, hybrid encryption, indistinguishability, initial transformation, initialization value, initialization vector, intelligent threat, internet protocol security, key, key agreement, key distribution, key generating function, key generator, key pair, key recovery, key space, key transport, key-escrow system, keyed hash, known-plaintext attack, link encryption, man-in-the-middle attack, message, message authentication code, message authentication code vs. Message Authentication Code, message digest, metrics, mode of operation, one-time pad, out-of-band, output transformation, parameters, pretty good privacy, private key, process controller, protection suite, pseudo-random, public-key, public-key cryptography standards, public-key forward secrecy, public-key information, secret key, secret-key cryptography, secure hash standard, secure hypertext transfer protocol, secure socket layer, security mechanism, security strength, semantic security, signature generation, signature verification, stream cipher, strength of mechanisms, symmetric cryptography, symmetric key, trapdoor, triple DES, trust, tunnel, type 1 products, type 2 product, type 3 product, validate, virus definitions,
algorithm transition: IncludedBy:algorithm,; Related:cryptographic, process,
alias: Related:anonymous, entity, masquerade,
alien: Related:United States citizen,
alignment: Related:process, system,
all-hazards
allocation: Related:control, security,
allowed traffic: Related:bit forwarding rate, ruleset, system, test,
alternate COMSEC custodian: IncludedBy:communications security,; Related:authority,
alternate work site
alternative compensatory control measures: Related:access, intelligence,
alternative work site: Related:program,
American institute of certified public accountants
American National Standards Institute: IncludedBy:standard,; Related:association, automated information system, communications, computer, users,
American Standard Code for Information Interchange: IncludedBy:code, information, standard,; Related:automated information system,
analog signal
analysis: Includes:SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit, cost/benefit analysis, cost/benefit estimate, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, gap analysis, information sharing and analysis center, mutation analysis, network behavior analysis system, requirements analysis, risk analysis, risk reduction analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, stateful protocol analysis, static analysis, target identification and analysis techniques, technical threat analysis, threat analysis, traffic analysis, value analysis, vulnerability analysis,; Related:Federal Standard 1027, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acceptable level of risk, acoustic intelligence, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, counterintelligence assessment, countermeasures, cryptology, cryptoperiod, damage assessment, data historian, diagnostics, digital forensics, electronic security, elliptic curve cryptography, emanations security, emission security, emissions security, error seeding, evaluation assurance, fault injection, financial crimes enforcement network, flaw hypothesis methodology, flooding, formal language, functional test case design, global requirements, hashed message authentication code, independent validation and verification, instrumentation, intelligence, intelligence sources and methods, judgment sample, known-plaintext attack, limited network analyzer, local requirements, measurement and signature intelligence, model, national computer security assessment program, network sniffing, one-time pad, operations security, operations security process, operations security survey, personal computer system, portfolio, privacy impact assessment, reference monitor, reference validation mechanism, remote maintenance, risk assessment, risk identification, risk management, robustness, sanitization, sanitizing, security test and evaluation, significant change, symbolic execution, system development, system development methodologies, target vulnerability validation techniques, telemetry, telemetry intelligence, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, verification, vulnerability, vulnerability assessment,; Synonym:evaluation, test,
analysis of alternatives: IncludedBy:analysis,; Related:information, process,
ankle-biter: IncludedBy:threat,; Related:internet, malicious, program,
anomaly: Includes:anomaly detection, anomaly detection model,; Related:alert, bug, failure, fault, operation, problem, requirements, software, users,
anomaly detection: IncludedBy:anomaly, security software,; Related:countermeasures, intrusion, system, users,
anomaly detection model: IncludedBy:anomaly, model, security policy model,; Related:intrusion, system, users,
anomaly-based detection
anonymity: Related:identification, information, security, users,
anonymous: Related:alias, application, attack, authorized, entity, privacy, security, system, users,
anonymous and guest login: IncludedBy:login,; Related:access, authentication, protocols, system,
anonymous login: IncludedBy:internet, login,; Related:access, control, file, passwords, protocols, resource, system, threat, users,
anti-jam: IncludedBy:communications security,; Related:information, jamming,
anti-jamming: IncludedBy:communications security,; Related:jamming,
anti-spoof: Antonym:spoofing,; IncludedBy:spoof,; Related:attack, authentication, authorized, identification, security software, subject,
anti-tamper: IncludedBy:tamper,; Related:critical,
anti-tamper executive agent: IncludedBy:tamper,
antispyware software: IncludedBy:software,; Related:malware, program,
antisubmarine warfare: IncludedBy:warfare,
antivirus software: IncludedBy:security software, software, virus,; Related:application, computer, countermeasures, file, identify, incident, integrity, intrusion, intrusion detection, malware, program, system,
antivirus tools: IncludedBy:virus,; Related:code, countermeasures, malicious, software, system, technology,
appeal: Related:access,
appendix: Related:signature,
applet: Related:application, program, world wide web,
applicant: Related:access, authorized, certificate, certification, classified, entity, key,
applicant assertion: Related:entity, identity, information, process, registration,
application: IncludedBy:software,; Includes:Cryptographic Application Program Interface, Generic Security Service Application Program Interface, application controls, application data backup/recovery, application entity, application gateway firewall, application generator, application level gateway, application program interface, application programming interface, application proxy, application server attack, application software, application system, application-level firewall, cryptographic application programming interface, key management application service element, major application, rapid application development, wireless application protocol,; Related:COMSEC end-item, Common Criteria for Information Technology Security, Defense Information Infrastructure, Distinguished Encoding Rules, Europay, MasterCard, Visa, FIPS PUB 140-1, Federal Public-key Infrastructure, Generic Upper Layer Security, IT security certification, IT security support functions, Java, Lightweight Directory Access Protocol, Network File System, OSI architecture, Open Systems Interconnection Reference model, PIV issuer, PKIX, POSIX, S/Key, SOCKS, TOE security functions interface, X.500 Directory, acceptable level of risk, access, access control, access with limited privileges, active state, anonymous, antivirus software, applet, archive, asynchronous transfer mode, automated information system, backup, backup generations, banner grabbing, baseline management, bastion host, bill payment, blacklist, certificate policy, certification, certification authority workstation, certification phase, certification practice statement, circuit proxy, clean system, closed security environment, collaborative computing, command and control warfare, common security, communications, component operations, computer, computer architecture, computer fraud, computer related controls, computing environment, control, control server, cookies, critical system files, cryptographic system, cybersecurity, data dictionary, data encryption key, decrypt, defense-in-depth, degauss, denial-of-service, designation policy, digital forensics, directly trusted CA, disaster recovery plan, distributed computing environment, documentation, dual-homed gateway firewall, email, emanations security, encryption, end entity, end-user, extensible markup language, extension, extranet, fail soft, file infector virus, file transfer protocol, firewall, firmware, formal language, function, general controls, general support system, global information grid, hash function, hijacking, host, host-based firewall, hybrid encryption, hypertext markup language, hypertext transfer protocol, identity management systems, interface, internet vs. Internet, interpretation, interpreted virus, kerberos, key generating function, key management, key-encrypting key, least privilege, legacy systems, line managers, link encryption, lockout, macro virus, malicious applets, malicious code, malicious program, malware, management server, meta-language, middleware, mode of operation, modem, motion control network, multipurpose internet mail extensions, national security system, naval special warfare, network protocol stack, network service worm, on-line system, online certificate status protocol, open security, open security environment, open system interconnection model, operating system, operations security, outcome, packet filter, passive fingerprinting, password cracker, patch, penetration testing, personal identification number, personality label, physical security, platform, portability, pretty good privacy, process, program, protocol analyzer, prototyping, proxy, proxy server, public-key cryptography standards, public-key infrastructure, purge, random, realm, registration authority, rekey, relying party, repair action, reusability, review techniques, risk analysis, routing control, run manual, scalability, scope of a requirement, screened host firewall, secure socket layer, security assertion markup language, security evaluation, security requirements, security support programming interface, security testing, session key, significant change, simple mail transfer protocol, simple network management protocol, single sign-on, site accreditation, smartcards, software security, source code generator, starting variable, statistical process control, support software, system, system accreditation, system software, systems engineering, systems software, target identification and analysis techniques, technical controls, technology area, teleprocessing, telnet, test bed, test facility, transmission control protocol, transmission security, transport layer security, trust-file PKI, trusted gateway, type accreditation, unauthorized access, unit of transfer, user data protocol, user partnership program, users, validate, validation, verification, version scanning, virus, virus signature, vulnerability, vulnerability assessment, water supply system, whitelist, workgroup computing, workstation, world wide web,
application controls: IncludedBy:application, control,; Related:authorized, encryption, process, program, security controls, system, validation,
application data backup/recovery: IncludedBy:application, availability, backup,; Related:damage, information, process, software,
application entity: IncludedBy:application, entity,
application gateway firewall: IncludedBy:application, firewall, gateway,; Related:internet, protocols, system,
application generator: IncludedBy:application,; Related:code, control, program, requirements, software,
application level gateway: IncludedBy:application, gateway,; Related:connection, firewall, process, system,; Synonym:application proxy,
application program interface: IncludedBy:application, interface, program, security, software,; Related:access, access control, code, communications, function, network, standard, system, users,
application programming interface: IncludedBy:application, interface, program,; Related:interoperability, software, system,
application proxy: IncludedBy:application, firewall, proxy,; Includes:gateway,; Related:access, access control, audit, connection, control, protocols, response,; Synonym:application level gateway,
application server attack: IncludedBy:application, attack,; Related:access, authorized, availability, compromise, computer, information, integrity, resource, system, users,
application software: IncludedBy:application, software,; Related:process, program, system,
application system: IncludedBy:application, system,; Related:automated information system, computer, function, process, program, resource,
application-level firewall: IncludedBy:application, firewall, security,; Related:connection, process, protocols, system,
approach
approval for service use
approval to operate: Related:management, risk,
approval/accreditation: IncludedBy:accreditation,; Related:TEMPEST, authorization, communications, communications security, computer, control, evaluation, information, operation, process, security, software, system,
approved: Related:algorithm, function, security,
approved access control device: IncludedBy:access,; Related:requirements, security,
approved built-in combination lock
approved combination padlock: Related:requirements,
approved electronic, mechanical, or electromechanical device: Related:requirements, security,
approved key-operated padlock: IncludedBy:key,; Related:requirements,
approved mode of operation: Related:security,
approved security container: IncludedBy:security,; Related:certification,
approved security function: IncludedBy:security,; Related:authentication, management,
approved technologies list: IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership,; Related:IT security, accreditation, computer security, evaluation, information, security, technology, test,
approved test methods list: IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership, test,; Related:IT security, accreditation, authorized, computer security, evaluation, security,
approved vault
approved vault door
architectural design: IncludedBy:software development, target of evaluation,; Related:process, target,
architecture: Related:function, information, interface, system, users,
archive: IncludedBy:recovery,; Related:application, audit, backup, certificate, cryptographic, digital signature, information, integrity, key, non-repudiation service, operation, public-key, public-key infrastructure, redundancy, retrieval, signature, software, software library, system, technology, uniform resource locator,; Synonym:archiving,
archiving: Related:access, access control, backup, file,; Synonym:archive,
area interswitch rekeying key: IncludedBy:key, rekey,
areas of control: IncludedBy:control,; Related:assurance, object,
areas of potential compromise: IncludedBy:compromise, vulnerability,; Related:minimum essential infrastructure,
ARPANET: IncludedBy:internet, network,
as-is process model: IncludedBy:model, process,; Related:baseline, business process,
assessment: Includes:computer incident assessment capability, counterintelligence assessment, criticality assessment, damage assessment, independent assessment, national computer security assessment program, operations security assessment, privacy impact assessment, qualitative risk assessment, risk assessment, threat assessment, vulnerability assessment, web risk assessment,; Related:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, acceptable level of risk, accreditation, accreditation phase, accuracy, analysis, assurance, authorize processing, binding of functionality, certification, certification package, certification phase, cost-risk analysis, deliverable, ease of use, evaluation, evaluation pass statement, evaluator, information, management countermeasure, metrics, monitoring and evaluation, operations security, operations security process, portfolio, pre-certification phase, process, process assurance, rating, resource, risk analysis, risk avoidance, risk management, scheme, security, security category, security fault analysis, site certification, standard, strength of mechanisms, suitability of functionality, system, threat monitoring, verification, vulnerability,
assessment method
assessment object
assessment objective: Related:control, security,
assessment procedure
asset: IncludedBy:target of evaluation,; Related:countermeasures, information, intelligence, operation, resource,
asset identification: Related:security,
asset reporting format
assignment: IncludedBy:protection profile,; Related:file, function, message, profile, signature,
associated markings: Related:access, classified,
association: Includes:Internet Security Association and Key Management Protocol, information systems audit and control association, information systems security association, personal computer memory card international association, security association, security association identifier, security association lifetime, symmetric measure of association,; Related:ABA Guidelines, American National Standards Institute, IPsec Key Exchange, PCMCIA, U.S. person, accreditation, authentication header, binding, certification authority, cookies, data integrity service, data origin authentication service, dynamic binding, encapsulating security payload, hijack attack, information, internet key exchange protocol, internet protocol security, key establishment, key recovery, key transport, keying material, man-in-the-middle attack, on-line cryptosystem, peer entity authentication, peer entity authentication service, primary account number, protocols, proxy server, repudiation, risk, security parameters index, security situation, spam, static binding, system, transport mode vs. tunnel mode, unit of transfer,
assurance: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, security goals, target of evaluation,; Includes:assurance approach, assurance authority, assurance case, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, assure, automated information system, confidence, configuration management, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, evidence, high assurance guard, identification and authentication, information assurance, information assurance component, infrastructure assurance, integrity, mission assurance category, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, security assurance, site information assurance manager, software assurance, software quality assurance, supporting information assurance infrastructures, test,; Related:Common Criteria for Information Technology Security, Defensive Information Operations, Information Technology Security Evaluation Criteria, RED team, Trusted Computer System Evaluation Criteria, advanced self-protection jammer, areas of control, assessment, augmentation, authentication, authentication mode, authentication tag, availability, backtracking resistance, bebugging, beyond A1, cardholder certificate, certificate, certification, class 2, 3, 4, or 5, closed security environment, common criteria, communications deception, communications security, component dependencies, component extensibility, component hierarchy, computer, computer security, computer security toolbox, computing security methods, confidentiality, control, controlled access protection, criteria, cross domain solution, cryptographic system, cybersecurity, data privacy, defense-in-depth, deliverable, demilitarized zone, electronic protection, enclave, entity, entity authentication of A to B, environmental failure protection, error seeding, evaluation products list, explicit key authentication from A to B, exploit, extension, fetch protection, file protection, function, functional protection requirements, hardening, identity, implicit key authentication from A to B, information, information protection policy, information systems security manager, infrastructure protection, internal system exposure, key authentication, key confirmation, key confirmation from A to B, level of protection, levels of concern, likelihood of occurrence, lock-and-key protection system, minimum level of protection, mutual authentication, mutual entity authentication, network security, non-repudiation, notarization, object, open security, open security environment, outsourced information technology based process, package, physical protection, platform it interconnection, policy, port protection device, prediction resistance, privacy protection, privileged user, process, product rationale, property, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, public-key infrastructure, purge, quality of protection, questions on controls, requirements, security evaluation, security mechanism, security objectives, security target, signature validation, software, suspicious activity report, system, system administrator, target, technology, trusted computer system, trusted computing system, trusted foundry, trusted network interpretation, type 3 product, unilateral authentication, users, validation, virtual private network,
assurance approach: IncludedBy:assurance,
assurance authority: IncludedBy:assurance, authority,
assurance case: IncludedBy:assurance,
assurance component: IncludedBy:Common Criteria for Information Technology Security Evaluation, assurance, component,; Related:requirements,
assurance element: IncludedBy:assurance,; Related:process,
assurance level: IncludedBy:assurance,; Related:confidence, criteria, federation, quality, requirements, target,
assurance method: IncludedBy:assurance,
assurance profile: IncludedBy:assurance, file, profile,; Related:confidence, function,
assurance results: IncludedBy:assurance,
assurance scheme: IncludedBy:assurance,; Related:authority,
assurance stage: IncludedBy:assurance,
assure: IncludedBy:assurance,; Related:IT security, ensure, process, program,
assured information sharing: Related:risk, security,
assured software: IncludedBy:software,; Related:process, test, trust,
astragal strip: Related:authorized,
asymmetric algorithm: IncludedBy:algorithm, asymmetric cryptography,; Includes:Diffie-Hellman, Rivest-Shamir-Adleman algorithm, elliptic curve cryptosystem, private key, public-key, public-key cryptography standards,; Related:encryption, key, message,
asymmetric cipher: IncludedBy:asymmetric cryptography, cipher,; Related:encipherment, system,
asymmetric cryptographic algorithm: IncludedBy:algorithm, cryptographic, encryption, key,; Related:message,
asymmetric cryptographic technique: IncludedBy:asymmetric cryptography, cryptographic,; Related:cipher, cryptographic system, encipherment, entity, function, key, message, property, public-key, signature, system, verification,
asymmetric cryptography: IncludedBy:cryptography,; Includes:asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public-key derivation function, public-key information, public-key system,; Related:algorithm, authentication, confidentiality, digital signature, encryption, integrity, key, key management, owner, public-key, signature,
asymmetric encipherment system: IncludedBy:asymmetric cryptography, cipher, encipherment, system,; Related:algorithm, cryptographic, encryption,
asymmetric encryption algorithm: IncludedBy:algorithm, asymmetric cryptography, encryption,; Related:cipher, encipherment, system,
asymmetric key pair: IncludedBy:asymmetric cryptography, key,; Related:public-key,
asymmetric keys: IncludedBy:key,; Related:encryption, operation, public-key, signature, verification,
asymmetric signature system: IncludedBy:asymmetric cryptography, signature, system,; Related:cryptographic, verification,
asynchronous attacks: IncludedBy:attack,; Related:system,
asynchronous communication: IncludedBy:communications,; Related:information,
asynchronous transfer mode: IncludedBy:security,; Related:application, connection, network, process, technology,
attack: Antonym:security software,; IncludedBy:incident, risk, security, threat,; Includes:Attack Sensing and Warning, C2-attack, ICMP flood, IP splicing/hijacking, Star Trek attack, TTY watcher, active attack, application server attack, asynchronous attacks, attack potential, attack signature, attack signature recognition, attackers, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, brute force password attack, buffer overflow attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial-of-service, dictionary attack, eavesdropping, eavesdropping attack, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, key logger, keystroke monitoring, killer packets, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle attack, masquerade attack, masquerading, mimicking, nak attack, off-line attack, online attack, online guessing attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attacks, rootkit, scanning, scavenging, session hijack attack, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, supply chain attack, synchronous flood, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping,; Related:Diffie-Hellman, POP3 APOP, RED team, SOF-basic, SOF-high, SOF-medium, US-CERT, access, access control, advanced persistent threats, adversary, agent, alert, anonymous, anti-spoof, authentication header, authorization, authorized, availability, availability service, bastion host, blinding, blue team, bot-network operators, buffer overflow, challenge-response protocol, checksum, code red, compromise, computer, computer emergency response team, computer emergency response teams' coordination center, computer network operations, control, cookies, countermeasures, cracker, criminal, criminal groups, critical, cross site scripting, cryptanalysis, cybersecurity, defense-in-depth, demilitarized zone, disconnection, electronic warfare, elliptic curve cryptography, emergency action plan, entity, entropy, evasion, exploit, exploit code, firewall, flaw hypothesis methodology, guessing entropy, hackers, handler, hash function, hijacking, honeypot, host-based security, impact, incident of security concern, incident response plan, indicator, information, information security, information system resilience, insider, integrity, internet, intrusion, intrusion detection systems, jamming, kerberos, key validation, keyed hash, layered solution, mailbomb, malicious, man-in-the-middle attack, management message, manipulation detection code, min-entropy, misappropriation, motivation, network, nonce, one-time passwords, operation, pharming, physical security, policy, precursor, privacy system, protected checksum, proxy, purge, radio frequency jamming, remote administration tool, resource, risk plane, risk value, salt, scenario, scrambling, secret key, security audit, security environment threat list, security management infrastructure, signature, spammers, strength of a requirement, strength of function, strength of mechanisms, survivability, system, target, threat action, threat consequence, tiger team, traceability, traffic analysis, trapdoor, tri-homed, trojan horse, trusted process, unilateral authentication, users, victim, virus, vulnerability, vulnerability assessment, white team, zombie,
attack potential: IncludedBy:attack,; Related:resource,
Attack Sensing and Warning: IncludedBy:attack,; Related:authorized, identification, response,
attack signature: IncludedBy:attack, signature,; Related:access, audit,
attack signature recognition: IncludedBy:attack, security software, signature,; Includes:virus signature,; Related:file, profile,
attackers: IncludedBy:attack,; Related:computer, information, malicious, min-entropy, system,
attribute: Related:entity, object, quality,
attribute authority: IncludedBy:authority, public-key infrastructure,; Related:certificate, entity, identity, trust,
attribute certificate: IncludedBy:certificate,; Related:authority, backup, cryptographic, cryptography, digital signature, function, identification, information, key, owner, public-key, security, signature, subject, users,
attribute sampling
attribute-based access control: IncludedBy:access, control,; Related:target,
attribute-based authorization: IncludedBy:authorization,; Related:access,
audit: IncludedBy:security,; Includes:COMSEC account audit, audit charter, audit data, audit log, audit plan, audit program, audit record, audit reduction tools, audit service, audit software, audit trail, audit/review, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, institute of internal auditors, multihost based auditing, security audit, test, vulnerability audit,; Related:Government Accountability Office, IT security, IT security training, Identification Protocol, POSIX, access, access control, accountability, alert, application proxy, archive, attack signature, confidence, control, controlled access program oversight committee, controlled access protection, criteria, critical, distributed computing environment, file, fraudulent financial reporting, function, functional component, gap analysis, host based, identify, independence, intrusion detection, intrusion detection systems, key management, key-escrow, keystroke monitoring, login, network based, network component, object, operation, policy, policy management authority, population, resource encapsulation, sas 70 report, secure single sign-on, security controls, security features, security software, security-relevant event, sniffer, standard, system, system administrator, system security officer, technical countermeasures, threat monitoring, trust, verification, vulnerability, vulnerability analysis, work program,
audit charter: IncludedBy:audit,; Related:authority, function,
audit data: IncludedBy:audit,; Related:system,
audit log: IncludedBy:audit,
audit plan: IncludedBy:audit,; Related:object, resource,
audit program: IncludedBy:audit, program,; Related:function,
audit record: IncludedBy:audit,; Related:information,
audit reduction tools: IncludedBy:audit,
audit service: IncludedBy:audit,; Related:information, system,
audit software: IncludedBy:audit, software,; Related:computer, file, program,
audit trail: IncludedBy:audit, threat monitoring,; Includes:automated information system, console logs, security audit trail,; Related:access, access control, authorized, communications, communications security, computer, computer security, evidence, file, information, login, message, operation, process, resource, system, users,; Synonym:logging,
audit/review: IncludedBy:audit,; Related:certification, control, function, identify, system, vulnerability,
auditing tool: IncludedBy:audit,; Related:computer, network, passwords, system,
augmentation: Related:assurance,
authentic signature: IncludedBy:signature,; Related:digital signature, trust,
authenticate: IncludedBy:authentication,; Related:access, access control, authorized, certificate, communications, digital signature, entity, identity, integrity, network, object, public-key infrastructure, resource, signature, system, users, validate,
authentication: IncludedBy:quality of protection, security,; Includes:3-factor authentication, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, SAML authentication assertion, Simple Authentication and Security Layer, authenticate, authentication code, authentication data, authentication exchange, authentication header, authentication header protocol, authentication mechanism, authentication mode, authentication period, authentication protocol, authentication service, authentication system, authentication tag, authentication token, authentication tools, biometric authentication, challenge and reply authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, electronic authentication, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification, implicit key authentication from A to B, key authentication, logon, low-cost encryption/authentication device, message authentication code, message authentication key, multifactor authentication, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication,; Related:COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IA product, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Security Association and Key Management Protocol, KMI protected channel, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman algorithm, S-box, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access, access control, account authority digital signature, active attack, anonymous and guest login, anti-spoof, approved security function, assurance, asymmetric cryptography, authenticity, authorization, authorized, backup, biometric measurement, biometrics, call back, certificate, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge-response protocol, challenge/response, claimant, code, common data security architecture, communications security, computer, computer cryptography, computer network, confidence, control, credentials, criteria, critical, critical security parameters, cryptographic algorithm, cryptographic key, cryptography, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distinguishing identifier, distributed computing environment, domain name system, dongle, eavesdropping attack, electronic credentials, encapsulating security payload, entity, exchange multiplicity parameter, file, file encryption, fingerprint, fraud, full disk encryption, handshaking procedures, hash function, impersonation, individual electronic accountability, information, information assurance, information assurance product, information systems security, information systems security equipment modification, initiator, integrity, interleaving attack, internet protocol security, keyed hash, keyed hash algorithm, keying material, language, man-in-the-middle attack, masquerading, message, message integrity code, network component, non-repudiation, non-repudiation service, nonce, object, off-line attack, one-time passwords, online attack, origin authenticity, passive attack, password system, passwords, point-to-point protocol, practice statement, pretty good privacy, privacy enhanced mail, process, proof of possession protocol, protection suite, protocol run, proxy, proxy server, public key enabling, public-key forward secrecy, public-key infrastructure, realm, registration, registration authority, replay attacks, resource, responder, sandboxed environment, secret, secret seed, secure DNS, secure communication protocol, secure hash standard, secure shell, secure socket layer, security assertion markup language, security association, security association identifier, security controls, security mechanism, security service, session hijack attack, shared secret, signature, simple network management protocol, single sign-on, software, spoof, spoofing, subject, subscriber, symmetric key, system, system entity, system entry, technical countermeasures, test, third party trusted host model, tokens, transport layer security, trust, trusted third party, unsigned data, user identifier, users, validate vs. verify, validation, verification, verifier, verifier impersonation attack, virtual private network, vulnerability, zero-knowledge password protocol,
authentication code: IncludedBy:authentication, code,; Related:computer, cryptographic, cryptography, encryption, function, information, integrity, process, software, system, users,
authentication data: IncludedBy:authentication,; Related:entity, identity, information, users,
authentication exchange: IncludedBy:authentication,; Related:entity, identity, information,
authentication header: IncludedBy:authentication, internet protocol security, security protocol,; Related:association, attack, confidentiality, connection, gateway, integrity, internet, internet security protocol, protocols, tunnel,; Synonym:authentication header protocol,
authentication header protocol: IncludedBy:authentication, protocols,; Related:integrity, internet protocol security, internet security protocol,; Synonym:authentication header,
authentication information: IncludedBy:3-factor authentication, information,; Related:entity, identity,
authentication mechanism: IncludedBy:authentication,; Related:access, identity, software, users,
authentication mode: IncludedBy:authentication,; Related:assurance,
authentication period: IncludedBy:authentication,; Related:access,
authentication protocol: IncludedBy:authentication, protocols,; Related:control, cryptographic, entity, identity, key, message, process,
authentication service: IncludedBy:authentication,; Related:entity, identity, network,
authentication system: IncludedBy:authentication, system,; Related:cryptographic system, cryptography, process,
authentication tag: IncludedBy:authentication,; Related:assurance,
authentication token: IncludedBy:authentication, tokens,; Related:code, response,
authentication tools: IncludedBy:authentication, security software,
authenticator: Related:backup, entity, identity,
authenticity: IncludedBy:integrity,; Related:authentication, confidence, entity, identity, information, message, process, property, resource, subject, system, trust, users,
authority: Includes:Internet Assigned Numbers Authority, Internet Policy Registration Authority, JTC1 Registration Authority, X.509 authority revocation list, account authority digital signature, accreditation authority, accrediting authority, assurance authority, attribute authority, authority certificate, authority revocation list, brand certification authority, cardholder certification authority, certificate authority workstation, certification authority, certification authority digital signature, certification authority workstation, certificaton authority, certified TEMPEST technical authority, command authority, controlling authority, delegated accrediting authority, delivery authority, designated accrediting authority, designated approval authority, designated approving authority, designating authority, evaluation authority, geopolitical certificate authority, issuing authority, judicial authority, local authority, merchant certification authority, organizational registration authority, payment gateway certification authority, policy approving authority, policy certification authority, policy creation authority, policy management authority, principal accrediting authority, registration authority, security authority, sub-registration authority, subordinate certification authority, time-stamping authority, trusted time stamping authority,; Related:COMSEC custodian, International Traffic in Arms Regulations, Internet Protocol Security Option, NRS token, NRT token, National Voluntary Laboratory Accreditation Program, SSO PIN, acceptable level of risk, access, accountability, accreditation, accreditation multiplicity parameter, accreditation range, alternate COMSEC custodian, assurance scheme, attribute certificate, audit charter, authorizing official, binding, certificate, certificate domain, certificate rekey, certificate revocation list, certification, certification hierarchy, certification practice statement, command and control, conformant validation certificate, control, credentials, cryptosystem review, data storage, designer, digital certificate, distribution point, enclave, entity, evaluation and validation scheme, evaluation scheme, identity proofing, information owner, information system security officer, inspectable space, national telecommunications and information system security directives, network security officer, non-repudiation of submission, non-repudiation of transport, notarization, operational waiver, personnel security, policy, policy mapping, primary account number, private accreditation exponent, private accreditation information, process, public-key certificate, public-key cryptography standards, public-key information, public-key infrastructure, realm, registration, review board, risk management, root, root CA, root registry, rules of engagement, security policy, sensitive information, special access program, system security officer, time-stamp requester, trust, trusted third party, trusted time stamp, users, validated products list, validation service,
authority certificate: IncludedBy:authority, certificate,; Related:certification,
authority revocation list: IncludedBy:authority, revocation,; Related:certificate, key, public-key, validate,
authorization (to operate): IncludedBy:authorization,; Related:control, management, risk, security,
authorization: IncludedBy:users,; Includes:ACL-based authorization, access control, attribute-based authorization, authorization (to operate), authorization boundary, authorization key, authorization to process, authorize processing, authorized, delegation, interim access authorization, joint authorization, limited access authorization, list-oriented, multilevel security, need-to-know determination, permissions, pre-authorization, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented,; Related:Bell-LaPadula security model, Identification Protocol, RA domains, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, access, access approval, access level, access type, accreditation, acquirer, approval/accreditation, attack, authentication, case-by-case basis, category, certificate update, clearance, closed security environment, computer, connection approval, control, covert channel, cracker, credentials, dedicated security mode, discretionary access control, eavesdropping, entity, export license, file, firewall, hackers, identity, identity based access control, insider, intelligence sources and methods, interconnection security agreements, interface control document, interim accreditation, interim approval to operate, interim approval to test, internal system exposure, intruder, intrusion, intrusion detection, kerberos, key-encryption-key, key-escrow system, language, malicious intruder, management controls, mandatory access control, mode of operation, modes of operation, multilevel secure, multilevel security mode, open security environment, partitioned security mode, passwords, payment gateway, periods processing, personality label, personnel security, policy-based access control, privilege management infrastructure, privileged accounts, process, program, registration, reinstatement, remote authentication dial-in user service, resource, risk executive, risk index, risk management, risk-adaptable access control, role, role-based access control, security, security assertion markup language, security clearance, security intrusion, security management infrastructure, security perimeter, sensitive compartmented information facility accreditation, simple network management protocol, skimming, system, system-high security mode, trojan horse, trust, unfavorable personnel security determination, update (a certificate), user partnership program, vulnerability,
authorization boundary: IncludedBy:authorization,
authorization key: IncludedBy:authorization, key,
authorization to process: IncludedBy:authorization, process,; Related:system,
authorize processing: IncludedBy:authorization, process,; Related:assessment, control, operation, risk, system,
authorized: IncludedBy:authorization,; Includes:authorized adjudicative agency, authorized classification and control markings register, authorized data security association list, authorized investigative agency, authorized person, authorized user, authorized vendor, authorized vendor program, unauthorized access, unauthorized disclosure, unauthorized person,; Related:ACH debit fraud, Attack Sensing and Warning, Automated Information System security, Bell-LaPadula security model, COMSEC equipment, COMSEC facility, DD 254 - Final, Defense Central Security Index, Escrowed Encryption Standard, FIPS PUB 140-1, IP splicing/hijacking, IS related risk, IT security database, IT security incident, IT-related risk, PIV issuer, RED team, SOCKS, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, TOP SECRET, U.S.-controlled facility, U.S.-controlled space, acceptance criteria, access, access category, access control, access control lists, access control mechanisms, access control service, access mediation, acknowledged special access program, acquisition systems protection, active wiretapping, adequate security, administrative access, agent of the government, anonymous, anti-spoof, applicant, application controls, application server attack, approved test methods list, astragal strip, attack, audit trail, authenticate, authentication, automated information system media control system, automated security incident measurement, availability, between-the-lines-entry, bound metadata, browse access protection, call back, call back security, capability, carve-out, certification, certification authority, change control and lifecycle management, classification, classification levels, classification markings and implementation working group, classified, classified information, clearance, cleared commercial carrier, client server, communications security, compromise, compromised key list, computer abuse, computer intrusion, computer network defense, computer security intrusion, confidential, confidentiality, configuration control, control zone, controlled access area, controlled space, controlled unclassified information, courier, covert channel, covert channel analysis, critical system, cryptographic key, cryptographic officer, cryptography, cryptoperiod, damage assessment, damage to the national security, data compromise, data confidentiality, data confidentiality service, data integrity, data integrity service, data security, deception, declassification, delegation of disclosure authority letter, deliberate compromise of classified information, deliberate exposure, demon dialer, denial-of-service, designated, designated laboratories list, disaster plan, disclosure of information, discretionary access control, downgrade, eavesdropping, egress point, electronic security, emanations security, emission security, emissions security, encryption, entity, entry control, exposures, extranet, extraordinary security measures, failure access, false acceptance rate, falsification, fetch protection, file protection, file security, firewall, fishbowl, forced entry, foreign disclosure, foreign liaison officer, foreign military sales, foreign ownership, control, or influence, fraud, frequency hopping, guard, hackers, hacking, handcarrier, honeypot, human error, identity, illegal drug use, impact, impersonation, implant, inadvertent disclosure, inadvertent disclosure incident, incident of security concern, inference, information assurance, information assurance product, information security, information systems security, insertion, insider, integrity, integrity policy, intelligence activities, intelligence activity, intelligence community classification and control markings implementation, interception, internal security controls, intranet, intrusion, intrusion detection, intrusion detection systems, intrusion detection tools, issuer, joint personnel adjudication system, key distribution service, key owner, key recovery, leakage, least privilege, level of concern, list-oriented, logic bombs, logical access, logical access control, logoff, logon, major application, malicious applets, malicious code, malicious logic, malicious program, malware, masquerade, masquerading, media protection, misappropriation, mission critical, mode of operation, modes of operation, motivation, national security information, national security system, need for access, need-to-know, need-to-know determination, network security, no-lone zone, non-disclosure agreement, non-discussion area, open storage, operational data security, original classification, original classification authority, overt channel, passive, passive attack, passive threat, passwords, penetration, permissions, personal firewall, phage, physical and environmental protection, physical security, piggyback, piggyback entry, pre-activation state, principal disclosure authority, privacy, privileged access, privileged process, probe, procedural security, process, program channels or program security channels, program protection plan, protected network, protection ring, protective security service, proxy, random selection, regrade, remote access, resource, risk, rogue device, safeguarding statement, scavenging, secrecy policy, secret, secure state, security, security clearance, security compromise, security in-depth, security incident, security violation, segregation of duties, sensitive information, session hijack attack, signature, skimming, social engineering, special access program/special access required, split knowledge, sponsor, spoof, spoofing, store, subcommittee on Automated Information System security, subcommittee on telecommunications security, subject, substitution, superuser, surreptitious entry, suspicious contact, system, system integrity, system integrity service, system security officer, system-high security mode, tamper, tamper resisting, tampering, tcpwrapper, theft of data, theft of functionality, theft of service, threat, ticket-oriented, time bomb, traditional INFOSEC program, transmission, trapdoor, trespass, trojan horse, trusted agent, trusted computing base, trusted identification forwarding, two-person control, two-person integrity, unclassified, unclassified controlled nuclear information, unclassified sensitive, unforgeable, upgrade, user representative, usurpation, vault, violation of permissions, vulnerability, war driving,
authorized adjudicative agency: IncludedBy:authorized,; Related:access, classified, intelligence,
authorized classification and control markings register: IncludedBy:authorized,; Related:classified, intelligence, security,
authorized data security association list: IncludedBy:authorized, security,
authorized investigative agency: IncludedBy:authorized,; Related:access, classified, intelligence,
authorized person: IncludedBy:authorized,; Related:access, classified, information,; Synonym:authorized user,
authorized user: IncludedBy:authorized, users,; Related:access, operation,; Synonym:authorized person,
authorized vendor: IncludedBy:authorized,; Related:cryptography, requirements,
authorized vendor program: IncludedBy:authorized, program,; Related:cryptographic, requirements, security,
authorizing official: Related:authority, function, information, operation, risk, system,
auto-manual system: IncludedBy:system,
automated clearing house: Related:computer,
automated data processing: HasPreferred:automated information system,
automated data processing security: HasPreferred:Automated Information System security,; IncludedBy:security,
automated data processing system: IncludedBy:automated information system, process, system,; Related:computer, software,
automated information system: IncludedBy:accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, information, modes of operation, process, security, system,; Includes:Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed dataprocessing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, lifecycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, network, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation,; PreferredFor:IT system, automated data processing,; Related:American National Standards Institute, American Standard Code for Information Interchange, Backus-Naur form, PCMCIA, application, application system, computer, control, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, function, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, nibble, object code, object-oriented programming, operation, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, resource, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload,
automated information system media control system: Related:access, authorized, classified, identity, security,
Automated Information System security: IncludedBy:automated information system, information, process, risk management, subcommittee on Automated Information System security, system,; Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards,; PreferredFor:automated data processing security,; Related:access, authorized, computer, control, denial-of-service, function, operation, security software, software,; Synonym:computer security,
automated key distribution: IncludedBy:key management,; Related:computer, computer network, cryptographic, network, protocols,
automated key management center: IncludedBy:key management,
automated key management system: IncludedBy:key management, system,
automated key transport: IncludedBy:key,
automated logon sequences: IncludedBy:logon,; Related:computer, connection, program, users,
automated office support systems: IncludedBy:system,
automated password generator
automated security incident measurement: IncludedBy:incident, security incident, security software,; Related:authorized, information, network, target,
automated security monitoring: IncludedBy:risk management, security software,; Related:classified, control, critical, process, software, subject, system,
automatic declassification
automatic digital network: IncludedBy:network,
automatic key distribution center: IncludedBy:key,
automatic key distribution/rekeying control unit: IncludedBy:control, key, rekey,
automatic log-on: Related:users,
automatic remote rekeying: IncludedBy:key, rekey,
autonomous message switch: IncludedBy:message,
autonomous system: IncludedBy:system,; Related:policy, router,
auxiliary power unit
auxiliary vector
availability: IncludedBy:risk management, security, security goals,; Includes:application data backup/recovery, availability of data, availability service, business continuity plan, business impact analysis, contingency planning, continuity of operations, environmentally controlled area, fire barrier, fire suppression system, high availability, object, privacy, authentication, integrity, non-repudiation, recovery, system retention/backup, token backup,; Related:Common Criteria for Information Technology Security, IT security, IT security controls, IT security incident, National Computer Security Center, access, access control, adequate security, application server attack, assurance, attack, authorized, baseline security, communications, computer, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial-of-service, entity, entry-level certification, failure, fault tolerant, hardening, high impact, high-impact system, impact, impact level, impact value, incident, information, information assurance, information security, information system and network security, intrusion, level of concern, levels of concern, line managers, low impact, low-impact system, maintainability, malicious code, malware, mid-level certification, minimum essential infrastructure, mirroring, mission assurance category, moderate impact, moderate-impact system, post-accreditation phase, potential impact, process, property, redundant control server, reliability, remediation, requirements for procedures and standards, resource, resource starvation, retro-virus, risk, security category, security controls, security event, security policy, security requirements, security safeguards, security service, simple network management protocol, software, system, tactical edge, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, users, vaulting, vulnerability,
availability of data: IncludedBy:availability,; Related:users,
availability service: IncludedBy:availability,; Related:access, access control, attack, control, denial-of-service, resource, system,
awareness (information security): IncludedBy:security,
back up vs. backup: IncludedBy:backup, contingency plan,; Related:damage, function, resource, system,
backdoor: IncludedBy:malicious code,; Related:access, access control, computer, control, login, malicious, privileged, program, protocols, resource, risk, security, software, system, users,; Synonym:trapdoor,
background investigation: Related:security,
backhaul
backtracking resistance: Related:assurance,
backup: IncludedBy:recovery,; Includes:application data backup/recovery, back up vs. backup, backup generations, backup operations, backup plan, backup procedures, binding of functionality, binding of security functionality, card backup, dynamic binding, static binding, system retention/backup, token backup,; Related:X.509 certificate revocation list, application, archive, archiving, attribute certificate, authentication, authenticator, certificate renewal, certification, certification authority, certify, contingency plan, contingency planning, cryptographic key management system, digital certificate, digital signature, fallback procedures, file, key, key recovery, logic bombs, mirroring, national telecommunications and information system security directives, operations manager, process, program, public-key infrastructure, redundancy, redundant control server, registration, remediation, retrieval, retro-virus, security event, system, system administrator, time-stamp token, token management, valid certificate, validate vs. verify, validity period, vaulting,
backup generations: IncludedBy:backup, contingency plan,; Related:application, file,
backup operations: IncludedBy:backup, contingency plan, operation,; Related:business process, computer,
backup plan: IncludedBy:backup, contingency plan,
backup procedures: IncludedBy:backup, recovery,; Related:computer, failure, file, program, system,
Backus-Naur form: Related:automated information system,
baggage: IncludedBy:Secure Electronic Transaction,; Related:encryption, message,
balanced magnetic switch: Related:access, intrusion,
bandwidth: IncludedBy:information,; PreferredFor:information rate,; Related:channel capacity, communications, computer, computer network, covert, network, standard,
bank identification number: IncludedBy:Secure Electronic Transaction, identification,; Related:identify,
banking and finance: IncludedBy:critical infrastructures,; Related:critical, operation, system,
banner: Related:system,
banner grabbing: Related:application, connection, information, process, version,
bar code: IncludedBy:code,; Related:identification, information,
barograph
barometer
base station: Related:access,
baseline: IncludedBy:security,; Includes:baseline architecture, baseline controls, baseline management, baselining, security requirements baseline,; Related:as-is process model, control, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version,
baseline architecture: IncludedBy:baseline,
baseline configuration: Related:control,
baseline controls: IncludedBy:baseline, control,; Related:security controls, system,
baseline management: IncludedBy:baseline, configuration management,; Related:application, identify,
baseline security: IncludedBy:security,; Related:availability, control,
baselining: IncludedBy:baseline,; Related:process, resource,
basic component: IncludedBy:component,
Basic Encoding Rules: IncludedBy:Abstract Syntax Notation One,; Includes:Distinguished Encoding Rules,; Related:standard,
basic testing
bastion host: IncludedBy:automated information system, firewall,; Related:access, access control, application, attack, computer, gateway, network, protocols, resource, router, software, system, users,
batch mode: IncludedBy:automated information system,; Related:file, process,
batch process: IncludedBy:process,; Related:subject,
batch processing: IncludedBy:automated information system, process,
bebugging: Related:assurance, computer, program, test,; Synonym:error seeding,
behavioral outcome: Related:security,
Bell-LaPadula model: HasPreferred:Bell-LaPadula security model,
Bell-LaPadula security model: IncludedBy:formal security policy model, model, security model,; Includes:*-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject,; PreferredFor:Bell-LaPadula model, tranquility property,; Related:access, access control, authorization, authorized, classification levels, classified, computer, computer security, confinement property, control, flow, information, operation, policy, process, system,
benchmark: Related:business process, computer, evaluation, process, program, requirements, software, standard, system, test, users,
benchmarking: Related:identify, operation, process, quality,
benign: Related:access, access control, compromise, countermeasures, cryptographic, cryptography,
benign environment: Related:countermeasures, security,
best practices: IncludedBy:risk management,; Related:business process, function, identify, process, recommended practices, system,
beta i: Related:certification, security,
beta ii: Related:certification, security,
between-the-lines-entry: IncludedBy:attack,; Includes:piggyback,; Related:access, access control, authorized, communications, unauthorized access, users,
beyond A1: IncludedBy:trusted computer system,; Related:assurance, computer, criteria, evaluation, security, system, technology,
bias: Related:process, system,
Biba Integrity model: IncludedBy:formal security policy model, integrity, model,; Related:object, subject, system,; Synonym:Biba model,
Biba model: IncludedBy:model,; Related:integrity, object, subject, trust,; Synonym:Biba Integrity model,
big-endian: IncludedBy:automated information system,
bilateral trust: IncludedBy:public-key infrastructure, trust,; Related:business process,
bill payment: Related:application, internet,
bill presentment: Related:internet,
billets: Related:access, security,
bind: Related:certificate, digital signature, key, public-key, public-key infrastructure, signature, subject,
binding: Related:association, authority, certificate, certification, communications, cryptographic, cryptography, entity, identity, information, key, officer, operation, process, public-key, registration, security, trust, verification,
binding of functionality: IncludedBy:backup, function, target of evaluation,; Related:assessment, security, target,
binding of security functionality: IncludedBy:backup, function, security,
biological warfare: IncludedBy:warfare,; Related:damage,
biometric authentication: IncludedBy:authentication, biometrics,; Includes:thumbprint,; Related:3-factor authentication, information,
biometric information: IncludedBy:biometrics, information,
biometric measurement: IncludedBy:biometrics,; Related:authentication, entity, identity, users,
biometric system: IncludedBy:biometrics, system,; Related:entity, identification, identity, users, verification,
biometric template: IncludedBy:biometrics,; Related:algorithm,
biometrics: IncludedBy:security,; Includes:biometric authentication, biometric information, biometric measurement, biometric system, biometric template, capture, comparisons, false acceptance rate, match, minutiae,; Related:authentication, entity, identify, identity, key, registration, signature,
bit: IncludedBy:automated information system,; Related:information, key,
bit error rate: Related:communications, system, telecommunications,
bit forwarding rate: Related:allowed traffic, goodput, illegal traffic, interface, rejected traffic, response, test, unit of transfer,
BLACK: Related:RED/BLACK concept, cipher, classified, communications security, cryptography, information, process, security, system,
black-box testing: IncludedBy:security testing, test,; Related:analysis, function, functional test case design, functional testing, program, software, stress testing,
blacklist: Related:application, malicious, threat, users,
blacklisting: Related:security,
blended attack: IncludedBy:attack,; Related:code, malicious, malware,
blinding: Related:attack,
block: Related:function,
block chaining: Related:cipher, cryptographic, encipherment, information,; Synonym:cipher block chaining,
block cipher: IncludedBy:cipher,; Related:algorithm, encryption, interface, key, operation, process, property,
block cipher algorithm
block cipher key: IncludedBy:cipher, key,; Related:control, operation,
Blowfish: IncludedBy:symmetric cryptography,; Related:cipher, key,
blue box devices: IncludedBy:threat,; Related:system,
blue team: Related:attack, cyberspace, evaluation, risk, security, security testing, test, threat, vulnerability,
body of evidence: Related:control, requirements, security,
bomb: IncludedBy:threat,; Related:failure, software, system,
boot sector virus: IncludedBy:virus,; Related:system,
bot-network operators: IncludedBy:network, threat,; Related:attack, control, denial-of-service, system,
bounce: Related:email, message,
bound metadata: IncludedBy:metadata,; Related:authorized, key,
boundary: Includes:COMSEC boundary, accreditation boundary, boundary host, boundary value, boundary value analysis, boundary value coverage, boundary value testing, cryptographic boundary, enclave boundary, specialized boundary host, system boundary,; Related:access, access control, cryptographic module, evaluation assurance level, external security controls, firewall, interface, remote access, security perimeter, software, system, users,
boundary host: IncludedBy:boundary,; Related:access control, control, flow, information, system,
boundary protection: Related:control,
boundary protection device: Related:control, security,
boundary value: IncludedBy:boundary,; Includes:boundary value analysis, boundary value coverage, boundary value testing,; Related:stress testing, system,
boundary value analysis: IncludedBy:analysis, boundary, boundary value,; Related:domain, security testing, test,
boundary value coverage: IncludedBy:boundary, boundary value,; Related:test,
boundary value testing: IncludedBy:boundary, boundary value, security testing, test,; Related:domain,
branch coverage: Related:program, test,
brand: IncludedBy:Secure Electronic Transaction,; Related:entity, network, role,
brand certification authority: IncludedBy:Secure Electronic Transaction, authority, certification, public-key infrastructure,
brand CRL identifier: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:digital signature, message, process, signature,
breach: IncludedBy:threat,; Related:access control, control, information, penetration, security, system,
break: Related:algorithm, analysis, computer, cryptographic, cryptography, encryption, function, gateway, key, network, system,
break-wire detector: Related:intrusion,
brevity list: Related:message,
bridge: Related:protocols, router,
British Standard 7799: IncludedBy:standard,; Related:certification, code, control, criteria, information, information security, object, requirements, security, system,
broadband network: IncludedBy:network,; Related:operation, technology,
broadcast
brouters: IncludedBy:router,; Related:network, protocols,
browse access protection: IncludedBy:access,; Related:authorized, file, owner, security, software, system, users,
browser: IncludedBy:world wide web,; Related:computer, information, program,
browsing: IncludedBy:attack,; Related:information,
brute force: HasPreferred:brute force attack,; IncludedBy:attack,
brute force attack: IncludedBy:attack,; PreferredFor:brute force,; Related:algorithm, analysis, cipher, computer, cryptography, intelligence, key, message, process, program,
brute force password attack: IncludedBy:attack,; Related:access,
buffer overflow: IncludedBy:flow, threat,; Related:access, access control, attack, code, computer, control, information, interface, process, system,
buffer overflow attack: IncludedBy:attack,
bug: IncludedBy:threat,; Related:anomaly, defect, error, exception, fault, function, program, property,
bulk encryption: IncludedBy:encryption,; Related:communications, telecommunications,
bulletin board services (systems): IncludedBy:system,
burn bag: Related:classified,
burn-in
business areas: Related:function, information, operation, resource, version,
business case: IncludedBy:business process,; Related:analysis, function, process, risk,
business continuity
business continuity plan: IncludedBy:availability, business process,; Related:risk,
business disruption and system failures: IncludedBy:operational risk loss, system,
business impact analysis: IncludedBy:analysis, availability, business process, risk analysis,; Related:control, identify, process, requirements,
business process: IncludedBy:process,; Includes:activity-based costing, business case, business continuity plan, business impact analysis, business process improvement, business process reengineering, constructive cost model, cost reimbursement contract, cost-risk analysis, cost/benefit, cost/benefit analysis, rolling cost forecasting technique,; Related:as-is process model, backup operations, benchmark, best practices, bilateral trust, change management, contingency plan, continuity of services and operations, core or key process, hardening, integrity, legacy systems, mission critical system, process management approach, recovery site, remediation, simulation modeling, to-be-process model, total quality management, workload, world class organizations,
business process improvement: IncludedBy:business process, process, quality,
business process reengineering: IncludedBy:business process, process,; Related:critical, quality, system,
BUSTER: Related:security,
bypass label processing: IncludedBy:process,
byte: IncludedBy:automated information system,; Related:computer, information,
C2-attack: IncludedBy:attack,; Related:C2-protect, adversary, information, system,
C2-protect: IncludedBy:Orange book, security,; Related:C2-attack, adversary, command and control, control, information, system,
CA certificate: IncludedBy:certificate,; Related:X.509, digital signature, key, public-key, signature,
call back: IncludedBy:security,; Related:access, access control, authentication, authorized, computer, connection, identify, system,
call back security: IncludedBy:security,; Related:authorized, connection, identify, system,
camouflage: Related:adversary, case officer, object,
Canadian Trusted Computer Product Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer, criteria, trust,
candidate TCB subset: IncludedBy:trusted computing base,; Includes:object, subject,; Related:evaluation, identification, software,
canister: Related:key,
capability: Includes:object,; Related:access, access control, authorized, certificate, communications, critical, critical infrastructures, entity, file, information, public-key infrastructure, resource, risk, system, tokens,
capacity: Related:message, signature,
CAPSTONE chip: IncludedBy:National Security Agency,; Related:Fortezza, cryptographic, cryptography, escrow, function, key, process,
Capstone policies: Related:requirements,
capture: IncludedBy:biometrics,; Related:users,
card backup: HasPreferred:token backup,; IncludedBy:backup,
card initialization: Related:file, process, tokens,
card personalization: Related:code, signature, tokens,
cardholder: IncludedBy:Secure Electronic Transaction,; Related:entity, identity, information, software, users,
cardholder certificate: IncludedBy:Secure Electronic Transaction, certificate,; Related:assurance, encryption, tokens, validate,
cardholder certification authority: IncludedBy:Secure Electronic Transaction, authority, certification, public-key infrastructure,; Related:certificate, gateway, tokens, verification,
carve-out: Related:access, authorized, classified,
cascading: Related:accreditation, flow, information, network, security, system,
case officer: Related:camouflage, deception, intelligence,
CASE tools: Related:code, function, information, model, program, requirements, security testing, software, test,
case-by-case basis: Related:authorization,
CAST: IncludedBy:symmetric cryptography,; Related:algorithm, encryption,
category: Includes:object,; Related:access, access control, authorization, classified, information, privileged, security, subject,
cause and effect diagram: HasPreferred:fishbone diagram,
caveat: Related:foreign, security,
CCI assembly: Related:communications security, control, cryptographic, cryptography, function,
CCI component: Related:communications security, control, cryptographic, cryptography, function,
CCI equipment: Related:communications, communications security, control, cryptographic, cryptography, function, information, telecommunications,
CCITT: IncludedBy:ITU-T,
cell: Related:communications, system,
cellular telephone
cellular transmission: Related:communications, network, technology,
center for information technology excellence: IncludedBy:information, technology,; Related:IT security, security, standard,
central adjudication facility: Related:security,
central office: Related:access,
central office of record: Related:communications security, subject,
central processing unit: IncludedBy:automated information system, process,
central services node: Related:management, security,
Central United States Registry for North Atlantic Treaty Organization: Related:classified,
centralized authorization: IncludedBy:access control,; Related:access, control,
centralized data processing: IncludedBy:automated information system, process,
centralized operations: IncludedBy:operation,; Related:certification, computer, control, function, process, quality,
centrally-administered network: IncludedBy:network,; Related:system,
certificate: IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative, pretty good privacy, privacy enhanced mail, web of trust,; Includes:CA certificate, Validation Certificate, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate, attribute certificate, authority certificate, cardholder certificate, certificate authority workstation, certificate chain, certificate chain validation, certificate creation, certificate directory, certificate domain, certificate domain parameters, certificate expiration, certificate holder, certificate management, certificate management services, certificate owner, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate revocation list, certificate revocation tree, certificate serial number, certificate status responder, certificate update, certificate user, certificate validation, conformant validation certificate, cross-certificate, digital certificate, encryption certificate, geopolitical certificate authority, indirect certificate revocation list, merchant certificate, mutual recognition of certificates, online certificate status protocol, organizational certificate, public-key certificate, root certificate, security certificate, self-signed certificate, signature certificate, software publisher certificate, trusted certificate, v1 certificate, v2 certificate, v3 certificate, valid certificate,; Related:ABA Guidelines, Abstract Syntax Notation One, Cryptographic Message Syntax, Distinguished Encoding Rules, Federal Public-key Infrastructure, IT security certification, MISSI user, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, RA domains, SET private extension, SET qualifier, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, X.500 Directory, X.509, X.509 authority revocation list, accreditation, applicant, archive, assurance, attribute authority, authenticate, authentication, authority, authority revocation list, bind, binding, capability, cardholder certification authority, certification, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, certification service, certify, common name, common security, compromised key list, credentials, critical, cross-certification, cryptoperiod, delta CRL, digital id, digital signature, directly trusted CA key, directory service, directory vs. Directory, distinguished name, distribution point, domain, end entity, enrollment service, entity, evaluation, extension, hierarchy management, identification, identity, information, invalidity date, issue, issuer, key, key lifetime, key management infrastructure, key material identifier, local authority, management, merchant certification authority, mesh PKI, message, operation, organizational registration authority, owner, party, path discovery, path validation, payment gateway certification authority, personal identity verification card, personality label, policy, policy approving authority, policy certification authority, policy creation authority, policy mapping, privilege management infrastructure, process, program, public-key, public-key infrastructure, registration, registration authority, registration service, relying party, repository, requirements, revocation, revocation date, root, root CA, secure hypertext transfer protocol, security, security event, security management infrastructure, security testing, signature, slot, sponsor, standard, strong authentication, subject, subordinate certification authority, system, test, ticket, token management, tokens, trust-file PKI, trusted key, tunneled password protocol, unforgeable, users, v1 CRL, v2 CRL, valid signature, validate, validate vs. verify, validated products list, validation, validity period, world wide web,
certificate authority: HasPreferred:certification authority,
certificate authority workstation: IncludedBy:authority, certificate,
certificate chain: IncludedBy:certificate,; Related:certification, public-key infrastructure, standard,
certificate chain validation: IncludedBy:certificate, validation,; Related:public-key infrastructure, standard,
certificate creation: IncludedBy:certificate, public-key infrastructure,; Related:process,
certificate directory: IncludedBy:certificate, public-key infrastructure,; Related:certification, key, public-key,
certificate domain: IncludedBy:certificate, domain,; Related:authority, certification, key, policy, public-key, security,
certificate domain parameters: IncludedBy:certificate, domain,; Related:cryptographic, cryptography, public-key infrastructure,
certificate expiration: IncludedBy:certificate,; PreferredFor:expire,; Related:public-key infrastructure,
certificate holder: IncludedBy:certificate,; Related:entity, subject, system,
certificate management: IncludedBy:certificate, management, public-key infrastructure,; Related:code, destruction, function, key, process, rekey, update,
certificate management authority: IncludedBy:management,; Related:certification,
certificate management services: IncludedBy:certificate,; Related:certification, lifecycle, public-key infrastructure, registration, revocation,
certificate owner: IncludedBy:certificate, owner,; Related:entity, subject, system, world wide web,
certificate policy: IncludedBy:Secure Electronic Transaction, certificate, policy, public-key infrastructure,; Related:X.509, application, authentication, control, critical, key, management, object, public-key, requirements, security, trust, users,
certificate policy qualifier: IncludedBy:certificate, policy, public-key infrastructure,; Related:X.509, information, key, public-key,
certificate reactivation: IncludedBy:certificate, public-key infrastructure,; Related:process, revocation,
certificate rekey: IncludedBy:certificate, key, multilevel information systems security initiative, public-key infrastructure, rekey,; Related:X.509, authority, process, public-key, revoked state, subject, update,
certificate renewal: IncludedBy:certificate, public-key infrastructure, renewal,; PreferredFor:renew,; Related:X.509, backup, key, process, public-key, rekey, revoked state, subject, update,
certificate request: IncludedBy:certificate, public-key infrastructure,; Related:certification, standard,
certificate revocation: IncludedBy:certificate, public-key infrastructure,; PreferredFor:revoke,; Related:X.509, users,
certificate revocation list: IncludedBy:certificate, certification authority, revocation,; Related:accreditation, authentication, authority, encryption, evaluation, identify, key, process, public-key, revoked state, users, validate,
certificate revocation tree: IncludedBy:certificate, revocation,; Related:X.509, hash,
certificate serial number: IncludedBy:certificate,; PreferredFor:serial number,
certificate status authority: Related:trust,
certificate status responder: IncludedBy:certificate, public-key infrastructure,; Related:X.509, authentication, information, trust, users,
certificate update: IncludedBy:certificate, public-key infrastructure, update,; Related:X.509, authorization, key, process, public-key, rekey, renewal, subject,
certificate user: IncludedBy:certificate, users,; Related:control, entity, information, key, process, public-key, subject, system,
certificate validation: IncludedBy:certificate, public-key infrastructure, validation,; Related:X.509, certification, critical, digital signature, key, process, public-key, revocation, revoked state, semantics, signature, trust, users, validate,
certificate-related information: Related:certification,
certification: IncludedBy:Secure Electronic Transaction, multilevel information systems security initiative,; Includes:IT security certification, accreditation, automated information system, brand certification authority, cardholder certification authority, certification agent or certifier, certification analyst, certification authority, certification authority digital signature, certification authority facility, certification authority workstation, certification body, certification hierarchy, certification package, certification path, certification phase, certification policy, certification practice statement, certification request, certification service, clearance certification, decertification, digital certification, entry-level certification, evaluation, facilities certification, merchant certification authority, mid-level certification, payment gateway certification authority, policy certification authority, pre-certification phase, principal certification authority, requirements, root certification authority, security certification level, site certification, subordinate certification authority, superior certification authority, top-level certification, type certification,; Related:British Standard 7799, For Official Use Only Certified TEMPEST Technical Authority, IT security, Internet Policy Registration Authority, MISSI user, PIV registrar, RA domains, SET qualifier, SSO PIN, X.509 public-key certificate, applicant, application, approved security container, assessment, assurance, audit/review, authority, authority certificate, authorized, backup, beta i, beta ii, binding, centralized operations, certificate, certificate chain, certificate directory, certificate domain, certificate management authority, certificate management services, certificate request, certificate validation, certificate-related information, certified TEMPEST technical authority, certifier, clearance, component extensibility, computer, computer security, control, criteria, cross-certificate, digital certificate, entity, extension, external security controls, geopolitical certificate authority, hierarchical PKI, hierarchy management, hierarchy of trust, information, information assurance, key, key management, line supervision, management, mission assurance category, operation, owner, path discovery, path validation, penetration test, policy approving authority, policy creation authority, policy management authority, pre-authorization, privacy enhanced mail, process, protocols, public-key, public-key certificate, public-key information, public-key infrastructure, root, root certificate, security event, security program manager, security testing, system, test, top CA, trust, trust anchor, trust chain, trust hierarchy, trust-file PKI, trusted agent, trusted certificate, trusted key, users, validate vs. verify,
certification agent or certifier: IncludedBy:certification,; Related:control, evaluation, requirements, risk, security, system, vulnerability,
certification analyst: IncludedBy:certification,; Related:control, management, requirements, risk, security,
certification and accreditation: IncludedBy:accreditation, evaluation, requirements, risk,; Related:process,
certification authority: IncludedBy:authority, certification, public-key infrastructure, trust,; Includes:certificate revocation list, credentials, cross-certification, non-repudiation, root CA,; PreferredFor:certificate authority,; Related:PIV issuer, X.509, association, authorized, backup, entity, evaluation, identity, identity credential issuer, information, key, message, public-key, requirements, security, standard, system, test, users, validate,
certification authority digital signature: IncludedBy:authority, certification, public-key infrastructure, signature,; Related:authentication, certificate, key, public-key,
certification authority facility: IncludedBy:certification,
certification authority workstation: IncludedBy:authority, certification, public-key infrastructure,; Related:application, certificate, computer, function, software, system, trust,
certification body: IncludedBy:certification,
certification hierarchy: IncludedBy:Secure Electronic Transaction, certification, multilevel information systems security initiative, public-key infrastructure,; Related:authority, certificate, gateway, internet, key, policy, public-key, registration, users, validation,
certification package: IncludedBy:certification,; Related:assessment, operation, risk, security,
certification path: IncludedBy:certification, public-key infrastructure,; Related:X.509, certificate, digital signature, entity, information, key, object, process, public-key, signature, subject, trust, users, validate,
certification phase: IncludedBy:certification,; Related:accreditation, application, assessment, control, process, security, system, verification,
certification policy: IncludedBy:certification, policy,; Related:certificate, public-key infrastructure,
certification practice statement: IncludedBy:certification, public-key infrastructure,; Related:access, application, authority, certificate, computer, entity, operation, policy, requirements, security, system, trust, users,
certification request: IncludedBy:certification, public-key infrastructure,; Related:X.509, algorithm, certificate, entity, key, public-key,
certification service: IncludedBy:certification, public-key infrastructure,; Related:certificate,
certification test and evaluation: IncludedBy:evaluation, test,; Related:development, security, software,
certificaton authority: IncludedBy:authority, public-key infrastructure,
certified information systems security professional: IncludedBy:computer security, information, system,
certified TEMPEST technical authority: IncludedBy:TEMPEST, authority,; Related:certification, criteria, requirements,
certifier: Related:accreditation, certification, identify, requirements, risk, system,
certify: Related:backup, certificate, entity, identity, key, owner, public-key, public-key infrastructure, subject, verification,
CGI scripts: IncludedBy:common gateway interface, software, threat, world wide web,; Related:security,
chain letter: IncludedBy:threat,; Related:users,
chain of custody
chain of evidence: Related:control,
challenge: IncludedBy:challenge/response,; Related:information, random, response,
challenge and reply authentication: IncludedBy:authentication,; Related:subject,
Challenge Handshake Authentication Protocol: IncludedBy:authentication, challenge/response, protocols, security protocol,; Related:cryptographic, cryptography, entity, hash, key, random, response,
Challenge-Response Authentication Mechanism: IncludedBy:authentication, challenge/response, response,; Related:hash, key, shared secret,
challenge-response protocol: IncludedBy:protocols, response,; Related:attack, authentication, control, cryptographic, hash, key, operation, public-key, random,
challenge/response: IncludedBy:response,; Includes:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, challenge,; Related:3-factor authentication, Extensible Authentication Protocol, IMAP4 AUTHENTICATE, POP3 AUTH, authentication, entity, identity, information, key, process, system, tokens, users,
change control and lifecycle management: IncludedBy:control, software development,; Related:authorized, program,
change management: Related:business process, process, security testing, test,
channel: Includes:communication channel, covert channel, covert storage channel, covert timing channel, exploitable channel, internal communication channel, overt channel, security-compliant channel, trusted channel,; Related:information, system,
channel capacity: Related:bandwidth, communications, information,
channel scanning: Related:intrusion, intrusion detection, system,
check character: IncludedBy:error detection code,; Includes:check character system,
check character system: IncludedBy:check character, system,
check digits
check word: Related:cipher, cryptographic, cryptography, check_password
check_password: IncludedBy:attack,; Related:passwords, program,
checksum: IncludedBy:integrity,; Related:algorithm, attack, computer, confidence, countermeasures, cryptographic, cryptography, entity, function, hash, information, network, object, system,
chemical warfare: IncludedBy:warfare,; Related:control,
Chernobyl packet: IncludedBy:threat,; Related:gateway, network,
chief information agency officer: IncludedBy:information, officer,; Related:operation, process, resource, technology,
chief information officer: IncludedBy:information, officer,; Related:management, resource, technology,
chosen-ciphertext attack: IncludedBy:attack, cipher,; Related:analysis, key,
chosen-plaintext attack: IncludedBy:attack,; Related:analysis, cipher, cryptography, key,
cipher: IncludedBy:encryption,; Includes:Rivest Cipher 2, Rivest Cipher 4, asymmetric cipher, asymmetric encipherment system, block cipher, block cipher key, chosen-ciphertext attack, cipher block chaining, cipher feedback, cipher suite, cipher text auto-key, ciphertext, ciphertext-only attack, decipher, decipherment, encipher, encipherment, encipherment algorithm, encrypt, encrypted key, n-bit block cipher, private decipherment key, private decipherment transformation, public encipherment key, public encipherment transformation, stream cipher, symmetric encipherment algorithm,; Related:BLACK, Blowfish, Data Authentication Algorithm, El Gamal algorithm, RED/BLACK separation, Rivest-Shamir-Adleman algorithm, Skipjack, algorithm, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, brute force attack, check word, chosen-plaintext attack, ciphony, cleartext, code, controlled access area, cryptanalysis, cryptographic, cryptographic algorithm, cryptographic key, cryptographic synchronization, cryptographic system, cryptography, cut-and-paste attack, data encryption algorithm, data encryption key, decrypt, decryption, encode, encryption algorithm, feedback buffer, initialization value, initialization vector, initializing value, intelligent threat, key, key generator, key stream, known-plaintext attack, message authentication code vs. Message Authentication Code, mode of operation, one-time pad, one-way encryption, out-of-band, private key, public-key, public-key certificate, public-key cryptography, secret-key cryptography, security strength, semantic security, superencryption, system, traffic analysis, traffic encryption key, triple DES,
cipher block chaining: IncludedBy:cipher,; Related:algorithm, code,; Synonym:block chaining,
cipher feedback: IncludedBy:cipher, cryptography,; Related:algorithm, code,
cipher suite: IncludedBy:cipher,; Related:algorithm, code,
cipher text auto-key: IncludedBy:cipher, key,; Related:cryptographic,
ciphertext: IncludedBy:cipher,; Related:algorithm, encipherment, encryption, information, message,
ciphertext key: HasPreferred:encrypted key,; IncludedBy:key,
ciphertext-only attack: IncludedBy:attack, cipher,; Related:algorithm, analysis, cryptographic, key, subject,
ciphony: Related:cipher, information, process,
circuit control officer: IncludedBy:control,
circuit level gateway: IncludedBy:gateway,; Related:connection, firewall, validate,; Synonym:circuit proxy,
circuit proxy: IncludedBy:firewall, proxy,; Related:application, connection, control, key,; Synonym:circuit level gateway,
circuit switching: Related:communications, connection, network, system,
civil liberties
CKMS: Related:cryptographic, key, metadata,
CKMS component: Related:policy, software,
CKMS profile: IncludedBy:file, profile,; Related:requirements, security,
claimant: Related:authentication, entity, function, identity, man-in-the-middle attack, protocols,
clandestine operation: Related:covert operation, overt operation,
Clark Wilson integrity model: IncludedBy:integrity, model,; Related:access, access control, control, software,
class 2, 3, 4, or 5: IncludedBy:public-key infrastructure,; Related:assurance, classified, critical, cryptographic, entity, identification, information, key, risk, system, tokens,
class: Related:object,
class hierarchy: Related:network,
class object: IncludedBy:object,
classification: Related:authorized, classified, object, security,
classification guidance
classification guide: Related:classified, subject,
classification levels: IncludedBy:classified,; Includes:TOP SECRET, confidential, default classification, secret, sensitive, sensitive but unclassified, trust level,; Related:Bell-LaPadula security model, Internet Protocol Security Option, authorized, classified information, clearance level, compartment, confinement property, controlled security mode, damage, dedicated security mode, dominated by, dominates, downgrade, information, lattice model, mode of operation, modes of operation, multilevel security, multilevel security mode, non-discretionary security, object, regrade, risk index, sanitize, security label, security level, security situation, sensitivity label, system-high security mode, users,
classification markings and implementation working group: Related:authorized, intelligence,
classified: IncludedBy:security,; Includes:classification levels, classified contract, classified information, classified information procedures act, classified information spillage, classified military information, classified national security information, classified visit, controlled unclassified information, default classification, deliberate compromise of classified information, endorsed for unclassified cryptographic information, endorsed for unclassified cryptographic item, north atlantic treaty organization classified information, sensitive but unclassified, sensitive but unclassified information, unclassified, unclassified controlled nuclear information, unclassified internet protocol router network, unclassified sensitive,; Related:BLACK, Bell-LaPadula security model, COMSEC demilitarization, CRYPTO, Central United States Registry for North Atlantic Treaty Organization, DD 254 - Final, DD 254 - Original, Defense Central Security Index, Defense Information Systems Network, Escrowed Encryption Standard, FIPS PUB 140-1, Federal Public-key Infrastructure, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, National Institute of Standards and Technology, National Security Agency, RED, RED/BLACK concept, Secure Telephone Unit III, Skipjack, Trusted Computer System Evaluation Criteria, Type 1 key, Type 2 key, Type I cryptography, Type II cryptography, access, access approval, access control, access eligibility determination, access national agency check and inquiries, accesses, accreditation, acknowledged special access program, acoustic security, activity security manager, adjudication, advanced encryption standard, adverse information, agency, aggregation, applicant, associated markings, authorized, authorized adjudicative agency, authorized classification and control markings register, authorized investigative agency, authorized person, automated information system media control system, automated security monitoring, burn bag, carve-out, category, class 2, 3, 4, or 5, classification, classification guide, classifier, clearance, clearance certification, cleared escort, clearing, closed area, code word, cognizant security agency, compartment, compartmentalization, compromise, confidentiality, confinement property, contamination, controlled cryptographic item, controlled security mode, courier, custodian, damage assessment, data aggregation, data encryption standard, declassification, declassification authority, dedicated mode, dedicated security mode, derivative classification, designated disclosure authority, dominated by, dominates, downgrade, downgrading, equity, escort, exception, facilities accreditation, facilities certification, facility security clearance, false positive, for official use only, foreign disclosure, foreign disclosure point of contact, foreign ownership, control, or influence, foreign relations of the united states, foreign travel briefing, foreign visit, formal access approval, formerly restricted data, government-to-government transfer, guard, handcarrier, handle via special access control channels only, high assurance guard, inadvertent disclosure incident, incident of security concern, industrial security, information, information category, information security oversight office, inspectable space, interim approval to operate, internal vulnerability, invalidation, key-escrow system, lattice model, law enforcement sensitive, mandatory access control, mandatory declassification review, mission critical, mode of operation, modes of operation, multilevel security, multilevel security mode, multiuser mode of operation, national security information, national security system, national security-related information, naval nuclear propulsion information, need for access, need-to-know, nicknames, non-disclosure agreement, non-discretionary security, non-discussion area, one-time access, open storage, operations security, operations security survey, originating agency determination required, pass/fail, periods processing, personnel security, personnel security - issue information, personnel security clearance, personnel security determination, personnel security interview, personnel security investigation, personnel security program, policy, program channels or program security channels, program protection plan, program sensitive information, protected distribution systems, protected information, public law 100-235, purge, radio frequency jamming, reference material, regrade, reinstatement, release, restricted area, restricted data, revocation, revocation of facility security clearance, risk index, safeguarding and safeguarding measures, safeguarding statement, sanitize, sanitizing, secret, secret key, secure data device, secure operating system, security assurance, security classification guides, security clearance, security compromise, security domain, security incident, security infraction, security label, security level, security policy automation network, security situation, security violation, senior agency official, sensitive compartmented information, sensitive information, sensitivity label, single scope background investigation - periodic reinvestigation, source document, special access program facility, spillage, sponsoring agency, stand-alone automated information system, standard practice procedures, stratified random sample, subcontract, suspicious contact, system-high security mode, systematic declassification review, tear line, technical data, temporary help/job shopper, transmission, transportation plan, trusted computer system, trusted foundry, type 1 products, type 2 product, type 3 key, type 3 product, unacknowledged special access program, unauthorized disclosure, unauthorized person, unfavorable personnel security determination, upgrade, working papers,
classified contract: IncludedBy:classified,; Related:access, requirements,
classified data: HasPreferred:classified information,
classified information: IncludedBy:access control, classified, information,; Includes:classified military information, classified national security information,; PreferredFor:classified data,; Related:authorized, classification levels, classified information procedures act, classified information spillage,
classified information procedures act: IncludedBy:classified,; Related:access, classified information,
classified information spillage: IncludedBy:classified, information, threat,; Related:classified information, incident, security incident,
classified military information: IncludedBy:classified, classified information,
classified national security information: IncludedBy:classified, classified information,
classified visit: IncludedBy:classified,; Related:access,
classifier: Related:classified, security,
clean system: IncludedBy:system,; Related:application, compromise, computer, file, risk, security, software, trust, virus,
clear: Related:software,
clearance: Related:access, authorization, authorized, certification, classified, security, trust,
clearance certification: IncludedBy:certification,; Related:access, classified, security,
clearance level: Related:access, access control, classification levels, information, security, security clearance,
cleared commercial carrier: Related:authorized, security,
cleared employees: Related:security,
cleared escort: Related:United States citizen, access, classified,
clearing: Related:classified, key, system,
cleartext: Antonym:encryption,; PreferredFor:plain text,; Related:cipher, cryptography, information, operation, process,
client (application)
client: Related:access, access control, computer, entity, process, program, system, users,
client server: IncludedBy:automated information system,; Related:access, access control, authorized, communications, computer, model, process, program, system, users,
clients, products, and business practices: IncludedBy:operational risk loss,; Related:requirements,
Clinger-Cohen Act of 1996: Related:management, risk,
Clipper chip: IncludedBy:National Institute of Standards and Technology, National Security Agency,; Includes:Law Enforcement Access Field,; Related:algorithm, communications, cryptographic, cryptography, encryption, escrow, key, process, standard, tamper,
closed area: Related:classified, requirements,
closed security environment: IncludedBy:security, software development,; Related:application, assurance, authorization, control, malicious, operation, system,
closed storage: Related:access, security,
closed user group: IncludedBy:users,; Related:communications,
cloud computing: Related:access, control, management, security, software, users,
cluster controller: IncludedBy:control,
cluster sample: Related:random,
co-utilization: Related:access,
coalition
coaxial cable
code: Includes:American Standard Code for Information Interchange, accounting legend code, authentication code, bar code, code amber, code book, code coverage, code division multiple access, code green, code group, code red, code vocabulary, coded switch system, country code, data authentication code, data authentication code vs. Data Authentication Code, decode, electronic codebook, encode, error detection code, executable code, hash code, hashed message authentication code, malicious code, manipulation detection code, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message integrity code, microcode, mobile code, object code, one-part code, operations code, source code, source code generator, two-part code,; Related:British Standard 7799, CASE tools, Distinguished Encoding Rules, El Gamal algorithm, Generic Security Service Application Program Interface, Integrated CASE tools, POSIX, Type II cryptography, algorithm, antivirus tools, application generator, application program interface, authentication, authentication token, blended attack, buffer overflow, card personalization, certificate management, cipher, cipher block chaining, cipher feedback, cipher suite, coding, communications security, compiled viruses, compiler, completeness, computer, crack, cryptographic, cryptographic application programming interface, cryptographic key, cryptography, cyclic redundancy check, data driven attack, dc servo drive, decrypt, domain name, dynamic analysis, encrypt, encryption, exploit, fault injection, fork bomb, gateway, hash, hash token, identification authentication, imprint, information, instrumentation, interface, interpreted virus, keyed hash algorithm, keying material, killer packets, logic bombs, maintenance hook, malicious program, malware, message, national security system, network sniffing, null, object, out-of-band, output transformation, passive security testing, patch, payload, penetration test, penetration testing, personal identification number, polymorphism, portability, positive control material, primary account number, program, protocols, reduction-function, reverse engineering, revoked state, scalability, secure hash standard, security perimeter, sensitive information, shim, simple network management protocol, spyware, state delta verification system, syllabary, symmetric key, synchronous flood, system, technical vulnerability information, test case generator, test cycle, time bomb, trapdoor, trojan horse, trust, unit, untrusted process, variant, verification, virus, worm,
code amber: IncludedBy:code, critical infrastructures, threat,; Related:critical, function, security,
code book: IncludedBy:code,; Related:encryption, system,
code coverage: IncludedBy:code,; Related:analysis, software, test,
code division multiple access: IncludedBy:access, code, security,; Related:cryptography, technology,
code green: IncludedBy:code, critical infrastructures,
code group: IncludedBy:code,; Related:system,
code red: IncludedBy:code, critical infrastructures, threat,; Related:attack, critical, function, security,
code vocabulary: IncludedBy:code,; Related:system,
code word: Related:classified, security,
coded switch system: IncludedBy:code, system,
coding: Related:code, computer, flow, program, software,
coefficient of variation: Related:standard,
coercive force
coercivity
cognizant security agency: IncludedBy:security,; Related:classified, intelligence,
cognizant security office: IncludedBy:security,
cohabitant
cold site: IncludedBy:disaster recovery,; Related:communications, computer, connection, hot site, system,
cold start: Related:cryptography, key, users,
collaborative computing: Related:application, information, technology,
collateral information: Related:access, security, security clearance, subject,
collision
collision-resistant hash function: IncludedBy:function, hash,; Related:property, requirements,
color change: Related:information, process, system,
command and control: IncludedBy:control,; Includes:command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, global command and control system, nuclear command and control document,; Related:C2-protect, Defense Information Infrastructure, authority, communications, function, operation,
command and control warfare: IncludedBy:command and control, control, warfare,; Related:adversary, application, information, intelligence, operation, security,
command authority: IncludedBy:authority,; Related:key, users,
command, control, and communications: IncludedBy:command and control, communications, control,
command, control, communications and computers: IncludedBy:command and control, communications, computer, control,
command, control, communications and intelligence: IncludedBy:command and control, communications, control, intelligence,
Commercial COMSEC Endorsement Program: IncludedBy:communications security, program,
Commercial COMSEC Evaluation Program: IncludedBy:communications security, evaluation, program,; Related:algorithm, module, standard, system,
commercial off-the-shelf software: IncludedBy:software,; Related:test,; Synonym:COTS software,
commercial software: IncludedBy:software,; Related:owner,
commercial-off-the-shelf: Includes:COTS software,
Committee of sponsoring organizations (of the Treadway Commission)
commodity service: Related:control, management, security,
common access card: IncludedBy:access,
common carrier
common control: IncludedBy:control,; Related:security,
common control provider: IncludedBy:control,; Related:development, security,
common criteria: IncludedBy:criteria,; Related:assurance, computer security, evaluation, function, information, information assurance, program, requirements, role, security, standard, system, technology,; Synonym:Common Criteria for Information Technology Security,
Common Criteria for Information Technology Security: IncludedBy:National Institute of Standards and Technology, computer security, criteria, information, security, technology,; Includes:Common Criteria for Information Technology Security Evaluation, national information assurance partnership,; Related:National Security Agency, algorithm, application, assessment, assurance, availability, computer, computer network, confidentiality, control, cryptographic, cryptography, emanation, emanations security, evaluation, function, integrity, malicious, network, operation, requirements, software, standard, system, threat, trust, version,; Synonym:common criteria,
Common Criteria for Information Technology Security Evaluation: IncludedBy:Common Criteria for Information Technology Security, computer security, criteria, evaluation, information, technology,; Includes:Canadian Trusted Computer Product Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria, assurance component, common criteria version 1.0, common criteria version 2.0, component dependencies, component extensibility, component hierarchy, component operations, evaluation assurance level, functional component, protection profile, security target, trusted gateway,; Related:IT security, assessment, requirements, risk,
Common Criteria Testing Laboratory: IncludedBy:criteria, national information assurance partnership, security testing, test,; Includes:Monitoring of Evaluations, Scope of Accreditation, Validation Certificate, approved technologies list, approved test methods list, deliverables list, designated laboratories list, designating authority, designation policy, evaluation technical report, evaluation work plan, observation reports,; Related:IT security, accreditation, computer security, evaluation, program, validation,
Common Criteria Testing Program: IncludedBy:criteria, national information assurance partnership, program, security testing, test,; Related:evaluation, validation,
common criteria version 1.0: IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, version,; Related:computer security, information, technology,
common criteria version 2.0: IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, version,; Related:computer security, information, technology,
common data security: IncludedBy:common data security architecture,; Related:communications, module, system,
common data security architecture: IncludedBy:security,; Includes:common data security, common security, common security services manager, cryptographic service, cryptographic service providers,; PreferredFor:communication and data security architecture,; Related:authentication, encryption,
Common Evaluation Methodology: IncludedBy:evaluation, national information assurance partnership,
common fill device: Related:key,
common gateway interface: IncludedBy:gateway, interface, world wide web,; Includes:CGI scripts,; Related:access, access control, program, resource,
common interswitch rekeying key: IncludedBy:key, rekey,
Common IP Security Option: IncludedBy:security,
common misuse scoring system: Related:security, software, vulnerability,
common name: IncludedBy:public-key infrastructure,; Related:X.509, certificate, key, object, public-key,
common platform enumeration
common security: IncludedBy:common data security architecture,; Related:application, certificate, cryptographic, integrity, key, policy, protocols, public-key infrastructure, trust,
common security services manager: IncludedBy:common data security architecture,
common vulnerabilities and exposures: IncludedBy:exposures, vulnerability,; Related:cyberspace, risk,
communication and data security architecture: HasPreferred:common data security architecture,; IncludedBy:security,
communication channel: IncludedBy:channel, communications,; Includes:internal communication channel,; Related:information, network,
communication equipment room: IncludedBy:communications,
communication link: IncludedBy:communications,
communications: IncludedBy:network,; Includes:National Communications System, National Security Telecommunications Advisory Committee, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Administration, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, asynchronous communication, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, communication channel, communication equipment room, communication link, communications cover, communications deception, communications electronics operating instruction, communications profile, communications protocol, communications security element, data communications, defense communications system, diplomatic telecommunications service, federal telecommunications system, global telecommunications service, government emergency telecommunications service, imitative communications, information and communications, internal communication channel, manipulative communications deception, minimum essential emergency communications network, national telecommunications and information system security directives, personal communications network, private communication technology, protected communications, protected communications zone, secure communications, subcommittee on telecommunications security, telecommunications, telecommunications security, tri-service tactical communications system,; Related:American National Standards Institute, CCI equipment, COMSEC aid, COMSEC equipment, COMSEC material, COMSEC module, COMSEC monitoring, COMSEC survey, CRYPTO, Clipper chip, Defense Information Infrastructure, Escrowed Encryption Standard, IT resources, ITU-T, Integrated services digital network, National Security Decision Directive 145, OSI architecture, Rivest-Shamir-Adleman algorithm, TEMPEST, access, access control, active wiretapping, alarm surveillance, application, application program interface, approval/accreditation, audit trail, authenticate, availability, bandwidth, between-the-lines-entry, binding, bit error rate, bulk encryption, capability, cell, cellular transmission, channel capacity, circuit switching, client server, closed user group, cold site, command and control, common data security, component, computer fraud, content filtering, control, controlled cryptographic item, covert channel, covert timing channel, cracker, cross-talk, cryptography, cryptology, cybersecurity, cyberspace, deception, delegated development program, dial-up, dial-up line, digital telephony, distributed processing, electronic commerce, electronic data interchange, electronic key management system, electronic security, email, encryption, end-to-end encryption, exercise key, extraction resistance, fault, field device, field site, frequency hopping, front-end processor, full-duplex, gateway, general support system, global information grid, global information infrastructure, help desk, host, inference, information processing standard, information superhighway, information systems security engineering, information technology, information technology system, interface, interference, internet, internet control message protocol, internet protocol, internetwork, intranet, key exchange, key management/exchange, key recovery, line conditioning, line conduction, link, link encryption, local loop, local-area network, major application, message indicator, mission critical, multicast, multilevel security, national information infrastructure, national security system, nations, network architecture, network configuration, network device, network layer security, network management, network management architecture, network management protocol, network weaving, online certificate status protocol, open system interconnection model, operations code, outage, over-the-air key transfer, over-the-air rekeying, overt channel, packet filtering, passive wiretapping, peer-to-peer communication, per-call key, personal firewall, platform, port, privacy system, protocol suite, protocols, public-key infrastructure, reliability, remote access, remote terminal emulation, remote terminal unit, replay attacks, secure hypertext transfer protocol, secure socket layer, security, security controls, security perimeter, session hijack attack, signaling, simple network management protocol, software, spread spectrum, subcommittee on Automated Information System security, subnetwork, superencryption, system, system assets, systems security steering group, systems software, technology area, telecommuting, teleprocessing, traffic analysis, traffic padding, traffic-flow security, transmission security, transport mode vs. tunnel mode, trusted gateway, tunnel, user data protocol, virtual private network, war dialer, wide-area network, wiretapping, worm,
communications cover: IncludedBy:communications,; Related:adversary, information,
communications deception: IncludedBy:communications, security,; Related:adversary, assurance,
communications electronics operating instruction: IncludedBy:communications,
communications intelligence: IncludedBy:intelligence,; Related:foreign,
communications profile: IncludedBy:communications, file, profile,; Related:communications security, function, security, system,
communications protocol: IncludedBy:communications, protocols,; Related:computer, information, standard,
communications security: IncludedBy:Automated Information System security, security,; Includes:COMSEC Material Control System, COMSEC Parent Switch, COMSEC Resources Program, COMSEC Subordinate Switch, COMSEC Utility Program, COMSEC account, COMSEC account audit, COMSEC aid, COMSEC boundary, COMSEC chip set, COMSEC control program, COMSEC custodian, COMSEC end-item, COMSEC equipment, COMSEC facility, COMSEC incident, COMSEC insecurity, COMSEC manager, COMSEC material, COMSEC modification, COMSEC module, COMSEC monitoring, COMSEC profile, COMSEC survey, COMSEC system data, COMSEC training, Commercial COMSEC Endorsement Program, Commercial COMSEC Evaluation Program, National COMSEC Advisory Memorandum, National COMSEC Information Memorandum, National COMSEC Instruction, advanced self-protection jammer, alternate COMSEC custodian, anti-jam, anti-jamming, communications security element, crypto-security, emissions security, internet protocol security, meaconing, intrusion, jamming, and interference, network security, network security architecture, network security architecture and design, network security officer, subcommittee on telecommunications security, telecommunications security,; Related:BLACK, CCI assembly, CCI component, CCI equipment, CRYPTO, FIPS PUB 140-1, Federal Public-key Infrastructure, RED, RED/BLACK separation, Secure Data Exchange, TSEC nomenclature, access control lists, accountability, accounting legend code, accounting number, alert, algorithm, approval/accreditation, assurance, audit trail, authentication, authorized, central office of record, code, communications profile, computer emergency response team, confidentiality, control, cryptographic, cryptography, data transfer device, design controlled spare parts, direct shipment, drop accountability, electronic attack, electronic key management system, electronically generated key, element, encryption algorithm, entity, fill device, fixed COMSEC facility, frequency hopping, incident, information, information security, integrity, key, key distribution center, key management, limited maintenance, local management device/key processor, long title, mandatory modification, network sponsor, optional modification, procedural security, process, protective packaging, repair action, security architecture, security incident, security net control station, short title, supersession, system, systems security steering group, telecommunications, test key, time-compliance date, transmission security, trusted path, two-person integrity, updating, user representative,
communications security element: IncludedBy:communications, communications security,
communications security monitoring: IncludedBy:security,
community of interest: Related:security, users,
community risk: IncludedBy:risk,; Related:vulnerability,
community string: Related:passwords, version,
company
comparisons: IncludedBy:biometrics,; Related:entity, identification, identity, process, verification,
compartment: Related:access, access control, classification levels, classified, control, information,
compartment key: IncludedBy:key,
compartmentalization: Related:access, access control, classified, control, information, security,
compartmentation: Related:access,
compartmented intelligence: IncludedBy:intelligence,; Related:access,
compartmented mode: Related:access, access control, information, operation, process, security, system, users,
compelling need: Related:access,
compensating security controls: IncludedBy:control, security,; Related:countermeasures, information, management, operation, system,
competition: Related:object,
compiled viruses: IncludedBy:virus,; Related:code, program, system,
compiler: IncludedBy:software development,; Related:code, computer, object, program, source code,
completeness: Related:code, function, requirements, software,
compliance-based: Related:IT security, program, security, standard, system,
component: IncludedBy:component dependencies, component extensibility, component hierarchy, component operations, component reference monitor, construction of TOE requirements, target of evaluation,; Includes:assurance component, basic component, development assurance component, evaluation assurance component, functional component, functional unit, network component,; Related:communications, computer, control, entity, file, function, gateway, identity, message, network, object, operation, profile, security, security testing, software, subject, system, target, telecommunications, test, trust, verification,
component dependencies: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component,; Related:assurance, function,
component extensibility: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component, security target,; Related:assurance, certification, criteria, function,
component hierarchy: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component,; Related:assurance, criteria, function, requirements,
component operations: IncludedBy:Common Criteria for Information Technology Security Evaluation, operation,; Includes:component, security policy, threat,; Related:application, criteria, policy,
component reference monitor: IncludedBy:access control,; Includes:component, object, subject,; Related:access, control,
comprehensive testing
compromise: IncludedBy:incident,; Includes:areas of potential compromise, compromised key list, compromised state, compromising emanation performance requirement, compromising emanations, data compromise, deliberate compromise of classified information, destroyed compromised state, security compromise,; Related:DNS spoofing, TEMPEST, TEMPEST shielded, TEMPEST test, acknowledged special access program, acquisition systems protection, adversary, application server attack, attack, authorized, benign, classified, clean system, computer, control, control zone, core secrets, cost-risk analysis, counterintelligence assessment, critical, critical program information, critical security parameters, cryptographic, cryptography, emanations security, emissions security, entity, environmental failure protection, environmental failure testing, file integrity checking, flaw hypothesis methodology, forward secrecy, information, insider, intrusion, invalidity date, key, key lifecycle state, leapfrog attack, line supervision, malware, metadata, multilevel device, object, ohnosecond, payment gateway certification authority, policy, privacy, protective technologies, public-key forward secrecy, revocation, revocation date, risk analysis, robustness, rootkit, security, security audit, security environment threat list, security event, security incident, security infraction, security management infrastructure, security violation, suppression measure, suspicious contact, system, tri-homed, trust, trusted recovery, unacknowledged special access program, version, vulnerability, vulnerability assessment, warehouse attack,
compromised key list: IncludedBy:compromise, key, multilevel information systems security initiative, public-key infrastructure, threat,; Related:authorized, certificate, computer, control, identification, subject, system, users,
compromised state: IncludedBy:compromise, key lifecycle state,; Related:cryptographic, key, lifecycle, process,
compromising emanation performance requirement: IncludedBy:compromise, emanations security, risk,
compromising emanations: IncludedBy:TEMPEST, compromise, emanations security, threat,; Related:information, intelligence, process, system,
computer: Includes:Canadian Trusted Computer Product Evaluation Criteria, Computer Incident Advisory Capability, Computer Security Objects Register, DoD Trusted Computer System Evaluation Criteria, National Computer Security Center, National Computer Security Center glossary, Trusted Computer System Evaluation Criteria, command, control, communications and computers, computer abuse, computer architecture, computer cryptography, computer emergency response team, computer emergency response teams' coordination center, computer forensics, computer fraud, computer incident assessment capability, computer intrusion, computer network, computer network attack, computer network defense, computer network exploitation, computer network operations, computer operations, audit, and security technology, computer oracle and password system, computer related controls, computer related crime, computer security, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computer-aided software engineering, computer-assisted audit technique, embedded computer, energy-efficient computer equipment, joint task force-computer network defense, laptop computer, national computer security assessment program, organization computer security representative, personal computer, personal computer memory card international association, trusted computer system,; Related:Abrams, Jojodia, Podell essays, Abstract Syntax Notation One, American National Standards Institute, Automated Information System security, Bell-LaPadula security model, COMSEC control program, Common Criteria for Information Technology Security, Cryptographic Application Program Interface, Defense Information Infrastructure, Estelle, FIPS PUB 140-1, Federal Information Processing Standards, Forum of Incident Response and Security Teams, IP address, IT resources, IT security incident, Integrated services digital network, Internet worm, Open Systems Interconnection Reference model, Orange book, PC card, PCMCIA, PHF, POSIX, Red book, SOCKS, TEMPEST, Terminal Access Controller Access Control System, Trusted Systems Interoperability Group, Yellow book, abort, access control center, access control lists, access port, accessibility, accountability, accreditation, accreditation range, active wiretapping, add-on security, administrative account, algorithm, antivirus software, application, application server attack, application system, approval/accreditation, assurance, attack, attackers, audit software, audit trail, auditing tool, authentication, authentication code, authorization, automated clearing house, automated data processing system, automated information system, automated key distribution, automated logon sequences, availability, backdoor, backup operations, backup procedures, bandwidth, bastion host, bebugging, benchmark, beyond A1, break, browser, brute force attack, buffer overflow, byte, call back, centralized operations, certification, certification authority workstation, certification practice statement, checksum, clean system, client, client server, code, coding, cold site, communications protocol, compiler, component, compromise, compromised key list, confidentiality, configuration control, configuration item, configuration management, console logon, console logs, continuity of services and operations, cracker, cracking, crash, criteria, cyberspace, cyberspace operations, data, data encryption standard, data integrity, data management, data processing, database management system, debug, default account, demilitarized zone, denial-of-service, descriptive top-level specification, dial back, dial-up, dial-up line, dial-up security, digital certificate, digital signature, discrete event simulation, distributed data, distributed database, distributed denial-of-service, distributed processing, domain name service server, dongle, download, dump, dumpster diving, e-mail server, electronic commerce, electronic data interchange, email, emergency response, emergency shutdown controls, end system, end-to-end encryption, end-user, endorsed tools list, error seeding, evaluated products list, executable code, exploitable channel, extensible markup language, extranet, fault, field, file, file infector virus, file security, file transfer, file transfer protocol, firewall, firmware, flaw hypothesis methodology, flooding, formal language, formal proof, formal security policy model, formal specification, formal top-level specification, format, framework, front-end processor, front-end security filter, full disk encryption, functional testing, gateway, gateway server, general controls, general-purpose system, gopher, graphical-user interface, guard, hackers, handshaking procedures, hardening, hardware, help desk, host, host-based firewall, hypertext, identification authentication, imaging system, impersonation, incident, individual accountability, information flow, information security, information system, information technology, information technology system, insider, integrity, interactive mode, interface, internet, internet protocol, internet vs. Internet, interoperability, interoperability standards/protocols, intranet, intrusion, intrusion detection, intrusion detection and prevention, intrusion detection systems, intrusion detection tools, intrusion prevention, key center, key logger, kiosk, language of temporal ordering specification, leakage, legacy systems, link, list-oriented, local-area network, logic bombs, loop, malicious applets, malicious intruder, malicious logic, malware, memory, message authentication code vs. Message Authentication Code, message integrity code, meta-language, microcode, middleware, mirroring, mockingbird, modem, multiuser mode of operation, national information infrastructure, network, network component, network device, network front-end, network services, node, object, on-demand scanning, on-line system, operating system, optical scanner, output, overt channel, packet sniffer, packet switching, passive threat, password cracking, peer-to-peer communication, penetration test, penetration testing, peripheral equipment, persistent cookie, personal digital assistant, personal firewall, personal identity verification, phishing, phracker, piggyback entry, port, portability, pretty good privacy, privilege, privileged access, privileged instructions, privileged process, procedural security, process controller, program, proprietary information, protocol suite, protocols, prototyping, proxy server, public law 100-235, push technology, read-only memory, real-time processing, real-time system, reciprocal agreement, recovery site, reliability, remote access, remote access software, remote terminal emulation, remote terminal unit, requirements, requirements traceability matrix, resource starvation, response time, restart, reusability, reverse engineering, risk, rootkit, router, run, safeguarding statement, scan, screen scraping, script, script bunny, secure configuration management, security architecture, security audit, security evaluation, security event, security incident, security kernel, security label, security policy model, security service, security test and evaluation, security-relevant event, segregation of duties, sensitive information, server, session key, shrink-wrapped software, simple mail transfer protocol, simulation modeling, single sign-on, smartcards, sniffer, social engineering, soft TEMPEST, software, software development methodologies, software product, source code, source data entry, source program, spoofing, spyware detection and removal utility, stand-alone, shared system, stand-alone, single-user system, state variable, stovepipe systems, supervisory control, supervisory control and data acquisition, support software, suspicious event, system, system development lifecycle, system files, system integrity, system lifecycle, system parameter, system security officer, system software, systems software, technical policy, technical vulnerability, telecommuting, teleprocessing, telnet, testability, thrashing, threat, ticket-oriented, tiger team, time bomb, timing attacks, tokens, traceroute, tracking cookie, transaction, transmission control protocol, trapdoor, trojan horse, trust level, trusted computing base, trusted network interpretation, trusted path, trusted platform module chip, trustworthy system, tunnel, type time, unit, upload, user data protocol, user id, user interface, users, utility programs, value-added network, vaulting, vendor, virtual private network, virus, virus-detection tool, vulnerability, war dialer, war driving, web server, website hosting, white-box testing, wireless gateway server, workstation, worm,
computer abuse: IncludedBy:automated information system, computer, threat,; Related:authorized, availability, confidentiality, damage, denial-of-service, fraud, information, integrity, key, malicious, process, resource, theft,
computer architecture: IncludedBy:computer, security architecture,; Includes:object,; Related:application, process, program, protocols, software, standard, system,
computer cryptography: IncludedBy:computer, cryptography,; Related:algorithm, authentication, encryption, information, process, program, users,
computer emergency response team: IncludedBy:computer, response, security,; Includes:Forum of Incident Response and Security Teams, computer emergency response teams' coordination center,; Related:Computer Incident Advisory Capability, advisory, attack, availability, communications security, computer security, computer security incident response team, incident, information, integrity, internet, network, owner, system, threat, vulnerability,
computer emergency response teams' coordination center: IncludedBy:computer, computer emergency response team, response,; Related:attack, internet, program, software, system,
computer forensics: IncludedBy:computer,; PreferredFor:forensics,; Related:integrity,
computer fraud: IncludedBy:computer, fraud,; Related:application, communications, file, operation, program, software, system,
Computer Incident Advisory Capability: IncludedBy:advisory, computer, incident,; Related:computer emergency response team, response,
computer incident assessment capability: IncludedBy:assessment, computer, incident,
computer incident response team: Related:cyberspace, security,
computer intrusion: IncludedBy:attack, computer, incident, intrusion,; Related:access, access control, authorized, information, system, unauthorized access,
computer network: IncludedBy:computer, network,; Includes:computer network attack, computer network defense, computer network exploitation, computer network operations, joint task force-computer network defense,; Related:Common Criteria for Information Technology Security, Estelle, authentication, automated key distribution, bandwidth, computer oracle and password system, cyberspace operations, distributed dataprocessing, extranet, firewall, gateway, hackers, host, internet, internet vs. Internet, intranet, language of temporal ordering specification, mirroring, packet switching, protocol suite, remote access, security policy automation network, sniffer, system, transmission control protocol, tunnel, value-added network, vaulting, virtual private network, war driving, wide-area network, wireless gateway server,
computer network attack: IncludedBy:attack, computer, computer network, network,; Related:information, operation,
computer network defense: IncludedBy:computer, computer network, network,; Related:authorized, information, system,
computer network exploitation: IncludedBy:computer, computer network, network,; Related:information, intelligence, system, target,
computer network operations: IncludedBy:computer, computer network, network,; Related:attack,
computer operations, audit, and security technology: IncludedBy:audit, computer, operation, technology,; Related:computer security, function, system,
computer oracle and password system: IncludedBy:computer, security software, system,; Related:computer network, network, passwords, program, software,
computer related controls: IncludedBy:computer, control,; Related:application, availability, confidentiality, integrity, security controls,
computer related crime: IncludedBy:computer, threat,; Related:illegal, technology,
computer security: IncludedBy:computer, security,; Includes:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Computer Security Objects Register, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IS security architecture, IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security certification, IT security policy, IT security product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, National Computer Security Center, National Computer Security Center glossary, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, certified information systems security professional, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computing security methods, emissions security, information system security officer, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, multilevel information systems security initiative, national computer security assessment program, national telecommunications and information system security directives, program automated information system security incident support team, subcommittee on Automated Information System security,; Related:Bell-LaPadula security model, Common Criteria Testing Laboratory, Federal Criteria Vol. I, Federal Information Processing Standards, Forum of Incident Response and Security Teams, National Security Decision Directive 145, National Voluntary Laboratory Accreditation Program, Orange book, Scope of Accreditation, Trusted Computer System Evaluation Criteria, Yellow book, access, access control, accreditation range, approved technologies list, approved test methods list, assurance, audit trail, availability, certification, common criteria, common criteria version 1.0, common criteria version 2.0, computer emergency response team, computer operations, audit, and security technology, confidentiality, conformant validation certificate, control, correctness, covert channel, criteria, dedicated mode, degausser, degausser products list, deliverables list, designated, designated laboratories list, dominates, endorsed tools list, evaluated products list, evaluation, evaluation work plan, function, information, integrity, observation reports, partitioned security mode, party, preferred products list, procedural security, process, protection profile, public law 100-235, residual risk, risk treatment, security architecture, security purpose, security requirements, security target, security-compliant channel, sensitive information, software, subcommittee on telecommunications security, suspicious event, system, system high mode, systems security steering group, tamper, technology area, trusted network interpretation,; Synonym:Automated Information System security, IT security, information systems security,
computer security emergency response team: IncludedBy:computer, computer security, response,
computer security incident: IncludedBy:computer, computer security, incident, security incident,; Related:information, intrusion, system,
computer security incident response capability: IncludedBy:computer, computer security, incident, response, security incident,
computer security incident response team: IncludedBy:computer, computer security, incident, response, security incident,; Related:computer emergency response team, information,
computer security intrusion: IncludedBy:computer, computer security, intrusion,; Related:access, access control, authorized, information, penetration, system, unauthorized access,
computer security object: IncludedBy:computer, computer security, object,; Related:security software,
Computer Security Objects Register: IncludedBy:National Institute of Standards and Technology, computer, computer security, object,; Related:algorithm, registration, standard,
computer security subsystem: IncludedBy:computer, computer security, system,; Related:software,
computer security technical vulnerability reporting program: IncludedBy:computer, computer security, program, vulnerability,; Related:information, login, software,
computer security toolbox: IncludedBy:security,; Related:assurance,
computer-aided software engineering: IncludedBy:computer, software,
computer-assisted audit technique: IncludedBy:audit, computer,; Related:program, software, test,
computerized telephone system
computing environment: Related:application, system,
computing security methods: IncludedBy:computer security,; Related:assurance, function, network, requirements, software, system, verification,
COMSEC: Related:security,
COMSEC account: IncludedBy:communications security,; Related:control, entity,
COMSEC account audit: IncludedBy:audit, communications security,
COMSEC aid: IncludedBy:communications security,; Related:communications, key, operation, system, telecommunications,
COMSEC assembly
COMSEC boundary: IncludedBy:boundary, communications security,; Related:critical, function, key, software,
COMSEC chip set: IncludedBy:communications security,
COMSEC control program: IncludedBy:communications security, control, program,; Related:authentication, computer, encryption, function, key, message,
COMSEC custodian: IncludedBy:communications security,; Related:authority,
COMSEC demilitarization: Related:classified, process,
COMSEC element
COMSEC end-item: IncludedBy:communications security,; Related:application,
COMSEC equipment: IncludedBy:communications security,; Related:authentication, authorized, communications, cryptography, information, process, telecommunications, version,
COMSEC facility: IncludedBy:communications security,; Related:authorized,
COMSEC incident: IncludedBy:communications security, incident,
COMSEC insecurity: IncludedBy:communications security,; Related:incident, information,
COMSEC manager: IncludedBy:communications security,; Related:resource,
COMSEC material: IncludedBy:communications security,; Related:communications, control systems, cryptographic, cryptography, function, key, software, telecommunications,
COMSEC Material Control System: IncludedBy:communications security, control, control systems, system,; Related:key,
COMSEC modification: IncludedBy:communications security, information systems security equipment modification,; Related:information, system,
COMSEC module: IncludedBy:communications security, module,; Related:communications, function, system, telecommunications,
COMSEC monitoring: IncludedBy:communications security,; Related:communications, telecommunications,
COMSEC Parent Switch: IncludedBy:communications security,
COMSEC profile: IncludedBy:communications security, file, profile,; Related:operation, system,
COMSEC Resources Program: IncludedBy:communications security, program, resource,
COMSEC Subordinate Switch: IncludedBy:communications security,
COMSEC survey: IncludedBy:communications security,; Related:communications, information, operation, system,
COMSEC system data: IncludedBy:communications security, system,; Related:control, information, key,
COMSEC training: IncludedBy:communications security,
COMSEC Utility Program: IncludedBy:communications security, program,
concealment
concealment system: IncludedBy:system,; Related:confidentiality, information, security,
concept of operations: IncludedBy:operation, security,; Related:internet, object, process, system,
concurrency control: IncludedBy:control,; Related:users,
concurrent connections: IncludedBy:connection,; Related:flow, test, users,
confidence: IncludedBy:assurance, trust,; Includes:confidence coefficient, confidence interval, confidence level, confidence limits, public confidence,; Related:IT Security Evaluation Criteria, IT Security Evaluation Methodology, Monitoring of Evaluations, assurance level, assurance profile, audit, authentication, authenticity, checksum, confidentiality, data confidentiality, data integrity, defense, defense-in-depth, infrastructure assurance, interval estimate, national information assurance partnership, policy, profile assurance, quality assurance, reference monitor, reliability, robustness, sampling error, software quality assurance, source integrity, state delta verification system, trusted channel, trusted computing system, trusted path,
confidence coefficient: IncludedBy:confidence,
confidence interval: IncludedBy:confidence,
confidence level: IncludedBy:confidence,; Related:random,
confidence limits: IncludedBy:confidence,
confidential: IncludedBy:classification levels,; Related:authorized, damage, security,
confidential source: Related:security,
confidentiality: IncludedBy:privacy, security goals,; Includes:cryptographic algorithm for confidentiality, data confidentiality, data confidentiality service, traffic flow confidentiality,; Related:Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, NULL encryption algorithm, Secure Electronic Transaction, access, access control, assurance, asymmetric cryptography, authentication header, authorized, classified, communications security, computer, computer abuse, computer related controls, computer security, concealment system, confidence, data privacy, data security, defense-in-depth, defense-wide information assurance program, digital envelope, encapsulating security payload, encryption algorithm, entry-level certification, flow, hybrid encryption, information, information assurance, information security, internet, internet protocol security, intrusion, key recovery, levels of concern, line managers, mid-level certification, network, object, passive, penetration, post-accreditation phase, privacy enhanced mail, privacy programs, privacy protection, process, property, public-key infrastructure, requirements for procedures and standards, secure shell, secure socket layer, security controls, security event, security objectives, security policy, simple network management protocol, subject, symmetric cryptography, system, top-level certification, transmission security, users, vulnerability, wrap,
configuration: IncludedBy:configuration management, target of evaluation,; Related:function, software, system, target,
configuration control: IncludedBy:configuration management, control, target of evaluation,; Includes:object,; Related:authorized, computer, establishment, identification, information, integrity, malicious, operation, process, software, system, target,
configuration control board: IncludedBy:control,; Related:development, software,
configuration identification: IncludedBy:configuration management, identification,; Related:function, system,
configuration item: IncludedBy:configuration management,; Related:computer, entity, function, process, program, software,
configuration management: IncludedBy:assurance, risk management, software development,; Includes:baseline management, configuration, configuration control, configuration identification, configuration item, secure configuration management,; Related:computer, control, function, identify, operation, process, requirements, software, system, test,
confinement: Includes:confinement channel, confinement property,; Related:program, risk,
confinement channel: IncludedBy:confinement,; Related:covert, covert channel, covert timing channel,
confinement property: IncludedBy:confinement,; Related:Bell-LaPadula security model, access, access control, classification levels, classified, object, subject,; Synonym:*-property,
conformance: Related:requirements, standard, test,
conformance testing: IncludedBy:security testing, test,; Related:process,
conformant validation certificate: IncludedBy:certificate, validation,; Related:IT security, authority, computer security, security,
congruence: Related:property,
connection: IncludedBy:firewall,; Includes:Open Systems Interconnection Reference model, concurrent connections, connection approval, connection establishment, connection establishment time, connection maintenance, connection overhead, connection teardown, connection teardown time, connectionless data integrity service, interconnection security agreements, network connection, open system interconnection, open system interconnection model, open systems interconnection, platform it interconnection, system interconnection,; Related:Identification Protocol, Internet Security Association and Key Management Protocol, Internet worm, OSI architecture, SOCKS, SYN flood, Security Protocol 3, Security Protocol 4, Simple Authentication and Security Layer, Terminal Access Controller Access Control System, USENET, application level gateway, application proxy, application-level firewall, asynchronous transfer mode, authentication header, automated logon sequences, banner grabbing, call back, call back security, circuit level gateway, circuit proxy, circuit switching, cold site, connectivity, control, cookies, data origin authentication service, data source, derogatory information, dial back, encapsulating security payload, external system exposure, file, firewall machine, foreign liaison officer, global information infrastructure, handcarrier, information, interface, internet, internet protocol security, internetwork private line interface, local-area network, long-haul telecommunications, malicious code screening, memorandum of understanding, national information infrastructure, network, network address translation, network configuration, network tap, on ramp, personal firewall, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, port, port scanner, port scanning, protective security service, protocols, proxy, proxy server, remote access, remote maintenance, router, rules of behavior, scan, secure shell, secure socket layer, security association, security certificate, security controls, security domain, security parameters index, session key, signaling, stateful packet filtering, stealth probe, stovepipe systems, system security authorization agreement, tinkerbell program, transmission control protocol, trusted identification forwarding, tunneling, unit of transfer, users, war dialing, wireless technology, wiretapping, worm,
connection approval: IncludedBy:connection,; Related:authorization,
connection establishment: IncludedBy:connection, establishment,; Related:identify, protocols, security association, test,
connection establishment time: IncludedBy:connection, establishment,; Related:interface, protocols,
connection maintenance: IncludedBy:connection,; Related:identify, protocols, users,
connection overhead: IncludedBy:connection,; Related:establishment,
connection teardown: IncludedBy:connection,; Related:identify, protocols, test,
connection teardown time: IncludedBy:connection,; Related:interface, protocols,
connectionless data integrity service: IncludedBy:connection, integrity,; Related:security,
connectivity: IncludedBy:target of evaluation,; Related:connection, property,
consequence
consequence management: IncludedBy:risk management,
consignee
consignor: Related:shipper,
consistency: IncludedBy:database management system,; Related:standard, system,
console: Related:interface, intrusion, intrusion detection, program, system, users,
console logon: IncludedBy:logon,; Related:access, computer, control, privileged, system, users,
console logs: IncludedBy:audit trail,; Related:computer, control, system,
constant surveillance service: Related:security,
construction: IncludedBy:target of evaluation,; Related:process, target,
construction of TOE requirements: IncludedBy:requirements, target of evaluation,; Includes:component, security target,; Related:object, security,
construction surveillance technician: Related:security,
constructive cost model: IncludedBy:business process,
consumers: Related:policy, requirements, security, system, users,
contact interface: IncludedBy:interface,; Related:flow,
contactless interface: IncludedBy:interface,; Related:flow,
contactless smart card: IncludedBy:smartcards,; Related:information,
container: Related:encryption, file, technology,
contamination: IncludedBy:fetch protection, file protection, incident, risk,; Related:classified,
content filtering: Related:communications, process, users,
context-dependent access control: IncludedBy:access, control,
continental united states
contingency key: IncludedBy:key,; Related:operation,
contingency plan: IncludedBy:contingency planning,; Includes:back up vs. backup, backup generations, backup operations, backup plan, disaster plan, disaster recovery, disaster recovery plan, emergency plan, recovery procedures, redundancy,; Related:IT security, backup, business process, critical, failure, management, operation, process, program, recovery, resource, response, risk, security, system, test,
contingency planning: IncludedBy:availability,; Includes:contingency plan,; Related:backup, control, critical, operation, recovery, resource, response, system,
continuity of operations: IncludedBy:availability, operation,; Related:process,
continuity of operations plan: IncludedBy:operation,; Related:damage, function, management, risk,
continuity of services and operations: IncludedBy:operation, risk management,; Related:business process, computer, control, critical, minimum essential infrastructure, recovery,
continuous monitoring: Related:control, development, risk, security,
continuous operation: Related:access,
continuous process: IncludedBy:process,; Related:flow, operation,
continuous process improvement: IncludedBy:process, quality,; Related:operation,
continuous sensitive compartmented information facility operation
continuous signature service: IncludedBy:signature,
contract: Related:subject,
contracting officer
contracting officer representative
contractor: Related:security,
contractor special security officer: IncludedBy:security,; Related:information security,
contractor/command program manager
contractor/command program security officer: IncludedBy:security,; Related:access,
control: Includes:COMSEC Material Control System, COMSEC control program, IT security controls, Office of Foreign Assets Control, TSF scope of control, Terminal Access Controller Access Control System, U.S.-controlled facility, U.S.-controlled space, access control, access control center, access control mechanisms, access control officer, access control service, application controls, areas of control, attribute-based access control, automatic key distribution/rekeying control unit, baseline controls, change control and lifecycle management, circuit control officer, cluster controller, command and control, command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, common control, common control provider, compensating security controls, computer related controls, concurrency control, configuration control, configuration control board, context-dependent access control, control algorithm, control center, control class, control family, control identification list, control information, control loop, control network, control objectives, control objectives for information and related technology, control server, control systems, control zone, controlled access area, controlled access protection, controlled area, controlled cryptographic item, controlled interface, controlled security mode, controlled sharing, controlled space, controlled variable, controller, controlling authority, criteria of control, cryptonet control station, data control language, data flow control, design controlled spare parts, discretionary access control, distributed control system, domain controller, dual control, emergency shutdown controls, entry control, environmentally controlled area, external security controls, failure control, firewall control proxy, foreign owned, controlled or influenced, general controls, global command and control system, hybrid security control, identity based access control, industrial control system, information flow control, information systems audit and control association, information systems audit and control foundation, interface control document, interface control unit, internal control questionnaire, internal security controls, internet control message protocol, key control, logical access control, machine controller, management control processes, management controls, management security controls, mandatory access control, master control switch, media access control address, modification/configuration control board, motion control network, net control station, network access control, non-discretionary access control, nuclear command and control document, operational controls, partition rule base access control, physical access control, physical controls, point of control and observation, policy-based access control, positive control material, procedural controls, process controller, programmable logic controller, quality assurance/control, quality control, questions on controls, redundant control server, risk-adaptable access control, role-based access control, routing control, security control assessment, security control assessor, security control baseline, security control effectiveness, security control enhancements, security control inheritance, security controls, security net control station, single loop controller, statistical process control, supervisory control, supervisory control and data acquisition, system-specific security control, tailored security control baseline, technical controls, technical security controls, transfers outside TSF control, transmission control protocol, transmission control protocol/internet protocol, two-person control, zone of control,; Related:Automated Information System security, Bell-LaPadula security model, British Standard 7799, C2-protect, CCI assembly, CCI component, CCI equipment, COMSEC account, COMSEC system data, Clark Wilson integrity model, Common Criteria for Information Technology Security, Defense Information Infrastructure, IA product, IT security database, IT security policy, Identification Protocol, International Traffic in Arms Regulations, KMI operating account, MAC algorithm key, PIV issuer, POSIX, RED signal, SSO PIN, TCB subset, TEMPEST, Trusted Computer System Evaluation Criteria, U.S. person, Wassenaar Arrangement, abend, acceptable level of risk, acceptable risk, acceptance procedure, access, access control lists, access mediation, access with limited privileges, accountability, accounting legend code, accounting number, accreditation, accreditation disapproval, accreditation range, acquisition, acquisition strategy, active wiretapping, adequate security, agency, alarm surveillance, allocation, anonymous login, application, application generator, application proxy, approval/accreditation, assessment objective, assurance, attack, audit, audit/review, authentication, authentication protocol, authority, authorization, authorization (to operate), authorize processing, automated information system, automated security monitoring, availability service, backdoor, baseline, baseline configuration, baseline security, block cipher key, body of evidence, bot-network operators, boundary host, boundary protection, boundary protection device, breach, buffer overflow, business impact analysis, centralized authorization, centralized operations, certificate policy, certificate user, certification, certification agent or certifier, certification analyst, certification phase, chain of evidence, challenge-response protocol, chemical warfare, circuit proxy, closed security environment, cloud computing, commodity service, communications, communications security, compartment, compartmentalization, component, component reference monitor, compromise, compromised key list, computer security, configuration management, connection, console logon, console logs, contingency planning, continuity of services and operations, continuous monitoring, cookies, cost/benefit estimate, countermeasures, covert channel, credentials, critical elements, cross domain solution, cryptographic key, cryptographic system review, cryptographic token, cryptosystem review, cyberattack, cyberspace, cycle time, data historian, data management, database management system, decrypt, dedicated mode, dedicated security mode, default file protection, defense-in-depth, developer security, device distribution profile, digital watermarking, distributed database, distributed dataprocessing, disturbance, documentation, domain, domain name system, due care, electronic warfare, electronic warfare support, embedded cryptographic system, embedded system, enclave, encryption, encryption algorithm, entity-wide security, examine, exploitation, extensible, external network, fieldbus, filtering router, firewall, flaw hypothesis methodology, formal security policy model, formulary, full accreditation, general support system, granularity, handler, hardware and system software maintenance, hash token, high assurance guard, hijack attack, host to front-end protocol, human-machine interface, identification and authentication, incident response capability, independent assessment, independent validation authority, information, information assurance product, information category, information management, information owner, information security, information security program plan, information security testing, information sharing environment, information steward, information system, information systems security equipment modification, information technology, inspectable space, intellectual property, intelligent electronic device, interconnection security agreements, interface testing, interference, interim accreditation action plan, internal network, internet, internet protocol, internet protocol security, interview, isolation, kerberos, key, key management, key management infrastructure, key stream, key-escrow system, labeled security protections, lattice model, levels of concern, light tower, line conditioning, line conduction, local-area network, logical access, logical completeness measure, login, malicious logic, manipulated variable, media library, media protection, misappropriation, modes of operation, multi-releasable, national security information, national security system, naval coastal warfare, network, network administrator, network analyzer, network component, network connection, network management, network reference monitor, network security, non-repudiation, noncomputing security methods, object, official information, open security environment, operating system, operations security, optional modification, packet, packet filter, packet filtering, packet switching, pagejacking, password protected, penetration study, perimeter-based security, permissions, personnel security, photo eye, physical and environmental protection, physical security, physically isolated network, point-to-point tunneling protocol, policy, pre-certification phase, pressure regulator, privacy, privileged command, privileged instructions, privileged user, probe, procedural security, proof of possession protocol, protected distribution systems, protected network, protection philosophy, protection-critical portions of the TCB, protocol data unit, protocols, proximity, proxy server, public-key certificate, public-key infrastructure, random number generator, reference monitor, reference monitor concept, remote access, repair action, replay attacks, residual risk, restricted area, risk assessment, risk management, risk mitigation, risk reduction analysis, rule-based security policy, ruleset, safeguarding statement, safety, salt, sandboxed environment, sandboxing, scoping guidance, secure configuration management, secure operating system, secure subsystem, security, security attribute, security audit, security awareness, training, and education, security breach, security certification level, security kernel, security label, security management, security management infrastructure, security perimeter, security plan, security program plan, security safeguards, security service, security test & evaluation, security violation, security-relevant event, segregation of duties, sensitive compartmented information, sensitive information, sensitivity label, servo valve, session hijack attack, set point, short title, signaling, simple network management protocol, software library, software-based fault isolation, special access program, split knowledge, spoofing, stateful packet filtering, superuser, surrogate access, system, system administrator, system and data integrity, system development and acquisition, system interconnection, system of records, system security plan, system software, systems software, tailoring, tamper, technical security policy, technological attack, technology, terminal hijacking, test, thermostat, threat shifting, ticket, token authenticator, token management, tokens, topical areas, trace packet, transmission security, trapdoor, under sea warfare, unprotected network, user PIN, user data protocol, users, usurpation, verification, verification techniques, verifier, virtual private network, vulnerability, vulnerability assessment, wireless device,
control algorithm: IncludedBy:algorithm, control,
control center: IncludedBy:control,; Related:process,
control class: IncludedBy:control,; Related:operation, security,
control family: IncludedBy:control,; Related:security,
control identification list: IncludedBy:control, identification,; Related:critical, security,
control information: IncludedBy:control, cryptographic module, information,; Related:cryptographic, module, operation,
control loop: IncludedBy:control,; Related:function, process,
control network: IncludedBy:control, network,; Related:critical, process,
control objectives: IncludedBy:control, object, risk management,; Related:information,
control objectives for information and related technology: IncludedBy:control, information, object, technology,
control server: IncludedBy:control,; Related:application, control systems, system,
control systems: IncludedBy:control, system,; Includes:COMSEC Material Control System, Terminal Access Controller Access Control System, distributed control system, global command and control system, supervisory control and data acquisition,; Related:COMSEC material, acceptance procedure, accounting legend code, control server, controlled variable, cookies, login, machine controller, national security information, physical access control, programmable logic controller, salt, sensitive compartmented information,
control zone: IncludedBy:control, security,; Related:authorized, compromise, information, process,
controlled access area: IncludedBy:access, control,; Related:authorized, cipher, entry control,
controlled access program coordination office: IncludedBy:access,; Related:intelligence,
controlled access program oversight committee: IncludedBy:access,; Related:audit, evaluation, intelligence,
controlled access programs: IncludedBy:access,; Related:intelligence, security clearance,
controlled access protection: IncludedBy:access, control,; Related:assurance, audit, evaluation, function, resource, security, trust, users,
controlled area: IncludedBy:control,; Related:requirements,
controlled area/compound: Related:security, subject,
controlled building: Related:security, subject,
controlled cryptographic item: IncludedBy:control, cryptographic,; Related:classified, communications, information, requirements, telecommunications,
controlled information: Related:foreign, object, target,
controlled interface: IncludedBy:control, interface,; Related:flow, information, security, system,
controlled security mode: IncludedBy:control, multilevel security,; Related:access, access control, accreditation, classification levels, classified, information, operation, policy, requirements, risk, software, system, users, version, vulnerability,
controlled sharing: IncludedBy:access control, control,; Related:access, system,
controlled space: IncludedBy:control,; Related:access, access control, authorized,
controlled unclassified information: IncludedBy:classified,; Related:authorized,
controlled variable: IncludedBy:control,; Related:control systems, system,
controller: IncludedBy:control,; Related:program,
controlling authority: IncludedBy:authority, control,; Related:cryptography, key, operation,
conversion: IncludedBy:version,; Related:software,
cookies: IncludedBy:access control,; Related:access, application, association, attack, connection, control, control systems, denial-of-service, establishment, file, information, internet, internet protocol security, internet security protocol, message, privacy, profile, system, world wide web,
cooperative key generation: IncludedBy:key,; Related:encryption, function, random,
cooperative program personnel: Related:foreign,
cooperative remote rekeying: IncludedBy:key, rekey,
coordinated universal time: Related:GeneralizedTime, UTCTime,
core or key process: IncludedBy:key, process,; Related:business process,
core secrets: Related:compromise,
corporate family
corporate security policy: IncludedBy:policy, security policy,; Related:information, users,
corporation
correctness: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, integrity,; Includes:correctness integrity, correctness proof,; Related:analysis, computer security, criteria, evidence, fault, file, function, information, profile, program, property, requirements, security target, software, system, target, technology, users, verification,
correctness integrity: IncludedBy:correctness, integrity,; Related:information,
correctness proof: IncludedBy:correctness, security,; Related:system,
corroborate: IncludedBy:validate,
corruption: IncludedBy:threat consequence,; Related:function, operation, system,
cost reimbursement contract: IncludedBy:business process,
cost-risk analysis: IncludedBy:analysis, business process, risk analysis,; Related:assessment, compromise, cost/benefit analysis, system,
cost/benefit: IncludedBy:analysis, business process,; Related:cost/benefit analysis, cost/benefit estimate, function, program,
cost/benefit analysis: IncludedBy:analysis, business process,; Related:cost-risk analysis, cost/benefit, countermeasures, operation, process, risk, risk management, vulnerability,
cost/benefit estimate: IncludedBy:analysis,; Related:control, cost/benefit, process,
COTS software: IncludedBy:commercial-off-the-shelf, software,; Related:mass-market software, standard,; Synonym:commercial off-the-shelf software,
counter: Related:process,
counterintelligence: IncludedBy:intelligence,; Related:adversary, countermeasures, foreign, information, security, threat,
counterintelligence assessment: IncludedBy:assessment, intelligence,; Related:analysis, compromise, critical, foreign, risk, target, threat,
countermeasures: IncludedBy:risk management, threat,; Includes:electronic counter-countermeasures, electronic countermeasures, non-technical countermeasure, security countermeasures, technical countermeasures, technical surveillance countermeasures, technical surveillance countermeasures inspection, technical surveillance countermeasures surveys and evaluations,; Related:acceptable level of risk, adversary, alarm, analysis, anomaly detection, antivirus software, antivirus tools, asset, attack, benign, benign environment, checksum, compensating security controls, control, cost/benefit analysis, counterintelligence, firewall, function, information, information systems security engineering, internet, intrusion detection, intrusion prevention, key, layered solution, level of protection, management controls, object, operation, operational controls, operations security, operations security process, physical security, protective distribution system, protocols, residual risk, risk analysis, risk assessment, robustness, security audit, security controls, security safeguards, security software, security testing, system, system security authorization agreement, technical controls, technology, threat analysis, threat assessment, virus definitions, vulnerability, vulnerability assessment, work factor,
country code: IncludedBy:code,; Related:domain, standard,
courier: Related:authorized, classified,
cover: Related:adversary,
cover-coding: Related:information, risk,
coverage: Related:test,
covert: Includes:covert channel, covert channel analysis, covert operation, covert storage channel, covert testing, covert timing channel,; Related:RED team, bandwidth, confinement channel, espionage, exploitable channel, flooding, leakage, malware, overt channel, rootkit, sniffer,
covert channel: Antonym:overt channel, security-compliant channel,; IncludedBy:channel, covert, exploitable channel,; Includes:covert storage channel, covert timing channel,; PreferredFor:storage channel, timing channel,; Related:access, access control, authorization, authorized, communications, computer security, confinement channel, control, entity, exploit, information, insider, policy, process, resource, response, security, system,
covert channel analysis: IncludedBy:analysis, covert,; Related:access, access control, authorized, information, policy, program, security, unauthorized access,
covert operation: IncludedBy:covert,; Related:clandestine operation, identity,
covert storage channel: IncludedBy:channel, covert, covert channel,; Includes:subject,; Related:process, resource, security,
covert testing: IncludedBy:covert, test,; Related:management,
covert timing channel: IncludedBy:channel, covert, covert channel,; Related:communications, confinement channel, information, policy, process, resource, response, security, system,
CPU time: IncludedBy:automated information system,; Related:process,
crack: IncludedBy:threat,; Includes:crack root, cracker, cracking,; Related:code, cryptography, passwords, security, system, users,
crack root: IncludedBy:crack,; Related:security, system,
cracker: IncludedBy:crack, hackers,; Related:access, access control, attack, authorization, communications, computer, information, intrusion, malicious, security, system, telecommunications,
cracking: IncludedBy:crack,; Related:computer, system,
crash: IncludedBy:threat,; Related:computer, failure, system,
credential service provider: Related:trust,
credentials: IncludedBy:certification authority,; Includes:digital certificate, identity credential, identity credential issuer, ticket,; Related:access, access control, authentication, authority, authorization, certificate, control, entity, evidence, identity, information, model, object, security testing, standard, system, test,
credentials service provider: Related:entity, registration, trust,
credit check: Related:security, subject,
criminal: IncludedBy:illegal,; Includes:criminal activity, criminal groups,; Related:Defense Travel Briefing, attack, dark-side hacker, derogatory information, hybrid threat, hybrid warfare, local agency check, phishing, report of investigation, security environment threat list, threat, vishing,
criminal activity: IncludedBy:criminal,; Related:foreign,
criminal groups: IncludedBy:criminal, threat,; Related:attack, entity, fraud, identity, system, theft,
crisis management: IncludedBy:risk management,
criteria: Includes:Canadian Trusted Computer Product Evaluation Criteria, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, DoD Trusted Computer System Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria Vol. I, Federal Criteria for Information Technology Security, IT Security Evaluation Criteria, Information Technology Security Evaluation Criteria, NIAP Common Criteria Evaluation and Validation Scheme, Trusted Computer System Evaluation Criteria, acceptance criteria, common criteria, common criteria version 1.0, common criteria version 2.0, criteria of control, evaluation criteria,; Related:British Standard 7799, FIPS approved security method, Federal Standard 1027, IT Security Evaluation Methodology, IT security certification, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Orange book, Red book, Scope of Accreditation, Yellow book, acceptance testing, accreditation, accreditation range, assurance, assurance level, audit, authentication, beyond A1, certification, certified TEMPEST technical authority, component extensibility, component hierarchy, component operations, computer, computer security, correctness, descriptive top-level specification, designated, designated laboratories list, designating authority, designation policy, ethernet sniffing, evaluated products list, evaluated system, evaluation, evaluation assurance level, evaluation pass statement, evaluator actions, firewall, information, interpretation, national information assurance partnership, national security system, network component, non-repudiation policy, protection profile, rainbow series, requirements for content and presentation, requirements for evidence, requirements for procedures and standards, risk evaluation, scheme, security, security policy model, security target, sensitive information, target of evaluation, technology, technology area, test case generator, test method, test strategy, testability, trust, trusted functionality, trusted gateway, trusted network interpretation, validated products list, validation report,
criteria of control: IncludedBy:control, criteria,
critical: IncludedBy:risk,; Includes:Protected Critical Infrastructure Information (PCII), critical and sensitive information list, critical asset, critical design review, critical elements, critical financial markets, critical information, critical infrastructure information, critical infrastructures, critical mechanism, critical nuclear weapon design information, critical path method, critical program information, critical security parameters, critical system, critical system files, criticality, criticality assessment, criticality level, criticality/sensitivity, mission critical, mission critical system, protection-critical portions of the TCB, safety-critical software, security-critical mechanisms, technology critical,; Related:COMSEC boundary, Defense Security Service, Suite A, X.509, acceptable level of risk, access, access control, accesses, accreditation disapproval, advanced persistent threats, adversary, adversary collection methodology, alert, anti-tamper, attack, audit, authentication, automated security monitoring, availability, banking and finance, business process reengineering, capability, certificate, certificate policy, certificate validation, class 2, 3, 4, or 5, code amber, code red, compromise, contingency plan, contingency planning, continuity of services and operations, control identification list, control network, counterintelligence assessment, data owner, denial-of-service, destruction, disaster recovery plan, electrical power systems, emergency services, essential secrecy, firewall, function, gas and oil production, storage and transportation, hackers, hot site, incapacitation, information and communications, information security, infrastructure assurance, infrastructure protection, intent, interim accreditation action plan, legacy systems, letter of compelling need, levels of concern, line managers, mandatory access control, national computer security assessment program, national information infrastructure, national security system, natural disaster, network security, non-repudiation service, operations security, operations security indicator, operations security process, partnership, physical protection, physical security, process, protected information, public confidence, public-key infrastructure, reconstitution, remediation, resource, risk analysis, risk assessment, scenario, sector coordinator, sector liaison, security environment threat list, security label, security policy, security strength, semantics, sensitive activities, sensitive position, significant change, single loop controller, single scope background investigation - periodic reinvestigation, special access program, spoofing, system, system retention/backup, terrorists, threat, transportation, users, vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit, water supply system, world class organizations,
critical and sensitive information list: IncludedBy:critical, sensitive information,
critical asset: IncludedBy:critical,; Related:security, vulnerability,
critical design review: IncludedBy:critical,; Related:requirements,
critical elements: IncludedBy:critical,; Related:control, security, system,
critical financial markets: IncludedBy:critical,; Related:foreign, operation,
critical information: IncludedBy:critical,; Related:object,
critical infrastructure information: IncludedBy:critical,
critical infrastructures: IncludedBy:critical, risk management,; Includes:banking and finance, code amber, code green, code red, electrical power systems, emergency services, gas and oil production, storage and transportation, information and communications, infrastructure protection, transportation, utility, water supply system,; Related:capability, cyberspace, destruction, government services, incapacitation, infrastructure assurance, natural disaster, operation, partnership, risk assessment, sector coordinator, sector liaison, system,
critical mechanism: IncludedBy:critical, target of evaluation,; Related:failure, security, target,
critical nuclear weapon design information: IncludedBy:critical,
critical path method: IncludedBy:critical,
critical program information: IncludedBy:critical,; Related:access, compromise,
critical security parameters: IncludedBy:critical, security policy,; Related:authentication, compromise, cryptographic, cryptography, information, key, module, passwords,
critical system: IncludedBy:critical, system,; Includes:critical system files,; Related:access, access control, authorized, information, security,
critical system files: IncludedBy:critical, critical system, file, system,; Related:application, damage, integrity, key, security, software,
criticality: IncludedBy:critical,; Related:function, information, system, threat,
criticality assessment: IncludedBy:assessment, critical,; Related:entity, function, operation, resource, risk assessment, security, system,
criticality level: IncludedBy:critical,
criticality/sensitivity: IncludedBy:critical,; Related:information, operation, process, system,
cross domain solution: IncludedBy:domain,; Related:access, assurance, control, information, security,
cross site scripting: Related:attack, target, vulnerability,
cross-certificate: IncludedBy:certificate,; Related:certification, cross-certification, trust,
cross-certification: IncludedBy:certification authority,; Related:certificate, cross-certificate, key, process, public-key, users, validate,
cross-domain capabilities: Related:security,
cross-talk: Related:communications,
cryptanalysis: IncludedBy:analysis, threat consequence,; Related:algorithm, attack, cipher, cryptographic, cryptography, encryption, key, key management, message, operation, process, security, system,
CRYPTO: Related:classified, communications, communications security, cryptographic, cryptography, identify, information, key, telecommunications,
crypto officer: Related:management,
crypto-alarm: IncludedBy:cryptography,; Related:operation,
crypto-ancillary equipment: IncludedBy:cryptography,; Related:cryptographic, function, operation,
crypto-ignition key: IncludedBy:key,
crypto-ignition plug: IncludedBy:cryptography,
crypto-security: IncludedBy:communications security,; Related:cryptographic system, system,
cryptographic: IncludedBy:cryptography,; Includes:Cryptographic Application Program Interface, Cryptographic Message Syntax, asymmetric cryptographic algorithm, asymmetric cryptographic technique, controlled cryptographic item, cryptographic algorithm, cryptographic algorithm for confidentiality, cryptographic application programming interface, cryptographic boundary, cryptographic card, cryptographic check function, cryptographic check value, cryptographic component, cryptographic device services, cryptographic equipment room, cryptographic functions, cryptographic hash function, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptographic key component, cryptographic key management system, cryptographic logic, cryptographic module, cryptographic module security policy, cryptographic officer, cryptographic randomization, cryptographic service, cryptographic service providers, cryptographic strength, cryptographic synchronization, cryptographic system, cryptographic token, embedded cryptographic system, endorsed cryptographic products list, endorsed for unclassified cryptographic information, endorsed for unclassified cryptographic item, rapid automatic cryptographic equipment, symmetric cryptographic technique,; Related:CAPSTONE chip, CCI assembly, CCI component, CCI equipment, CKMS, COMSEC material, CRYPTO, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Distributed Authentication Security Service, FIPS PUB 140-1, FIPS approved security method, Fortezza, International Traffic in Arms Regulations, MD2, MD4, MD5, PC card, PKCS #11, RED/BLACK separation, RSA algorithm, Rivest-Shamir-Adleman algorithm, S/Key, The Exponential Encryption System, Type 1 key, Type 2 key, Type 4 key, Type 4 product, Type I cryptography, Type II cryptography, Type III cryptography, active state, advanced encryption standard, algorithm, algorithm transition, archive, asymmetric encipherment system, asymmetric signature system, attribute certificate, authentication code, authentication protocol, authorized vendor program, automated key distribution, benign, binding, block chaining, break, certificate domain parameters, challenge-response protocol, check word, checksum, cipher, cipher text auto-key, ciphertext-only attack, class 2, 3, 4, or 5, code, common security, communications security, compromise, compromised state, control information, critical security parameters, cryptanalysis, crypto-ancillary equipment, cryptographic equipment, cryptonet, cryptoperiod, cryptosynchronization, cyclic redundancy check, data authentication code, data encryption key, data encryption standard, data items' representation, data key, deactivated state, decipher, decrypt, digital key, digital signature, digital signature algorithm, domain of interpretation, effective key length, electronic key entry, embedded cryptography, encipher, encipherment, encrypt, encrypted key, encryption, encryption algorithm, encryption certificate, end-to-end encryption, end-to-end security, environmental failure protection, environmental failure testing, escrow, garbled, generation, hardware, hash, hash function, hash value, hashed message authentication code, initialization value, initialization vector, initialize, input data, integrity check, interface, internetwork private line interface, key, key distribution, key entry, key generation, key generator, key length, key lifecycle state, key loader, key management, key management infrastructure, key management/exchange, key output, key owner, key recovery, key space, key updating, key-auto-key, key-encrypting key, key-escrow, keyed hash, keying material, known-plaintext attack, manual cryptosystem, manual key distribution, manual key entry, message authentication code, message authentication code algorithm, message digest, message digest algorithm 5, metadata, mode of operation, non-repudiation, one-time passwords, one-way encryption, one-way function, operations manager, operator, output data, parameters, personal identity verification, personal identity verification card, personal security environment, personalization service, physical protection, plaintext key, port, pretty good privacy, private key, protected channel, public-key, public-key forward secrecy, public-key infrastructure, public-key system, random, recover, rekey, retrieval, revoked state, salt, scheme, secret key, secret-key cryptography, secure hash algorithm, secure hash standard, secure hypertext transfer protocol, security event, security strength, session key, shared secret, signature certificate, signature system, simple network management protocol, split key, split knowledge, status information, strong authentication, symmetric encryption algorithm, symmetric key, tamper, time-stamp token, tokens, transport, trapdoor, trusted path, trusted platform module chip, tunneled password protocol, type 1 products, type 2 product, type 3 key, type 3 product, unforgeable, updating, validate, validate vs. verify, verification key, work factor, zeroize,
cryptographic alarm
cryptographic algorithm: IncludedBy:algorithm, cryptographic,; Related:authentication, cipher, digital signature, encryption, hash, key, process, signature,
cryptographic algorithm for confidentiality: IncludedBy:algorithm, confidentiality, cryptographic,; Related:information,
Cryptographic Application Program Interface: IncludedBy:application, cryptographic, encryption, interface, program, security,; Related:computer, function, standard,
cryptographic application programming interface: IncludedBy:application, cryptographic, interface, program, software,; Related:access, access control, code,
cryptographic binding
cryptographic boundary: IncludedBy:boundary, cryptographic, cryptographic module,; Includes:physical protection,; Related:module, software,
cryptographic card: IncludedBy:cryptographic, tokens,
cryptographic check function: IncludedBy:cryptographic, function,; Related:key,
cryptographic check value: IncludedBy:cryptographic,; Related:function, information,
cryptographic component: IncludedBy:cryptographic,; Related:hash, system,
cryptographic device services: IncludedBy:cryptographic,
cryptographic equipment: IncludedBy:cryptography,; Related:cryptographic,
cryptographic equipment room: IncludedBy:cryptographic,; Related:access control, cryptographic system,
cryptographic functions: IncludedBy:cryptographic, encryption, function, key,; Related:algorithm, message, random,
cryptographic hash function: IncludedBy:cryptographic, function, hash,; Related:domain, hash function, process,
cryptographic ignition key: IncludedBy:cryptographic, key,; Related:encryption, module, tokens,
cryptographic initialization: IncludedBy:cryptographic,; Related:encryption, function, key,
cryptographic key: IncludedBy:cryptographic, key,; Related:adversary, algorithm, authentication, authorized, cipher, code, control, encipherment, encryption, operation, process, random, requirements, signature, verification,
cryptographic key component: IncludedBy:cryptographic, key,; Related:operation,
cryptographic key management system: IncludedBy:cryptographic, key management, system,; Related:backup, metadata, revocation,
cryptographic logic: IncludedBy:cryptographic,; Related:algorithm, process,
cryptographic material
Cryptographic Message Syntax: IncludedBy:cryptographic, message,; Related:certificate, digital signature, encryption, hash, key, key management, public-key infrastructure, signature,
cryptographic module: IncludedBy:cryptographic, module,; Includes:control information, cryptographic boundary, cryptographic module security policy, data path, firmware, hardware, input data, microcode, operator, output data,; Related:algorithm, boundary, establishment, function, key, process, security, software,
cryptographic module security policy: IncludedBy:cryptographic, cryptographic module, module, policy, security policy,; Related:requirements, standard,
cryptographic net
cryptographic officer: IncludedBy:cryptographic, officer,; Related:authorized, function,
cryptographic period
cryptographic product: Related:software, trust,
cryptographic randomization: IncludedBy:cryptographic, random,; Related:function,
cryptographic security: IncludedBy:security,
cryptographic service: IncludedBy:common data security architecture, cryptographic,; Related:encryption, function, hash, key, module, random, software,
cryptographic service providers: IncludedBy:common data security architecture, cryptographic,
cryptographic strength: IncludedBy:cryptographic,; Related:operation,
cryptographic synchronization: IncludedBy:cryptographic,; Related:cipher, encipherment, process,
cryptographic system: IncludedBy:cryptographic, system,; Includes:cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, elliptic curve cryptosystem, embedded cryptographic system, manual cryptosystem, off-line cryptosystem, on-line cryptosystem, one-time cryptosystem,; PreferredFor:cryptosystem,; Related:algorithm, application, assurance, asymmetric cryptographic technique, authentication system, cipher, crypto-security, cryptographic equipment room, digital signature, encryption, encryption strength, hash, key, key management, key stream, message indicator, one-time pad, one-time tape, private key, process, public-key, signature, system indicator, traffic-flow security,
cryptographic system analysis
cryptographic system evaluation: IncludedBy:evaluation,
cryptographic system review: Related:control,
cryptographic system survey: Related:evaluation, management,
cryptographic token: IncludedBy:cryptographic, tokens,; Related:algorithm, control, function, information, key, key management, module, random, users,
cryptography: Includes:FIPS-Validated Cryptography, NSA-approved cryptography, National Cryptologic School, Type I cryptography, Type II cryptography, Type III cryptography, asymmetric cryptography, cipher feedback, computer cryptography, crypto-alarm, crypto-ancillary equipment, crypto-ignition plug, cryptographic, cryptographic equipment, cryptonet control station, cryptosynchronization, elliptic curve cryptography, embedded cryptography, encipherment algorithm, encrypt, manual cryptosystem, minimalist cryptography, private-key cryptography, public-key cryptography, public-key cryptography standards, secret-key cryptography, symmetric cryptography, synchronous crypto-operation,; Related:BLACK, CAPSTONE chip, CCI assembly, CCI component, CCI equipment, COMSEC equipment, COMSEC material, CRYPTO, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Diffie-Hellman, Digital Signature Standard, Distributed Authentication Security Service, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, FIPS PUB 140-1, FIREFLY, Generic Security Service Application Program Interface, IEEE P1363, International Traffic in Arms Regulations, Internet Security Association and Key Management Protocol, MD2, MD4, MD5, MIME Object Security Services, PC card, RED/BLACK separation, The Exponential Encryption System, access control center, algorithm, attribute certificate, authentication, authentication code, authentication system, authorized, authorized vendor, benign, binding, break, brute force attack, certificate domain parameters, check word, checksum, chosen-plaintext attack, cipher, cleartext, code, code division multiple access, cold start, communications, communications security, compromise, controlling authority, crack, critical security parameters, cryptanalysis, cryptology, cut-and-paste attack, cyclic redundancy check, data driven attack, data items' representation, digital signature, domain of interpretation, emissions security, encipherment, encryption, end entity, end-to-end security, entity, environmental failure protection, environmental failure testing, extraction resistance, feedback buffer, fill device, hash, hash function, hashed message authentication code, hybrid encryption, identity, information, initialize, integrity check, intelligent threat, interface, kerberos, key, key agreement, key center, key distribution center, key management, key pair, key translation center, known-plaintext attack, message, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message indicator, modulus, national security system, non-repudiation, one-time pad, one-time passwords, one-time tape, one-way function, operations manager, out-of-band, permuter, personal security environment, personalization service, port, pretty good privacy, primary account number, privacy, private key, public-key, public-key forward secrecy, public-key infrastructure, quadrant, random, rekey, scavenging, seal, secure hash standard, secure socket layer, security, security event, semantic security, shared secret, signature, simple network management protocol, status information, steganography, strong authentication, system indicator, ticket, time-stamp token, token storage key, traffic analysis, traffic padding, traffic-flow security, trapdoor, trusted path, two-person control, unforgeable, updating, user partnership program, validate vs. verify, work factor, wrap, zeroize,
cryptologic
cryptologic information system
cryptology: Related:analysis, communications, cryptography, intelligence, security,
cryptonet: Related:algorithm, cryptographic, key, system,
cryptonet control station: IncludedBy:control, cryptography,
cryptonet key: IncludedBy:key,
cryptoperiod: Related:algorithm, analysis, authorized, certificate, cryptographic, key, process, public-key, public-key infrastructure, rekey, risk, system,
cryptosynchronization: IncludedBy:cryptography,; Related:cryptographic, process,
cryptosystem: HasPreferred:cryptographic system,
cryptosystem analysis: IncludedBy:analysis, cryptographic system, system,; Related:process,
cryptosystem evaluation: IncludedBy:cryptographic system, evaluation, system,; Related:process, vulnerability,
cryptosystem review: IncludedBy:cryptographic system, system,; Related:authority, control,
cryptosystem survey: IncludedBy:cryptographic system, system,; Related:evaluation, information,
cultural assumptions: Related:function,
custodian: Related:classified,
customer: HasPreferred:users,
customer/contractor-supplied software: IncludedBy:software,
cut-and-paste attack: IncludedBy:attack,; Related:cipher, cryptography, integrity,
cyber: HasPreferred:cyberspace,
cyber crime: HasPreferred:cybercrime,
cyber espionage: IncludedBy:cyberspace, espionage,
cyber incident: IncludedBy:cyberspace, incident,
cyber infrastructure: IncludedBy:cyberspace,
cyber security: HasPreferred:cybersecurity,
cyber space: HasPreferred:cyberspace,
cyber system: IncludedBy:cyberspace,
cyberattack: IncludedBy:attack, cyberspace,; Related:control, information, software, technology, vulnerability,
cybercrime: IncludedBy:cyberspace,; PreferredFor:cyber crime,; Related:espionage,
cybersecurity: IncludedBy:cyberspace, security,; PreferredFor:cyber security,; Related:application, assurance, attack, communications, information, risk, risk management, system, telecommunications, users,
cyberspace: IncludedBy:internet,; Includes:cyber espionage, cyber incident, cyber infrastructure, cyber system, cyberattack, cybercrime, cybersecurity, cyberspace operations,; PreferredFor:cyber, cyber space,; Related:US-CERT, advanced persistent threats, blue team, common vulnerabilities and exposures, communications, computer, computer incident response team, control, critical infrastructures, entity-wide security, incident response plan, information, nations, process, risk, system, technology, telecommunications, zero-day exploit,
cyberspace operations: IncludedBy:cyberspace,; Related:computer, computer network, information, object,
cycle time: Related:algorithm, control, process,
cyclic redundancy check: Related:algorithm, code, cryptographic, cryptography, hash, integrity, protocols,
cyclical redundancy check
daemon: Related:process, system,
damage: Includes:damage assessment, damage to physical assets, damage to the national security,; Related:TOP SECRET, adversary, application data backup/recovery, back up vs. backup, biological warfare, classification levels, computer abuse, confidential, continuity of operations plan, critical system files, directed-energy warfare, disaster recovery plan, disruption, emergency action plan, emergency response, environmentally controlled area, hackers, high impact, impact, infrastructure assurance, insider, joint task force-computer network defense, least privilege, logic bombs, low impact, malicious code, moderate impact, physical security, recover, safety, secret, sensitive information, system safety, technical vulnerability, terrorists, threat, threat assessment, token backup, toluene,
damage assessment: IncludedBy:assessment, damage,; Related:analysis, authorized, classified, security,
damage to physical assets: IncludedBy:damage, operational risk loss,
damage to the national security: IncludedBy:damage, security,; Related:authorized, foreign,
dangling threat: IncludedBy:threat,; Related:vulnerability,
dangling vulnerability: IncludedBy:vulnerability,; Related:risk,
dark-side hacker: IncludedBy:threat,; Related:criminal, malicious,
data: IncludedBy:automated information system,; Related:computer, information, process,
data administration: IncludedBy:automated information system,
data aggregation: IncludedBy:automated information system,; Related:adversary, classified, information, system,
data architecture: IncludedBy:automated information system,; Related:information, process,
data asset: Related:access,
Data Authentication Algorithm: IncludedBy:algorithm, authentication,; Related:cipher, function, hash, key,
data authentication code: IncludedBy:National Institute of Standards and Technology, authentication, code, integrity,; Related:algorithm, cryptographic, function, hash function, key, message, standard,; Synonym:message authentication code,
data authentication code vs. Data Authentication Code: IncludedBy:authentication, code,; Related:algorithm, hash, key, message, message authentication code, standard,
data communications: IncludedBy:communications,; Related:information, system,
data compromise: IncludedBy:compromise, incident,; Related:access, access control, authorized, information, security, security incident, unauthorized access,
data confidentiality: IncludedBy:confidentiality, data privacy,; Related:authorized, confidence, entity, information, process, property, system,
data confidentiality service: IncludedBy:confidentiality,; Related:authorized, security,
data contamination: IncludedBy:automated information system,; Related:integrity, process,
data control language: IncludedBy:automated information system, control,
data custodian: Related:information, owner,
data definition language: IncludedBy:automated information system,
data dictionary: IncludedBy:automated information system,; Related:application, file, program,
data diddling: IncludedBy:attack,
data driven attack: IncludedBy:attack,; Related:code, cryptography, process, software, system, users,
data element
data encryption algorithm: IncludedBy:algorithm, encryption, symmetric cryptography,; Related:cipher, key, standard,
data encryption key: IncludedBy:encryption, key,; Includes:data key,; Related:application, cipher, cryptographic, integrity, message, signature,
data encryption security association type indicator: IncludedBy:security,
data encryption standard: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, encryption, key, standard, symmetric algorithm,; Includes:initialization vector,; Related:algorithm, classified, computer, cryptographic, function, information, integrity, message, policy, process, technology,
data flow control: IncludedBy:control, flow,; Related:information,
data flow diagram: IncludedBy:automated information system, flow,
data historian: Related:analysis, control, process,
data input: IncludedBy:automated information system,; Related:domain, function, key, message, process, signature,
data integrity: IncludedBy:data security, integrity,; Related:authorized, computer, confidence, destruction, entity, information, malicious, process, property, quality, subject, trust,
data integrity service: IncludedBy:integrity,; Related:access, access control, association, authentication, authorized, entity, identity, malicious, security, system, users, verification,
data items' representation: Related:cryptographic, cryptography, hash,
data key: IncludedBy:data encryption key, key, key recovery,; Related:authentication, cryptographic, process,
data loss
data management: IncludedBy:automated information system,; Related:access, access control, computer, control,
data manipulation language: IncludedBy:automated information system,
data origin authentication: IncludedBy:authentication,; Related:verification,
data origin authentication service: IncludedBy:authentication,; Related:association, connection, digital signature, entity, identity, integrity, key, public-key, signature, system,
data owner: IncludedBy:owner,; Related:critical,
data path: IncludedBy:cryptographic module,
data privacy: IncludedBy:data security, privacy,; Includes:data confidentiality,; Related:assurance, confidentiality,
data processing: IncludedBy:automated information system, process,; Related:computer, program,
data reengineering: IncludedBy:automated information system,; Related:process, system,
data security: IncludedBy:security,; Includes:data integrity, data privacy,; Related:authorized, confidentiality, integrity,
data source: Includes:users,; Related:connection, firewall, interface, network,
data storage: IncludedBy:automated information system,; Related:authority, information,
data string: Related:function, hash,
data structure: IncludedBy:automated information system,
data synchronization: Related:automated information system, file, information,
data transfer device: Related:communications security, key, program, system,
data validation: IncludedBy:automated information system, validation,
database: Related:information, process,
database administration: IncludedBy:automated information system,
database management system: IncludedBy:system,; Includes:consistency, metadata, transaction, view, view definition,; Related:Directory Access Protocol, computer, control, function, information, integrity, retrieval, security, software, users,
database server: Related:information,
datagram: Related:entity, establishment, information, network,
dc servo drive: Related:code,
DD 254 - Final: Related:authorized, classified, requirements, security,
DD 254 - Original: Related:classified, requirements, security,
deactivated state: Antonym:active state,; IncludedBy:key lifecycle state,; Related:cryptographic, key, lifecycle, process,
dead bolt
deadlock: IncludedBy:threat,; Related:process,; Synonym:deadly embrace,
deadlocking panic hardware
deadly embrace: IncludedBy:threat,; Related:process,; Synonym:deadlock,
debilitated: IncludedBy:risk,
debriefing: Related:access,
debug: Related:computer, fault, software,
debugger
debugging: IncludedBy:automated information system,
deception: IncludedBy:threat consequence,; Related:adversary, authorized, case officer, communications, denial, entity, evidence, telecommunications,
decertification: IncludedBy:certification,; Related:revocation,
decibel
decipher: IncludedBy:cipher,; Related:cryptographic, key, system,
decipherment: IncludedBy:cipher,; Related:encipherment,
decision support systems: IncludedBy:system,
declassification: Related:authorized, classified,
declassification authority: Related:classified,
declassification guide: Related:security,
declassification of AIS storage media: Includes:automated information system, subject,; Related:security,
decode: IncludedBy:code,
decomposition: IncludedBy:protection profile,; Related:file, process, profile,
decrypt: Related:algorithm, application, cipher, code, control, cryptographic, encryption, information, key,
decryption: Antonym:encryption,; Related:cipher, encipherment, process,
dedicated loop encryption device: IncludedBy:encryption,
dedicated mode: Related:access, access control, classified, computer security, control, information, operation, process, program, security, system, users,
dedicated security mode: IncludedBy:modes of operation, security,; Related:accreditation, authorization, classification levels, classified, control, information, operation, policy, process, system, system-high security mode, users,
default account: Related:access, access control, computer, login, passwords, system, users,
default classification: IncludedBy:classification levels, classified,; Includes:object,; Related:process, system,
default file protection: IncludedBy:access control, file,; Related:access, control, owner, system,
defect: IncludedBy:risk,; Related:bug, failure, fault, requirements,
defense: Related:confidence, threat,
defense articles
Defense Central Index of Investigations: Related:security,
Defense Central Security Index: IncludedBy:security,; Related:access, authorized, classified,
defense communications system: IncludedBy:communications, system,
defense courier service
Defense Industrial Security Clearance Office: IncludedBy:security,
Defense Information Infrastructure: IncludedBy:information,; Related:application, command and control, communications, computer, control, intelligence, network, process, security, system, telecommunications, users,
Defense Information System Network: IncludedBy:information, network, system,
Defense Information Systems Network: IncludedBy:network,; Related:classified, requirements, security, users,
Defense Information Systems Network Designated Approving Authority: IncludedBy:network,; Related:intelligence, risk, security,
defense message system: IncludedBy:message, system,
Defense Office of Hearings and Appeals
Defense Personnel Exchange Program: Related:foreign,
Defense Security Service: IncludedBy:security,; Related:critical, intelligence,
Defense Security Service Personnel Investigations Center: IncludedBy:security,
Defense Services: Related:foreign,
defense switched network: IncludedBy:network,
Defense Travel Briefing: Related:criminal, security, target,
Defense Treaty Inspection Readiness Program: Related:security,
defense-in-breadth: Related:development, risk,
defense-in-depth: IncludedBy:security,; Related:application, assurance, attack, availability, confidence, confidentiality, control, information, integrity, operation, resource, risk, system, technology,
defense-wide information assurance program: IncludedBy:information, information assurance, program,; Related:authentication, availability, confidentiality, integrity, non-repudiation, resource,
Defensive Information Operations: IncludedBy:information, operation,; Related:access, access control, assurance, exploit, information assurance, intelligence, process, security, system, technology,
degauss: IncludedBy:erasure,; Includes:degaussing,; Related:application, process,
degausser: IncludedBy:National Security Agency, degausser products list,; Related:computer security, information, system,
degausser products list: IncludedBy:Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership,; Includes:degausser,; Related:computer security, information, system,
degaussing: IncludedBy:degauss,
degrees of freedom: Related:random,
delegated accrediting authority: IncludedBy:authority,
delegated development program: IncludedBy:development, program,; Related:communications, telecommunications,
delegation: IncludedBy:authorization,
delegation of disclosure authority letter: Related:authorized, foreign, subject,
delete access: IncludedBy:access,; Related:program,
deleted file
deliberate compromise of classified information: IncludedBy:classified, compromise,; Related:authorized, object,
deliberate exposure: IncludedBy:threat consequence,; Related:authorized, entity,
deliverable: Related:assessment, assurance, file, object, process, profile, security, security target, standard, system, target,
deliverables list: IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership, target of evaluation,; Related:IT security, computer security, security, security target, target,
delivery: IncludedBy:target of evaluation,; Related:process, target,
delivery authority: IncludedBy:authority,; Related:evidence, trust,
delta CRL: IncludedBy:public-key infrastructure,; Related:X.509, certificate, revoked state,
demand assigned multiple access: IncludedBy:access,
demilitarized zone: IncludedBy:firewall,; Includes:protected network, unprotected network,; Related:access, access control, assurance, attack, computer, information, internet, policy, resource, ruleset, security, trust,
demon dialer: IncludedBy:attack,; Related:access, access control, authorized, denial-of-service, malicious, program,
denial: Related:deception, denial-of-service,
denial time: Related:risk,
denial-of-service: IncludedBy:attack, exploit, incident,; Includes:distributed denial-of-service,; PreferredFor:interdiction,; Related:Automated Information System security, ICMP flood, SYN flood, access, access control, application, authorized, availability, availability service, bot-network operators, computer, computer abuse, cookies, critical, demon dialer, denial, function, information systems security, internet, letterbomb, logic bombs, message, operation, ping of death, resource, smurf, spam, system, tamper, users,
deny by default: Related:malware, router, security,
Department of Defense Components
Department of Defense Information System
Department of Defense National Agency Check Plus Written Inquiries: Related:access, security,
department/agency/organization code
dependency: IncludedBy:trusted computing base,; Related:object, requirements,
depends: IncludedBy:trusted computing base,
depot maintenance: IncludedBy:full maintenance,
depth
derf: IncludedBy:threat,; Related:exploit, terminal hijacking,
derivative classification: Related:classified,
derogatory information: Related:connection, criminal, foreign, security, trust,
descriptive top-level specification: IncludedBy:top-level specification,; Related:computer, criteria, evaluation, information, system, trust,
design controlled spare parts: IncludedBy:control,; Related:communications security,
designated: Related:IT security, authorized, computer security, criteria, evaluation, security, validation,
designated accrediting authority: IncludedBy:authority,; Related:risk,
designated approval authority: IncludedBy:authority,; Related:risk, system,
designated approving authority: IncludedBy:accreditation, authority, risk,; Includes:automated information system,; Related:information, network, operation, system,
designated approving authority representative: Related:requirements, security,
designated disclosure authority: Related:classified,
designated intelligence disclosure official: IncludedBy:intelligence,; Related:foreign,
designated laboratories list: IncludedBy:Common Criteria Testing Laboratory, national information assurance partnership,; Related:IT security, authorized, computer security, criteria, evaluation, security, validation,
designating authority: IncludedBy:Common Criteria Testing Laboratory, authority,; Related:criteria, evaluation, validation,
designation policy: IncludedBy:Common Criteria Testing Laboratory, policy,; Related:application, criteria, evaluation, process, requirements, security, validation,
designer: Related:authority, system,
destroyed: HasPreferred:destruction,
destroyed compromised state: IncludedBy:compromise, destruction, key lifecycle state,; Related:key, lifecycle, metadata,
destroyed state: IncludedBy:destruction, key lifecycle state,; Related:key, lifecycle, metadata,
destroying: HasPreferred:destruction,
destruction: IncludedBy:risk,; Includes:destroyed compromised state, destroyed state,; PreferredFor:destroyed, destroying,; Related:Rivest-Shamir-Adleman algorithm, certificate management, critical, critical infrastructures, data integrity, erasure, garbled, integrity, key lifecycle state, key management, one-time pad, recover,
detailed design: IncludedBy:software development, target of evaluation,; Related:process, target,
detectable actions
determination authority: Related:access, intelligence,
deterministic: Related:random,
deterrence: Related:accountability, fear, uncertainty, or doubt,
developer: IncludedBy:target of evaluation,; Related:system, target,
developer security: IncludedBy:security,; Related:control,
development: Includes:delegated development program, system development lifecycle,; Related:IT security training, administrative safeguards, advisory, certification test and evaluation, common control provider, configuration control board, continuous monitoring, defense-in-breadth, easter egg, environment, information system lifecycle, information system owner, maintenance hook, major information system, management controls, proprietary information, security engineering, system owner, traditional INFOSEC program, user partnership program,
development assurance: IncludedBy:assurance, development process,; Includes:software development methodologies,; Related:evidence, operation, process, requirements, test,
development assurance component: IncludedBy:assurance, component,; Related:requirements,
development assurance package: IncludedBy:assurance,
development assurance requirements: IncludedBy:assurance, requirements,; Related:evidence, file, process, profile,
development environment: IncludedBy:development process, target of evaluation,; Related:standard, target,
development process: IncludedBy:process, software development, target of evaluation,; Includes:development assurance, development environment, hierarchical decomposition, informal specification, security specifications, top-level specification, validation, verification,; Related:requirements, software, target,
deviation: Related:personnel security exceptions,
device distribution profile: Related:access, control, management,
device registration manager: Related:management, users,
diagnostics: Related:analysis, information,
dial back: Related:computer, connection, identify, system,
dial-up: Includes:dial-up line, dial-up security,; Related:communications, computer,
dial-up capability: Related:remote logon, standard, system, users,
dial-up line: IncludedBy:dial-up,; Related:communications, computer, internet, system,
dial-up security: IncludedBy:dial-up, security,; Related:computer,
diameter: Related:security,
dictionary attack: IncludedBy:attack,; Related:access, access control, authentication, encryption, key, message, password cracker, passwords, software, system, users,
differential power analysis
Diffie-Hellman: IncludedBy:asymmetric algorithm,; Related:algorithm, attack, authentication, cryptography, encryption, establishment, key, key management, operation, privacy, protocols, public-key,
diffie-hellman group: Related:encryption, key,
digest: HasPreferred:message digest,
digital certificate: IncludedBy:certificate, credentials, key,; Related:authority, backup, certification, computer, digital signature, entity, identity, object, public-key, security, signature,
digital certification: IncludedBy:certification,; Related:key, public-key,
digital document: Related:automated information system, information, object,
digital envelope: Related:algorithm, confidentiality, encryption, key, message, public-key,
digital evidence
digital forensics: Related:analysis, application, identification, information, integrity,
digital id: IncludedBy:public-key infrastructure,; Related:authentication, certificate, entity, identification, identity, information, key, public-key,
digital key: IncludedBy:key,; Related:cryptographic,
digital notary: Related:digital signature, signature, trust,
digital signature: IncludedBy:key, public-key infrastructure, signature,; Includes:Digital Signature Standard, digital signature algorithm,; Related:ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman algorithm, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, algorithm, archive, asymmetric cryptography, attribute certificate, authentic signature, authenticate, authentication, backup, bind, brand CRL identifier, certificate, certificate validation, certification path, computer, cryptographic, cryptographic algorithm, cryptographic system, cryptography, data origin authentication service, digital certificate, digital notary, digitized signature, dual signature, electronic signature, elliptic curve cryptography, encryption, encryption certificate, end entity, entity, file, function, hash, identity, information, integrity, invalidity date, key pair, merchant certificate, message, network, no prior relationship, non-repudiation, object, operation, personality label, pre-signature, pretty good privacy, private signature key, process, program, public-key, public-key certificate, revocation date, seal, security mechanism, sign, signature certificate, signature equation, signature function, signature key, signature process, signature system, signer, symmetric cryptography, system, triple DES, unforgeable, valid signature, validate vs. verify, verification,
digital signature algorithm: IncludedBy:Digital Signature Standard, algorithm, digital signature, signature,; Related:cryptographic, entity, hash, identity, integrity, key, message, public-key, secure hash algorithm, standard,
Digital Signature Standard: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, digital signature, signature, standard,; Includes:Elliptic Curve Digital Signature Algorithm, digital signature algorithm,; Related:algorithm, cryptography, information, process, technology,
digital subscriber voice terminal
digital telephony: Related:communications, system, technology,
digital watermarking: PreferredFor:watermarking,; Related:control, function, integrity, owner, property,
digitized signature: IncludedBy:signature,; Related:digital signature,
digraph and/or trigraph
diplomatic telecommunications service: IncludedBy:communications, telecommunications,; Related:network,
direct access storage device: IncludedBy:access,; Related:automated information system,
direct data feed: Related:information, process,
direct memory access: IncludedBy:access, automated information system,
direct shipment: Related:communications security, users,
directed-energy warfare: IncludedBy:warfare,; Related:damage,
direction finding
directive
directly trusted CA: IncludedBy:public-key infrastructure, trust,; Related:application, entity, key, public-key,
directly trusted CA key: IncludedBy:key, public-key infrastructure, trust,; Related:certificate, entity, public-key,
Director Central Intelligence Directive: IncludedBy:intelligence,
Director of Central Intelligence Directive: IncludedBy:intelligence,
directory: HasPreferred:directory vs. Directory,
Directory Access Protocol: IncludedBy:access, protocols,; Related:database management system, system, users,
directory information base: IncludedBy:information,
directory service: Related:access, access control, certificate, information, object, public-key infrastructure,
directory user agent: IncludedBy:users,
directory vs. Directory: PreferredFor:directory,; Related:certificate, entity, information, public-key infrastructure, system,
disaster plan: IncludedBy:contingency plan,; Related:authorized, threat,
disaster recovery: IncludedBy:contingency plan, recovery, risk management,; Includes:cold site, hot site,; Related:file, operation, process, reconstitution, users,
disaster recovery plan: IncludedBy:contingency plan, recovery,; Related:application, critical, damage, management, operation, process, risk, risk management, software, system,
disclosure: Related:release,
disclosure of information: IncludedBy:information,; Related:access, access control, authorized,
disclosure record: Related:access,
disconnection: Related:attack,
discrete event simulation: Related:computer, model, system,
discrete process: IncludedBy:process,; Related:entity, identity,
discretionary access control: Antonym:non-discretionary access control,; IncludedBy:access, control,; Includes:surrogate access,; Related:authorization, authorized, entity, file, identity, object, owner, policy, privileged, process, resource, security, subject, system, users,
disinfecting: Related:file, malware, security,
disk imaging
diskette: Related:access,
dispersion: Related:standard,
disposition
disruption: IncludedBy:threat consequence,; Related:damage, function, operation, system,
dissemination: Related:intelligence,
Distinguished Encoding Rules: IncludedBy:Abstract Syntax Notation One, Basic Encoding Rules,; Related:application, certificate, code, digital signature, signature,
distinguished name: IncludedBy:public-key infrastructure,; Includes:subordinate distinguished name,; Related:X.509, certificate, entity, identify, identity, information, key, object, public-key, subject,
distinguishing identifier: Related:authentication, entity, information, non-repudiation, process,
Distributed Authentication Security Service: IncludedBy:authentication, internet, security protocol,; Related:cryptographic, cryptography, protocols,
distributed computing environment: IncludedBy:ACL-based authorization, Generic Security Service Application Program Interface,; Includes:kerberos,; Related:application, audit, authentication, interface, system,
distributed control system: IncludedBy:control, control systems, system,; Related:intelligence, process,
distributed data: Related:computer, network,
distributed database: Related:computer, control, network, process, system,
distributed dataprocessing: IncludedBy:automated information system, process,; Related:computer network, control, function,
distributed denial-of-service: IncludedBy:denial-of-service, exploit,; Related:computer, system, worm,
distributed plant: Related:access, internet,
distributed processing: IncludedBy:automated information system, process,; Related:communications, computer, network, operation, system,
distribution point: IncludedBy:public-key infrastructure,; Related:X.509, authority, certificate, information, key, public-key, revocation, revoked state,
disturbance: Related:control, system,
DNS spoofing: IncludedBy:domain name system, masquerade, spoof, spoofing,; Related:compromise, domain, system,
document
documentary information
documentation: IncludedBy:target of evaluation,; Related:application, control, information, operation, security, software, system, target, users,
DoD Information Technology Security Certification and Accreditation Process: IncludedBy:accreditation, computer security, information, process, requirements, technology,; Related:identify, information security, standard, system,
DoD Trusted Computer System Evaluation Criteria: IncludedBy:computer, criteria, evaluation, system, trust,
domain: IncludedBy:multilevel information systems security initiative, object, subject,; Includes:RA domains, certificate domain, certificate domain parameters, cross domain solution, domain controller, domain modulus, domain name, domain name service server, domain name system, domain of interpretation, domain parameter, domain verification exponent, public domain software, security domain, subset-domain,; Related:DNS spoofing, Internet Corporation for Assigned Names and Numbers, access, access control, access with limited privileges, boundary value analysis, boundary value testing, certificate, control, country code, cryptographic hash function, data input, executive state, firewall, hash function, hash token, identification data, identity, internet, metadata, model, one-way function, packet filtering, pharming, policy, policy creation authority, policy mapping, program, public-key certificate, public-key derivation function, public-key infrastructure, realm, registration, resource, revoked state, security, security authority, security perimeter, security policy information file, signature function, signature process, system, transport, trust relationship, uniform resource locator, users, validate, verification process,
domain controller: IncludedBy:control, domain,; Related:identification, information, passwords,
domain modulus: IncludedBy:domain,; Related:trust,
domain name: IncludedBy:domain, domain name system,; Related:code, internet, resource, system,
domain name service server: IncludedBy:domain, internet,; Related:computer, protocols,
domain name system: IncludedBy:domain, internet, system,; Includes:DNS spoofing, domain name,; Related:access, access control, authentication, control, information, integrity, key, operation, program, protocols, public-key, resource, response, software, users,
domain of interpretation: IncludedBy:domain,; Related:algorithm, cryptographic, cryptography, information, internet protocol security, internet security protocol, security,
domain parameter: IncludedBy:domain,; Related:access, access control, function, hash, message, policy, security, tokens,
domain verification exponent: IncludedBy:domain, verification,
dominated by: Antonym:dominates,; Includes:object,; Related:access, access control, classification levels, classified, integrity, policy, security, trust,
dominates: Antonym:dominated by,; Related:classification levels, classified, computer security, security,
dongle: IncludedBy:tokens,; Related:authentication, computer, information, key, program, software,
downgrade: IncludedBy:requirements, security,; Related:authorized, classification levels, classified, file, information, network,
downgrading: Related:classified,
download: Related:computer, file, process,
draft RFC: IncludedBy:Request for Comment,
drop accountability: Related:communications security,
Drug Enforcement Agency
dual citizen: Related:United States citizen,
dual control: IncludedBy:control, security,; Related:access, access control, entity, function, information, process, resource, system,
dual driver service
dual signature: IncludedBy:Secure Electronic Transaction, signature,; Related:digital signature, encryption, hash, integrity, key, message, operation, verification,
dual technology: Related:intrusion,
dual-homed gateway firewall: IncludedBy:firewall, gateway,; Related:application, interface, internet, network,
dual-use certificate
due care: Related:control, information, information security, security, system,
dump: Related:computer, failure,
dumpster diving: IncludedBy:threat,; PreferredFor:trashing,; Related:computer, identity theft, information,
duplicate digital evidence
duration
dynamic analysis: IncludedBy:analysis,; Related:code, process, program, system, testing,
dynamic binding: IncludedBy:backup,; Related:association, message, object,
dynamic subsystem
e-banking: IncludedBy:internet,
e-government
e-mail server: IncludedBy:internet,; Related:computer,
ease of use: IncludedBy:target of evaluation,; Related:assessment, target, users,
easter egg: Related:development, threat,
eavesdropping: IncludedBy:attack,; Related:adversary, authorization, authorized, emanation, emanations security, information, message, shoulder surfing,
eavesdropping attack: IncludedBy:attack,; Related:authentication, information, protocols,
economic intelligence: IncludedBy:intelligence,
economy of mechanism: IncludedBy:security,; Related:operation, policy, system,
EE: Related:encryption, entity, escrow, standard,
effective key length: IncludedBy:encryption, key,; Related:algorithm, cryptographic,
effectiveness: IncludedBy:assurance,; Related:file, function, operation, profile, property, requirements, risk, security target, target, threat,
egress filtering: Related:internet, process, protocols, security,
egress point: Related:authorized,
El Gamal algorithm: IncludedBy:algorithm,; Related:cipher, code, cryptography, digital signature, encryption, signature,
elapsed time
electrical power systems: IncludedBy:critical infrastructures, system,; Related:critical, function, users,
electromagnetic compatibility: Related:response, system,
electromagnetic emanations: IncludedBy:emanation, emanations security,
electromagnetic interference: IncludedBy:risk,; Related:system,
electronic attack: IncludedBy:attack,; Related:communications security, jamming,
electronic authentication: IncludedBy:authentication,; Related:information, process, system, users,
electronic benefit transfer: Related:network,
electronic business (e-business)
electronic codebook: IncludedBy:code,
electronic commerce: IncludedBy:Secure Electronic Transaction,; Related:communications, computer, electronic data interchange, email, function, information, internet, technology,
electronic counter-countermeasures: IncludedBy:countermeasures,
electronic countermeasures: IncludedBy:countermeasures,
electronic credentials: Related:authentication, entity, identity,
electronic data interchange: Related:communications, computer, electronic commerce, standard, value-added network,
electronic document management system: IncludedBy:system,
electronic evidence
electronic fill device
electronic funds transfer system: IncludedBy:system,
electronic generation, accounting, and distribution system: IncludedBy:system,
electronic intelligence: IncludedBy:intelligence,; Related:foreign,
electronic key entry: IncludedBy:key management,; Related:cryptographic, module, users,
electronic key management system: IncludedBy:key management, system,; Related:communications, communications security,
electronic messaging services: Related:function, internet, management, quality, requirements,
electronic personnel security questionnaire: IncludedBy:security,
electronic protection: Related:assurance,
electronic questionnaire for investigative processing: Related:security,
electronic security: IncludedBy:security,; Related:analysis, authorized, communications, information,
electronic signature: IncludedBy:signature,; Related:digital signature, information, message,
electronic surveillance: Related:Foreign Intelligence Surveillance Act,
electronic transmission
electronic warfare: IncludedBy:warfare,; Includes:electronic warfare support,; Related:attack, control,
electronic warfare support: IncludedBy:electronic warfare, warfare,; Related:control, identify, information, intelligence, operation, target, threat,
electronically generated key: IncludedBy:key,; Related:algorithm, communications security, software,
element: Related:communications security, security,
eligibility: Related:access, security,
elliptic curve cryptography: IncludedBy:cryptography,; Related:algorithm, analysis, attack, digital signature, key, signature,
elliptic curve cryptosystem: IncludedBy:asymmetric algorithm, cryptographic system, system,; Related:encryption, key, public-key,
Elliptic Curve Digital Signature Algorithm: IncludedBy:Digital Signature Standard, algorithm, signature,; Related:cryptography, digital signature, standard,
email: IncludedBy:internet,; Includes:email packages, email security software, letterbomb, mailbomb, multipurpose internet mail extensions, privacy enhanced mail, secure multipurpose internet mail extensions, spam,; Related:SET qualifier, Secure Data Network System, X.400, application, bounce, communications, computer, electronic commerce, gateway, message, message authentication code vs. Message Authentication Code, message handling system, message integrity code, pretty good privacy, simple mail transfer protocol, system,
email packages: IncludedBy:email,; Includes:email security software,; Related:encryption, function, interface, signature, users,
email security software: IncludedBy:email, email packages, security software, software,; Includes:pretty good privacy,; Related:encryption, message, network, signature, users,
emanation: IncludedBy:TEMPEST, emanations security, threat,; Includes:electromagnetic emanations, emanations analysis,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, eavesdropping, implant, information, intelligence, operation, procedural security, process, security architecture, suppression measure, system,; Synonym:RED signal,
emanations analysis: IncludedBy:analysis, emanation, threat consequence,; Related:system,
emanations security: IncludedBy:TEMPEST,; Includes:compromising emanation performance requirement, compromising emanations, electromagnetic emanations, emanation, undesired signal data emanations,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, analysis, application, authorized, compromise, eavesdropping, implant, information, procedural security, security architecture, suppression measure, system, technology,; Synonym:emissions security,
embedded computer: IncludedBy:computer,; Related:system,
embedded cryptographic system: IncludedBy:cryptographic, cryptographic system, system,; Related:control, function,
embedded cryptography: IncludedBy:cryptography,; Related:cryptographic, function, system,
embedded system: IncludedBy:system,; Related:control, function,
emergency action message: IncludedBy:message,
emergency action plan: Related:attack, damage, intelligence,
emergency plan: IncludedBy:contingency plan,; Related:threat,
emergency response: IncludedBy:response,; Related:computer, damage, operation, property, threat,
emergency response time: IncludedBy:response,
emergency services: IncludedBy:critical infrastructures,; Related:critical, function, recovery, response, system,
emergency shutdown controls: IncludedBy:control, risk management,; Related:IT security, computer, system, vulnerability,
emission security: IncludedBy:security,; Related:analysis, authorized,
emissions security: IncludedBy:Automated Information System security, TEMPEST, communications security, computer security,; Related:RED signal, analysis, authorized, compromise, cryptography, information, system, telecommunications,; Synonym:emanations security,
employee
employment practices and workplace safety: IncludedBy:operational risk loss,
empty position
encapsulating security payload: IncludedBy:internet protocol security, security protocol,; Related:association, authentication, confidentiality, connection, flow, gateway, integrity, internet, internet security protocol, message, protocols, tunnel,
encapsulating security payload protocol: IncludedBy:protocols, security,; Related:encryption, integrity, internet protocol security, internet security protocol,
encapsulation: Related:access, access control, object, program, protocols, resource, users,
encipher: IncludedBy:cipher, encryption,; Related:cryptographic, system,
encipherment: IncludedBy:cipher, encryption,; Includes:asymmetric encipherment system, encipherment algorithm, public encipherment key, public encipherment transformation, symmetric encipherment algorithm,; Related:algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, ciphertext, cryptographic, cryptographic key, cryptographic synchronization, cryptography, decipherment, decryption, encryption algorithm, feedback buffer, information, initializing value, key, private decipherment transformation, private key, public-key, public-key certificate,
encipherment algorithm: IncludedBy:algorithm, cipher, cryptography, encipherment,; Related:encryption,
enclave: Related:assurance, authority, control, policy, security,
enclave boundary: IncludedBy:boundary,
encode: IncludedBy:code, encryption,; Related:cipher, information, system,
encrypt
encrypt: IncludedBy:cipher, cryptography, encryption,; Related:algorithm, code, cryptographic,
encrypt for transmission only: Related:encryption, network,
encrypted key: IncludedBy:cipher, key, key recovery,; PreferredFor:ciphertext key,; Related:cryptographic, passwords, security,
encrypted network: IncludedBy:network,
encryption: Antonym:cleartext, decryption,; IncludedBy:Secure Electronic Transaction, privacy enhanced mail,; Includes:Cryptographic Application Program Interface, Escrowed Encryption Standard, International Data Encryption Algorithm, NULL encryption algorithm, The Exponential Encryption System, advanced encryption standard, asymmetric cryptographic algorithm, asymmetric encryption algorithm, bulk encryption, cipher, cryptographic functions, data encryption algorithm, data encryption key, data encryption standard, dedicated loop encryption device, effective key length, encipher, encipherment, encode, encrypt, encryption algorithm, encryption certificate, encryption software, encryption strength, encryption tools, end-to-end encryption, endorsed data encryption standard products list, file encryption, full disk encryption, hybrid encryption, key-encryption-key, link encryption, low-cost encryption/authentication device, one-way encryption, pretty good privacy, secure multipurpose internet mail extensions, superencryption, symmetric algorithm, symmetric encryption algorithm, tactical trunk encryption device, tamper, traffic encryption key, trunk encryption device,; Related:CAST, COMSEC control program, Clipper chip, Cryptographic Message Syntax, Diffie-Hellman, EE, El Gamal algorithm, Federal Standard 1027, Fortezza, IEEE P1363, IP splicing/hijacking, Internet Security Association and Key Management Protocol, Law Enforcement Access Field, MIME Object Security Services, Network Layer Security Protocol, Rivest Cipher 2, Rivest Cipher 4, Rivest-Shamir-Adleman algorithm, SET private extension, SOCKS, Secure/MIME, Simple Key-management for Internet Protocols, Skipjack, Terminal Access Controller Access Control System, Transport Layer Security Protocol, algorithm, application, application controls, asymmetric algorithm, asymmetric cryptography, asymmetric encipherment system, asymmetric keys, authentication code, authorized, baggage, block cipher, break, cardholder certificate, certificate revocation list, ciphertext, code, code book, common data security architecture, communications, computer cryptography, container, control, cooperative key generation, cryptanalysis, cryptographic, cryptographic algorithm, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptographic service, cryptographic system, cryptography, decrypt, dictionary attack, diffie-hellman group, digital envelope, digital signature, dual signature, elliptic curve cryptosystem, email packages, email security software, encapsulating security payload protocol, encipherment algorithm, encrypt for transmission only, in the clear, indistinguishability, information, information systems security, information systems security equipment modification, initialization vector, initialize, intelligent threat, internet protocol security, key, key agreement, key center, key distribution center, key generator, key logger, key pair, key recovery, key translation center, key transport, key-encrypting key, key-escrow system, keyed hash, keys used to encrypt and decrypt files, merchant certificate, message authentication code vs. Message Authentication Code, message integrity code, mode of operation, off-line cryptosystem, on-line cryptosystem, one-time pad, operation, over-the-air key transfer, over-the-air rekeying, password system, per-call key, personality label, privacy programs, privacy system, process, protected communications, protected distribution systems, protection suite, public-key cryptography, public-key forward secrecy, salt, secret-key cryptography, secure shell, secure socket layer, security, security management infrastructure, security mechanism, security strength, semantic security, session key, signature certificate, standard, start-up KEK, stream cipher, symmetric cryptographic technique, symmetric cryptography, symmetric key, system, system indicator, threat consequence, tokens, traffic analysis, triple DES, tunnel, unencrypted, version, virtual private network, wrap,
encryption algorithm: IncludedBy:algorithm, encryption,; Related:cipher, communications security, confidentiality, control, cryptographic, encipherment, key, process, version,
encryption certificate: IncludedBy:certificate, encryption,; Related:X.509, cryptographic, digital signature, function, key, public-key, signature,
encryption software: IncludedBy:encryption, software,; Related:file, function, message, users,
encryption strength: IncludedBy:encryption, quality of protection,; PreferredFor:strength of encryption,; Related:algorithm, cryptographic system, key, system,
encryption tools: IncludedBy:encryption, security software,
end cryptographic unit: Related:management, security,
end entity: IncludedBy:entity,; Related:X.509, application, certificate, cryptography, digital signature, key, policy, public-key, public-key infrastructure, role, signature, subject, system,
end system: IncludedBy:system,; Related:computer, internet, network, protocols,
end-item accounting
end-to-end encryption: IncludedBy:encryption,; Related:communications, computer, cryptographic, flow, information, network, router, system, telecommunications,
end-to-end security: IncludedBy:security,; Related:cryptographic, cryptography, information, system,
end-user: IncludedBy:target of evaluation, users,; Related:application, computer, entity, network, operation, public-key infrastructure, resource, system, target,
end-user computing: IncludedBy:users,
endorsed cryptographic products list: IncludedBy:cryptographic,
endorsed data encryption standard products list: IncludedBy:encryption, standard,
endorsed for unclassified cryptographic information: IncludedBy:classified, cryptographic, information,
endorsed for unclassified cryptographic item: IncludedBy:classified, cryptographic,; Related:information,
Endorsed TEMPEST Products List: IncludedBy:TEMPEST,
endorsed tools list: IncludedBy:Information Systems Security products and services catalogue, formal verification, national information assurance partnership,; Related:computer, computer security, system, trust, verification,
endorsement: Related:information, security,
energy-efficient computer equipment: IncludedBy:computer,; Related:model, users,
enforcement vector
Engineering: Related:requirements, security,
engineering development model
enhanced hierarchical development methodology: IncludedBy:software development methodologies,; Related:program, security,
enrollment manager: Related:management,
enrollment service: Related:certificate, entity, process,
ensure: Related:IT security, assure, program, security,
enterprise: Related:management, operation, process, risk, security,
enterprise architecture: Related:security,
enterprise resource planning: IncludedBy:resource,
enterprise risk management: IncludedBy:management, risk,; Related:threat, trust,
enterprise service: Related:users,
entity: Includes:application entity, end entity, entity authentication, entity authentication of A to B, entity-wide security, external it entity, federated identity, identity, identity based access control, identity credential, identity credential issuer, identity management systems, identity proofing, identity theft, identity token, identity validation, identity verification, identity-based security policy, mutual entity authentication, peer entity authentication, peer entity authentication service, personal identity verification, personal identity verification card, redundant identity, system entity,; Related:COMSEC account, Challenge Handshake Authentication Protocol, EE, Identification Protocol, Internet Corporation for Assigned Names and Numbers, MISSI user, OAKLEY, PIV issuer, PIV registrar, PKCS #10, X.509, X.509 public-key certificate, acceptance criteria, access control service, account aggregation, account fraud, accountability, accreditation authority, accreditation multiplicity parameter, adversary, alias, anonymous, applicant, applicant assertion, assurance, asymmetric cryptographic technique, attack, attribute, attribute authority, authenticate, authentication, authentication data, authentication exchange, authentication information, authentication protocol, authentication service, authenticator, authenticity, authority, authorization, authorized, availability, binding, biometric measurement, biometric system, biometrics, brand, capability, cardholder, certificate, certificate holder, certificate owner, certificate user, certification, certification authority, certification path, certification practice statement, certification request, certify, challenge/response, checksum, claimant, class 2, 3, 4, or 5, client, communications security, comparisons, component, compromise, configuration item, covert channel, credentials, credentials service provider, criminal groups, criticality assessment, cryptography, data confidentiality, data integrity, data integrity service, data origin authentication service, datagram, deception, deliberate exposure, digital certificate, digital id, digital signature, digital signature algorithm, directly trusted CA, directly trusted CA key, directory vs. Directory, discrete process, discretionary access control, distinguished name, distinguishing identifier, dual control, electronic credentials, end-user, enrollment service, evidence requester, evidence subject, exchange multiplicity parameter, explicit key authentication from A to B, exposures, false acceptance, false rejection, false rejection rate, falsification, flooding, fraud, help desk, human error, identification, identification and authentication, identification authentication, identification data, identifier, implicit key authentication from A to B, individual accountability, inference, insertion, insider, interception, intruder, intrusion, investigation service, issuing authority, judicial authority, kerberos, key confirmation, key confirmation from A to B, key distribution center, key establishment, key owner, key token, key translation centre, key transport, least privilege, login, malicious code, malware, mandatory access control, masquerade, masquerade attack, masquerading, misappropriation, mutual authentication, mutual suspicion, nations, non-repudiation, non-repudiation of creation, non-repudiation service, object, one-time passwords, organizational registration authority, origin authenticity, originator, outsourcing, password system, passwords, perpetrator, personal identification number, personal security environment, phishing, physical access control, practice statement, pre-authorization, principal, privacy, private accreditation information, private key, proprietary, protected channel, proxy server, pseudonym, public-key, public-key certificate, public-key derivation function, public-key information, public-key infrastructure, randomizer, recipient, references, registration, registration authority, relying party, repudiation, response, risk, risk management, role-based access control, root, router, salt, secret, secure envelope, secure socket layer, security authority, server, signature key, signer, simple authentication, site accreditation, source authentication, sponsor, spoof, strong authentication, subject, substitution, theft of service, threat, ticket, time variant parameter, time-stamp requester, time-stamp verifier, tokens, transaction intermediary, trapdoor, trojan horse, trust, trusted agent, unilateral authentication, users, usurpation, validate vs. verify, validation service, vendor, verification, verification key, verified name, verifier, violation of permissions, witness,
entity authentication: IncludedBy:authentication, entity,
entity authentication of A to B: IncludedBy:authentication, entity,; Related:assurance, identity,
entity-wide security: IncludedBy:entity, security,; Related:control, cyberspace, risk,
entrance national agency check: Related:security,
entrapment: IncludedBy:risk management,; Related:exploit, penetration, system,
entropy: Related:attack,
entry control: IncludedBy:access control, control,; Related:access, authorized, controlled access area, process, resource,
entry label: Related:information,
entry-level certification: IncludedBy:certification,; Related:availability, confidentiality, integrity, system,
environment: Includes:object,; Related:development, operation, system, users,
environment of operation: Related:risk, security, threat,
environmental failure protection: IncludedBy:failure, risk management,; Related:assurance, compromise, cryptographic, cryptography, module,
environmental failure testing: IncludedBy:failure, security testing, test,; Related:compromise, cryptographic, cryptography, module,
environmentally controlled area: IncludedBy:availability, control,; Related:damage,
ephemeral key: IncludedBy:key,; Related:public-key, requirements,
equipment radiation TEMPEST zone: IncludedBy:TEMPEST,
equity: Related:classified,
erasable programmable readonly memory
erasure: Includes:degauss, overwrite procedure,; Related:destruction, information, process,
error: Related:bug, fault, operation, process, program, system, version,
error analysis: IncludedBy:analysis,
error detection and correction
error detection code: IncludedBy:code, integrity,; Includes:check character,; Related:information,
error guessing: Related:test,
error seeding: Related:analysis, assurance, computer, mutation analysis, process, program,; Synonym:bebugging,
escort: Related:classified,
escrow: Includes:Escrowed Encryption Standard, key-escrow, key-escrow system,; Related:CAPSTONE chip, Clipper chip, EE, Law Enforcement Access Field, Skipjack, cryptographic, key, key management, key recovery, public-key infrastructure, retrieval, trust,
Escrowed Encryption Standard: IncludedBy:encryption, escrow, standard,; Related:access, access control, algorithm, authorized, classified, communications, key, system, telecommunications,
espionage: IncludedBy:threat,; Includes:cyber espionage,; Related:covert, cybercrime, intelligence,
essential elements of friendly information
essential elements of information
essential secrecy: Related:critical,
establishment: Includes:connection establishment, connection establishment time, key establishment, point-to-point key establishment,; Related:Diffie-Hellman, FIPS PUB 140-1, IPsec Key Exchange, Internet Security Association and Key Management Protocol, OAKLEY, Photuris, aggressive mode, configuration control, connection overhead, cookies, cryptographic module, datagram, filtering router, identity proofing, key agreement, key confirmation, key recovery, key transport, main mode, peer entity authentication service, privacy protection, public law 100-235, public-key forward secrecy, quick mode, security, security association, subcommittee on Automated Information System security, subcommittee on telecommunications security, testability, unit of transfer,
Estelle: Related:computer, computer network, network, protocols,
ethernet meltdown: IncludedBy:threat,; Related:gateway, illegal, network,
ethernet sniffing: IncludedBy:sniffing,; Related:criteria, file, interface, login, packet sniffer, passwords, promiscuous mode, software, users,
Europay, MasterCard, Visa: Related:application, tokens,
European Information Technology Security Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, information, target of evaluation, technology,; Includes:assurance, correctness,; Related:target, version,
European quality award: IncludedBy:quality,
evaluated products list: IncludedBy:Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership,; Related:computer, computer security, criteria, evaluation, information, software, system, trust, trusted computer system,
evaluated system: IncludedBy:evaluation, system,; Related:criteria, security,
evaluation: IncludedBy:certification,; Includes:Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology, DoD Trusted Computer System Evaluation Criteria, IT Security Evaluation Criteria, IT Security Evaluation Methodology, Information Technology Security Evaluation Criteria, Monitoring of Evaluations, Trusted Computer System Evaluation Criteria, Trusted Products Evaluation Program, access evaluation, assurance, certification and accreditation, certification test and evaluation, cryptographic system evaluation, cryptosystem evaluation, evaluated system, evaluation authority, evaluation facility, evaluation pass statement, evaluation products list, evaluation scheme, evaluation technical report, evaluation work plan, independent review and evaluation, monitoring and evaluation, program evaluation and review technique, quality of protection, risk evaluation, security evaluation, security test & evaluation, software system test and evaluation process, strength of a requirement, target of evaluation, technical surveillance countermeasures surveys and evaluations, training effectiveness evaluation, validation, verification,; Related:Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, FIPS approved security method, Government Accountability Office, IT security, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Orange book, Red book, Scope of Accreditation, Yellow book, accreditation, accreditation range, acquisition special access program, adjudication, approval/accreditation, approved technologies list, approved test methods list, assessment, benchmark, beyond A1, blue team, candidate TCB subset, certificate, certificate revocation list, certification agent or certifier, certification authority, common criteria, computer security, controlled access program oversight committee, controlled access protection, criteria, cryptographic system survey, cryptosystem survey, descriptive top-level specification, designated, designated laboratories list, designating authority, designation policy, evaluated products list, file, flaw hypothesis methodology, function, independent assessment, intelligence, interface control document, interim approval to operate, network component, observation reports, operations security assessment, penetration test, policy, preproduction model, process, profile, protection philosophy, quality, requirements for content and presentation, requirements for evidence, risk analysis, risk assessment, risk avoidance, risk management, risk treatment, security, security control assessment, security environment threat list, security policy model, security-compliant channel, self-inspection, source selection, sponsor, subset-domain, system, target, technology area, test method, test procedure, testing, threat assessment, training assessment, trusted network interpretation, trusted path, type certification, validated products list,; Synonym:analysis,
evaluation and validation scheme: IncludedBy:validation,; Related:authority, function, standard, system,
evaluation assurance: IncludedBy:assurance,; Includes:evaluation assurance level,; Related:analysis, target, threat,
evaluation assurance component: IncludedBy:assurance, component,; Related:requirements,
evaluation assurance level: IncludedBy:Common Criteria for Information Technology Security Evaluation, evaluation assurance, requirements,; Includes:evaluation criteria, evaluator, evaluator actions,; Related:boundary, criteria, network, system,
evaluation assurance package: IncludedBy:assurance,
evaluation assurance requirements: IncludedBy:assurance, requirements,; Related:file, profile,
evaluation authority: IncludedBy:authority, evaluation,; Related:quality, standard,
evaluation criteria: IncludedBy:criteria, evaluation assurance level,; Related:system,
evaluation facility: IncludedBy:evaluation,
evaluation pass statement: IncludedBy:evaluation,; Related:assessment, criteria, standard,
evaluation products list: IncludedBy:evaluation,; Related:assurance,
evaluation scheme: IncludedBy:evaluation,; Related:authority,
evaluation technical report: IncludedBy:Common Criteria Testing Laboratory, evaluation,; Related:validation,
evaluation work plan: IncludedBy:Common Criteria Testing Laboratory, evaluation,; Related:IT security, computer security, security,
evaluator: IncludedBy:evaluation assurance level,; Related:assessment, officer, security, system,
evaluator actions: IncludedBy:evaluation assurance level,; Related:criteria, identify, information,
evasion: Related:attack, malicious, target,
event: Related:incident, system,
evidence: IncludedBy:assurance,; Includes:evidence requester, evidence subject, requirements for evidence,; Related:audit trail, correctness, credentials, deception, delivery authority, development assurance, development assurance requirements, failure, forced entry, information, logging, monitor, non-repudiation, non-repudiation information, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, notarization, notary, operations security, operations security survey, proof, records, secure envelope, security audit trail, security environment threat list, security target, statistical estimate, surreptitious entry, time-stamping authority, time-stamping service, trust, trusted time stamping authority, validate vs. verify, validation, validation report, verifier, witness,
evidence requester: IncludedBy:evidence,; Related:entity, trust,
evidence subject: IncludedBy:evidence, subject,; Related:entity,
examination
examine: Related:control, security,
exception: Related:access, bug, classified, fault, flow, operation, program, security, subject,
exchange multiplicity parameter: Related:authentication, entity, message,
exculpatory evidence
executable code: IncludedBy:code,; Related:computer, program,
execute access: IncludedBy:access,; Related:program, software,
execution, delivery, and process management: IncludedBy:operational risk loss, process,
executive information systems: IncludedBy:information, system,
executive order
executive state: Includes:privileged instructions,; PreferredFor:supervisor state,; Related:domain, operation, privileged, software, system, users,
executive steering committee: Related:information, process,
exempted
exercise key: IncludedBy:key,; Related:communications,
exercised: Related:program, test,
exhaustive testing: IncludedBy:security testing, test,; Related:program,
expanded national agency check
expanded steel
expansibility
expected output: Related:security,
expert review team: Related:identify, information, resource, security, system,
expire: HasPreferred:certificate expiration,
explain: Related:information, requirements,
explicit key authentication from A to B: IncludedBy:authentication, key,; Related:assurance, entity,
exploit: IncludedBy:threat,; Includes:denial-of-service, distributed denial-of-service, exploit tools, logic bombs, phishing, sniffer, trojan horse, virus, vishing, war driving, worm, zero-day exploit,; Related:Defensive Information Operations, access, access control, assurance, attack, code, covert channel, derf, entrapment, exploitable channel, firewall, flaw hypothesis methodology, information, information assurance, information superiority, information warfare, intelligent threat, non-technical countermeasure, object, operations security, penetration testing, port scan, program, security, security threat, smurf, system, technical vulnerability, threat agent, vulnerability,
exploit code: Related:attack,
exploit tools: IncludedBy:exploit,; Related:system, vulnerability,
exploitable channel: IncludedBy:channel, threat, trusted computing base,; Includes:covert channel, subject,; Related:computer, covert, exploit, information, policy, security, system,
exploitation: IncludedBy:vulnerability,; PreferredFor:exploitation of vulnerability,; Related:access, access control, control, intelligence, operation, policy, security, system,
exploitation of vulnerability: HasPreferred:exploitation,; IncludedBy:vulnerability,
export: Related:foreign,
export license: Related:authorization, security,
export license application: Related:foreign,
exposures: IncludedBy:threat consequence,; Includes:common vulnerabilities and exposures, external system exposure, internal system exposure,; Related:authorized, entity, inadvertent disclosure, levels of concern, media protection, risk, risk assessment, system, unauthorized disclosure,
extended industry standard architecture: IncludedBy:standard,; Related:automated information system,
extensibility: Related:function, interface, protocols, system,
extensible: Related:control, program,
Extensible Authentication Protocol: IncludedBy:authentication, protocols, security protocol,; Related:challenge/response, network, passwords, response, router,
extensible markup language: IncludedBy:standard generalized markup language,; Related:application, computer, object, process, program, validation,
extension: IncludedBy:public-key infrastructure,; PreferredFor:private extension,; Related:X.509, application, assurance, certificate, certification, function, information, key, policy, public-key, requirements, revocation, security, standard, subject,
external fraud: IncludedBy:fraud, operational risk loss,; Related:property,
external it entity: IncludedBy:entity, target of evaluation,; Related:system, target, trust,
external label: Related:identify,
external network: IncludedBy:network,; Related:control,
external security controls: IncludedBy:control, protection profile, risk management, security controls,; Related:access, access control, accreditation, boundary, certification, file, process, profile,
external security testing: IncludedBy:security testing, test,; Related:security perimeter,
external system exposure: IncludedBy:exposures, system,; Related:access, access control, connection, internet, users,
external throughput rate
extraction resistance: Related:communications, cryptography, key, telecommunications,
extranet: IncludedBy:internet,; Related:access, access control, application, authorized, computer, computer network, network, technology, users, virtual private network,
extraordinary security measures: IncludedBy:security,; Related:access, authorized,
facilities: Related:information, process, resource, technology,
facilities accreditation: Related:classified, security,
facilities certification: IncludedBy:certification,; Related:classified, security,
facility
facility manager: Related:security, system,
facility security clearance: IncludedBy:security,; Related:access, classified,
facsimile
fail safe: IncludedBy:failure control,; Related:failure, operation, process, program, software, system,
fail soft: IncludedBy:automated information system, failure control,; Related:application, failure, function, process, software, system,
failed logon: IncludedBy:logon, threat,; Related:access, resource, users,
failover
failure: IncludedBy:risk,; Includes:environmental failure protection, environmental failure testing, failure access, failure control, mean-time-between-failure, mean-time-between-outages, mean-time-to-fail,; Related:IS related risk, abend, abort, accountability, anomaly, availability, backup procedures, bomb, contingency plan, crash, critical mechanism, defect, dump, evidence, fail safe, fail soft, fallback procedures, flooding, function, mean-time-to-repair, mean-time-to-service-restoral, operation, outage, problem, program, recovery procedures, requirements, software, software reliability, strength of a requirement, system, uninterruptible power supply, vulnerability,; Synonym:fault,
failure access: IncludedBy:access, failure, threat,; Related:authorized, incident, software, system, unauthorized access,
failure control: IncludedBy:control, failure, risk management,; Includes:fail safe, fail soft,; Related:function, process, recovery, software, system,
fallback procedures: Related:backup, failure, process, system,
false acceptance: Related:access, entity, identity, security, system, users,
false acceptance rate: IncludedBy:biometrics,; Related:access, authorized, system, users,
false denial of origin: IncludedBy:threat consequence,
false denial of receipt: IncludedBy:threat consequence,
false negative: IncludedBy:risk,; Related:identify, intrusion, intrusion detection, malicious, system, technology, threat,
false positive: IncludedBy:risk,; Related:classified, intrusion, intrusion detection, malicious, system, technology,
false rejection: Related:entity, identity, security, system,
false rejection rate: Related:access, entity, identity, security, system,
falsification: IncludedBy:threat consequence,; Related:authorized, entity,
family: Related:object, security,
fault: IncludedBy:threat,; Includes:fault injection, fault isolation, fault management, fault tolerance, fault tolerant, security fault analysis,; Related:Federal Standard 1027, alarm reporting, alarm surveillance, anomaly, bug, communications, computer, correctness, debug, defect, error, exception, function, maintenance, network, network management, problem, process, program, software, software reliability, system, trap,; Synonym:failure,
fault injection: IncludedBy:fault,; Related:analysis, code, program, software,
fault isolation: IncludedBy:fault,; Related:accountability, function,
fault management: IncludedBy:fault,
fault tolerance: IncludedBy:fault,; Related:operation, process, risk, software, system,; Synonym:fault tolerant,
fault tolerant: IncludedBy:fault,; Related:availability, function, software, system,; Synonym:fault tolerance,
fear, uncertainty, or doubt: Related:deterrence,
Federal Criteria for Information Technology Security: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, information, technology,; Includes:Federal Criteria Vol. I, assurance, correctness,; Related:system, trust,
Federal Criteria Vol. I: IncludedBy:Federal Criteria for Information Technology Security, National Institute of Standards and Technology, criteria,; Includes:protection profile,; Related:computer security, file, information, profile, standard, technology, version,
federal enterprise architecture: Related:management,
Federal Information Processing Standards: IncludedBy:National Institute of Standards and Technology, information, process, standard,; Includes:Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Information Processing Standards Publication 140, data encryption standard,; Related:computer, computer security, property, security, system, technology,
Federal Information Processing Standards Publication 140: IncludedBy:Federal Information Processing Standards, information, process, standard,; Synonym:FIPS PUB 140-1,
federal information system
federal personnel manual
Federal Public-key Infrastructure: IncludedBy:key, public-key, public-key infrastructure,; Related:application, certificate, classified, communications security,
federal record
Federal Reserve Banks
federal secure telephone service
Federal Standard 1027: IncludedBy:National Institute of Standards and Technology, standard,; Related:FIPS PUB 140-1, National Security Agency, analysis, classified, criteria, emanation, emanations security, encryption, fault, information, key, key management, security, tamper,
federal telecommunications system: IncludedBy:communications, system, telecommunications,
federated identity: IncludedBy:entity, identity,; Related:access, access control, federation, system, users,
federation: Related:access, access control, assurance level, federated identity, relying party, system, users,
fedline: Related:access, access control,
fedwire: Related:process, system,
feedback buffer: Related:cipher, cryptography, encipherment, process,
ferroelectric random access memory: IncludedBy:access,
fetch protection: IncludedBy:access control,; Includes:contamination,; Related:access, assurance, authorized, file, process, program, system, unauthorized access,
fiber distributed data interface: IncludedBy:interface,; Related:automated information system,
fiber-optics: Related:information,
field: Related:computer, file,
field device: Related:communications,
field site: Related:communications, system,
fieldbus: Related:control, message, protocols,
file: Includes:CKMS profile, COMSEC profile, IT default file protection parameters, Network File System, access profile, assurance profile, communications profile, critical system files, default file protection, file encryption, file infector virus, file integrity checker, file integrity checking, file protection, file security, file transfer, file transfer access management, file transfer protocol, keys used to encrypt and decrypt files, master file, profile, profile assurance, protection profile, protection profile family, secure profile inspector, security policy information file, system files, system profile, transaction file, trust-file PKI, user profile,; Related:Federal Criteria Vol. I, Minimum Interoperability Specification for PKI Components, PHF, PKIX, Tripwire, access type, anonymous login, antivirus software, archiving, assignment, attack signature recognition, audit, audit software, audit trail, authentication, authorization, backup, backup generations, backup procedures, batch mode, browse access protection, capability, card initialization, clean system, component, computer, computer fraud, connection, container, cookies, correctness, data dictionary, data synchronization, decomposition, deliverable, development assurance requirements, digital signature, disaster recovery, discretionary access control, disinfecting, downgrade, download, effectiveness, encryption software, ethernet sniffing, evaluation, evaluation assurance requirements, external security controls, fetch protection, field, firewall, functional protection requirements, general controls, gopher, granularity, hash function, hash totals, honeypot, hypertext markup language, integration test, intrusion detection systems, key-escrow, logic bombs, login, macro virus, malicious applets, mandatory access control, message digest, metadata, multipartite virus, multipurpose internet mail extensions, national computer security assessment program, national information assurance partnership, object, off-line attack, on-access scanning, output, permissions, personal security environment, pretty good privacy, product rationale, programmable logic controller, prowler, purge, purging, push technology, quarantine, quarantining, real-time system, recovery procedures, redundancy, refinement, register, review techniques, rootkit, sampling frame, sandboxed environment, sanitize, script, secure hash algorithm, security certificate, security label, security target, security-relevant event, server, snarf, social engineering, stateful protocol analysis, superuser, suspicious activity report, system administrator privileges, system resources, system software, tracking cookie, trigger, trojan horse, trusted certificate, trusted key, uniform resource locator, upload, users, utility programs, virus, virus signature, web browser cache, web of trust, work product,
file encryption: IncludedBy:encryption, file,; Related:access, authentication, process,
file infector virus: IncludedBy:file, virus,; Related:application, computer, process, program,
file integrity checker: IncludedBy:file, integrity,; Related:message, software,
file integrity checking: IncludedBy:file, integrity,; Related:compromise, message, software,
file name anomaly
file protection: IncludedBy:access control, file,; Includes:contamination,; Related:access, assurance, authorized, process, system, unauthorized access,
file security: IncludedBy:access control, file,; Related:access, authorized, computer,
file series: Related:access, subject,
file series exemption
file transfer: IncludedBy:file,; Related:computer, network, process, protocols, system,
file transfer access management: IncludedBy:access, file,; Related:network,
file transfer protocol: IncludedBy:file, internet, protocols,; Related:application, computer, network, standard,
fill device: Related:communications security, cryptography, key,
fill device interface unit: IncludedBy:interface,
filtering router: IncludedBy:router,; Related:control, establishment, internet, network, packet filter, policy, security,; Synonym:screening router,
finality
financial crimes enforcement network: IncludedBy:network,; Related:analysis,
financial disclosure: Related:security, subject,
fingerprint: Related:authentication, hash, key, public-key,
finite population correction factor
finite state machine: Related:function, model,
FIPS approved security method: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, security policy,; Related:algorithm, authentication, criteria, cryptographic, evaluation, key,
FIPS PUB 140-1: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology,; Includes:random number generator,; Related:Federal Standard 1027, algorithm, application, authorized, classified, communications security, computer, cryptographic, cryptography, establishment, information, interface, key, key management, module, requirements, role, security, security testing, software, standard, system, test, zeroization, zeroize,; Synonym:Federal Information Processing Standards Publication 140,
FIPS PUB
FIPS-Validated Cryptography: IncludedBy:cryptography,; Related:requirements,
fire barrier: IncludedBy:availability,
fire suppression system: IncludedBy:availability, system,
FIREFLY: Related:cryptography, key, key management, management, protocols, public-key,
firewall: IncludedBy:front-end security filter, gateway, guard, internet, security filter, security software,; Includes:application gateway firewall, application proxy, application-level firewall, bastion host, circuit proxy, connection, demilitarized zone, dual-homed gateway firewall, firewall machine, goodput, homed, host-based firewall, illegal traffic, logging, network address translation, network level firewall, packet filter, packet filtering, packet filtering firewall, protected network, proxy, rejected traffic, router-based firewall, ruleset, screened host firewall, screened subnet firewall, stateful packet filtering, trusted gateway, unprotected network,; Related:access, access control, application, application level gateway, attack, authorization, authorized, boundary, circuit level gateway, computer, computer network, control, countermeasures, criteria, critical, data source, domain, exploit, file, flow, identification, interface, network, operation, policy, process, protocols, resource, router, screening router, software, spoof, system, threat, unauthorized access, unit of transfer, users, vulnerability,
firewall control proxy: IncludedBy:control,
firewall machine: IncludedBy:firewall,; Related:connection, security,
firmware: IncludedBy:cryptographic module,; Related:application, computer, program, software,
fishbone diagram: PreferredFor:cause and effect diagram,; Related:identify,
fishbowl: Related:authorized, information, system, users,
fixed COMSEC facility: Related:communications security,
fixed disk
fixed price contract
flash memory
flaw: IncludedBy:threat,; Related:system,
flaw hypothesis methodology: IncludedBy:risk management,; Related:analysis, attack, compromise, computer, control, evaluation, exploit, penetration, security testing, system, test,
flexibility: Related:operation, program,
flooding: IncludedBy:attack, incident,; Related:access, access control, analysis, computer, covert, entity, failure, flow, information, message, process, system,
flow: Includes:buffer overflow, data flow control, data flow diagram, information flow, information flow control, modeling or flowcharting, security flow analysis, traffic flow confidentiality, traffic-flow security, underflow, workflow,; Related:Bell-LaPadula security model, Gypsy verification environment, access, boundary host, cascading, coding, concurrent connections, confidentiality, contact interface, contactless interface, continuous process, controlled interface, encapsulating security payload, end-to-end encryption, exception, firewall, flooding, hierarchical development methodology, identify, information superiority, infrastructure, interface, internet protocol, internet protocol security, intrusion, intrusion detection, lattice model, link encryption, mandatory access control, network behavior analysis system, packet filtering, ping of death, pressure sensor, program, read, read access, sensor, subject, system, topology, traffic analysis, user data protocol, valve, vulnerability, wiretapping, workgroup computing, write,
flow control: HasPreferred:information flow control,
flush: Related:security,
focused testing
foe: IncludedBy:threat,
for official use only: Related:classified,
For Official Use Only Certified TEMPEST Technical Authority: Related:certification, requirements, security,
forced entry: Related:authorized, evidence,
foreground information
foreign: Includes:Foreign Intelligence Surveillance Act, Office of Foreign Assets Control, foreign contact, foreign disclosure, foreign disclosure point of contact, foreign exchange personnel, foreign government information, foreign intelligence, foreign intelligence service, foreign interest, foreign liaison officer, foreign military sales, foreign national, foreign owned, controlled or influenced, foreign ownership, control, or influence, foreign person, foreign relations of the united states, foreign representative, foreign travel briefing, foreign visit, representative of a foreign interest, senior foreign official,; Related:Defense Personnel Exchange Program, Defense Services, U.S. person, United States national, acquisition systems protection, caveat, communications intelligence, controlled information, cooperative program personnel, counterintelligence, counterintelligence assessment, criminal activity, critical financial markets, damage to the national security, delegation of disclosure authority letter, derogatory information, designated intelligence disclosure official, electronic intelligence, export, export license application, formerly restricted data, government-to-government transfer, intelligence, intelligence community, long-haul telecommunications, national security system, national security-related information, oral/visual disclosure, program protection plan, psychological operations, release prefix, security assurance, security policy automation network, senior intelligence officer, sensitive information, special access required programs oversight committee, special activity, tear line, technical security, technology control plan, technology transfer, telemetry intelligence, threat, unclassified sensitive,
foreign contact: IncludedBy:foreign,; Related:United States citizen,
foreign disclosure: IncludedBy:foreign,; Related:access, authorized, classified, security,
foreign disclosure point of contact: IncludedBy:foreign,; Related:classified,
foreign exchange personnel: IncludedBy:foreign,
foreign government information: IncludedBy:foreign,
foreign intelligence: IncludedBy:foreign, intelligence,
foreign intelligence service: IncludedBy:foreign, intelligence,
Foreign Intelligence Surveillance Act: IncludedBy:foreign, intelligence,; Related:electronic surveillance,
foreign interest: IncludedBy:foreign,; Related:trust,
foreign liaison officer: IncludedBy:foreign,; Related:authorized, connection, security,
foreign military sales: IncludedBy:foreign,; Related:authorized, security,
foreign national: IncludedBy:foreign,
foreign owned, controlled or influenced: IncludedBy:control, foreign,
foreign ownership, control, or influence: IncludedBy:foreign,; Related:access, authorized, classified,
foreign person: IncludedBy:foreign,; Related:trust,
foreign relations of the united states: IncludedBy:foreign,; Related:classified,
foreign representative: IncludedBy:foreign,
foreign travel briefing: IncludedBy:foreign,; Related:access, classified, security,
foreign visit: IncludedBy:foreign,; Related:access, classified,
forensic copy
forensic specialist
forensics: HasPreferred:computer forensics,
fork bomb: IncludedBy:threat,; Related:code, process, system,
formal: Antonym:informal,; Includes:formal access approval, formal development methodology, formal model of security policy, formal proof, formal security policy model, formal specification, formal top-level specification, formal verification,; Related:semantics,
formal access approval: IncludedBy:access, formal,; Related:classified, information, owner, privacy, process, requirements, security,
formal development methodology: IncludedBy:formal, software development methodologies,; Related:identification, model, program, requirements, security, software, system, verification,
formal language: Related:analysis, application, computer, program,
formal method: Related:policy, security, system,
formal model of security policy: IncludedBy:formal, model, policy, security, target of evaluation,; Synonym:formal security policy model,
formal proof: IncludedBy:formal, formal verification,; Related:computer, process, program, verification,
formal security policy: IncludedBy:policy, security,
formal security policy model: IncludedBy:formal, formal verification, model, policy, security policy, trusted computing base,; Includes:Bell-LaPadula security model, Biba Integrity model,; Related:computer, control, interface, operation, semantics, system,; Synonym:formal model of security policy,
formal specification: Antonym:informal specification,; IncludedBy:formal, formal verification,; Includes:formal top-level specification,; Related:computer, function, semantics, software, system,
formal top-level specification: IncludedBy:formal, formal specification, top-level specification,; Related:computer, model, policy, process, program, requirements, security, system, verification,
formal verification: IncludedBy:formal, verification,; Includes:endorsed tools list, formal proof, formal security policy model, formal specification,; Related:model, policy, process, program, security, system,
format: Related:computer, information, process,
formatting function
formerly restricted data: Related:classified, foreign,
formulary: Related:access, access control, control,
Fortezza: IncludedBy:National Institute of Standards and Technology, National Security Agency,; Related:CAPSTONE chip, MISSI user, SSO PIN, SSO-PIN ORA, algorithm, cryptographic, digital signature, encryption, hash, key, no-PIN ORA, personal identification number, personality label, signature, slot, software, tokens, user PIN, user-PIN ORA,
Forum of Incident Response and Security Teams: IncludedBy:computer emergency response team, incident, response,; Related:computer, computer security, information, information security, quality, security incident,
forward cipher
forward engineering: Related:process, system,
forward secrecy: Includes:forward secrecy with respect to A, forward secrecy with respect to both A and B individually, mutual forward secrecy, public-key forward secrecy,; PreferredFor:perfect forward secrecy,; Related:compromise, internet protocol security, internet security protocol, key,
forward secrecy with respect to A: IncludedBy:forward secrecy,; Related:key, operation, property,
forward secrecy with respect to both A and B individually: IncludedBy:forward secrecy,; Related:key, operation, property,
frame relay: Related:automated information system, system, technology, users,
framework: Related:computer, system,
framing: Related:information, standard, users,
fraud: IncludedBy:illegal, threat,; Includes:ACH debit fraud, account fraud, computer fraud, external fraud, fraudulent financial reporting, internal fraud,; Related:authentication, authorized, computer abuse, criminal groups, entity, identity theft, invalidity date, pharming, phishing, replay attacks, suspicious activity report, unforgeable,
fraudulent financial reporting: IncludedBy:fraud,; Related:audit,
Freedom of Information Act: Related:access,
freight forwarder
frequency division multiple access: IncludedBy:access,; Related:users,
frequency hopping: Related:algorithm, authorized, communications, communications security, jamming, telecommunications,
friend
friendly
front-end processor: IncludedBy:automated information system, process,; Related:communications, computer,
front-end security filter: IncludedBy:security,; Includes:firewall,; Related:computer, integrity, policy, process, software, system,
full accreditation: IncludedBy:accreditation,; Related:control, process, requirements, security, system,
full disk encryption: IncludedBy:encryption,; Related:access, authentication, computer, process, system,
full maintenance: Includes:depot maintenance,
full-duplex: Related:communications,
function: Includes:IT security support functions, TOE security functions, TOE security functions interface, binding of functionality, binding of security functionality, collision-resistant hash function, cryptographic check function, cryptographic functions, cryptographic hash function, functional component, functional package, functional proponent, functional protection requirements, functional security requirements specification, functional test case design, functional testing, functional unit, functionality, functionality class, hash function, hash function identifier, key derivation function, key generating function, mask generation function, one-way function, public-key derivation function, quality function deployment, reduction-function, round-function, security function policy, security functions, signature function, strength of function, sub-function, suitability of functionality, theft of functionality, trusted functionality, verification function,; Related:Abstract Syntax Notation One, Automated Information System security, CAPSTONE chip, CASE tools, CCI assembly, CCI component, CCI equipment, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC module, Common Criteria for Information Technology Security, Cryptographic Application Program Interface, Data Authentication Algorithm, Generic Upper Layer Security, Guidelines and Recommendations for Security Incident Processing, IA architecture, IT security product, Information Technology Security Evaluation Criteria, Internet Corporation for Assigned Names and Numbers, Internet Security Association and Key Management Protocol, Monitoring of Evaluations, Network File System, Open Systems Interconnection Reference model, PC card, PKCS #11, POSIX, Rivest-Shamir-Adleman algorithm, S/Key, SOF-basic, SOF-high, SOF-medium, SSO PIN, SSO-PIN ORA, Terminal Access Controller Access Control System, The Exponential Encryption System, Type 4 key, access control, accreditation, administrative access, alarm, alarm surveillance, application, application program interface, application system, approved, architecture, assignment, assurance, assurance profile, asymmetric cryptographic technique, attribute certificate, audit, audit charter, audit program, audit/review, authentication code, authorizing official, automated information system, back up vs. backup, best practices, black-box testing, block, break, bug, business areas, business case, centralized operations, certificate management, certification authority workstation, checksum, claimant, code amber, code red, command and control, common criteria, communications profile, completeness, component, component dependencies, component extensibility, component hierarchy, computer operations, audit, and security technology, computer security, computing security methods, configuration, configuration identification, configuration item, configuration management, continuity of operations plan, control loop, controlled access protection, cooperative key generation, correctness, corruption, cost/benefit, countermeasures, critical, criticality, criticality assessment, crypto-ancillary equipment, cryptographic check value, cryptographic initialization, cryptographic module, cryptographic officer, cryptographic randomization, cryptographic service, cryptographic token, cultural assumptions, data authentication code, data encryption standard, data input, data string, database management system, denial-of-service, digital signature, digital watermarking, disruption, distributed dataprocessing, domain parameter, dual control, effectiveness, electrical power systems, electronic commerce, electronic messaging services, email packages, embedded cryptographic system, embedded cryptography, embedded system, emergency services, encryption certificate, encryption software, evaluation, evaluation and validation scheme, extensibility, extension, fail soft, failure, failure control, fault, fault isolation, fault tolerant, finite state machine, formal specification, gateway, general support system, generation, global command and control system, granularity of a requirement, group user id, hardening, hash code, hash result, hash token, hash value, hashed message authentication code, human error, informal security policy, information architecture, information processing standard, information systems security equipment modification, information technology, information warfare, infrastructure, initial transformation, initializing value, integrity, intelligent electronic device, inter-TSF transfers, interface, internal subject, joint task force-computer network defense, key, key agreement, keyed hash, lines of business, logical access, logical system definition, maintenance, major application, malicious applets, malicious logic, man-in-the-middle attack, matrix, message authentication code algorithm, message authentication code vs. Message Authentication Code, message digest, message representative, metrics, misuse, mockingbird, modes of operation, mutual suspicion, mutually suspicious, national information assurance partnership, national security system, natural disaster, network security, no-PIN ORA, off-line cryptosystem, on-line cryptosystem, one-time passwords, open system interconnection model, operating system, operational integrity, organizational registration authority, output transformation, package, packet filtering, plug-in, point-to-point tunneling protocol, port, pre-signature, privilege, privileged process, privileged user, process, product, product rationale, programmable logic controller, protection profile, protection profile family, protection-critical portions of the TCB, protocols, proxy, public-key infrastructure, public-key system, quality of protection, randomizer, reference monitor, reference validation mechanism, registration authority, reliability, requirements, requirements traceability matrix, resource, restructuring, reusability, revision, risk, risk assessment, risk management, robustness, role, role-based access control, rootkit, salt, sector, secure hash standard, secure operating system, security, security certification level, security features, security management infrastructure, security mechanism, security policy, security relevant, security target, security testing, separation of duties, signaling, signaling system 7, signature certificate, signature equation, significant change, site certification, smartcards, software, software assurance, software enhancement, software reliability, software system test and evaluation process, stovepipe systems, stream cipher, strength of a requirement, structural testing, subassembly, subsystem, support software, system, system files, system integrity, system security officer, tamper, tampering, technology area, teleprocessing, testability, thrashing, threat, to-be-process model, token management, tokens, top-level specification, trapdoor, trojan horse, trust, trusted channel, trusted path, trustworthy system, turnaround time, unforgeable, user PIN, user-PIN ORA, usurpation, verifier, version, violation of permissions, website, white-box testing, word, workload,
functional component: IncludedBy:Common Criteria for Information Technology Security Evaluation, component, function, security target,; Includes:object,; Related:audit, requirements,
functional package: IncludedBy:function,; Includes:security target,
functional proponent: IncludedBy:function, network sponsor,
functional protection requirements: IncludedBy:function, protection profile,; Related:assurance, file, profile,
functional security requirements specification: IncludedBy:function, requirements, security,
functional test case design: IncludedBy:function, test,; Related:analysis, black-box testing,
functional testing: IncludedBy:function, security testing, test,; Related:black-box testing, computer, operation, response, system,
functional unit: IncludedBy:component, function,
functionality: IncludedBy:function, target of evaluation,; Related:requirements, security,
functionality class: IncludedBy:function, target of evaluation,; Related:policy, security, system, target,
future narrow band digital terminal: IncludedBy:security,; Related:message, network,
gap analysis: IncludedBy:analysis, risk analysis,; Related:audit, vulnerability analysis,
garbled: Related:cryptographic, destruction, key,
gas and oil production, storage and transportation: IncludedBy:critical infrastructures,; Related:critical, process, role, system,
gateway: IncludedBy:application proxy,; Includes:application gateway firewall, application level gateway, circuit level gateway, common gateway interface, dual-homed gateway firewall, firewall, gateway server, payment gateway, payment gateway certification authority, security gateway, trusted gateway, wireless gateway server,; Related:Chernobyl packet, authentication header, bastion host, break, cardholder certification authority, certification hierarchy, code, communications, component, computer, computer network, email, encapsulating security payload, ethernet meltdown, function, geopolitical certificate authority, guard, interface, internet control message protocol, internetwork, local-area network, merchant certification authority, network, operation, program, protocols, router, screened host firewall, screened subnet firewall, secure network server, security, system, transport mode vs. tunnel mode, tunnel, virtual private network, wiretapping,
gateway server: IncludedBy:gateway, internet,; Related:computer,
gauss
general accounting office
general controls: IncludedBy:control,; Related:IT security, application, computer, file, integrity, object, operation, policy, program, recovery, security, system,
General Services Administration
general support system: IncludedBy:system,; Related:application, communications, control, function, information, management, resource, software, users,
general-purpose system: IncludedBy:system,; Related:computer,
GeneralizedTime: Related:UTCTime, coordinated universal time,
generally accepted system security principles: IncludedBy:security, system,
generation: Related:cryptographic, function, key, metadata,
Generic Security Service Application Program Interface: IncludedBy:application, interface, internet, program, security protocol,; Includes:distributed computing environment, security support programming interface,; Related:authentication, code, confidentiality, cryptography, integrity, non-repudiation, privacy, process, protocols, standard, system, tokens,
generic SIO class
generic threat: IncludedBy:threat,; Related:vulnerability,
Generic Upper Layer Security: IncludedBy:security,; Related:application, confidentiality, function, information, integrity, standard,
geopolitical certificate authority: IncludedBy:Secure Electronic Transaction, authority, certificate,; Related:certification, gateway, public-key infrastructure,
geosynchronous orbit
global command and control system: IncludedBy:command and control, control, control systems, security, system,; Related:function, information, network, process,
global information grid: IncludedBy:information, security,; Related:application, communications, policy, process, software, system,
global information infrastructure: IncludedBy:information,; Related:communications, connection, system,
global network information environment: IncludedBy:information, network, security,; Related:process, system,
global positioning system: IncludedBy:system,
global requirements: Antonym:local requirements,; IncludedBy:requirements, trusted computing base,; Related:analysis, system,
global telecommunications service: IncludedBy:communications, telecommunications,; Related:network,
goodput: IncludedBy:firewall,; Related:bit forwarding rate, interface, network, protocols, test,
gopher: Related:computer, file, network, protocols, users,
Government Accountability Office: Related:audit, evaluation,
government contracting activity
government emergency telecommunications service: IncludedBy:communications, telecommunications,; Related:network,
government program manager
government services: Related:critical infrastructures,
government-approved facility: Related:access,
government-off-the-shelf
government-to-government transfer: Related:classified, foreign,
graduated security: IncludedBy:security,; Related:risk, system, technology, threat,
granularity: IncludedBy:access control,; Includes:object,; Related:access, control, file,
granularity of a requirement: IncludedBy:requirements, trusted computing base,; Includes:object, subject,; Related:function, users,
graphical-user interface: IncludedBy:interface, users,; Related:computer, key, program,
GRC senior staff: Related:program,
Green book: IncludedBy:rainbow series,; Related:information, interface, internet, passwords, process, program, standard, system,
ground wave emergency network: IncludedBy:network,
group: Related:users,
group key encryption key: IncludedBy:key,
group of users: IncludedBy:users,; Related:security, software,
group traffic encryption key: IncludedBy:key,
group user id: IncludedBy:user id,; Related:function, risk,
guard (system)
guard: IncludedBy:security,; Includes:firewall,; Related:United States citizen, access, access control, authorized, classified, computer, gateway, information, integrity, network, process, system, trust, users,
guerrilla warfare: IncludedBy:warfare,
guessing entropy: Related:attack, passwords, random, system,
guest system: Related:access,
guideline: Related:policy,
Guidelines and Recommendations for Security Incident Processing: IncludedBy:incident, process, security incident,; Related:function, internet, network, response, role, technology,
Gypsy verification environment: IncludedBy:software development methodologies, verification,; Related:flow, information, process, program, users,
hackers: IncludedBy:threat,; Includes:cracker, hacking, script bunny,; Related:Samurai, access, access control, attack, authorization, authorized, computer, computer network, critical, damage, hacking run, information, intelligence, internet, malicious, network, program, protocols, security, system, users,
hacking: IncludedBy:hackers,; Related:authorized, information, network, security, system,
hacking run: Related:hackers,
half-block
handcarrier: Related:authorized, classified, connection,
handle: Related:operation, process,
handle via special access control channels only: IncludedBy:access,; Related:classified, requirements, security,
handler: Related:attack, control, incident, program, response,
handshaking procedures: Related:authentication, computer, identify, program, users,
hard copy key: IncludedBy:key,; Related:program,
hard disk
hard-copy output
hardened unique storage
hardened unique storage Key: IncludedBy:key,
hardening: Related:assurance, availability, business process, computer, function, process, security,
hardware: IncludedBy:cryptographic module,; Related:computer, cryptographic, module, process, program, software, system,
hardware and system software maintenance: IncludedBy:software, system,; Related:control, operation, security,
hardware or software error: IncludedBy:software, threat consequence,; Related:operation, system,
hardware token: HasPreferred:tokens,
hardwired key: IncludedBy:key,
hash: IncludedBy:security,; Includes:collision-resistant hash function, cryptographic hash function, hash algorithm, hash code, hash function, hash function identifier, hash result, hash token, hash totals, hash value, hashed message authentication code, hashing, hashword, keyed hash, keyed hash algorithm, secure hash algorithm, secure hash standard,; Related:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Cryptographic Message Syntax, Data Authentication Algorithm, Fortezza, MD2, MD4, MD5, POP3 APOP, Rivest-Shamir-Adleman algorithm, S/Key, SET private extension, SET qualifier, algorithm, certificate revocation tree, challenge-response protocol, checksum, code, cryptographic, cryptographic algorithm, cryptographic component, cryptographic service, cryptographic system, cryptography, cyclic redundancy check, data authentication code vs. Data Authentication Code, data items' representation, data string, digital signature, digital signature algorithm, domain parameter, dual signature, fingerprint, imprint, initializing value, integrity, integrity check, matrix, message, message authentication code vs. Message Authentication Code, message digest, message integrity code, one-time passwords, one-way function, output transformation, public-key forward secrecy, reduction-function, round-function, secure socket layer, thumbprint, witness, word,
hash algorithm: IncludedBy:algorithm, hash,; Related:message,
hash code: IncludedBy:code, hash,; Related:function, hash function, subject,
hash function: IncludedBy:function, hash,; Related:algorithm, application, attack, authentication, cryptographic, cryptographic hash function, cryptography, data authentication code, domain, file, hash code, hash result, hash value, message, message authentication code, object, property, random, requirements, subject,
hash function identifier: IncludedBy:function, hash,; Related:identify,
hash result: IncludedBy:hash,; Related:function, hash function, message, process,
hash token: IncludedBy:hash, tokens,; Related:code, control, domain, function, identify, signature,
hash totals: IncludedBy:hash,; Related:file, information,
hash value: IncludedBy:hash,; Related:cryptographic, function, hash function, message,
hashed message authentication code: IncludedBy:code, hash, message, message authentication code,; Related:analysis, cryptographic, cryptography, function, key, software,
hashing: IncludedBy:hash,
hashword: IncludedBy:hash,
hazard
head of department of defense component
health information exchange
help desk: Related:communications, computer, entity,
hierarchical decomposition: IncludedBy:development process,; Related:system,
hierarchical development methodology: IncludedBy:software development methodologies,; Related:flow, information, process, program,
hierarchical input process output: IncludedBy:process,
hierarchical PKI: IncludedBy:public-key infrastructure,; Related:certification,
hierarchy management: IncludedBy:public-key infrastructure,; Related:certificate, certification, key, process, public-key,
hierarchy of trust: IncludedBy:public-key infrastructure, trust,; Related:certification,
high assurance guard: IncludedBy:assurance,; Related:access, classified, control, message, software,
high availability: IncludedBy:availability,
high impact: Related:availability, damage, security, threat,
high-impact system: IncludedBy:system,; Related:availability, information, integrity, object, security,
hijack attack: IncludedBy:attack,; Related:IP splicing/hijacking, association, control, hijacking, pagejacking, spoofing, terminal hijacking,
hijacking: Related:application, attack, hijack attack, response, session hijack attack, system, users,
hoax: IncludedBy:threat,; Related:social engineering, system, users,
home office facility
homed: IncludedBy:firewall,; Includes:tri-homed,; Related:interface, network, security testing, test,
honeypot: Related:attack, authorized, file, resource, system, users,
host: IncludedBy:automated information system,; Related:access, access control, application, communications, computer, computer network, information, internet, network, protocols, software, system, users,
host based: IncludedBy:automated information system,; Related:audit, information, intrusion,
host to front-end protocol: IncludedBy:automated information system, protocols,; Related:control,
host-based firewall: IncludedBy:automated information system, firewall,; Related:application, computer, network, software,
host-based intrusion prevention system: IncludedBy:intrusion, system,; Related:identify, program,
host-based security: IncludedBy:security,; Related:attack, system, version,
hot site: IncludedBy:disaster recovery,; Related:cold site, critical, software, system,
hot wash: Related:test,
https: Related:access, access control, internet, protocols, security,
human error: IncludedBy:threat consequence,; Related:authorized, entity, function, system,
human intelligence: IncludedBy:intelligence,
human user: IncludedBy:target of evaluation, users,
human-machine interface: IncludedBy:interface,; Related:control, software,
hybrid encryption: IncludedBy:encryption,; Related:algorithm, application, confidentiality, cryptography, key,
hybrid security control: IncludedBy:control, security,
hybrid threat: IncludedBy:threat,; Related:criminal, hybrid warfare, information, object, warfare,
hybrid warfare: IncludedBy:warfare,; Related:criminal, hybrid threat, threat,
hydrometer
hydrophone
hydroscope: Related:object,
hygrograph
hygrometer
hygroscope
hyperlink: IncludedBy:world wide web,; Related:access, access control, information, link, object, users,
hypermedia: Related:internet, object,
hypertext: Related:access, access control, computer, internet, standard generalized markup language, world wide web,
hypertext markup language: IncludedBy:standard generalized markup language, world wide web,; Related:application, file, semantics, system,
hypertext transfer protocol: IncludedBy:protocols, world wide web,; Related:application, internet, network, response, secure socket layer,
IA architecture: IncludedBy:information assurance,; Related:function, operation, security, system,
IA infrastructure: Related:management, risk, security,
IA product: Related:access, authentication, control, security,
IA-enabled information technlogogy product: IncludedBy:information,; Related:role, router, security, system, technology, trust,
IA-enabled information technology product: IncludedBy:information, information assurance, technology,
IA-enabled product: Related:security, trust,
ICMP flood: IncludedBy:attack,; Related:denial-of-service, protocols,
identification: IncludedBy:accountability, authentication,; Includes:Identification Protocol, bank identification number, configuration identification, control identification list, identification and accreditation, identification and authentication, identification authentication, identification data, identification, friend or foe, identification, friend, foe, or neutral, identify, identity, identity based access control, identity-based security policy, key management identification number, personal identification number, privacy, authentication, integrity, identification, non-repudiation, radio frequency identification, risk identification, target identification and analysis techniques, terminal identification, trusted identification forwarding,; Related:Attack Sensing and Warning, IT security support functions, SSO PIN, access, access control, alarm reporting, anonymity, anti-spoof, attribute certificate, bar code, biometric system, candidate TCB subset, certificate, class 2, 3, 4, or 5, comparisons, compromised key list, configuration control, digital forensics, digital id, domain controller, entity, firewall, formal development methodology, identity credential, identity credential issuer, individual electronic accountability, information systems security, information systems security equipment modification, key tag, network component, network sniffing, operations security, personal identity verification, pre-certification phase, primary account number, process, public-key derivation function, redundant identity, registration authority, relying party, repair action, resource, risk analysis, risk assessment, risk management, security controls, spoofing, system, target vulnerability validation techniques, threat assessment, token device, trusted agent, uniform resource identifier, user PIN, users, validate vs. verify, verification, vulnerability assessment,
identification and accreditation: IncludedBy:accreditation, identification,
identification and authentication: IncludedBy:assurance, identification,; Related:access, access control, control, entity, identity, system, users,
identification authentication: IncludedBy:identification,; Related:access, access control, code, computer, entity, identity, process, resource, response, users,
identification data: IncludedBy:identification,; Related:domain, entity, identify, identity credential, key, policy, process, security, signature,
Identification Protocol: IncludedBy:identification, internet, protocols, security protocol,; Related:access, access control, audit, authorization, connection, control, entity, identity, information, owner, system, users,
identification, friend or foe: IncludedBy:identification,
identification, friend, foe, or neutral: IncludedBy:identification,
identifier: Related:entity, identity, key,
identify: IncludedBy:identification,; Related:CRYPTO, DoD Information Technology Security Certification and Accreditation Process, PKIX private extension, SATAN, SWOT analysis, TSEC nomenclature, Tripwire, access level, accountability, alert, antivirus software, audit, audit/review, bank identification number, baseline management, benchmarking, best practices, biometrics, business impact analysis, call back, call back security, certificate revocation list, certifier, configuration management, connection establishment, connection maintenance, connection teardown, dial back, distinguished name, electronic warfare support, evaluator actions, expert review team, external label, false negative, fishbone diagram, flow, handshaking procedures, hash function identifier, hash token, host-based intrusion prevention system, identification data, identity, identity credential, identity theft, individual accountability, information security, information systems security engineering, inspectable space, interface control document, intrusion detection, intrusion detection systems, intrusion detection tools, management server, mass mailing worm, message identifier, network behavior analysis system, network-based intrusion prevention system, observation reports, operations security, penetration signature, penetration test, penetration testing, persistent cookie, registration service, requirements for content and presentation, requirements for procedures and standards, reverse engineering, risk analysis, risk assessment, risk evaluation, risk identification, risk management, root cause analysis, security association identifier, security policy model, short title, signature, smartcards, sniffer, spyware detection and removal utility, stateful protocol analysis, system indicator, system security authorization agreement, system testing, terminal identification, test, test design, threat analysis, triangulation, uniform resource identifier, user id, user identifier, vulnerability analysis, vulnerability assessment, vulnerability audit, wireless intrusion detection and prevention system,
identity: IncludedBy:entity, identification,; Includes:federated identity, identity based access control, identity binding, identity credential, identity credential issuer, identity management systems, identity proofing, identity registration, identity theft, identity token, identity validation, identity verification, identity-based security policy, personal identity verification, redundant identity, tradecraft identity, workcraft identity,; Related:Identification Protocol, KMI-aware device, KOA agent, OAKLEY, applicant assertion, assurance, attribute authority, authenticate, authentication data, authentication exchange, authentication information, authentication mechanism, authentication protocol, authentication service, authenticator, authenticity, authorization, authorized, automated information system media control system, binding, biometric measurement, biometric system, biometrics, cardholder, certificate, certification authority, certify, challenge/response, claimant, comparisons, component, covert operation, credentials, criminal groups, cryptography, data integrity service, data origin authentication service, digital certificate, digital id, digital signature, digital signature algorithm, discrete process, discretionary access control, distinguished name, domain, electronic credentials, entity authentication of A to B, false acceptance, false rejection, false rejection rate, identification and authentication, identification authentication, identifier, identify, individual accountability, information, interoperability, key owner, masquerade attack, masquerading, mutual authentication, mutual entity authentication, non-repudiation, object, one-time passwords, organizational registration authority, password system, passwords, peer entity authentication service, personal identification number, personally identifiable information, phishing, physical access control, policy-based access control, principal, private accreditation information, protected channel, proxy server, pseudonym, public-key certificate, public-key infrastructure, references, registration, registration authority, relying party, response, role-based access control, secure socket layer, security, simple authentication, source authentication, strong authentication, subject, ticket, tokens, trust, undercover operation, unilateral authentication, users, validate vs. verify, verification, verified name, verifier, witness,
identity based access control: IncludedBy:access, control, entity, identification, identity,; Related:authorization,
identity binding: IncludedBy:identity,
identity credential: IncludedBy:credentials, entity, identity,; Related:identification, identification data, identify, identity credential issuer, information, users,
identity credential issuer: IncludedBy:credentials, entity, identity,; Related:PIV issuer, access, access control, certification authority, identification, identity credential, resource, users, validate,
identity management systems: IncludedBy:entity, identity, system,; Related:application, process, validation, verification,
identity proofing: IncludedBy:entity, identity,; Related:authority, establishment, information, process, registration, validate,
identity registration: IncludedBy:identity,
identity theft: IncludedBy:entity, identity, theft,; Includes:ACH debit fraud, account fraud,; Related:dumpster diving, fraud, identify, information, keystroke logger, phishing, shoulder surfing, social engineering, spyware, subject,
identity token: IncludedBy:entity, identity, tokens,; Related:key, object,
identity validation: IncludedBy:entity, identity, validation,; Related:resource, test, users,
identity verification: IncludedBy:entity, identity, verification,; Related:access, access control, process, system,
identity-based security policy: IncludedBy:entity, identification, identity, policy, security,; Related:access, access control, object, process, resource, subject, system, users,
IEEE 802.10: Related:network, security, standard,
IEEE P1363: Related:cryptography, digital signature, encryption, key, public-key, signature, standard,
illegal: IncludedBy:risk,; Includes:criminal, fraud, illegal drug use, illegal traffic, theft,; Related:computer related crime, ethernet meltdown, suspicious contact, unclassified controlled nuclear information,
illegal drug use: IncludedBy:illegal,; Related:authorized,
illegal traffic: IncludedBy:firewall, illegal,; Related:bit forwarding rate, ruleset,; Synonym:rejected traffic,
image
imagery: Related:object,
imagery intelligence: IncludedBy:intelligence,; Related:object,
imaging system: IncludedBy:system,; Related:computer,
IMAP4 AUTHENTICATE: Related:authentication, challenge/response, key, protocols, response, security,
imitative communications: IncludedBy:communications,; Related:message,
imitative communications deception: Related:adversary,
immediate family member: Related:access,
immigrant alien
impact: Related:attack, authorized, availability, damage, incident, information, risk assessment, system,
impact level: Related:availability, security,
impact value: Related:availability,
impersonating: Related:spoof,; Synonym:impersonation,
impersonation: IncludedBy:attack,; Includes:verifier impersonation attack,; Related:access, access control, active attack, address spoofing, authentication, authorized, computer, ip spoofing, man-in-the-middle attack, masquerading, mimicking, network, replay attacks, social engineering, spoofing, system, users,; Synonym:impersonating, masquerade,
implant: Related:authorized, emanation, emanations security, information,
implementation: IncludedBy:target of evaluation,; Related:process, software, target,
implementation under test: IncludedBy:test,; Related:protocols, security testing,
implementation vulnerability: IncludedBy:vulnerability,; Related:software,
implicit key authentication from A to B: IncludedBy:authentication, key,; Related:assurance, entity,
imported software: IncludedBy:software,
imprint: Related:code, hash,
improved emergency message automatic transmission system: IncludedBy:message, system,
in the clear: Related:encryption,
inadvertent disclosure: IncludedBy:incident,; Related:access, access control, authorized, exposures, information, risk,
inadvertent disclosure incident: Related:access, authorized, classified, security, security incident,
inappropriate usage: IncludedBy:threat,
incapacitation: IncludedBy:risk, threat consequence,; Related:critical, critical infrastructures, operation, system,
incident: IncludedBy:threat,; Includes:COMSEC incident, Computer Incident Advisory Capability, Forum of Incident Response and Security Teams, Guidelines and Recommendations for Security Incident Processing, IT security incident, attack, automated security incident measurement, compromise, computer incident assessment capability, computer intrusion, computer security incident, computer security incident response capability, computer security incident response team, contamination, cyber incident, data compromise, denial-of-service, flooding, inadvertent disclosure, incident handling, incident response capability, multiple component incident, probe, program automated information system security incident support team, security incident, security intrusion, suspicious event,; Related:COMSEC insecurity, antivirus software, availability, classified information spillage, communications security, computer, computer emergency response team, event, failure access, handler, impact, indication, information, infrastructure assurance, integrity, intrusion, intrusion detection, intrusion detection and prevention, intrusion prevention, intrusion prevention system, joint task force-computer network defense, mitigation, precursor, process, protective technologies, response, security, security controls, security event, security policy, signature, spyware detection and removal utility, standard, system, vulnerability,
incident handling: IncludedBy:incident, response,; PreferredFor:incident response,; Related:security,
incident of security concern: IncludedBy:security,; Related:access, attack, authorized, classified,
incident response: HasPreferred:incident handling,
incident response capability: IncludedBy:incident, response,; Related:control, operation, security, system,
incident response plan: Related:attack, cyberspace,
incomplete parameter checking: IncludedBy:threat,; Related:penetration, system,
inculpatory evidence
independence: Related:audit,
independent assessment: IncludedBy:assessment,; Related:control, evaluation, security, system,
independent research and development
independent review and evaluation: IncludedBy:evaluation,; Related:system,
independent validation and verification: IncludedBy:validation, verification,; Related:analysis, requirements, security testing, software, software development, test, users,
independent validation authority: Related:control, requirements, risk, security, software,
indication: Related:incident, malware, security,; Synonym:signature,
indicator: Related:adversary, attack,
indirect certificate revocation list: IncludedBy:certificate, public-key infrastructure, revocation,; Related:X.509,
indistinguishability: Related:algorithm, encryption, security,
individual accountability: Related:access, access control, computer, entity, identify, identity, system, users,
individual electronic accountability: Related:access, access control, authentication, identification, system, users,
individuals: Related:privacy,
indoctrination: Related:access,
industrial control system: IncludedBy:control,
industrial espionage
industrial security: IncludedBy:security,; Related:classified, information security,
industry standard architecture: IncludedBy:standard,; Related:automated information system,
infection: IncludedBy:threat,; Related:malicious, virus, worm,
inference: IncludedBy:threat consequence,; Related:access, access control, authorized, communications, entity,
informal: Antonym:formal,; Includes:informal specification,
informal security policy: IncludedBy:policy, security,; Related:function,
informal specification: Antonym:formal specification,; IncludedBy:development process, informal,
information: Includes:American Standard Code for Information Interchange, Automated Information System security, Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Defense Information Infrastructure, Defense Information System Network, Defensive Information Operations, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Federal Information Processing Standards, Federal Information Processing Standards Publication 140, IA-enabled information technlogogy product, IA-enabled information technology product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, National COMSEC Information Memorandum, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Administration, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, authentication information, automated information system, bandwidth, biometric information, center for information technology excellence, certified information systems security professional, chief information agency officer, chief information officer, classified information, classified information spillage, control information, control objectives for information and related technology, defense-wide information assurance program, directory information base, disclosure of information, endorsed for unclassified cryptographic information, executive information systems, global information grid, global information infrastructure, global network information environment, information and communications, information architecture, information assurance, information assurance manager, information assurance officer, information assurance product, information category, information center, information engineering, information environment, information flow, information flow control, information operations, information owner, information processing standard, information protection policy, information ratio, information resources, information security, information security policy, information security testing, information sharing and analysis center, information superhighway, information superiority, information system, information system security officer, information systems audit and control association, information systems audit and control foundation, information systems security, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, information systems security product, information systems/technology, information technology, information technology system, information type, information warfare, major information system, management information base, multilevel information systems security initiative, national information assurance partnership, national information infrastructure, national security information, national telecommunications and information system security directives, network information services, non-repudiation information, official information, operational vulnerability information, private accreditation information, program automated information system security incident support team, proprietary information, public information, public-key information, request for information, security information object, security information object class, security policy information file, sensitive compartmented information, sensitive compartmented information facility, sensitive information, special information operations, status information, subcommittee on Automated Information System security, technical vulnerability information, wide area information service,; Related:Abrams, Jojodia, Podell essays, Abstract Syntax Notation One, BLACK, Bell-LaPadula security model, British Standard 7799, C2-attack, C2-protect, CASE tools, CCI equipment, COMSEC equipment, COMSEC insecurity, COMSEC modification, COMSEC survey, COMSEC system data, CRYPTO, Digital Signature Standard, FIPS PUB 140-1, Federal Criteria Vol. I, Federal Standard 1027, Forum of Incident Response and Security Teams, Generic Upper Layer Security, Green book, Gypsy verification environment, IS related risk, IT Security Evaluation Criteria, IT security, IT security controls, IT security database, IT security incident, IT security policy, IT-related risk, Identification Protocol, Integrated CASE tools, International Traffic in Arms Regulations, International organization for standardization, Internet Corporation for Assigned Names and Numbers, Internet Protocol Security Option, NIAP Common Criteria Evaluation and Validation Scheme, National Institute of Standards and Technology, National Security Agency, National Security Decision Directive 145, PKCS #11, PKIX, POSIX, RED, RED signal, RED team, RED/BLACK concept, RED/BLACK separation, SAML authentication assertion, SET private extension, SET qualifier, Secure Electronic Transaction, TEMPEST, TOE security functions interface, Tripwire, Type 1 key, Type 2 key, Type I cryptography, Type II cryptography, Type III cryptography, Wassenaar Arrangement, X.500 Directory, acceptance inspection, access, access control, account aggregation, account management, accountability, accreditation, accreditation authority, accreditation boundary, accreditation multiplicity parameter, adequate security, administration documentation, adversary, aggregation, alarm reporting, alarm surveillance, analysis of alternatives, anonymity, anti-jam, applicant assertion, application data backup/recovery, application server attack, approval/accreditation, approved technologies list, architecture, archive, assessment, asset, association, assurance, asynchronous communication, attack, attackers, attribute certificate, audit record, audit service, audit trail, authentication, authentication code, authentication data, authentication exchange, authenticity, authorized person, authorizing official, automated security incident measurement, availability, banner grabbing, bar code, binding, biometric authentication, bit, block chaining, boundary host, breach, browser, browsing, buffer overflow, business areas, byte, capability, cardholder, cascading, category, certificate, certificate policy qualifier, certificate status responder, certificate user, certification, certification authority, certification path, challenge, challenge/response, channel, channel capacity, checksum, ciphertext, ciphony, class 2, 3, 4, or 5, classification levels, classified, clearance level, cleartext, code, collaborative computing, color change, command and control warfare, common criteria, common criteria version 1.0, common criteria version 2.0, communication channel, communications cover, communications protocol, communications security, compartment, compartmentalization, compartmented mode, compensating security controls, compromise, compromising emanations, computer abuse, computer cryptography, computer emergency response team, computer intrusion, computer network attack, computer network defense, computer network exploitation, computer security, computer security incident, computer security incident response team, computer security intrusion, computer security technical vulnerability reporting program, concealment system, confidentiality, configuration control, connection, contactless smart card, control, control objectives, control zone, controlled cryptographic item, controlled interface, controlled security mode, cookies, corporate security policy, correctness, correctness integrity, counterintelligence, countermeasures, cover-coding, covert channel, covert channel analysis, covert timing channel, cracker, credentials, criteria, critical security parameters, critical system, criticality, criticality/sensitivity, cross domain solution, cryptographic algorithm for confidentiality, cryptographic check value, cryptographic token, cryptography, cryptosystem survey, cyberattack, cybersecurity, cyberspace, cyberspace operations, data, data aggregation, data architecture, data communications, data compromise, data confidentiality, data custodian, data encryption standard, data flow control, data integrity, data storage, data synchronization, database, database management system, database server, datagram, decrypt, dedicated mode, dedicated security mode, defense-in-depth, degausser, degausser products list, demilitarized zone, descriptive top-level specification, designated approving authority, diagnostics, digital document, digital forensics, digital id, digital signature, direct data feed, directory service, directory vs. Directory, distinguished name, distinguishing identifier, distribution point, documentation, domain controller, domain name system, domain of interpretation, dongle, downgrade, dual control, due care, dumpster diving, eavesdropping, eavesdropping attack, electronic authentication, electronic commerce, electronic security, electronic signature, electronic warfare support, emanation, emanations security, emissions security, encipherment, encode, encryption, end-to-end encryption, end-to-end security, endorsed for unclassified cryptographic item, endorsement, entry label, erasure, error detection code, evaluated products list, evaluator actions, evidence, executive steering committee, expert review team, explain, exploit, exploitable channel, extension, facilities, fiber-optics, fishbowl, flooding, formal access approval, format, framing, general support system, global command and control system, guard, hackers, hacking, hash totals, hierarchical development methodology, high-impact system, host, host based, hybrid threat, hyperlink, identity, identity credential, identity proofing, identity theft, impact, implant, inadvertent disclosure, incident, input data, inspectable space, instrumentation, integrity, integrity policy, intelligence, interconnection security agreements, interface, interference, interim accreditation, interim approval to operate, interim approval to test, interleaving attack, internal system exposure, internet control message protocol, interoperability, interoperability standards/protocols, intranet, intrusion, intrusion detection, intrusion detection systems, key agreement, key establishment, key exchange, key tag, key wrapping, keying material, laboratory attack, leapfrog attack, legacy data, legacy systems, level of protection, levels of concern, lifecycle management, lines of business, link encryption, logical system definition, low-impact system, magnetic remanence, major application, malware, man-in-the-middle attack, management controls, management server, mandatory access control, master file, match, memory scavenging, merchant, message externals, metadata, mission critical, mobile code, mode of operation, moderate-impact system, modes of operation, multi-security level, multicast, multilevel mode, multilevel secure, multilevel security, multilevel security mode, multimedia, multiuser mode of operation, national computer security assessment program, national security system, nations, need-to-know, need-to-know determination, network, network connection, network management protocol, network security, network security officer, network sniffing, non-discretionary security, non-repudiation, non-repudiation exchange, non-technical countermeasure, object, object identifier, on ramp, one-part code, one-time passwords, online certificate status protocol, open storage, open systems interconnection, operational controls, operational documentation, operational key, operations security, oracle, organisational security policy, out-of-band, output, output data, packet, packet filtering, packet switching, partitioned security mode, passive, passive threat, passwords, payload, people, periods processing, personalization service, personnel security, pharming, phishers, phishing, phreaking, physical security, post-accreditation phase, preferred products list, privacy, privacy impact assessment, privacy protection, private accreditation exponent, private data, private key, probe, process, product rationale, promiscuous mode, proprietary, protected distribution systems, protection needs elicitation, protective distribution system, protective technologies, protocol converter, protocol data unit, protocols, psychological operations, public law 100-235, public-key, public-key certificate, public-key infrastructure, purge, purging, radio frequency identification, read, read access, real-time, records, recovery site, redundancy, references, register, register entry, registration authority, regrade, reliability, relying party, remanence, remote access, remote authentication dial-in user service, remote diagnostics, repository, repudiation, requirements for content and presentation, residual risk, residue, resource, review techniques, risk, risk analysis, risk assessment, risk management, rootkit, routing, rules of engagement, sample, sanitization, sanitize, sanitizing, scanning, screen scraping, secrecy policy, secret, sector coordinator, sector liaison, secure channel, security, security assertion markup language, security association, security attribute, security breach, security category, security certificate, security clearance, security controls, security domain, security evaluation, security event, security flow analysis, security incident, security label, security level, security management, security management infrastructure, security plan, security policy, security policy model, security requirements, security situation, security strength, security tag, security violation, semantic security, sensitive, sensitive label, sensitivity, sensitivity label, signaling, significant change, simple authentication, simple network management protocol, single-level device, smartcards, sniffer, social engineering, soft TEMPEST, solicitation, source integrity, spammers, special access program, special access program facility, spillage, split knowledge, spoofing, spread spectrum, spyware, state, stateful packet filtering, strong authentication, sub-function, subcommittee on telecommunications security, subject, subsystem, superencryption, system, system entity, system high mode, system low, system retention/backup, system security, system security engineering, system security officer, system security policy, system-high security mode, systems security steering group, tamper, target identification and analysis techniques, target vulnerability validation techniques, technical controls, technical countermeasures, technical security policy, telecommunications, teleprocessing, terrorists, threat, threat agent, threat analysis, threat assessment, threat monitoring, token backup, token copy, token device, tokens, topology, traceroute, traffic analysis, transaction, transmission, transmission security, trapdoor, trojan horse, trust, trusted channel, trusted computer system, trusted gateway, trusted identification forwarding, trusted path, trusted platform module chip, trusted subject, trusted time stamp, type 1 products, type 2 product, type 3 key, type 3 product, type certification, unauthorized disclosure, unclassified, uniform resource locator, user documentation, user partnership program, user representative, users, validate vs. verify, validated products list, vaulting, verification, verifier impersonation attack, virtual departments or divisions, virtual private network, vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit, web bug, website, wireless technology, wiretapping, workflow, workstation, world wide web, worm, write,
information and communications: IncludedBy:communications, critical infrastructures, information,; Related:critical, process, software, telecommunications,
information architecture: IncludedBy:automated information system, information,; Related:function, interface,
information assurance: IncludedBy:assurance, information,; Includes:IA architecture, IA-enabled information technology product, defense-wide information assurance program, information assurance manager, information assurance officer, information assurance product, national information assurance partnership,; Related:Defensive Information Operations, access, adversary, authentication, authorized, availability, certification, common criteria, confidentiality, exploit, information security, information systems security manager, integrity, intrusion, level of protection, levels of concern, malicious, non-repudiation, object, operation, requirements, system, trust, vulnerability,
information assurance component: IncludedBy:assurance,; Related:software,
information assurance manager: IncludedBy:information, information assurance,; Related:system,
information assurance officer: IncludedBy:information, information assurance, officer,; Related:network security officer, system, system administrator,
information assurance product: IncludedBy:information, information assurance,; Related:access, access control, authentication, authorized, control, integrity, intrusion, intrusion detection, malicious, system, technology, vulnerability,
information category: IncludedBy:information,; Related:access, access control, classified, control, process, security, system, technology,
information center: IncludedBy:automated information system, information,
information domain: Related:security,
information engineering: IncludedBy:automated information system, information,; Related:system,
information environment: IncludedBy:automated information system, information,; Related:process, system,
information flow: IncludedBy:automated information system, flow, information,; Related:computer, system,
information flow control: IncludedBy:control, flow, information,; Includes:object,; PreferredFor:flow control,; Related:security, system,
information integrity
information management: IncludedBy:management,; Related:control,
information operations: IncludedBy:automated information system, information, operation,; Related:adversary, system,
information owner: IncludedBy:information, owner,; Related:authority, control, operation, process,
information processing standard: IncludedBy:information, process, standard,; Related:communications, function, interoperability, operation, security testing, software, telecommunications, test,
information protection policy: IncludedBy:information, policy,; Related:assurance, operation, security policy, threat,
information rate: HasPreferred:bandwidth,
information ratio: IncludedBy:automated information system, information,
information resources: IncludedBy:information, resource,; Related:technology,
information security: IncludedBy:information, security,; Includes:information security oversight office, information security policy, information security testing, information systems security,; Related:Abrams, Jojodia, Podell essays, British Standard 7799, DoD Information Technology Security Certification and Accreditation Process, Forum of Incident Response and Security Teams, International Traffic in Arms Regulations, National Institute of Standards and Technology, National Security Agency, Sensitive Information Computer Security Act of 1987, access, access control, activity security manager, attack, authorized, availability, communications security, computer, confidentiality, contractor special security officer, control, critical, due care, identify, industrial security, information assurance, information system security officer, integrity, management controls, mission critical, national information assurance partnership, national security system, non-technical countermeasure, process, public-key infrastructure, review techniques, risk, rules of engagement, security policy, system, target identification and analysis techniques, target vulnerability validation techniques, technical countermeasures, threat, users, vulnerability,
information security architect: IncludedBy:security,; Related:requirements,
information security architecture: IncludedBy:security,
information security oversight office: IncludedBy:information security,; Related:classified,
information security policy: IncludedBy:information, information security, policy,
information security program plan: IncludedBy:security,; Related:control, management, requirements,
information security risk: IncludedBy:risk,; Related:access,
information security testing: IncludedBy:information, information security, security testing, test,; Related:control, process, requirements, system,
information sharing: Related:requirements,
information sharing and analysis center: IncludedBy:analysis, information,; Related:intrusion, threat, vulnerability,
information sharing environment: Related:access, control, security, trust,
information steward: Related:access, control, management, security,
information superhighway: IncludedBy:information,; Related:communications, system,
information superiority: IncludedBy:information,; Related:adversary, exploit, flow, process,
information system: IncludedBy:information, system,; Related:computer, control, process, resource,
information system and network security: IncludedBy:network, security,; Related:availability,
information system lifecycle: Related:development,
information system owner: Related:development,
information system resilience: Related:attack,
information system security engineer/system design security officer: IncludedBy:security,; Related:requirements,
information system security officer: IncludedBy:computer security, information, officer, system, system security officer,; Related:authority, information security, operation, owner, program,
information system storage device
information systems audit and control association: IncludedBy:association, audit, control, information, system,
information systems audit and control foundation: IncludedBy:audit, control, information, system,
information systems security: IncludedBy:information, information security, system, threat,; Includes:network security, system security, system security engineering, telecommunications security,; Related:access, access control, authentication, authorized, denial-of-service, encryption, identification, process, unauthorized access, users,; Synonym:computer security,
information systems security association: IncludedBy:association, computer security, information, system,
information systems security engineering: IncludedBy:computer security, information, requirements, system, threat,; Related:communications, countermeasures, identify, process, risk management, vulnerability,
information systems security equipment modification: IncludedBy:computer security, information, system,; Includes:COMSEC modification,; Related:authentication, control, encryption, function, identification, key, message, policy, software,
information systems security manager: IncludedBy:computer security, information, system,; Related:assurance, information assurance, program,
information systems security officer: IncludedBy:computer security, information, officer, system,; Includes:network security officer,; Related:operation, program,
information systems security product: IncludedBy:information, security, system,; Related:module,
Information Systems Security products and services catalogue: IncludedBy:computer security, information, system,; Includes:degausser products list, endorsed tools list, evaluated products list, preferred products list,
information systems security representative: IncludedBy:security,
information systems/technology: IncludedBy:information, system, technology,
information technology: IncludedBy:automated information system, information, technology,; Related:communications, computer, control, function, management, process, resource, software, system, telecommunications,
Information Technology Security Evaluation Criteria: IncludedBy:computer security, criteria, evaluation, information, technology,; Related:assurance, function, standard,
information technology system: IncludedBy:automated information system, information, system, technology,; Related:communications, computer,
information type: IncludedBy:information,; Related:policy, privacy, security,
information warfare: IncludedBy:information, threat, warfare,; Related:adversary, exploit, function, object, operation, process, system,
infrastructure: Related:flow, function, security, system,
infrastructure assurance: IncludedBy:assurance,; Related:confidence, critical, critical infrastructures, damage, incident, response, risk, risk management, threat,
infrastructure protection: IncludedBy:critical infrastructures,; Related:assurance, critical, risk, threat, vulnerability,
ingress filtering: Related:internet, process, security,
inheritance: Related:object,
initial operating capability: Related:requirements,
initial transformation: Related:algorithm, function, network,
initialization value: Related:algorithm, cipher, cryptographic, key, message, process,; Synonym:initialization vector,
initialization vector: IncludedBy:data encryption standard,; Related:algorithm, cipher, cryptographic, encryption, operation, process,; Synonym:initialization value,
initialize: Related:cryptographic, cryptography, encryption, key,
initializing value: Related:cipher, encipherment, function, hash, process,
initiator: Related:authentication,
inline sensor
input: Related:resource,
input data: IncludedBy:cryptographic module,; Related:cryptographic, information, module,
input preparation cycle: Related:operation, process,
input/output: Related:automated information system,
insertion: IncludedBy:threat consequence,; Related:authorized, entity,
inside threat: IncludedBy:threat,; Related:access,
insider: IncludedBy:threat,; Includes:insider attack, insider threat,; Related:access, attack, authorization, authorized, compromise, computer, covert channel, damage, entity, malicious intruder, resource, security, security perimeter, system,
insider attack: IncludedBy:attack, insider,; Related:insider threat, network,
insider threat: IncludedBy:insider,; Related:abuse of privilege, access, insider attack, internal vulnerability, security,
inspectable space: Related:TEMPEST, authority, classified, control, identify, information, process,
instance: Related:object,
instantiate
Institute of Electrical and Electronics Engineers, Inc
institute of internal auditors: IncludedBy:audit,
instrument: Related:operation, security testing, software, system, test,
instrumentation: Related:analysis, code, information, operation, program, software, system,
integral file block
Integrated CASE tools: Related:analysis, code, information, software,
integrated logistics support
Integrated services digital network: IncludedBy:network,; Related:communications, computer, interface, standard, system, users,
integrated test facility: IncludedBy:test,; Related:software development,
integration test: IncludedBy:test,; Related:file, interface, process, program, software development,
integrity: IncludedBy:assurance, quality of protection, security goals,; Includes:Biba Integrity model, Clark Wilson integrity model, authenticity, checksum, connectionless data integrity service, correctness, correctness integrity, data authentication code, data integrity, data integrity service, error detection code, file integrity checker, file integrity checking, integrity check, integrity check value, integrity policy, integrity-checking tools, message integrity code, operational integrity, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, secure hash algorithm, source integrity, system and data integrity, system integrity, system integrity service, two-person integrity,; Related:Biba model, Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, Rivest-Shamir-Adleman algorithm, Secure Electronic Transaction, access, access control, adequate security, antivirus software, application server attack, archive, asymmetric cryptography, attack, authenticate, authentication, authentication code, authentication header, authentication header protocol, authorized, business process, common security, communications security, computer, computer abuse, computer emergency response team, computer forensics, computer related controls, computer security, configuration control, critical system files, cut-and-paste attack, cyclic redundancy check, data contamination, data encryption key, data encryption standard, data origin authentication service, data security, database management system, defense-in-depth, defense-wide information assurance program, destruction, digital forensics, digital signature, digital signature algorithm, digital watermarking, domain name system, dominated by, dual signature, encapsulating security payload, encapsulating security payload protocol, entry-level certification, front-end security filter, function, general controls, guard, hash, high-impact system, incident, information, information assurance, information assurance product, information security, internet protocol security, intrusion, kerberos, key wrapping, level of concern, levels of concern, line managers, low-impact system, malicious, malicious code, malware, message authentication code, message authentication code vs. Message Authentication Code, message digest, mid-level certification, moderate-impact system, network management, network security, non-repudiation, object, post-accreditation phase, potential impact, privacy enhanced mail, process, property, protected channel, protection suite, public-key certificate, public-key infrastructure, quality, reference monitor, requirements for procedures and standards, review techniques, sandboxed environment, seal, secure DNS, secure envelope, secure hypertext transfer protocol, secure shell, secure single sign-on, secure socket layer, security category, security controls, security event, security objectives, security policy, security requirements, signature, signed applet, simple key management for IP, simple network management protocol, software, supervisory control and data acquisition, system, threat, top-level certification, transmission, trojan horse, trust, trusted channel, trusted computer system, verification, virtual private network, vulnerability,
integrity check: IncludedBy:integrity,; Related:cryptographic, cryptography, hash,
integrity check value: IncludedBy:integrity,
integrity policy: IncludedBy:integrity, policy,; Related:authorized, information, security, security policy, users,
integrity-checking tools: IncludedBy:integrity, security software,
intellectual property: IncludedBy:property,; Related:control,
intelligence: Includes:Director Central Intelligence Directive, Director of Central Intelligence Directive, Foreign Intelligence Surveillance Act, acoustic intelligence, advanced intelligence network, command, control, communications and intelligence, communications intelligence, compartmented intelligence, counterintelligence, counterintelligence assessment, designated intelligence disclosure official, economic intelligence, electronic intelligence, foreign intelligence, foreign intelligence service, human intelligence, imagery intelligence, intelligence activities, intelligence activity, intelligence collection, intelligence community, intelligence community classification and control markings implementation, intelligence cycle, intelligence information, intelligence sources and methods, intelligence special access program, intelligence system, measurement and signature intelligence, national intelligence, open source intelligence, senior intelligence officer, senior officials of the intelligence community, special intelligence, telemetry intelligence,; Related:Defense Information Infrastructure, Defense Information Systems Network Designated Approving Authority, Defense Security Service, Defensive Information Operations, National Security Agency, accreditation, acquisition special access program, acquisition systems protection, adversary, alternative compensatory control measures, analysis, asset, authorized adjudicative agency, authorized classification and control markings register, authorized investigative agency, brute force attack, case officer, classification markings and implementation working group, cognizant security agency, command and control warfare, compromising emanations, computer network exploitation, controlled access program coordination office, controlled access program oversight committee, controlled access programs, cryptology, determination authority, dissemination, distributed control system, electronic warfare support, emanation, emergency action plan, espionage, evaluation, exploitation, foreign, hackers, information, internal vulnerability, national security information, national security system, non-disclosure agreement, operations security, packet switching, personnel security exceptions, physical security waiver, principal accrediting authority, process, program protection plan, reciprocity, report of investigation, risk avoidance, scattered castles, security environment threat list, senior review group, sensitive activities, sensitive compartmented information, sensitive compartmented information facility, sensitive compartmented information facility accreditation, sensitive compartmented information facility database, signal flags, single scope background investigation - periodic reinvestigation, special access program, special access required programs oversight committee, special activity, special security center, sponsoring agency, suspicious contact, systems security steering group, tear line, technical threat analysis, threat assessment, traffic analysis, unconventional warfare,
intelligence activities: IncludedBy:intelligence,; Related:authorized,
intelligence activity: IncludedBy:intelligence,; Related:authorized,
intelligence collection: IncludedBy:intelligence,
intelligence community: IncludedBy:intelligence,; Related:foreign, program, security,
intelligence community classification and control markings implementation: IncludedBy:intelligence,; Related:authorized,
intelligence cycle: IncludedBy:intelligence,; Related:users,
intelligence information: IncludedBy:intelligence,
intelligence sources and methods: IncludedBy:intelligence,; Related:analysis, authorization,
intelligence special access program: IncludedBy:access, intelligence,
intelligence system: IncludedBy:intelligence,
intelligent electronic device: Related:control, function, process,
intelligent threat: IncludedBy:threat,; Related:adversary, algorithm, cipher, cryptography, encryption, exploit, key, operation, vulnerability,
intending citizen
intent: Related:critical, object, security,
intention
inter-TSF transfers: IncludedBy:TOE security functions, target of evaluation,; Related:function, trust,
interactive mode: Related:computer, response,
interarea interswitch rekeying key: IncludedBy:key, rekey,
intercept: IncludedBy:threat,; Related:access, interception,
interception: IncludedBy:threat consequence,; Related:access, access control, authorized, entity, intercept,
interconnected network: IncludedBy:network,
interconnection security agreements: IncludedBy:connection, security,; Related:authorization, control, information, requirements, risk, system,
interdependence: Related:risk,
interdependency
interdiction: HasPreferred:denial-of-service,
interface: Includes:Cryptographic Application Program Interface, Generic Security Service Application Program Interface, TOE security functions interface, application program interface, application programming interface, common gateway interface, contact interface, contactless interface, controlled interface, cryptographic application programming interface, fiber distributed data interface, fill device interface unit, graphical-user interface, human-machine interface, interface control document, interface control unit, interface testing, internetwork private line interface, layer management interface, network interface card, secure digital net radio interface unit, security support programming interface, user interface, user interface system,; Related:FIPS PUB 140-1, Green book, Integrated services digital network, PC card, PKCS #11, POSIX, TTY watcher, access, access control, application, architecture, bit forwarding rate, block cipher, boundary, buffer overflow, code, communications, computer, connection, connection establishment time, connection teardown time, console, cryptographic, cryptography, data source, distributed computing environment, dual-homed gateway firewall, email packages, ethernet sniffing, extensibility, firewall, flow, formal security policy model, function, gateway, goodput, homed, information, information architecture, integration test, line conditioning, line conduction, module, on-line system, payment gateway, process, program, promiscuous mode, protocol data unit, proximity, remote terminal emulation, ruleset, scope of a requirement, significant change, smartcards, software, software system test and evaluation process, stealth mode, subnetwork, system, teleprocessing, tri-homed, trusted agent, user representative, users,
interface control document: IncludedBy:control, interface,; Related:authorization, baseline, evaluation, identify, lifecycle, operation,
interface control unit: IncludedBy:automated information system, control, interface,
interface testing: IncludedBy:interface, security testing, test,; Related:control, system,
interference: IncludedBy:threat consequence,; Related:communications, control, information, operation, system, users,
interim access authorization: IncludedBy:access, authorization,; Related:temporary access eligibility,
interim accreditation: IncludedBy:accreditation,; Related:authorization, information, process, security, system,
interim accreditation action plan: IncludedBy:accreditation,; Related:control, critical, operation, owner, program, resource, risk, security, system,
interim approval to operate: Related:authorization, classified, evaluation, information, process, security, system,
interim approval to test: IncludedBy:test,; Related:authorization, information, operation, system,
interim security clearance: IncludedBy:security,; Related:requirements, temporary access eligibility,
interleaving attack: IncludedBy:attack,; Related:authentication, information,
internal communication channel: IncludedBy:channel, communication channel, communications, target of evaluation,
internal control questionnaire: IncludedBy:control,
internal fraud: IncludedBy:fraud, operational risk loss,; Related:policy, property,
internal label
internal network: IncludedBy:network,; Related:control, security,
internal rate of return
internal security controls: IncludedBy:control, risk management, security controls,; Includes:subject,; Related:access, access control, authorized, program, resource, software, system,
internal security testing: IncludedBy:security testing, test,; Related:security perimeter,
internal subject: IncludedBy:subject,; Related:function, process, system, users,
internal system exposure: IncludedBy:exposures, system,; Related:access, access control, assurance, authorization, information, process, security,
internal throughput time
internal TOE transfer: IncludedBy:target of evaluation,
internal vulnerability: IncludedBy:vulnerability,; Related:access, classified, insider threat, intelligence, trust,
International Data Encryption Algorithm: IncludedBy:algorithm, encryption, symmetric algorithm,; Related:key,
international organization
International organization for standardization: IncludedBy:automated information system, standard,; Includes:Open Systems Interconnection Reference model,; Related:ITU-T, information, process, system, technology,
international standards organization: IncludedBy:standard,
international telecommunication union: Related:network,
International Traffic in Arms Regulations: Related:TEMPEST, authority, control, cryptographic, cryptography, information, information security, security, system, technology,
internet: Includes:ARPANET, Distributed Authentication Security Service, Generic Security Service Application Program Interface, IP address, Identification Protocol, Internet Architecture Board, Internet Assigned Numbers Authority, Internet Corporation for Assigned Names and Numbers, Internet Draft, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Message Access Protocol, version 4, Internet Policy Registration Authority, Internet Protocol Security Option, Internet Security Association and Key Management Protocol, Internet Society, Internet Society Copyright, Internet Standard, Internet Standards document, Internet worm, MIME Object Security Services, PKIX, POP3 AUTH, Post Office Protocol, version 3, Rexd, SOCKS, Secure/MIME, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, USENET, anonymous login, cyberspace, domain name service server, domain name system, e-banking, e-mail server, email, extranet, file transfer protocol, firewall, gateway server, internet control message protocol, internet key exchange protocol, internet protocol, internet protocol security, internet service provider, internet vs. Internet, internetwork, internetwork private line interface, intranet, listserv, mailing list, management information base, markup language, multipurpose internet mail extensions, point-to-point protocol, port, pretty good privacy, proxy server, router, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure shell, simple mail transfer protocol, simple network management protocol, sniffer, telnet, traceroute, transmission control protocol, transmission control protocol/internet protocol, transport layer security, tunnel, uniform resource identifier, uniform resource locator, uniform resource name, user data protocol, virtual private network, wide area information service, world wide web, worm,; Related:Green book, Guidelines and Recommendations for Security Incident Processing, IPsec Key Exchange, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Message Security Protocol, Open Systems Interconnection Reference model, Request for Comment, Secure Electronic Transaction, ankle-biter, application gateway firewall, attack, authentication header, bill payment, bill presentment, certification hierarchy, communications, computer, computer emergency response team, computer emergency response teams' coordination center, computer network, concept of operations, confidentiality, connection, control, cookies, countermeasures, demilitarized zone, denial-of-service, dial-up line, distributed plant, domain, domain name, dual-homed gateway firewall, egress filtering, electronic commerce, electronic messaging services, encapsulating security payload, end system, external system exposure, filtering router, hackers, host, https, hypermedia, hypertext, hypertext transfer protocol, ingress filtering, interoperability standards/protocols, lurking, message, national information infrastructure, network, network address translation, network connection, network worm, object identifier, one-time passwords, online certificate status protocol, open systems security, packet assembly and disassembly, password sniffing, peer-to-peer communication, personal communications network, phishing, point-to-point tunneling protocol, policy certification authority, pop-up box, port scanning, privacy enhanced mail, protocols, public-key forward secrecy, remote authentication dial-in user service, repudiation, rules of behavior, scan, secure socket layer, security assertion markup language, spam, system, trojan horse, trusted gateway, users, validate vs. verify, vendor, virtual mall, vishing, web server, website hosting,
Internet Architecture Board: IncludedBy:Internet Society, internet,; Related:advisory, protocols, standard, trust,
Internet Assigned Numbers Authority: IncludedBy:Internet Society, authority, internet,; Related:network, protocols, registration,
internet control message protocol: IncludedBy:control, internet, message, protocols, security,; Related:communications, gateway, information, network, process, router, standard,
Internet Corporation for Assigned Names and Numbers: IncludedBy:internet,; Related:domain, entity, function, information, key, object, protocols, system,
Internet Draft: IncludedBy:internet,; Related:update,
Internet Engineering Steering Group: IncludedBy:Internet Society, internet,; Related:process, standard, trust,
Internet Engineering Task Force: IncludedBy:Internet Society, internet,; Related:access, access control, authentication, message, protocols, random, security, standard, technology, version,
internet key exchange protocol: IncludedBy:internet, key, protocols,; Related:association, security,
Internet Message Access Protocol, version 4: IncludedBy:access, internet, message, protocols, version,
Internet Policy Registration Authority: IncludedBy:Internet Society, authority, internet, policy, registration,; Related:X.509, certification, public-key infrastructure,
internet protocol: IncludedBy:internet, protocols,; Related:communications, computer, control, flow, network, router, standard, system, version,
internet protocol security: IncludedBy:communications security, internet, protocols, security protocol,; Includes:IPsec Key Exchange, authentication header, encapsulating security payload, transport mode vs. tunnel mode, tunnel mode,; Related:Internet Security Association and Key Management Protocol, NULL encryption algorithm, OAKLEY, Photuris, access, access control, aggressive mode, algorithm, association, authentication, authentication header protocol, confidentiality, connection, control, cookies, domain of interpretation, encapsulating security payload protocol, encryption, flow, forward secrecy, integrity, internet security protocol, key, key management, main mode, pre-shared key, process, protection suite, public-key, quick mode, secure socket layer, security association, security gateway, security parameters index, system, transport mode, triple DES, version,
Internet Protocol Security Option: IncludedBy:internet, protocols, security protocol,; Related:National Security Agency, access, access control, authority, classification levels, classified, information, network, process, program, users,
Internet Security Association and Key Management Protocol: IncludedBy:association, internet, key management, protocols, security protocol,; Related:algorithm, authentication, connection, cryptography, digital signature, encryption, establishment, function, internet protocol security, internet security protocol, signature,
internet security protocol: Includes:IPsec Key Exchange,; Related:Internet Security Association and Key Management Protocol, NULL encryption algorithm, OAKLEY, Photuris, aggressive mode, authentication header, authentication header protocol, cookies, domain of interpretation, encapsulating security payload, encapsulating security payload protocol, forward secrecy, internet protocol security, main mode, pre-shared key, protection suite, quick mode, secure socket layer, security association, security gateway, security parameters index, transport mode, transport mode vs. tunnel mode, triple DES, tunnel mode,
internet service provider: IncludedBy:internet,; Related:access, access control,
Internet Society: IncludedBy:internet,; Includes:Internet Architecture Board, Internet Assigned Numbers Authority, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Policy Registration Authority, Internet Society Copyright, Request for Comment,; Related:standard, trust,
Internet Society Copyright: IncludedBy:Internet Society, internet,; Related:process, standard,
Internet Standard: IncludedBy:internet, standard,; Related:Request for Comment, operation, process, protocols,
Internet Standards document: IncludedBy:Request for Comment, internet, standard,; Related:process,
internet vs. Internet: IncludedBy:internet,; Related:application, computer, computer network, model, network, protocols, standard, system, users,
Internet worm: IncludedBy:internet, worm,; Related:computer, connection, network, program, system,
internetwork: IncludedBy:internet, network,; Related:communications, gateway, protocols, system,
internetwork private line interface: IncludedBy:interface, internet, network,; Related:connection, cryptographic,
interoperability: Includes:Minimum Interoperability Specification for PKI Components, Trusted Systems Interoperability Group, interoperability standards/protocols,; Related:PKIX, application programming interface, computer, identity, information, information processing standard, open system environment, open systems, portability, recommended practices, security assertion markup language, semantics, site accreditation, system,; Synonym:interoperable,
interoperability standards/protocols: IncludedBy:interoperability, protocols, standard,; Related:computer, information, internet, program,
interoperable: Related:software,; Synonym:interoperability,
interoperate: Related:system,
interpersonal messaging
interpretation: Related:application, criteria,
interpreted virus: IncludedBy:virus,; Related:application, code,
interswitch rekeying key: IncludedBy:key, rekey,
interval estimate: Related:confidence,
interval variable
interview: Related:control, security,
intranet: IncludedBy:internet,; Related:access, access control, authorized, communications, computer, computer network, information, network, technology, users,
intruder: IncludedBy:intrusion,; Related:access, access control, authorization, entity, resource, system,
intrusion: IncludedBy:threat consequence,; Includes:Intrusion Detection In Our Time, SATAN, computer intrusion, computer security intrusion, host-based intrusion prevention system, intruder, intrusion detection, intrusion detection and prevention, intrusion detection and prevention system, intrusion detection system load balancer, intrusion detection systems, intrusion detection tools, intrusion prevention, intrusion prevention system, meaconing, intrusion, jamming, and interference, network-based intrusion prevention system, penetration, security intrusion, wireless intrusion detection and prevention system,; Related:access, access control, accountability, agent, anomaly detection, anomaly detection model, antivirus software, attack, authorization, authorized, availability, balanced magnetic switch, break-wire detector, channel scanning, compromise, computer, computer security incident, confidentiality, console, cracker, dual technology, entity, false negative, false positive, flow, host based, incident, information, information assurance, information assurance product, information sharing and analysis center, integrity, management server, misuse detection model, multihost based auditing, network based, network behavior analysis system, resource, rules based detection, security, sensor, shim, stealth mode, stealth probe, subversion, system, technology, trustworthy system, tuning, unauthorized access,
intrusion detection: IncludedBy:intrusion,; Includes:Intrusion Detection In Our Time, intrusion detection and prevention, intrusion detection system load balancer, intrusion detection systems, intrusion detection tools, wireless intrusion detection and prevention system,; Related:access, access control, accountability, agent, antivirus software, audit, authorization, authorized, channel scanning, computer, console, countermeasures, false negative, false positive, flow, identify, incident, information, information assurance product, intrusion prevention system, management server, network, network behavior analysis system, process, resource, rules based detection, security, sensor, shim, software, stealth mode, stealth probe, system, tuning,
intrusion detection and prevention: IncludedBy:intrusion, intrusion detection,; Related:computer, incident, process, system,
intrusion detection and prevention system: IncludedBy:intrusion,; Related:access, security,
Intrusion Detection In Our Time: IncludedBy:intrusion, intrusion detection, security software,; Related:system,
intrusion detection system load balancer: IncludedBy:intrusion, intrusion detection, system,
intrusion detection systems: IncludedBy:intrusion, intrusion detection, security software, system,; Related:access, attack, audit, authorized, computer, file, identify, information, network, process, resource, software, target,
intrusion detection tools: IncludedBy:intrusion, intrusion detection, security software,; Related:access, access control, authorized, computer, identify, system, unauthorized access,
intrusion prevention: IncludedBy:intrusion,; Includes:intrusion prevention system,; Related:accountability, computer, countermeasures, incident, process, system,
intrusion prevention system: IncludedBy:intrusion, intrusion prevention, system,; Related:incident, intrusion detection, software, target,
invalidation: Related:classified,
invalidity date: IncludedBy:public-key infrastructure,; Related:X.509, certificate, compromise, digital signature, fraud, key, non-repudiation, revocation, revoked state, signature,
inverse cipher
investigation service: Related:entity,
IP address: IncludedBy:internet,; Related:computer, network, protocols, version,
ip payload compression protocol: IncludedBy:protocols,
IP security: IncludedBy:security,
IP splicing/hijacking: IncludedBy:attack,; Related:authentication, authorized, encryption, hijack attack, network, role, users,
ip spoofing: IncludedBy:address spoofing, masquerade, spoof, spoofing,; Related:impersonation, network, system,
IPsec Key Exchange: IncludedBy:internet protocol security, internet security protocol, key,; Related:association, authentication, establishment, internet, protocols,
irregular warfare: IncludedBy:warfare,
IS related risk: IncludedBy:risk,; Related:authorized, failure, information, malicious, operation, system, threat, vulnerability,
IS security architecture: IncludedBy:computer security,; Related:system,
isolation: Includes:object, subject,; Related:control, system,
isolator: Related:access, security,
issue: Related:certificate, public-key infrastructure, users,
issue case
issuer: IncludedBy:Secure Electronic Transaction,; Related:X.509, authorized, certificate, public-key infrastructure,
issuing authority: IncludedBy:authority,; Related:entity, update,
IT default file protection parameters: IncludedBy:access control, file,; Related:owner, system,
IT resources: IncludedBy:resource,; Related:communications, computer, software, system, telecommunications,
IT security: IncludedBy:Automated Information System security,; Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security achitecture, IT security certification, IT security controls, IT security database, IT security goal, IT security incident, IT security objective, IT security plan, IT security policy, IT security product, IT security support functions,; Related:Common Criteria Testing Laboratory, Common Criteria for Information Technology Security Evaluation, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, approved technologies list, approved test methods list, assure, audit, authentication, availability, center for information technology excellence, certification, compliance-based, confidentiality, conformant validation certificate, contingency plan, deliverables list, designated, designated laboratories list, emergency shutdown controls, ensure, evaluation, evaluation work plan, general controls, information, integrity, management control processes, non-repudiation, observation reports, operation, organization computer security representative, party, protection profile, residual risk, risk treatment, risk-based, security goals, security target, system, technology area, waiver,; Synonym:computer security,
IT security achitecture: IncludedBy:IT security, security,; Related:system,
IT security architecture: IncludedBy:security,
IT security awareness: IncludedBy:security,
IT security certification: IncludedBy:Automated Information System security, IT security, certification, computer security, target of evaluation,; Related:application, certificate, criteria,
IT security controls: IncludedBy:IT security, control, security,; Related:availability, confidentiality, information, integrity, security controls, software,
IT security database: IncludedBy:IT security, security,; Related:authorized, control, information, process, program, system,
IT security education: IncludedBy:security,
IT Security Evaluation Criteria: IncludedBy:Automated Information System security, IT security, computer security, criteria, evaluation,; Related:confidence, information, standard, validation,
IT Security Evaluation Methodology: IncludedBy:Automated Information System security, IT security, computer security, evaluation,; Related:confidence, criteria, standard, validation,
IT security goal: HasPreferred:security goals,; IncludedBy:IT security, security,
IT security incident: IncludedBy:IT security, incident, security incident,; Related:authorized, availability, computer, confidentiality, information, integrity, resource, security-relevant event, system, users, vulnerability,
IT security investment: IncludedBy:security,
IT security metrics: IncludedBy:security,
IT security objective: HasPreferred:security objectives,; IncludedBy:IT security, object, security,
IT security plan: IncludedBy:IT security, security,; Related:system,
IT security policy: IncludedBy:IT security, computer security, policy,; Related:access, control, information, management, risk, system, users,
IT security product: IncludedBy:IT security, computer security,; Related:function, software, system,
IT security support functions: IncludedBy:IT security, function, security,; Related:application, identification, software, system, users,
IT security training: IncludedBy:security,; Related:audit, development, management,
IT system: HasPreferred:automated information system,
IT-related risk: IncludedBy:risk,; Related:authorized, information, malicious, operation, system, technology, threat, vulnerability,
iteration: Related:operation,
ITU-T: Includes:CCITT, Open Systems Interconnection Reference model,; Related:International organization for standardization, communications, protocols, standard, system, telecommunications,
jamming: Includes:advanced self-protection jammer, meaconing, intrusion, jamming, and interference, radio frequency jamming,; Related:anti-jam, anti-jamming, attack, electronic attack, frequency hopping,
Java: IncludedBy:software,; Related:application, network, program, system,
jitter
joint authorization: IncludedBy:authorization,; Related:security,
joint personnel adjudication system: Related:access, authorized, security,
joint task force-computer network defense: IncludedBy:computer, computer network, network,; Related:damage, function, incident, system, threat,
joint use agreement: Related:security,
joint venture
JTC1 Registration Authority: IncludedBy:authority, registration,; Related:object, standard,
judgment sample: Related:analysis, standard,
judicial authority: IncludedBy:authority,; Related:entity,
kerberos: IncludedBy:Simple Authentication and Security Layer, distributed computing environment, security software,; Includes:key distribution center, session key, third party trusted host model,; Related:access, access control, application, attack, authorization, control, cryptography, entity, integrity, key, network, passwords, privacy, protocols, system, technology, trust, users, vulnerability,
kernelized secure operating system: IncludedBy:system,
key: IncludedBy:Secure Electronic Transaction, key management, multilevel information systems security initiative,; Includes:Federal Public-key Infrastructure, IPsec Key Exchange, Key Exchange Algorithm, MAC algorithm key, Programmable key storage device, S/Key, SAVILLE Advanced Remote Keying, Simple Public-Key Infrastructure, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Type 1 key, Type 2 key, Type 4 key, X.509 public-key certificate, advanced key processor, approved key-operated padlock, area interswitch rekeying key, asymmetric cryptographic algorithm, asymmetric key pair, asymmetric keys, authorization key, automated key transport, automatic key distribution center, automatic key distribution/rekeying control unit, automatic remote rekeying, block cipher key, certificate rekey, cipher text auto-key, ciphertext key, common interswitch rekeying key, compartment key, compromised key list, contingency key, cooperative key generation, cooperative remote rekeying, core or key process, crypto-ignition key, cryptographic functions, cryptographic ignition key, cryptographic key, cryptographic key component, cryptonet key, data encryption key, data encryption standard, data key, digital certificate, digital key, digital signature, directly trusted CA key, effective key length, electronically generated key, encrypted key, ephemeral key, exercise key, explicit key authentication from A to B, group key encryption key, group traffic encryption key, hard copy key, hardened unique storage Key, hardwired key, implicit key authentication from A to B, interarea interswitch rekeying key, internet key exchange protocol, interswitch rekeying key, key agreement, key authentication, key bundle, key card, key confirmation, key confirmation from A to B, key control, key derivation function, key distribution, key distribution centre, key distribution service, key entry, key establishment, key exchange, key expansion, key generating function, key generation, key generation exponent, key generation material, key generator, key label, key length, key lifecycle, key lifetime, key list, key logger, key management device, key material identification number, key material identifier, key output, key owner, key pair, key processor, key production key, key resources, key service unit, key space, key state transition, key storage device, key stream, key tag, key tape, key token, key translation center, key translation centre, key transport, key update, key updating, key validation, key variable generator, key wrap, key wrapping, key-auto-key, key-encrypting key, key-encryption-key, key-escrow system, keyed hash, keyed hash algorithm, keying material, keys used to encrypt and decrypt files, keystroke logger, keystroke monitoring, local management device/key processor, lock-and-key protection system, loop key generator, maintenance key, manual key transport, manual remote rekeying, master crypto-ignition key, master crypto-ignition key custodian, master cryptographic ignition key, message authentication key, operational key, over-the-air key distribution, over-the-air key transfer, over-the-air rekeying, per-call key, plaintext key, point-to-point key establishment, post-nuclear event key, pre-shared key, pretty good privacy, private decipherment key, private key, private signature key, private-key cryptography, public encipherment key, public key enabling, public verification key, public-key, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key derivation function, public-key forward secrecy, public-key information, public-key infrastructure, public-key system, rekey, rekey (a certificate), remote rekeying, reserve keying material, root key, round key, secret key, secret-key cryptography, secure multipurpose internet mail extensions, security management infrastructure, seed key, session key, signature key, single point keying, split key, static key, symmetric algorithm, symmetric key, test key, token storage key, tokens, traffic encryption key, transmission security key, trusted key, type 3 key, unique interswitch rekeying key, update (key), verification key, virtual private network,; Related:Blowfish, CA certificate, CAPSTONE chip, CKMS, COMSEC Material Control System, COMSEC aid, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC system data, CRYPTO, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Clipper chip, Cryptographic Message Syntax, Data Authentication Algorithm, Diffie-Hellman, Escrowed Encryption Standard, FIPS PUB 140-1, FIPS approved security method, FIREFLY, Federal Standard 1027, Fortezza, IEEE P1363, IMAP4 AUTHENTICATE, International Data Encryption Algorithm, Internet Corporation for Assigned Names and Numbers, MIME Object Security Services, MISSI user, OAKLEY, PKCS #10, PKCS #11, PKIX, POP3 APOP, Photuris, RED signal, RSA algorithm, Rivest Cipher 2, Rivest Cipher 4, Rivest-Shamir-Adleman algorithm, SET private extension, Secure Data Network System, Simple Authentication and Security Layer, Skipjack, Standards for Interoperable LAN/MAN Security, The Exponential Encryption System, U.S.-controlled space, Wassenaar Arrangement, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, access control center, account authority digital signature, accountability, active state, advanced encryption standard, algorithm, applicant, archive, asymmetric algorithm, asymmetric cryptographic technique, asymmetric cryptography, attribute certificate, authentication protocol, authority revocation list, backup, bind, binding, biometrics, bit, block cipher, bound metadata, break, brute force attack, canister, certificate, certificate directory, certificate domain, certificate management, certificate policy, certificate policy qualifier, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification authority digital signature, certification hierarchy, certification path, certification request, certify, challenge-response protocol, challenge/response, chosen-ciphertext attack, chosen-plaintext attack, cipher, ciphertext-only attack, circuit proxy, class 2, 3, 4, or 5, clearing, cold start, command authority, common fill device, common name, common security, communications security, compromise, compromised state, computer abuse, control, controlling authority, countermeasures, critical security parameters, critical system files, cross-certification, cryptanalysis, cryptographic, cryptographic algorithm, cryptographic check function, cryptographic initialization, cryptographic module, cryptographic service, cryptographic system, cryptographic token, cryptography, cryptonet, cryptoperiod, data authentication code, data authentication code vs. Data Authentication Code, data encryption algorithm, data input, data origin authentication service, data transfer device, deactivated state, decipher, decrypt, destroyed compromised state, destroyed state, dictionary attack, diffie-hellman group, digital certification, digital envelope, digital id, digital signature algorithm, directly trusted CA, distinguished name, distribution point, domain name system, dongle, dual signature, elliptic curve cryptography, elliptic curve cryptosystem, encipherment, encryption, encryption algorithm, encryption certificate, encryption strength, end entity, escrow, extension, extraction resistance, fill device, fingerprint, forward secrecy, forward secrecy with respect to A, forward secrecy with respect to both A and B individually, function, garbled, generation, graphical-user interface, hashed message authentication code, hierarchy management, hybrid encryption, identification data, identifier, identity token, information systems security equipment modification, initialization value, initialize, intelligent threat, internet protocol security, invalidity date, kerberos, known-plaintext attack, link encryption, malicious applets, man-in-the-middle attack, merchant certificate, mesh PKI, message, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message integrity code, message representative, metadata, mode of operation, modulus, mutual forward secrecy, national information infrastructure, non-repudiation, nonce, object, ohnosecond, one-time cryptosystem, one-time pad, one-time passwords, one-time tape, one-way encryption, online certificate status protocol, operation, operations manager, organizational certificate, out-of-band, passwords, path discovery, peripheral equipment, personal digital assistant, personal identity verification, personal identity verification card, personal security environment, personality label, personalization service, physical protection, policy approving authority, policy certification authority, policy creation authority, pre-activation state, print suppression, privacy enhanced mail, private communication technology, private component, private decipherment transformation, proof of possession protocol, protected channel, protective packaging, protective technologies, public component, public encipherment transformation, random, randomizer, recover, registration, registration authority, release prefix, renewal, repository, retrieval, revocation, revocation date, revoked state, root, root certificate, secret, secure envelope, secure hash standard, secure hypertext transfer protocol, secure socket layer, security association identifier, security event, segregation of duties, self-signed certificate, shared secret, signature, signature certificate, signature function, signature generation, signature process, signature verification, signer, slot, smartcards, social engineering, soft TEMPEST, split knowledge, standard, start-up KEK, stream cipher, strong authentication, subject, subordinate certification authority, suspended state, symmetric cryptographic technique, symmetric cryptography, symmetric encipherment algorithm, symmetric encryption algorithm, system indicator, third party trusted host model, ticket, token copy, token management, transport, trapdoor, triple DES, trust, trust anchor, trust-file PKI, trusted certificate, trusted platform module chip, tunneled password protocol, two-person integrity, type 1 products, type 2 product, type 3 product, unforgeable, update, updating, user interface, user representative, users, v1 certificate, v2 certificate, v3 certificate, validate, validate vs. verify, validity period, verification, verification function, verification process, web of trust, workstation, zeroize,
key agreement: IncludedBy:key,; Related:algorithm, cryptography, encryption, establishment, function, information, message, process, public-key, shared secret,
key authentication: IncludedBy:authentication, key,; Related:assurance,
key bundle: IncludedBy:key,
key card: IncludedBy:key,
key center: Related:computer, cryptography, encryption, process, standard, system, users,
key confirmation: IncludedBy:key,; Related:assurance, entity, establishment, protocols,
key confirmation from A to B: IncludedBy:key,; Related:assurance, entity,
key control: IncludedBy:control, key,
key derivation function: IncludedBy:function, key,
key distribution: IncludedBy:key,; Includes:key distribution center, key distribution service,; Related:algorithm, cryptographic, key exchange, key management/exchange, process,
key distribution center: IncludedBy:kerberos, key distribution, key management,; PreferredFor:key distribution centre,; Related:communications security, cryptography, encryption, entity, protocols, standard, trust,
key distribution centre: HasPreferred:key distribution center,; IncludedBy:key,
key distribution service: IncludedBy:key, key distribution,; Related:authorized,
key entry: IncludedBy:key,; Related:cryptographic, module, process,
key establishment: IncludedBy:establishment, key,; Related:association, entity, information, process, security,
key exchange: IncludedBy:key,; Includes:Key Exchange Algorithm,; Related:communications, information, key distribution, process, public-key,
Key Exchange Algorithm: IncludedBy:algorithm, key, key exchange,; Related:National Security Agency, classified,
key expansion: IncludedBy:key,
key generating function: IncludedBy:function, key, key generation,; Related:algorithm, application, property,
key generation: IncludedBy:key,; Includes:key generating function, key generator,; Related:cryptographic, process,
key generation exponent: IncludedBy:key,; Related:trust,
key generation material: IncludedBy:key,
key generator: IncludedBy:key, key generation,; Related:algorithm, cipher, cryptographic, encryption, random,
key label: IncludedBy:key,
key length: IncludedBy:key,; Related:cryptographic,
key lifecycle: HasPreferred:key lifecycle state,; IncludedBy:key, lifecycle,
key lifecycle state: IncludedBy:key management, lifecycle,; Includes:active state, compromised state, deactivated state, destroyed compromised state, destroyed state, key state transition, pre-activation state, revoked state, suspended state,; PreferredFor:key lifecycle,; Related:compromise, cryptographic, destruction, revoked state,
key lifetime: IncludedBy:key, multilevel information systems security initiative,; Related:X.509, certificate, public-key, public-key infrastructure,
key list: IncludedBy:key,
key loader: IncludedBy:key management,; Related:cryptographic, module,
key logger: IncludedBy:attack, key,; Related:computer, encryption, keystroke logger, passwords, program,
key management: IncludedBy:management, security,; Includes:Internet Security Association and Key Management Protocol, Key Management Protocol, Simple Key-management for Internet Protocols, automated key distribution, automated key management center, automated key management system, cryptographic key management system, electronic key entry, electronic key management system, key, key distribution center, key lifecycle state, key loader, key management application service element, key management center, key management identification number, key management infrastructure, key management ordering and distribution center, key management protocol data unit, key management system, key management system Agent, key management user agent, key management/exchange, key recovery, key-escrow, manual key distribution, manual key entry, simple key management for IP,; Related:Cryptographic Message Syntax, Diffie-Hellman, FIPS PUB 140-1, FIREFLY, Federal Standard 1027, Rivest-Shamir-Adleman algorithm, Secure Data Network System, Standards for Interoperable LAN/MAN Security, application, asymmetric cryptography, audit, certification, communications security, control, cryptanalysis, cryptographic, cryptographic system, cryptographic token, cryptography, destruction, escrow, internet protocol security, one-time pad, policy, privacy enhanced mail, process, registration, revocation, secure hypertext transfer protocol, symmetric cryptography, system, token management,
key management application service element: IncludedBy:application, key management,
key management center: IncludedBy:key management,
key management device: IncludedBy:key, management,; Related:users,
key management identification number: IncludedBy:identification, key management,
key management infrastructure: IncludedBy:key management, management,; Related:certificate, control, cryptographic, object, process, public-key, software, subject, users,
key management ordering and distribution center: IncludedBy:key management,
Key Management Protocol: IncludedBy:key management, protocols, security protocol,; Related:users, version,
key management protocol data unit: IncludedBy:key management, protocols,
key management system: IncludedBy:key management, system,
key management system Agent: IncludedBy:key management, system,
key management user agent: IncludedBy:key management, users,
key management/exchange: IncludedBy:key management,; Related:communications, cryptographic, key distribution, privacy, public-key, system,
key material identification number: IncludedBy:key,
key material identifier: IncludedBy:key, multilevel information systems security initiative,; Related:X.509, certificate, public-key, public-key infrastructure,
key output: IncludedBy:key,; Related:cryptographic, metadata, module, process,
key owner: IncludedBy:key, owner,; Related:authorized, cryptographic, entity, identity, module,
key pair: IncludedBy:key,; Related:algorithm, cryptography, digital signature, encryption, owner, public-key, signature, system,
key processor: IncludedBy:key, process,
key production key: IncludedBy:key,
key recovery: IncludedBy:key management, recovery,; Includes:data key, encrypted key, key-encrypting key, key-escrow system, plaintext key, session key, split knowledge,; Related:access, access control, algorithm, association, authorized, backup, communications, confidentiality, cryptographic, encryption, escrow, establishment, key-escrow, operation, process, protocols, retrieval, standard, telecommunications, trust,
key resources: IncludedBy:key,
key service unit: IncludedBy:key,
key space: IncludedBy:key,; Related:algorithm, cryptographic,
key state transition: IncludedBy:key, key lifecycle state,; Related:lifecycle, process,
key storage device: IncludedBy:key,
key stream: IncludedBy:key,; Related:cipher, control, cryptographic system, process, security, system,
key tag: IncludedBy:key,; Related:identification, information,
key tape: IncludedBy:key,
key token: IncludedBy:key, tokens,; Related:entity, message,
key translation center: IncludedBy:key,; Related:cryptography, encryption, protocols, standard,
key translation centre: IncludedBy:key,; Related:entity, trust,
key transport: IncludedBy:key,; Related:algorithm, association, encryption, entity, establishment, message, process, public-key, random,
key update: IncludedBy:key, update,
key updating: IncludedBy:key,; Related:cryptographic, process,
key validation: IncludedBy:key, validation,; Related:attack, public-key, requirements,
key variable generator: IncludedBy:key,
key wrap: IncludedBy:key,
key wrapping: IncludedBy:key,; Related:information, integrity,
key-auto-key: IncludedBy:key,; Related:cryptographic,
key-encrypting key: IncludedBy:key, key recovery,; Related:application, cryptographic, encryption,
key-encryption-key: IncludedBy:encryption, key,; Related:authorization,
key-escrow: IncludedBy:escrow, key management,; Related:access, access control, audit, cryptographic, file, key recovery, process, system, trust,
key-escrow system: IncludedBy:escrow, key, key recovery, system,; Related:algorithm, authorization, classified, control, encryption, message, process, program, public-key, standard, technology, trust,
keyed hash: IncludedBy:hash, key,; Related:algorithm, attack, authentication, cryptographic, encryption, function, object, threat,
keyed hash algorithm: IncludedBy:algorithm, hash, key,; Related:authentication, code, message,
keying material: IncludedBy:key,; Related:association, authentication, code, cryptographic, information, security,
keys used to encrypt and decrypt files: IncludedBy:file, key,; Related:encryption, users,
keystroke logger: IncludedBy:key,; Related:identity theft, key logger, keystroke monitoring,
keystroke monitoring: IncludedBy:attack, key,; Related:audit, keystroke logger, response, software, users,
killer packets: IncludedBy:attack,; Related:code, network, system,
kiosk: Related:access, access control, computer,
KMI operating account: Related:control,
KMI protected channel: Related:authentication,
KMI-aware device: Related:identity,
known-plaintext attack: IncludedBy:attack,; Related:algorithm, analysis, cipher, cryptographic, cryptography, key,
KOA agent: Related:access, identity,
KOA manager: Related:management,
KOA registration manager
label: IncludedBy:security label,
labeled security protections: IncludedBy:security,; Related:access, access control, control, trust,
laboratory attack: IncludedBy:attack,; Related:information, recovery,
language: Related:authentication, authorization, automated information system, security,
language of temporal ordering specification: Related:computer, computer network, network, protocols,
laptop: HasPreferred:laptop computer,; IncludedBy:portable computer system,
laptop computer: IncludedBy:computer,; PreferredFor:laptop,; Related:automated information system, version,
large scale integration: Related:automated information system,
last mile broadband access: IncludedBy:access,
lattice: IncludedBy:Bell-LaPadula security model,; Related:test,
lattice model: IncludedBy:Bell-LaPadula security model, model,; Related:classification levels, classified, control, flow, system, test,
Law Enforcement Access Field: IncludedBy:Clipper chip, access,; Related:encryption, escrow, standard,
law enforcement sensitive: Related:classified, threat,
lawful permanent resident
Layer 2 Forwarding Protocol: IncludedBy:protocols, security protocol,; Related:internet, network, users,
Layer 2 Tunneling Protocol: IncludedBy:protocols, security protocol, tunnel,; Related:internet, network,
layer management entry
layer management interface: IncludedBy:interface,
layered solution: IncludedBy:security,; Related:attack, countermeasures,
lead: Related:subject,
leakage: IncludedBy:threat,; Related:authorized, computer, covert, system,
leapfrog attack: IncludedBy:attack,; Related:compromise, information, passwords, standard, users,
least privilege: IncludedBy:privilege,; Includes:need-to-know, subject,; Related:access, application, authorized, damage, entity, operation, resource, security, system, users,
least trust: IncludedBy:trust,; Related:security,
legacy data: Related:automated information system, information, standard,
legacy systems: IncludedBy:system,; Related:application, business process, computer, critical, information, operation, program,
letter of compelling need: Related:access, critical, risk, security,
letter of consent
letter of intent: Related:security, subject,
letterbomb: IncludedBy:email, threat,; Related:denial-of-service, malicious,
level of concern: Related:authorized, availability, integrity,
level of protection: Related:assurance, countermeasures, information, information assurance, network, risk, security, standard, system, threat, vulnerability,
levels of concern: Related:assurance, availability, confidentiality, control, critical, exposures, information, information assurance, integrity, risk, security, system, threat, vulnerability,
liability
license: Related:software,
lifecycle: Includes:key lifecycle, key lifecycle state, lifecycle management, lifecycle stage,; Related:active state, certificate management services, compromised state, deactivated state, destroyed compromised state, destroyed state, interface control document, key state transition, pre-activation state, revoked state, security event, software assurance, suspended state, system,
lifecycle management: IncludedBy:automated information system, lifecycle,; Related:information, process, system,
lifecycle stage: IncludedBy:lifecycle,
light tower: Related:control, process,
Lightweight Directory Access Protocol: IncludedBy:access, protocols, security protocol,; Related:application, authentication, requirements, resource,
likelihood of occurrence: Related:assurance, risk, threat, vulnerability,
limited access authorization: IncludedBy:access, authorization,; Related:United States citizen,
limited background investigation: Related:subject,
limited maintenance: Related:communications security,
limited network analyzer: IncludedBy:network,; Related:analysis,
limited rate initial preproduction
line conditioning: Related:communications, control, interface, telecommunications,
line conduction: Related:communications, control, interface, telecommunications,
line managers: Related:application, availability, confidentiality, critical, integrity, process,
line of business: Related:management, security,
line supervision: Related:certification, compromise, security,
line-of-sight signal propagation
linear predictive coding
lines of business: Related:function, information, operation, resource, version,
link: Related:communications, computer, hyperlink, network, world wide web,
link encryption: IncludedBy:encryption,; Related:algorithm, application, communications, flow, information, key, network, operation, system,
list-oriented: Antonym:ticket-oriented,; IncludedBy:authorization,; Includes:object, subject,; Related:access, access control, authorized, computer, system,
listserv: IncludedBy:internet,
local access: IncludedBy:access,
local agency check: Related:criminal, security, subject,
local authority: IncludedBy:authority,; Related:certificate, management, users,
local logon: IncludedBy:logon,; Related:access, users,
local loop: Related:communications,
local management device
local management device/key processor: IncludedBy:key, process,; Related:communications security, users,
local registration authority
local requirements: Antonym:global requirements,; IncludedBy:requirements, trusted computing base,; Related:analysis,
local-area network: IncludedBy:network,; Related:communications, computer, connection, control, gateway, process, system, users, wide-area network,
lock-and-key protection system: IncludedBy:key, system,; Related:access, access control, assurance, passwords,
lockout: Related:access, access control, application, logon,
logged in: IncludedBy:access control,; Related:access, automated information system, system,; Synonym:logon,
logging: IncludedBy:firewall,; Related:evidence, process, system, test, users,; Synonym:audit trail,
logic bombs: IncludedBy:exploit,; Related:access, access control, authorized, backup, code, computer, damage, denial-of-service, file, malicious, program, resource, software, system, time bomb, virus,
logical access: IncludedBy:access,; Related:authorized, control, function, security, system, users,
logical access control: IncludedBy:access, control,; Related:authorized, process, program, resource, users,
logical co-processing kernel: IncludedBy:process,
logical completeness measure: Related:access, access control, control, security,
logical perimeter: Related:users,
logical system definition: IncludedBy:automated information system, system,; Related:function, information, network,
login: IncludedBy:access control,; Includes:anonymous and guest login, anonymous login, login prompt, remote login,; Related:S/Key, access, audit, audit trail, backdoor, computer security technical vulnerability reporting program, control, control systems, default account, entity, ethernet sniffing, file, one-time passwords, passwords, repository, resource, secure shell, security-relevant event, single sign-on, system, telnet, tinkerbell program,; Synonym:logon,
login prompt: IncludedBy:login,; Related:passwords, system, users,
logoff: IncludedBy:access control,; Related:access, authorized, logon,
logon: IncludedBy:access control, authentication,; Includes:automated logon sequences, console logon, failed logon, local logon, remote logon,; Related:access, authorized, lockout, logoff, secure single sign-on, security-relevant event,; Synonym:logged in, login,
long title: Related:communications security,
long-haul telecommunications: Related:connection, foreign,
loop: IncludedBy:risk,; Related:computer, process, program,
loop key generator: IncludedBy:key,
loophole: IncludedBy:threat,; Related:policy, security, software, system,
low impact: Related:availability, damage, security,
low probability of detection: Related:risk,
low probability of intercept: Related:risk,
low-cost encryption/authentication device: IncludedBy:authentication, encryption,
low-impact system: IncludedBy:system,; Related:availability, information, integrity, object, security,
lurking: IncludedBy:threat,; Related:internet,
MAC algorithm key: IncludedBy:algorithm, key,; Related:control, operation,
machine controller: IncludedBy:control,; Related:control systems, system,
macro virus: IncludedBy:threat, virus,; Related:application, file, process, program,
magnetic media
magnetic remanence: IncludedBy:overwrite procedure,; Related:information,; Synonym:remanence,
mailbomb: IncludedBy:email, threat,; PreferredFor:mailbombing,; Related:attack, system,
mailbombing: HasPreferred:mailbomb,
mailing list: IncludedBy:internet,
main mode: Related:establishment, internet protocol security, internet security protocol, message,
maintainability: Related:availability, operation, program,
maintenance: Related:fault, function, process, software, system,
maintenance hook: IncludedBy:risk,; Related:access, access control, code, development, software,
maintenance key: IncludedBy:key,
major application: IncludedBy:application,; Related:access, access control, authorized, communications, function, information, management, program, requirements, resource, risk, security, software, system, technology, telecommunications, unauthorized access, users,
major information system: IncludedBy:information, system,; Related:development, management, program, property, resource, role,
malicious: Includes:malicious applets, malicious code, malicious code screening, malicious intruder, malicious logic, malicious program,; Related:Common Criteria for Information Technology Security, IS related risk, IT-related risk, agent, ankle-biter, antivirus tools, attack, attackers, backdoor, blacklist, blended attack, closed security environment, computer abuse, configuration control, cracker, dark-side hacker, data integrity, data integrity service, demon dialer, evasion, false negative, false positive, hackers, infection, information assurance, information assurance product, integrity, letterbomb, logic bombs, malware, man-in-the-middle attack, masquerade, mockingbird, open security, open security environment, payload, replay attacks, risk, rootkit, sandboxed environment, security, social engineering, spyware, threat, time bomb, trojan horse, trusted process, untrusted process, virus, vulnerability, worm,
malicious applets: IncludedBy:malicious, threat,; Related:application, authorized, computer, file, function, key, program, resource,
malicious code: IncludedBy:code, malicious, threat,; Includes:backdoor, malware, rootkit, spyware, trojan horse, virus, worm,; Related:application, authorized, availability, damage, entity, integrity, malicious logic, process, program, software, system,
malicious code screening: IncludedBy:malicious,; Related:connection,
malicious intruder: IncludedBy:malicious, threat,; Related:access, access control, authorization, computer, insider,
malicious logic: IncludedBy:malicious, threat consequence,; Related:access, access control, authorized, computer, control, function, malicious code, resource, software, system, unauthorized access, users, virus,
malicious program: IncludedBy:malicious, program, threat,; Related:application, authorized, code,
malware: IncludedBy:malicious code,; Related:adversary, antispyware software, antivirus software, application, authorized, availability, blended attack, code, compromise, computer, covert, deny by default, disinfecting, entity, indication, information, integrity, malicious, on-access scanning, on-demand scanning, precursor, process, program, quarantine, quarantining, security, signature, software, spyware, system, virus, virus definitions, worm,
man-in-the-middle: HasPreferred:man-in-the-middle attack,
man-in-the-middle attack: IncludedBy:attack,; PreferredFor:man-in-the-middle,; Related:adversary, algorithm, association, attack, authentication, claimant, function, impersonation, information, key, malicious, message, protocols, verifier,
management: Includes:Management Act, certificate management, certificate management authority, enterprise risk management, information management, key management, key management device, key management infrastructure, management client, management controls, management security controls, patch management, policy management authority, privilege management, records management, risk management, risk management framework, security management dashboard,; Related:Clinger-Cohen Act of 1996, FIREFLY, IA infrastructure, IT security policy, IT security training, KOA manager, NSA-approved cryptography, access control mechanisms, access type, adequate security, advanced key processor, agreement, approval to operate, approved security function, authorization (to operate), central services node, certificate, certificate policy, certification, certification analyst, chief information officer, cloud computing, commodity service, compensating security controls, contingency plan, continuity of operations plan, covert testing, crypto officer, cryptographic system survey, device distribution profile, device registration manager, disaster recovery plan, electronic messaging services, end cryptographic unit, enrollment manager, enterprise, federal enterprise architecture, general support system, information security program plan, information steward, information technology, line of business, local authority, major application, major information system, mission critical, national security system, national vulnerability database, officer, personnel registration manager, policy certification authority, primary services node (prsn), product source node, resilience, risk analysis, risk assessment, risk mitigation, risk monitoring, security, security control assessment, security controls, security net control station, security program plan, security safeguards, security service, system security plan,
Management Act: IncludedBy:management,; Related:security,
management client: IncludedBy:management,; Related:access,
management control processes: IncludedBy:control, process,; Related:IT security, program, requirements, security,
management controls: IncludedBy:control, management,; Related:authorization, countermeasures, development, information, information security, process, risk, risk management, security, security controls, system,
management countermeasure: Related:assessment, risk, security,
management engineering plan
management information base: IncludedBy:information, internet,
management message: Related:attack, privacy,
management network: IncludedBy:network,; Related:security, software,
management security controls: IncludedBy:control, management, security,; Related:risk,
management server: Related:application, identify, information, intrusion, intrusion detection, protocols, system,
mandatory access control: IncludedBy:access, control,; Related:authorization, classified, critical, entity, file, flow, information, object, owner, policy, resource, security, subject, system, trust, users,; Synonym:non-discretionary access control,
mandatory declassification review: Related:classified, requirements,
mandatory modification: Related:communications security,
manipulated variable: Related:control, process,
manipulation detection code: IncludedBy:code,; Related:attack,
manipulative communications deception: IncludedBy:communications,; Related:telecommunications,
manual cryptosystem: IncludedBy:cryptographic system, cryptography, system,; Related:cryptographic, process,
manual key distribution: IncludedBy:key management,; Related:cryptographic,
manual key entry: IncludedBy:key management,; Related:cryptographic, module,
manual key transport: IncludedBy:key,
manual remote rekeying: IncludedBy:key, rekey,
markup language: IncludedBy:internet, standard generalized markup language,; Related:system,
mask generation function: IncludedBy:function,; Related:property,
masquerade: IncludedBy:threat consequence,; Includes:DNS spoofing, address spoofing, ip spoofing, masquerade attack, masquerading, mimicking, spoofing, spoofing attack,; Related:access, access control, alias, authorized, entity, malicious, system,; Synonym:impersonation,
masquerade attack: IncludedBy:attack, masquerade,; Related:entity, identity, system,
masquerading: IncludedBy:attack, masquerade,; Related:access, access control, authentication, authorized, entity, identity, impersonation, spoof, system, users,
mass mailing worm: IncludedBy:worm,; Related:identify, system,
mass-market software: IncludedBy:software, software product,; Related:COTS software, users,
master control switch: IncludedBy:control,
master crypto-ignition key: IncludedBy:key,; Related:operation,
master crypto-ignition key custodian: IncludedBy:key,; Related:security,
master cryptographic ignition key: IncludedBy:key,
master file: IncludedBy:automated information system, file,; Related:information,
match: IncludedBy:biometrics,; Related:information, process,
material
material symbol
matrix: Related:function, hash,
maximum tolerable downtime
MD2: Related:cryptographic, cryptography, hash,
MD4: Related:cryptographic, cryptography, hash,
MD5: Related:cryptographic, cryptography, hash, version,
meaconing, intrusion, jamming, and interference: IncludedBy:communications security, intrusion, jamming,
mean
mean absolute deviation
mean-time-between-failure: IncludedBy:failure,
mean-time-between-outages: IncludedBy:failure,
mean-time-to-fail: IncludedBy:failure,
mean-time-to-repair: Related:failure,
mean-time-to-service-restoral: Related:failure,
measure
measurement and signature intelligence: IncludedBy:intelligence,; Related:analysis,
mechanisms: Related:program, software, system,
media: Related:object,
media access control address: IncludedBy:access, control,; Related:standard,
media library: Related:control,
media protection: Related:authorized, control, exposures, operation, security, system,
media sanitization
median
MEI resource elements: IncludedBy:minimum essential infrastructure, resource,; Related:vulnerability,
memorandum of agreement: HasPreferred:memorandum of understanding,
memorandum of understanding: PreferredFor:memorandum of agreement,; Related:connection, system,
memory: Related:computer,
memory component
memory resident: Related:system, virus,
memory scavenging: IncludedBy:automated information system, threat,; Related:information,
memory space-time
merchant: IncludedBy:Secure Electronic Transaction,; Related:information,
merchant certificate: IncludedBy:Secure Electronic Transaction, certificate,; Related:digital signature, encryption, key, public-key, signature,
merchant certification authority: IncludedBy:Secure Electronic Transaction, authority, certification, public-key infrastructure,; Related:certificate, gateway,
merge access: IncludedBy:access,
mesh PKI: IncludedBy:public-key, public-key infrastructure,; Related:certificate, key, trust, users, validation,
message: Includes:Cryptographic Message Syntax, Internet Message Access Protocol, version 4, Message Security Protocol, autonomous message switch, defense message system, emergency action message, hashed message authentication code, improved emergency message automatic transmission system, internet control message protocol, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message digest, message digest algorithm 5, message externals, message handling system, message identifier, message indicator, message integrity code, message passing, message representative, signed message,; Related:COMSEC control program, Internet Engineering Task Force, MIME Object Security Services, NRD token, NRO token, NRS token, NRT token, OSI architecture, Post Office Protocol, version 3, Rivest-Shamir-Adleman algorithm, SET private extension, Secure Data Network System, Secure/MIME, X.400, active wiretapping, aggressive mode, alert, algorithm, assignment, asymmetric algorithm, asymmetric cryptographic algorithm, asymmetric cryptographic technique, audit trail, authentication, authentication protocol, authenticity, baggage, bounce, brand CRL identifier, brevity list, brute force attack, capacity, certificate, certification authority, ciphertext, code, component, cookies, cryptanalysis, cryptographic functions, cryptography, data authentication code, data authentication code vs. Data Authentication Code, data encryption key, data encryption standard, data input, denial-of-service, dictionary attack, digital envelope, digital signature, digital signature algorithm, domain parameter, dual signature, dynamic binding, eavesdropping, electronic signature, email, email security software, encapsulating security payload, encryption software, exchange multiplicity parameter, fieldbus, file integrity checker, file integrity checking, flooding, future narrow band digital terminal, hash, hash algorithm, hash function, hash result, hash value, high assurance guard, imitative communications, information systems security equipment modification, initialization value, internet, key, key agreement, key token, key transport, key-escrow system, keyed hash algorithm, main mode, man-in-the-middle attack, multipurpose internet mail extensions, network, non-recoverable part, non-repudiation, non-repudiation of creation, non-repudiation of delivery, non-repudiation of knowledge, non-repudiation of origin, non-repudiation of receipt, non-repudiation of sending, non-repudiation of submission, non-repudiation of transport, null, open system interconnection model, organizational certificate, originator, packet, packet switching, payment gateway, peer-to-peer communication, polling, polymorphism, pre-signature, pretty good privacy, privacy enhanced mail, protected channel, protocol data unit, protocol run, proxy server, public-key infrastructure, public-key system, recipient, recoverable part, reflection attack, replay attacks, rootkit, router, run manual, salt, secret key, secret-key cryptography, secure hash algorithm, secure hash standard, secure hypertext transfer protocol, secure multipurpose internet mail extensions, signaling, signature, signature process, simple mail transfer protocol, simple network management protocol, smurf, sniffer, spam, spam filtering software, spamming, steganography, superencryption, symmetric cryptography, symmetric key, system indicator, time variant parameter, token authenticator, tokens, traffic load, traffic padding, traffic-flow security, trailer, trap, trapdoor, troll, tunnel, tunneling, verification process, virus hoax, vishing, wireless gateway server,
message authentication code: IncludedBy:authentication, code, message,; Includes:hashed message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code,; Related:algorithm, cryptographic, cryptography, data authentication code vs. Data Authentication Code, hash function, integrity, key, message integrity code,; Synonym:data authentication code,
message authentication code algorithm: IncludedBy:algorithm, code, message, message authentication code,; Related:cryptographic, cryptography, function, key, requirements,
message authentication code vs. Message Authentication Code: IncludedBy:code, message, message authentication code,; Related:algorithm, cipher, computer, cryptography, email, encryption, function, hash, integrity, key, software, standard,
message authentication key: IncludedBy:authentication, key,
message digest: IncludedBy:message,; Includes:message digest algorithm 5,; PreferredFor:digest,; Related:algorithm, cryptographic, file, function, hash, integrity, property, signature, test,
message digest algorithm 5: IncludedBy:algorithm, message, message digest,; Related:cryptographic,
message externals: IncludedBy:message,; Related:information,
message handling system: IncludedBy:message, system,; Related:email, users,
message identifier: IncludedBy:message,; Related:identify,
message indicator: IncludedBy:message,; Related:communications, cryptographic system, cryptography, system,
message integrity check: HasPreferred:message integrity code,
message integrity code: IncludedBy:code, integrity, message,; PreferredFor:message integrity check,; Related:authentication, computer, email, encryption, hash, key, message authentication code, software,
message passing: IncludedBy:message,; Related:object, operation, target,
message representative: IncludedBy:message,; Related:function, key, signature,
Message Security Protocol: IncludedBy:message, protocols, security protocol,; Related:National Security Agency, internet, program, system,
meta-language: Related:application, computer, semantics,
metadata: IncludedBy:database management system,; Includes:bound metadata,; Related:CKMS, compromise, cryptographic, cryptographic key management system, destroyed compromised state, destroyed state, domain, file, generation, information, key, key output, process, registration,
metrics: Related:algorithm, assessment, function, process, random, software, software development,
metropolitan area networks: IncludedBy:network,
microcode: IncludedBy:code, cryptographic module,; Related:computer, program,
mid-level certification: IncludedBy:certification,; Related:availability, confidentiality, integrity, system,
middleware: Related:application, computer, software, system,
million instruction per second: IncludedBy:automated information system,
MIME Object Security Services: IncludedBy:internet, object, security protocol,; Related:cryptography, digital signature, encryption, key, message, protocols, signature,
mimicking: IncludedBy:attack, masquerade,; Related:impersonation, spoof,; Synonym:spoofing,
min-entropy: Related:attack, attackers, passwords, random, system, users,
mine warfare: IncludedBy:warfare,
miniature receiver terminal
miniature terminal
minimalist cryptography: IncludedBy:cryptography,
minimum background investigation: Related:subject, trust,
minimum essential emergency communications network: IncludedBy:communications, minimum essential infrastructure, network,
minimum essential infrastructure: Includes:MEI resource elements, minimum essential emergency communications network,; Related:access control, accountability, areas of potential compromise, availability, continuity of services and operations, segregation of duties,
minimum essential requirements: IncludedBy:requirements,
Minimum Interoperability Specification for PKI Components: IncludedBy:interoperability, public-key infrastructure,; Related:certificate, file, operation, profile,
minimum level of protection: Related:assurance, risk,
minor application: Related:access, risk, security,
minor derogatory information: Related:security,
minutiae: IncludedBy:biometrics,
mirroring: Related:availability, backup, computer, computer network, process,
misappropriation: IncludedBy:threat consequence,; Related:attack, authorized, control, entity, resource, system,
misnamed files
MISSI user: IncludedBy:multilevel information systems security initiative, users,; Related:Fortezza, X.509, certificate, certification, entity, key, process, public-key, public-key infrastructure, subject, system,
mission assurance category: IncludedBy:assurance,; Related:availability, certification, object, requirements,
mission critical: IncludedBy:critical,; Related:access, authorized, classified, communications, information, information security, management, operation, process, security, system, telecommunications, vulnerability,
mission critical system: IncludedBy:critical, system,; Related:business process, process,
mission essential
mission needs statement: IncludedBy:threat,
misuse: IncludedBy:threat consequence,; Related:function, security, system,
misuse detection model: IncludedBy:model, security policy model,; Related:intrusion, rules based detection, system, vulnerability,
mitigation: IncludedBy:risk management,; Related:incident, response,
mnemonic
mobile code: IncludedBy:code,; Related:information, module, program, software, system, users,
mobile code technologies: Related:software,
mobile device
mobile software agent: IncludedBy:software,
mobile subscribe
mobile subscriber equipment
mobile topology
mockingbird: IncludedBy:threat,; Related:computer, function, malicious, process, program, system, users,
mode: HasPreferred:mode of operation,
mode of operation: IncludedBy:operation,; PreferredFor:mode,; Related:access, access control, algorithm, application, authorization, authorized, cipher, classification levels, classified, cryptographic, encryption, information, key, policy, process, security, system, users,
model: Includes:Bell-LaPadula security model, Biba Integrity model, Biba model, Clark Wilson integrity model, Open Systems Interconnection Reference model, TOE security policy model, anomaly detection model, as-is process model, formal model of security policy, formal security policy model, lattice model, misuse detection model, modeling or flowcharting, open system interconnection model, security model, security policy model, simulation modeling, third party trusted host model, to-be-process model,; Related:*-property, CASE tools, OSI architecture, Standards for Interoperable LAN/MAN Security, analysis, client server, credentials, discrete event simulation, domain, energy-efficient computer equipment, finite state machine, formal development methodology, formal top-level specification, formal verification, internet vs. Internet, object, operation, process, prototyping, secure hypertext transfer protocol, security, security policy, simple security condition, simple security property, subject, system, ticket, top-level specification, tranquility, trusted subject, verification, world class organizations,
model experimental development model/exploratory development model
modeling or flowcharting: IncludedBy:flow, model,; Related:process,
modem: Related:application, computer,
moderate impact: Related:availability, damage, security, threat,
moderate-impact system: IncludedBy:system,; Related:availability, information, integrity, object, security,
modes of operation: IncludedBy:operation,; Includes:automated information system, dedicated security mode, multilevel device, multilevel secure, multilevel security mode, multiuser mode of operation, partitioned security mode, protection ring, single-level device, stand-alone, shared system, stand-alone, single-user system, system high, system low, system-high security mode,; Related:access, access control, authorization, authorized, classification levels, classified, control, function, information, process, program, security, software, system, trust, users,
modification/configuration control board: IncludedBy:control,
modular software: IncludedBy:software,; Related:module, process,
modularity: Related:module, software,
module: Includes:COMSEC module, cryptographic module, cryptographic module security policy, plug-in modules, trusted platform module chip,; Related:Commercial COMSEC Evaluation Program, FIPS PUB 140-1, PC card, common data security, control information, critical security parameters, cryptographic boundary, cryptographic ignition key, cryptographic service, cryptographic token, electronic key entry, environmental failure protection, environmental failure testing, hardware, information systems security product, input data, interface, key entry, key loader, key output, key owner, manual key entry, mobile code, modular software, modularity, operator, output data, physical protection, port, portability, security event, session key, software architecture, split knowledge, status information, trusted path, type 3 product, validate vs. verify, white-box testing, worm, zeroize,
modulus: Related:cryptography, key, public-key,
monitor: Related:evidence, trust,
monitoring and evaluation: IncludedBy:evaluation,; Related:assessment, process, risk, risk management, security testing, test, validation,
Monitoring of Evaluations: IncludedBy:Common Criteria Testing Laboratory, evaluation,; Related:confidence, function, security,
monolithic TCB: IncludedBy:trusted computing base,
morris worm: IncludedBy:worm,; Related:program,
motion control network: IncludedBy:control, network,; Related:application,
motion detection sensor
motivation: IncludedBy:security,; Related:access, access control, adversary, attack, authorized, unauthorized access,
multi-hop problem: Related:risk, security, software,
multi-hop relay topology
multi-releasable: Related:access, control, users,
multi-security level: IncludedBy:security,; Related:information, process,
multicast: Related:communications, information, system,
multifactor authentication: IncludedBy:authentication,
multihost based auditing: IncludedBy:audit, automated information system,; Related:intrusion,
multilevel device: IncludedBy:modes of operation,; Related:compromise, process, risk, security, trust,
multilevel information systems security initiative: IncludedBy:National Security Agency, computer security, information, system,; Includes:MISSI user, SSO PIN, SSO-PIN ORA, certificate, certificate rekey, certification, certification hierarchy, compromised key list, domain, key, key lifetime, key material identifier, no-PIN ORA, organizational certificate, organizational registration authority, personality label, policy approving authority, policy creation authority, root, root registry, slot, subordinate certification authority, user PIN, user-PIN ORA,; Related:network, program,
multilevel mode: Related:access, access control, information, operation, process, security, system, users,
multilevel secure: IncludedBy:modes of operation,; Related:access, access control, authorization, information, resource, security, system, users,
multilevel security: IncludedBy:authorization, security,; Includes:controlled security mode,; Related:access, access control, classification levels, classified, communications, information, process, system,
multilevel security mode: IncludedBy:modes of operation, security,; Includes:system-high security mode,; Related:access, access control, accreditation, authorization, classification levels, classified, information, operation, policy, process, system, users,
multimedia: Related:information,
multinational warfare: IncludedBy:warfare,
multipartite virus: IncludedBy:virus,; Related:file,
multiple access rights terminal: IncludedBy:access,; Related:users,
multiple component incident: IncludedBy:incident,
multiple facility organization: Related:trust, multiple input, multiple output technology:
multiple input, multiple output technology:
multiple security levels: IncludedBy:security,; Related:trust,
multiple sources
multipurpose internet mail extensions: IncludedBy:email, internet, security protocol,; Includes:secure multipurpose internet mail extensions,; Related:application, file, message, protocols, system,
multiuser mode of operation: IncludedBy:modes of operation, operation, users,; Related:classified, computer, information, process, requirements, system,
mutation analysis: IncludedBy:analysis,; Related:error seeding, program, test,
mutation testing: IncludedBy:security testing, test,; Related:program,
mutual authentication: IncludedBy:authentication,; Related:assurance, entity, identity, unilateral authentication,; Synonym:mutual entity authentication,
mutual entity authentication: IncludedBy:authentication, entity,; Related:assurance, identity,; Synonym:mutual authentication,
mutual forward secrecy: IncludedBy:forward secrecy,; Related:key, operation, property,
mutual recognition of certificates: IncludedBy:certificate,
mutual suspicion: IncludedBy:security,; Related:entity, function, system, trust,
mutually suspicious: IncludedBy:security,; Related:function, process, program, property, system,
n-bit block cipher: IncludedBy:cipher,; Related:property,
nak attack: IncludedBy:attack,; Related:penetration, system,
naming authority
narrowband network: IncludedBy:network,
national agency check: Related:security,
national agency check plus written inquiries: Related:security,
national agency check with local agency checks and credit check: Related:security,
National Communications System: IncludedBy:communications, system,
national computer security assessment program: IncludedBy:assessment, computer, computer security, program,; Related:analysis, critical, file, information, profile, system, threat, vulnerability,
National Computer Security Center: IncludedBy:computer, computer security,; Includes:trusted computer system,; Related:National Security Agency, availability, criteria, evaluation, network, system, trust,
National Computer Security Center glossary: IncludedBy:computer, computer security,; Related:network, trust,
National COMSEC Advisory Memorandum: IncludedBy:advisory, communications security,
National COMSEC Information Memorandum: IncludedBy:communications security, information,
National COMSEC Instruction: IncludedBy:communications security,
National Cryptologic School: IncludedBy:cryptography,
National Industrial Security Advisory Committee: IncludedBy:advisory, security,
national information assurance partnership: IncludedBy:Common Criteria for Information Technology Security, National Institute of Standards and Technology, information, information assurance,; Includes:Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Evaluation Methodology, NIAP Common Criteria Evaluation and Validation Scheme, NIAP Oversight Body, National Voluntary Laboratory Accreditation Program, accreditation body, approved technologies list, approved test methods list, degausser products list, deliverables list, designated laboratories list, endorsed tools list, evaluated products list, preferred products list, validated products list,; Related:National Security Agency, accreditation, confidence, criteria, file, function, information security, object, profile, program, quality, requirements, security testing, system, technology, test, users,
national information infrastructure: IncludedBy:information,; Related:adversary, communications, computer, connection, critical, internet, key, network, users,
National Institute of Standards and Technology: IncludedBy:standard, technology,; Includes:Clipper chip, Common Criteria for Information Technology Security, Computer Security Objects Register, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Criteria Vol. I, Federal Information Processing Standards, Federal Standard 1027, Fortezza, NIAP Common Criteria Evaluation and Validation Scheme, advanced encryption standard, data authentication code, data encryption standard, national information assurance partnership, object identifier, party, validate vs. verify,; Related:classified, information, information security,
national intelligence: IncludedBy:intelligence,; Related:security, threat,
National of the United States: HasPreferred:United States national,
national quality award: IncludedBy:quality,
National Security Agency: IncludedBy:security,; Includes:CAPSTONE chip, Clipper chip, Fortezza, Skipjack, degausser, degausser products list, evaluated products list, multilevel information systems security initiative, preferred products list, rainbow series,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, Message Security Protocol, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, Secure Data Network System, Type I cryptography, Type II cryptography, classified, information, information security, intelligence, national information assurance partnership, party, system,
National Security Agency/Central Security Service: IncludedBy:security,
National Security Decision Directive 145: IncludedBy:security,; Includes:object, subcommittee on Automated Information System security, subcommittee on telecommunications security,; Related:communications, computer security, information, policy, process, system, telecommunications,
National Security Decision Directive: IncludedBy:security,
National Security Directive: IncludedBy:security,
National Security Emergency Preparedness: IncludedBy:security,
national security information: IncludedBy:information, security,; Related:access, access control, authorized, classified, control, control systems, intelligence, process, system,
national security system: IncludedBy:security, system,; Related:application, authorized, classified, code, communications, control, criteria, critical, cryptography, foreign, function, information, information security, intelligence, management, operation, policy, subject, telecommunications,
National Security Telecommunications Advisory Committee: IncludedBy:advisory, communications, security, telecommunications,
National Security Telecommunications and Information Systems Security Advisory/Information Memorandum: IncludedBy:advisory, communications, computer security, information, system, telecommunications,
National Security Telecommunications and Information Systems Security Committee: IncludedBy:communications, computer security, information, system, telecommunications,; Related:operation, policy,
National Security Telecommunications and Information Systems Security Directive: IncludedBy:communications, computer security, information, system, telecommunications,
National Security Telecommunications and Information Systems Security Instruction: IncludedBy:communications, computer security, information, system, telecommunications,
National Security Telecommunications and Information Systems Security Policy: IncludedBy:communications, computer security, information, policy, system, telecommunications,
national security-related information: IncludedBy:security,; Related:classified, foreign,
National Telecommunications and Information Administration: IncludedBy:communications, information, telecommunications,; Related:network,
national telecommunications and information system security directives: IncludedBy:communications, computer security, information, system, telecommunications,; Related:authority, backup, program,
National Telecommunications and Information Systems Security Advisory Memoranda/Instructions: IncludedBy:advisory, communications, computer security, information, system, telecommunications,
National Telecommunications and Information Systems Security Directive: IncludedBy:communications, computer security, information, system, telecommunications,
National Telecommunications and Information Systems Security Instruction: IncludedBy:communications, computer security, information, system, telecommunications,
National Telecommunications and Information Systems Security Policy: IncludedBy:communications, computer security, information, policy, system, telecommunications,
National Voluntary Laboratory Accreditation Program: IncludedBy:accreditation, national information assurance partnership, program,; Related:IT security, authority, computer security, criteria, evaluation, security, validation,
national vulnerability database: IncludedBy:vulnerability,; Related:management, security,
nations: IncludedBy:threat,; Related:United States citizen, communications, cyberspace, entity, information, program,
natural benchmark: Related:program, users,
natural disaster: IncludedBy:threat consequence,; Related:critical, critical infrastructures, function, system,
naval coastal warfare: IncludedBy:warfare,; Related:control, policy, security,
naval expeditionary warfare: IncludedBy:warfare,; Related:object,
naval nuclear propulsion information: Related:classified,
naval special warfare: IncludedBy:warfare,; Related:application,
need for access: IncludedBy:access,; Related:authorized, classified,
need-to-know: IncludedBy:access control, least privilege,; Includes:need-to-know determination,; Related:access, authorized, classified, information,
need-to-know determination: IncludedBy:authorization, need-to-know,; Related:access, authorized, information,
negative acknowledgment
negative tests: IncludedBy:test,; Related:security testing, software,
negotiated acquisition: Related:response,
net control station: IncludedBy:control,
net present value
net-centric architecture
network: IncludedBy:automated information system,; Includes:ARPANET, Advanced Research Projects Agency Network, Defense Information System Network, Defense Information Systems Network, Defense Information Systems Network Designated Approving Authority, Integrated services digital network, Network File System, Network Layer Security Protocol, Secure Data Network System, Trusted Network Interpretation Environment Guideline, ad hoc network, advanced intelligence network, advanced intelligent network, automatic digital network, bot-network operators, broadband network, centrally-administered network, communications, computer network, computer network attack, computer network defense, computer network exploitation, computer network operations, control network, defense switched network, encrypted network, external network, financial crimes enforcement network, global network information environment, ground wave emergency network, information system and network security, interconnected network , internal network, internetwork, internetwork private line interface, joint task force-computer network defense, limited network analyzer, local-area network, management network, metropolitan area networks, minimum essential emergency communications network, motion control network, narrowband network, network access, network access control, network address translation, network administrator, network analyzer, network architecture, network based, network behavior analysis system, network component, network configuration, network connection, network device, network discovery, network front-end, network information services, network interface card, network layer security, network level firewall, network management, network management architecture, network management protocol, network management software, network manager, network protocol stack, network reference monitor, network security, network security architecture, network security architecture and design, network security officer, network service worm, network services, network size, network sniffing, network sponsor, network system, network tap, network topology, network trusted computing base, network weaving, network worm, network-based intrusion prevention system, networking features of software, personal communications network, physically isolated network, protected network, robust security network, secure network server, security policy automation network, simple network management protocol, subnetwork, trusted network interpretation, unclassified internet protocol router network, unified network, unlimited network analyzer, unprotected network, value-added network, virtual network perimeter, virtual private network, wide-area network, wireless local area network,; Related:Chernobyl packet, Common Criteria for Information Technology Security, Defense Information Infrastructure, Estelle, Extensible Authentication Protocol, Guidelines and Recommendations for Security Incident Processing, IEEE 802.10, IP address, IP splicing/hijacking, Internet Assigned Numbers Authority, Internet Protocol Security Option, Internet worm, Java, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, NTCB partition, National Computer Security Center, National Computer Security Center glossary, National Telecommunications and Information Administration, OSI architecture, Open Systems Interconnection Reference model, Red book, SATAN, SOCKS, Secure Data Exchange, Secure Electronic Transaction, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, acceptable level of risk, acceptable use policy, access control, accreditation, accreditation range, address spoofing, alarm reporting, alarm surveillance, alert, application program interface, asynchronous transfer mode, attack, auditing tool, authenticate, authentication service, automated key distribution, automated security incident measurement, bandwidth, bastion host, brand, break, brouters, cascading, cellular transmission, checksum, circuit switching, class hierarchy, communication channel, component, computer, computer emergency response team, computer oracle and password system, computing security methods, confidentiality, connection, control, data source, datagram, designated approving authority, digital signature, diplomatic telecommunications service, distributed data, distributed database, distributed processing, downgrade, dual-homed gateway firewall, electronic benefit transfer, email security software, encrypt for transmission only, end system, end-to-end encryption, end-user, ethernet meltdown, evaluation assurance level, extranet, fault, file transfer, file transfer access management, file transfer protocol, filtering router, firewall, future narrow band digital terminal, gateway, global command and control system, global telecommunications service, goodput, gopher, government emergency telecommunications service, guard, hackers, hacking, homed, host, host-based firewall, hypertext transfer protocol, impersonation, information, initial transformation, insider attack, international telecommunication union, internet, internet control message protocol, internet protocol, internet vs. Internet, intranet, intrusion detection, intrusion detection systems, ip spoofing, kerberos, killer packets, language of temporal ordering specification, level of protection, link, link encryption, logical system definition, message, multilevel information systems security initiative, national information infrastructure, non-technical countermeasure, object, octet, on-line transaction processing, open system environment, open system interconnection model, open systems interconnection, open systems security, overt channel, packet, packet filtering, packet sniffer, packet switching, packet transfer mode, passive, password sniffing, passwords, perimeter-based security, phreaking, point-to-point tunneling protocol, pretty good privacy, private branch exchange, private decipherment transformation, proprietary protocol, protocol suite, protocols, proxy, purge, queuing theory, remote access software, remote authentication dial-in user service, remote login, residual risk, rootkit, router, router-based firewall, routing control, ruleset, sanitization, screened subnet firewall, screening router, secure profile inspector, secure shell, secure socket layer, security architecture, security gateway, security incident, security kernel, security management, security net control station, security range, security situation, security-compliant channel, server, signaling, signaling system 7, single sign-on, smurf, smurfing, sniffer, start-up KEK, state transition diagram, stealth probe, subject, superuser, synchronous flood, synchronous transmission, system, tcpwrapper, technical countermeasures, technology area, telecommunications, telnet, threat, tinkerbell program, topology, trace packet, traffic load, transaction file, transfer device, transfer time, transmission, transmission control protocol, transmission medium, transmission security, trusted identification forwarding, trusted process, tunnel, tunneled VPN, tunneling, tunneling router, user data protocol, users, vulnerability, web browser cache, web of trust, web vs. Web, wiretapping, worm,
network access: IncludedBy:access, network,
network access control: IncludedBy:access, control, network,
network address translation: IncludedBy:firewall, network,; Related:connection, internet, security,
network administrator: IncludedBy:network,; Related:control,
network analyzer: IncludedBy:network,; Related:control, protocols, software,
network architecture: IncludedBy:network, security architecture,; Includes:network component, object,; Related:communications, process, protocols, software, standard,
network based: IncludedBy:network,; Related:audit, intrusion,
network behavior analysis system: IncludedBy:analysis, network, system,; Related:flow, identify, intrusion, intrusion detection, threat,
network component: IncludedBy:component, network, network architecture,; Includes:network front-end, network reference monitor,; Related:access, access control, audit, authentication, computer, control, criteria, evaluation, identification, policy, system, trust, trusted computer system, users,
network configuration: IncludedBy:network,; Related:communications, connection, resource,
network connection: IncludedBy:connection, network,; Related:control, information, internet, protocols,
network device: IncludedBy:network,; Related:communications, computer, router, system,
network discovery: IncludedBy:network,; Related:process,
Network File System: IncludedBy:file, network, system,; Related:access, access control, application, function, protocols,
network front-end: IncludedBy:network, network component,; Related:computer, protocols, security, system,
network information services: IncludedBy:information, network,; Related:resource,
network interface card: IncludedBy:interface, network,
network layer security: IncludedBy:network, security,; Related:communications,
Network Layer Security Protocol: IncludedBy:network, protocols, security protocol,; Related:encryption,
network level firewall: IncludedBy:firewall, network,; Related:protocols,
network management: IncludedBy:network,; Related:communications, control, fault, integrity, operation, security,
network management architecture: IncludedBy:network,; Related:communications, software,
network management protocol: IncludedBy:network, protocols,; Related:communications, information, operation, response,
network management software: IncludedBy:network, software,; Related:security, system,
network manager: IncludedBy:network,
network protocol stack: IncludedBy:network, protocols,; Related:application, software,
network reference monitor: IncludedBy:access control, network, network component, reference monitor,; Includes:object, subject,; Related:access, control,
network security: IncludedBy:communications security, information systems security, network,; Related:access, access control, assurance, authorized, control, critical, function, information, integrity, system, unauthorized access,
network security architecture: IncludedBy:communications security, network,
network security architecture and design: IncludedBy:communications security, network,
network security officer: IncludedBy:communications security, information systems security officer, network, officer,; Related:authority, information, information assurance officer, system,
network service worm: IncludedBy:network, worm,; Related:application, system, vulnerability,
network services: IncludedBy:network,; Related:computer, system, users,
network size: IncludedBy:network,
network sniffing: IncludedBy:network,; Related:analysis, code, identification, information, protocols, target, threat,
network sponsor: IncludedBy:network,; Includes:functional proponent,; Related:communications security, policy, security, system,
network system: IncludedBy:network, system,; Related:security,
network tap: IncludedBy:network,; Related:connection,
network topology: IncludedBy:network,
network trusted computing base: IncludedBy:network, trusted computing base,; Includes:NTCB partition,; Related:policy, security, software, system,
network weaving: IncludedBy:network,; Related:access, access control, communications, penetration,
network worm: IncludedBy:network, worm,; Related:internet, program, system,
network-based intrusion prevention system: IncludedBy:intrusion, network, system,; Related:identify, program,
networking features of software: IncludedBy:network, software,
newly discovered records
NIAP Common Criteria Evaluation and Validation Scheme: IncludedBy:National Institute of Standards and Technology, criteria, national information assurance partnership, validation,; Related:National Security Agency, information, trust,
NIAP Oversight Body: IncludedBy:national information assurance partnership,; Related:criteria, evaluation, operation, validation,
nibble: Related:automated information system,
nicknames: Related:access, classified,
no prior relationship: Related:digital signature, signature,
no-lone zone: Related:access, access control, authorized, security,
no-PIN ORA: IncludedBy:multilevel information systems security initiative,; Related:Fortezza, function, users,
node: Related:computer, users,
nominal variable
non-conductive section
non-disclosure agreement: Related:access, authorized, classified, intelligence, requirements, security,
non-discretionary access control: Antonym:discretionary access control,; IncludedBy:access, control,; Related:non-discretionary security, object,; Synonym:mandatory access control,
non-discretionary security: IncludedBy:security,; Related:access, access control, classification levels, classified, information, non-discretionary access control, policy, users,
non-discussion area: Related:access, authorized, classified,
non-line-of-sight signal propagation
non-local maintenance
non-organizational user: Related:users,
non-record material
non-recoverable part: Related:message, recovery, signature,
non-repudiation: Antonym:repudiation,; IncludedBy:certification authority, quality of protection,; Includes:non-repudiation exchange, non-repudiation information, non-repudiation of creation, non-repudiation of delivery, non-repudiation of knowledge, non-repudiation of origin, non-repudiation of receipt, non-repudiation of sending, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation,; Related:Generic Security Service Application Program Interface, IT security, NRD token, NRO token, NRS token, NRT token, accountability, assurance, authentication, control, cryptographic, cryptography, defense-wide information assurance program, digital signature, distinguishing identifier, entity, evidence, identity, information, information assurance, integrity, invalidity date, key, message, notarization token, originator, process, proof, public-key, recipient, sandboxed environment, secure single sign-on, security, signature, validate,
non-repudiation exchange: IncludedBy:non-repudiation,; Related:information,
non-repudiation information: IncludedBy:information, non-repudiation,; Related:evidence, policy, validate,
non-repudiation of creation: IncludedBy:non-repudiation,; Related:entity, message,
non-repudiation of delivery: IncludedBy:non-repudiation,; Includes:NRD token,; Related:message,
non-repudiation of knowledge: IncludedBy:non-repudiation,; Related:message,
non-repudiation of origin: IncludedBy:non-repudiation,; Includes:NRO token,; Related:message,
non-repudiation of receipt: IncludedBy:non-repudiation,; Related:message,
non-repudiation of sending: IncludedBy:non-repudiation,; Related:message,
non-repudiation of submission: IncludedBy:non-repudiation,; Includes:NRS token,; Related:authority, evidence, message,
non-repudiation of transport: IncludedBy:non-repudiation,; Includes:NRT token,; Related:authority, evidence, message,
non-repudiation policy: IncludedBy:non-repudiation, policy,; Related:criteria, evidence, verification,
non-repudiation service: IncludedBy:non-repudiation,; Related:archive, authentication, critical, entity, evidence, process, retrieval, security, subject, test, trust, version,
non-repudiation token: IncludedBy:non-repudiation, tokens,; Includes:NRD token, NRO token, NRS token, NRT token,; Related:evidence, security,
non-technical countermeasure: IncludedBy:countermeasures, security,; Related:adversary, exploit, information, information security, network, process, system, vulnerability,
non-volatile random access memory: IncludedBy:access,
nonce: Related:attack, authentication, key, protocols, random, response, security,
noncomputing security methods: IncludedBy:security,; Related:access, access control, control, resource, software,
nonkernel security related: IncludedBy:security,
nonvolatile memory components
normal operation: IncludedBy:operation,; Related:process, system,
north atlantic treaty organization classified information: IncludedBy:classified,
notarization: Related:assurance, authority, evidence, registration, trust,
notarization token: IncludedBy:tokens,; Related:non-repudiation,
notary: Related:evidence, revocation, tokens, trust,
NRD token: IncludedBy:non-repudiation of delivery, non-repudiation token, tokens,; Related:message, non-repudiation,
NRO token: IncludedBy:non-repudiation of origin, non-repudiation token, tokens,; Related:message, non-repudiation,
NRS token: IncludedBy:non-repudiation of submission, non-repudiation token, tokens,; Related:authority, message, non-repudiation,
NRT token: IncludedBy:non-repudiation of transport, non-repudiation token, tokens,; Related:authority, message, non-repudiation,
NSA-approved cryptography: IncludedBy:cryptography,; Related:management,
NTCB partition: IncludedBy:network trusted computing base, trusted computing base,; Related:network, policy,
nuclear command and control document: IncludedBy:command and control, control,
nuclear warfare: IncludedBy:warfare,
null: Related:code, message, security,
NULL encryption algorithm: IncludedBy:algorithm, encryption,; Related:confidentiality, internet protocol security, internet security protocol,
OAKLEY: Related:algorithm, authentication, entity, establishment, identity, internet protocol security, internet security protocol, key, protocols, public-key, threat, update, users,
obfuscation technique: Related:virus,
object: IncludedBy:Bell-LaPadula security model, National Security Decision Directive 145, TCB subset, TOE security policy, acceptance procedure, access, accountability, availability, candidate TCB subset, capability, category, component reference monitor, computer architecture, configuration control, default classification, dominated by, environment, functional component, granularity, granularity of a requirement, information flow control, isolation, list-oriented, network architecture, network reference monitor, owner, package, passive, permissions, product rationale, protection philosophy, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource, scavenging, scope of a requirement, secure state, secure subsystem, security attribute, security enforcing, security function policy, security functions, security label, security policy, sensitivity label, shall, should, simple security condition, simple security property, software requirement, subject security level, technical policy, technical security policy, ticket-oriented, tranquility, trusted subject, verification, write, write access,; Includes:Computer Security Objects Register, IT security objective, MIME Object Security Services, TOE security functions, class object, computer security object, control objectives, control objectives for information and related technology, domain, object code, object identifier, object reuse, object-oriented programming, recovery point objectives, recovery time objectives, security information object, security information object class, security objectives, storage object, top-level security objectives,; Related:Abstract Syntax Notation One, Biba Integrity model, Biba model, British Standard 7799, Internet Corporation for Assigned Names and Numbers, JTC1 Registration Authority, SOCKS, X.500 Directory, access control lists, access level, access mode, access profile, access type, acquisition strategy, areas of control, assurance, attribute, audit, audit plan, authenticate, authentication, camouflage, certificate policy, certification path, checksum, class, classification, classification levels, code, common name, competition, compiler, component, compromise, computer, concept of operations, confidentiality, confinement property, construction of TOE requirements, control, controlled information, countermeasures, credentials, critical information, cyberspace operations, deliberate compromise of classified information, deliverable, dependency, digital certificate, digital document, digital signature, directory service, discretionary access control, distinguished name, dynamic binding, encapsulation, entity, exploit, extensible markup language, family, file, general controls, hash function, high-impact system, hybrid threat, hydroscope, hyperlink, hypermedia, identity, identity token, identity-based security policy, imagery, imagery intelligence, information, information assurance, information warfare, inheritance, instance, integrity, intent, key, key management infrastructure, keyed hash, low-impact system, mandatory access control, media, message passing, mission assurance category, model, moderate-impact system, national information assurance partnership, naval expeditionary warfare, network, non-discretionary access control, operation, payload, polymorphism, process, program, protected checksum, protection profile, protocols, psychological operations, questions on controls, response, risk identification, rule-based security policy, seal, security audit, security domain, security goals, security level, security purpose, security testing, sensitive label, sign, signer, software performance engineering, source code, spam, special activity, special program review group, static binding, subject, system, system entity, target, test case, test item, threat, tokens, topical areas, uniform resource identifier, uniform resource locator, vulnerability, work program, wrap,; UsedBy:subject,
object code: IncludedBy:code, object,; Related:automated information system,
object identifier: IncludedBy:Abstract Syntax Notation One, National Institute of Standards and Technology, object,; Related:X.509, information, internet, protocols, public-key infrastructure, security, standard,
object reuse: IncludedBy:object,; Includes:subject,
object-oriented programming: IncludedBy:object, program,; Related:automated information system,
observables
observation reports: IncludedBy:Common Criteria Testing Laboratory,; Related:IT security, computer security, evaluation, identify, security,
obstruction: IncludedBy:threat consequence,; Related:operation, system,
octet: Related:network, standard, system,
oersted
off-card
off-line attack: IncludedBy:attack,; Related:authentication, file, protocols, system,
off-line cryptosystem: IncludedBy:cryptographic system, system,; Related:encryption, function,
office information system: Related:users,
Office of Foreign Assets Control: IncludedBy:control, foreign,; Related:policy, security, target,
office of management and budget
office of personnel management: Related:access, security,
officer: Includes:chief information agency officer, chief information officer, cryptographic officer, information assurance officer, information system security officer, information systems security officer, network security officer, security officer, system security officer,; Related:binding, evaluator, management, security, tiger team, users,
official department of defense information
official information: IncludedBy:information,; Related:control,
ohnosecond: Related:compromise, key,
on ramp: Related:connection, information,
on-access scanning: IncludedBy:access,; Related:file, malware, security,
on-card
on-demand scanning: Related:computer, malware, security, users,
on-line cryptosystem: IncludedBy:cryptographic system, system,; Related:association, encryption, function,
on-line system: IncludedBy:system,; Related:application, computer, interface, program,
on-line transaction processing: IncludedBy:process,; Related:network,
one-part code: IncludedBy:code,; Related:information, system,
one-time access: IncludedBy:access,; Related:classified, security,
one-time cryptosystem: IncludedBy:cryptographic system, system,; Related:key,
one-time pad: Related:algorithm, analysis, cipher, cryptographic system, cryptography, destruction, encryption, key, key management, random, resource, system,
one-time passwords: IncludedBy:passwords,; Related:attack, authentication, cryptographic, cryptography, entity, function, hash, identity, information, internet, key, login, process, protocols, system, threat,
one-time tape: Related:cryptographic system, cryptography, key, system,
one-way encryption: IncludedBy:encryption,; Related:cipher, cryptographic, key,
one-way function: IncludedBy:function,; Related:cryptographic, cryptography, domain, hash, property,
one-way hash algorithm
online attack: IncludedBy:attack,; Related:access, authentication, protocols, role,
online certificate status protocol: IncludedBy:certificate, protocols, security protocol,; Related:application, communications, information, internet, key, public-key, response, revocation, revoked state,
online guessing attack: IncludedBy:attack,
open security: IncludedBy:security,; Related:application, assurance, malicious, operation, system,
open security environment: IncludedBy:security,; Related:application, assurance, authorization, control, malicious, operation, system,
open source intelligence: IncludedBy:intelligence,
open storage: Related:authorized, classified, information, security,
open storage area: Related:access, security,
open system environment: IncludedBy:system,; Related:interoperability, network, scalability, standard, users,
open system interconnection: IncludedBy:connection, system,
open system interconnection model: IncludedBy:Open Systems Interconnection Reference model, connection, model, security, system,; Related:application, communications, function, message, network, process,
open systems: IncludedBy:system,; Related:interoperability, standard,
open systems interconnection: IncludedBy:Open Systems Interconnection Reference model, connection, system,; Related:information, network, protocols, resource, standard,
Open Systems Interconnection Reference model: IncludedBy:ITU-T, International organization for standardization, connection, model, system,; Includes:OSI architecture, open system interconnection model, open systems interconnection,; Related:X.509, application, computer, function, internet, network, protocols, public-key infrastructure, security, standard,
open systems security: IncludedBy:security, system,; Related:internet, network,
operating procedure: IncludedBy:target of evaluation,; Related:target,
operating system: IncludedBy:system,; Related:application, computer, control, function, operation, program, resource, software,
operating system fingerprinting: IncludedBy:system,; Related:target, threat,
operation: IncludedBy:target of evaluation,; Includes:Defensive Information Operations, backup operations, centralized operations, component operations, computer operations, audit, and security technology, concept of operations, continuity of operations, continuity of operations plan, continuity of services and operations, information operations, mode of operation, modes of operation, multiuser mode of operation, normal operation, operational controls, operational data security, operational documentation, operational environment, operational integrity, operational key, operational risk, operational risk exposure, operational risk loss, operational testing, operational vulnerability information, operational waiver, operations code, operations manager, operations security, psychological operations, software operation, special information operations, synchronous crypto-operation,; Related:Automated Information System security, Bell-LaPadula security model, COMSEC aid, COMSEC profile, COMSEC survey, Common Criteria for Information Technology Security, Diffie-Hellman, IA architecture, IS related risk, IT security, IT-related risk, Internet Standard, MAC algorithm key, Minimum Interoperability Specification for PKI Components, NIAP Oversight Body, National Security Telecommunications and Information Systems Security Committee, PKIX, Skipjack, TSF data, Wassenaar Arrangement, acceptable level of risk, access mode, accreditation, accreditation disapproval, accreditation range, add-on security, adequate security, administrator, alarm surveillance, anomaly, approval/accreditation, archive, asset, asymmetric keys, attack, audit, audit trail, authorize processing, authorized user, authorizing official, automated information system, banking and finance, benchmarking, binding, block cipher, block cipher key, broadband network, business areas, certificate, certification, certification package, certification practice statement, challenge-response protocol, chief information agency officer, cleartext, closed security environment, command and control, command and control warfare, compartmented mode, compensating security controls, component, computer fraud, computer network attack, configuration control, configuration management, contingency key, contingency plan, contingency planning, continuous process, continuous process improvement, control class, control information, controlled security mode, controlling authority, corruption, cost/benefit analysis, countermeasures, critical financial markets, critical infrastructures, criticality assessment, criticality/sensitivity, cryptanalysis, crypto-alarm, crypto-ancillary equipment, cryptographic key, cryptographic key component, cryptographic strength, dedicated mode, dedicated security mode, defense-in-depth, denial-of-service, designated approving authority, development assurance, digital signature, disaster recovery, disaster recovery plan, disruption, distributed processing, documentation, domain name system, dual signature, economy of mechanism, effectiveness, electronic warfare support, emanation, emergency response, encryption, end-user, enterprise, environment, error, exception, executive state, exploitation, fail safe, failure, fault tolerance, firewall, flexibility, formal security policy model, forward secrecy with respect to A, forward secrecy with respect to both A and B individually, functional testing, gateway, general controls, handle, hardware and system software maintenance, hardware or software error, incapacitation, incident response capability, information assurance, information owner, information processing standard, information protection policy, information system security officer, information systems security officer, information warfare, initialization vector, input preparation cycle, instrument, instrumentation, intelligent threat, interface control document, interference, interim accreditation action plan, interim approval to test, iteration, key, key recovery, least privilege, legacy systems, lines of business, link encryption, maintainability, master crypto-ignition key, media protection, message passing, mission critical, model, multilevel mode, multilevel security mode, mutual forward secrecy, national security system, network management, network management protocol, object, obstruction, open security, open security environment, operating system, organisational security policy, out-of-band, outage, output transformation, overload, partitioned security mode, partnership, password system, periods processing, personnel security, physical and environmental protection, physical destruction, polling, polymorphism, post-accreditation phase, potential impact, privilege, procedural security, process, protection ring, protection-critical portions of the TCB, proxy, public-key cryptography standards, public-key forward secrecy, queuing theory, rating, read, read access, real-time processing, recovery point objectives, recovery site, reference validation mechanism, reliability, repair action, requirements for procedures and standards, residue, retrieval, revocation, risk, risk assessment, risk management, risk plane, root, secret, secure hypertext transfer protocol, security, security audit trail, security awareness, training, and education, security category, security controls, security environment, security evaluation, security event, security policy, security situation, security strength, security test & evaluation, security test and evaluation, security threat, security-critical mechanisms, segregation of duties, session key, signaling, simple network management protocol, simulation modeling, site accreditation, site certification, sniffer, software build, software engineering, software lifecycle, software system test and evaluation process, special access program, starting variable, status information, store, sub-function, subject, subversion, superencryption, supervisory control and data acquisition, support software, survivability, symmetric key, system, system accreditation, system administrator, system and data integrity, system high mode, system integrity, system interconnection, system low, system owner, system security authorization agreement, system software, system-high security mode, systems engineering, tamper, target, test procedure, thrashing, threat, threat agent, threat analysis, time-compliance date, timing attacks, token backup, token copy, token management, token restore, traceroute, trusted channel, trusted identification forwarding, trusted platform module chip, trustworthy system, type accreditation, untrusted process, user data, user representative, utility programs, verification procedure refinements, vulnerability, wedged, write,
operational controls: IncludedBy:control, operation,; Related:countermeasures, information, security, security controls, system,
operational countermeasure
operational data security: IncludedBy:operation, security,; Related:authorized, process,
operational documentation: IncludedBy:operation, target of evaluation,; Related:information, target,
operational environment: IncludedBy:operation, target of evaluation,; Related:standard, target,
operational integrity: IncludedBy:integrity, operation,; Related:function, system,
operational key: IncludedBy:key, operation,; Related:information,
operational risk: IncludedBy:operation, risk,; Includes:operational risk exposure, operational risk loss,; Related:process, standard, system,
operational risk exposure: IncludedBy:operation, operational risk,; Related:standard,
operational risk loss: IncludedBy:operation, operational risk,; Includes:business disruption and system failures, clients, products, and business practices, damage to physical assets, employment practices and workplace safety, execution, delivery, and process management, external fraud, internal fraud,; Related:program,
operational testing: IncludedBy:operation, security testing, test,; Related:system,
operational vulnerability information: IncludedBy:information, operation, vulnerability,
operational waiver: IncludedBy:operation,; Related:authority,
operations and support: Related:access,
operations code: IncludedBy:code, operation,; Related:communications,
operations manager: IncludedBy:operation,; Related:access, access control, backup, cryptographic, cryptography, key, security, software, system, users,
operations security: IncludedBy:operation, security,; Related:adversary, analysis, application, assessment, classified, control, countermeasures, critical, evidence, exploit, identification, identify, information, intelligence, process, risk, system, threat, vulnerability,
operations security assessment: IncludedBy:assessment, security,; Related:evaluation,
operations security indicator: IncludedBy:security,; Related:adversary, critical,
operations security plan: IncludedBy:security,
operations security process: IncludedBy:security,; Related:analysis, assessment, countermeasures, critical, risk, threat, vulnerability,
operations security program: IncludedBy:security,
operations security survey: IncludedBy:security,; Related:analysis, classified, evidence,
operations security working group: IncludedBy:security,
operator: IncludedBy:cryptographic module,; Related:access, access control, cryptographic, module, process, role,
opportunity cost: Related:risk management,
optical character recognition
optical fiber
optical scanner: Related:computer,
optical storage media
optional modification: Related:TEMPEST, communications security, control, security,
oracle: Related:information, software, test,
oral/visual disclosure: Related:foreign,
Orange book: IncludedBy:rainbow series,; Includes:C2-protect,; Related:computer, computer security, criteria, evaluation, security, system, trust,
order of an element in a finite commutative group
ordinal variable
organisational security policies: HasPreferred:organisational security policy,; IncludedBy:security,
organisational security policy: IncludedBy:policy, security policy,; PreferredFor:organisational security policies,; Related:information, operation,
organization
organization computer security representative: IncludedBy:computer, security,; Related:IT security, program,
organizational certificate: IncludedBy:certificate, multilevel information systems security initiative,; Related:X.509, key, message, public-key, system,
organizational maintenance: Related:users,
organizational registration authority: IncludedBy:authority, multilevel information systems security initiative, registration,; Related:certificate, entity, function, identity, role, users,
organizational user
organizational-level commander/commanding officer
origin authenticity: Related:authentication, entity, standard,
original classification: Related:authorized, security,
original classification authority: Related:authorized,
originating agency determination required: Related:classified,
originating agency's determination required
originator: Related:entity, message, non-repudiation,
OSI architecture: IncludedBy:Open Systems Interconnection Reference model,; Related:application, communications, connection, message, model, network, process, protocols, standard, system, users,
out-of-band: Related:algorithm, cipher, code, cryptography, information, key, operation, security, shared secret,
outage: Related:communications, failure, operation,
outcome: Related:application,
outlier
output: IncludedBy:trusted computing base,; Related:computer, file, information, process,
output data: IncludedBy:cryptographic module,; Related:cryptographic, information, module,
output feedback
output transformation: Related:algorithm, code, function, hash, operation,
outside threat: IncludedBy:threat,
outside(r) threat: IncludedBy:threat,; Related:security,
outsourced information technology based process: Related:assurance, security,
outsourcing: Related:entity,
over-the-air key distribution: IncludedBy:key,; Related:rekey,
over-the-air key transfer: IncludedBy:key,; Related:communications, encryption,
over-the-air rekeying: IncludedBy:key, rekey,; Related:communications, encryption, security,
overload: IncludedBy:threat consequence,; Related:operation, system,
overseas security policy board: IncludedBy:security,
overt channel: Antonym:covert channel,; IncludedBy:channel,; Related:authorized, communications, computer, covert, network, system,
overt collection
overt operation: Related:clandestine operation,
overt testing: IncludedBy:test,; Related:security,
overwrite procedure: IncludedBy:erasure,; Includes:magnetic remanence, remanence,; Related:process, security, software,
overwrite verification
overwriting: Related:access, virus,
owner: Includes:certificate owner, data owner, information owner, key owner, object, process owner, subject, system owner,; Related:IT default file protection parameters, Identification Protocol, Secure Electronic Transaction, accountability, asymmetric cryptography, attribute certificate, browse access protection, certificate, certification, certify, commercial software, computer emergency response team, data custodian, default file protection, digital watermarking, discretionary access control, formal access approval, information system security officer, interim accreditation action plan, key pair, mandatory access control, pretty good privacy, privacy enhanced mail, public-key certificate, reconstitution, response, security, sensitive, sensitivity, settlement, skimming, smartcards, system security officer, technical vulnerability, users, vulnerability,
owners/operators
package: Includes:object,; Related:assurance, function, security,
packet: Related:control, information, message, network,
packet assembly and disassembly: Related:internet,
packet filter: IncludedBy:firewall,; Related:access, application, control, filtering router, packet filtering, policy, program, security, users,
packet filtering: IncludedBy:firewall,; Includes:stateful packet filtering,; Related:access, access control, communications, control, domain, flow, function, information, network, packet filter, process, protocols, proxy, router,
packet filtering firewall: IncludedBy:firewall,; Related:protocols, router,
packet sniffer: IncludedBy:sniffer,; Related:computer, ethernet sniffing, network, program, promiscuous mode, software,
packet switching: Related:computer, computer network, control, information, intelligence, message, network, software,
packet transfer mode: Related:network,
padding
pagejacking: IncludedBy:attack,; Related:control, hijack attack, target, world wide web,
parameters: Related:algorithm, cryptographic, security, standard,
parent corporation
pareto diagram
parity: IncludedBy:security,
partial order
partition rule base access control: IncludedBy:access, control,
partitioned security mode: IncludedBy:modes of operation, security,; Related:access, access control, accreditation, authorization, computer security, information, operation, policy, system, users,
partnership: Related:critical, critical infrastructures, operation,
party: IncludedBy:National Institute of Standards and Technology,; Related:IT security, National Security Agency, certificate, computer security, security,
pass/fail: Related:classified, requirements, security, subject,
passive: Includes:object,; Related:authorized, confidentiality, information, network, property, system, threat,
passive attack: IncludedBy:attack,; Related:authentication, authorized, protocols,
passive fingerprinting: Related:application, system,
passive security testing: IncludedBy:security testing, test,; Related:code, requirements, software, system, target,
passive sensor
passive threat: IncludedBy:threat,; Related:authorized, computer, information, system,
passive wiretapping: IncludedBy:wiretapping,; Related:communications,
passphrase: IncludedBy:passwords,; Related:system,
Password Authentication Protocol: IncludedBy:authentication, protocols, security protocol,; Related:passwords, users,
password cracker: IncludedBy:threat,; Related:application, dictionary attack, program, software, test,
password cracking: IncludedBy:passwords,; Related:computer, process, system,
password protected: Related:access, control,
password shadowing: Related:theft,
password sniffing: IncludedBy:sniffing,; Related:internet, network, passwords, program,
password system: IncludedBy:system,; Related:access, access control, authentication, encryption, entity, identity, operation,
password-locked screensaver: Related:passwords, system, users,
passwords: Includes:one-time passwords, passphrase, password cracking, secure single sign-on, time-dependent password, tunneled password protocol, virtual password, zero-knowledge password protocol,; Related:3-factor authentication, Extensible Authentication Protocol, Green book, Password Authentication Protocol, Terminal Access Controller Access Control System, access, access control, anonymous login, auditing tool, authentication, authorization, authorized, check_password, community string, computer oracle and password system, crack, critical security parameters, default account, dictionary attack, domain controller, encrypted key, entity, ethernet sniffing, guessing entropy, identity, information, kerberos, key, key logger, leapfrog attack, lock-and-key protection system, login, login prompt, min-entropy, network, password sniffing, password-locked screensaver, personal identification number, print suppression, process, proof of possession protocol, public-key forward secrecy, rootkit, salt, secret, security-relevant event, shared secret, simple authentication, simple network management protocol, smartcards, sniffer, social engineering, system, target vulnerability validation techniques, third party trusted host model, ticket, tokens, user identifier, users,
patch: Related:application, code, program, security, software, update,
patch management: IncludedBy:management,; Related:process, security testing, software, test, users,
path coverage: Related:security testing, test,
path discovery: IncludedBy:public-key infrastructure,; Related:certificate, certification, key, process, public-key, trust,
path histories: Related:software,
path validation: IncludedBy:public-key infrastructure, validation,; Related:certificate, certification, process,
payload: Related:code, information, malicious, object, system, virus,
payment
payment card: IncludedBy:Secure Electronic Transaction,
payment gateway: IncludedBy:Secure Electronic Transaction, gateway,; Related:authorization, interface, message, process, system,
payment gateway certification authority: IncludedBy:Secure Electronic Transaction, authority, certification, gateway, public-key infrastructure,; Related:certificate, compromise,
PC card: Related:computer, cryptographic, cryptography, function, interface, module, standard,
PCA
PCMCIA: Related:association, automated information system, computer, standard, technology,
peer access approval: IncludedBy:access,
peer access enforcement: IncludedBy:access,
peer entity authentication: IncludedBy:authentication, entity,; Related:association,
peer entity authentication service: IncludedBy:authentication, entity,; Related:association, establishment, identity, system,
peer-to-peer communication: Related:access, access control, communications, computer, internet, message, users,
penetration: IncludedBy:attack, intrusion, threat consequence,; Includes:penetration signature, penetration study, penetration test, penetration testing,; Related:access, access control, authorized, breach, computer security intrusion, confidentiality, entrapment, flaw hypothesis methodology, incomplete parameter checking, nak attack, network weaving, phreaking, protective packaging, protective technologies, real-time reaction, resource, security certification level, security testing, security violation, system, unauthorized access,
penetration signature: IncludedBy:penetration, signature,; Related:identify, system,
penetration study: IncludedBy:penetration, risk management,; Related:control, system,
penetration test: IncludedBy:penetration, test,; Related:certification, code, computer, evaluation, identify, process, security, security testing, system, users,; Synonym:penetration testing,
penetration testing: IncludedBy:penetration, security testing, target of evaluation, test,; Related:access, application, code, computer, exploit, identify, system, target, trust, users, vulnerability,; Synonym:penetration test,
people: Related:information, security, system,
per-call key: IncludedBy:key,; Related:communications, encryption, system, telecommunications,
perceived collection threat: IncludedBy:threat,; Related:adversary,
perfect forward secrecy: HasPreferred:forward secrecy,
performance gap: Related:process, quality,
performance measurement: Related:process, system,
performance reference model
perimeter: HasPreferred:security perimeter,
perimeter-based security: IncludedBy:security perimeter,; Related:access, control, network,
periodic reinvestigation
periods processing: IncludedBy:process,; Related:authorization, classified, information, operation, requirements, security, system, users,
peripheral
peripheral devices
peripheral equipment: Related:computer, key,
perishable data
permanent records: Related:access,
permanent resident alien
permissions: IncludedBy:authorization,; Includes:object, subject,; Related:access, access control, authorized, control, file, public-key infrastructure, resource,
permissive action link
permuter: Related:cryptography,
perpetrator: IncludedBy:attack,; Related:entity,
persistent cookie: Related:computer, identify, users,
personal communications network: IncludedBy:communications, network,; Related:internet, system, technology,
personal computer: IncludedBy:computer,; Related:automated information system,
personal computer memory card international association: IncludedBy:association, computer,; Related:automated information system,
personal computer system: Related:access, analysis,
personal digital assistant: Related:automated information system, computer, key,
personal financial statement: Related:security,
personal firewall: Related:authorized, communications, computer, connection, security,
personal identification number: IncludedBy:identification,; Related:3-factor authentication, Fortezza, access, access control, application, code, entity, identity, passwords, personal identity verification, resource, shared secret, system, users,
personal identity verification: IncludedBy:entity, identity, verification,; Includes:PIV issuer, PIV registrar, PIV sponsor, personal identity verification card,; Related:3-factor authentication, computer, cryptographic, identification, key, personal identification number, process,
personal identity verification card: IncludedBy:entity, personal identity verification, smartcards, tokens, verification,; Related:certificate, cryptographic, key, process,
personal security environment: IncludedBy:security,; Related:cryptographic, cryptography, entity, file, key, personalization service, policy, public-key infrastructure, requirements, system, tamper, tokens, trust,
personality: HasPreferred:personality label,
personality label: IncludedBy:multilevel information systems security initiative, public-key infrastructure,; PreferredFor:personality,; Related:Fortezza, X.509, application, authorization, certificate, digital signature, encryption, key, public-key, role, signature, subject, users,
personalization service: Related:cryptographic, cryptography, information, key, personal security environment, security, trust,
personally identifiable information: Related:identity, security,
personnel registration manager: Related:management, users,
personnel security - issue information: IncludedBy:security,; Includes:substantial issue information,; Related:access, classified,
personnel security: IncludedBy:security,; Related:access, access control, authority, authorization, classified, control, information, operation, personnel security exceptions, policy, system, trust,
personnel security clearance: IncludedBy:security,; Related:access, classified,
personnel security determination: IncludedBy:security,; Related:classified, trust,
personnel security exceptions: IncludedBy:security,; Related:access, deviation, intelligence, personnel security, subject,
personnel security interview: IncludedBy:security,; Related:access, classified,
personnel security investigation: IncludedBy:security,; Related:access, classified,
personnel security program: IncludedBy:security,; Related:access, classified, trust,
personnel security questionnaire: IncludedBy:security,; Related:questionnaire for national security positions, subject, trust,
phage: IncludedBy:threat,; Related:authorized, program, virus,
pharming: Related:attack, domain, fraud, information, software,
phased periodic reinvestigation: Related:subject,
PHF: IncludedBy:threat,; Related:access, computer, file, program, system,
PHF hack: IncludedBy:threat,; Related:users,
phishers: IncludedBy:threat,; Related:information,
phishing: IncludedBy:exploit, social engineering,; Related:computer, criminal, entity, fraud, identity, identity theft, information, internet, spoof, theft, users, vishing,
photo eye: Related:control,
Photuris: Related:establishment, internet protocol security, internet security protocol, key, protocols,
phracker: IncludedBy:threat,; Related:computer,
phreaker: IncludedBy:threat,; Related:system,
phreaking: IncludedBy:attack,; Related:information, network, penetration, system, technology,
physical access control: IncludedBy:access, control,; Related:control systems, entity, identity, role, system, validation,
physical and environmental protection: Related:access, access control, authorized, control, operation, security, system, threat, unauthorized access,
physical controls: IncludedBy:control,; Related:system,
physical destruction: IncludedBy:threat consequence,; Related:operation, system,
physical protection: IncludedBy:cryptographic boundary,; Related:assurance, critical, cryptographic, key, module, security,
physical security: IncludedBy:Automated Information System security,; Related:access, access control, application, attack, authorized, control, countermeasures, critical, damage, information, resource, system, theft, threat, unauthorized access, vulnerability,
physical security waiver: IncludedBy:security,; Related:intelligence,
physically isolated network: IncludedBy:network,; Related:control,
piconet
piggyback: IncludedBy:between-the-lines-entry,; Related:access, access control, authorized, connection, system, unauthorized access, users,
piggyback attack: IncludedBy:attack,; Related:access, access control, connection, system, users,
piggyback entry: IncludedBy:threat,; Related:access, access control, authorized, computer, connection, system, unauthorized access, users,
pii confidentiality impact level: Related:access,
pilot testing: IncludedBy:security testing, test,; Related:program, software, version,
ping of death: IncludedBy:attack,; Related:denial-of-service, flow, system,
ping sweep: IncludedBy:attack,; Related:vulnerability,
PIV issuer: IncludedBy:personal identity verification, smartcards,; Related:PIV registrar, access, access control, application, authorized, certification authority, control, entity, identity credential issuer, software, subject, verification,
PIV registrar: IncludedBy:personal identity verification,; Related:PIV issuer, certification, entity, process,
PIV sponsor: IncludedBy:personal identity verification,
PKCS #10: IncludedBy:public-key cryptography standards, public-key infrastructure,; Related:X.509, certificate, entity, key, public-key, standard,
PKCS #11: IncludedBy:public-key cryptography standards,; Related:cryptographic, function, information, interface, key, software, standard, tokens,
PKCS #7: IncludedBy:public-key cryptography standards,; Related:digital signature, signature, standard,
PKIX: IncludedBy:internet, public-key infrastructure,; Related:X.509, application, certificate, file, information, interoperability, key, operation, profile, protocols, public-key, security, standard, system, trust,
PKIX private extension: IncludedBy:public-key infrastructure,; Related:identify, verification,
plain text: HasPreferred:cleartext,
plaintext key: IncludedBy:key, key recovery,; Related:cryptographic,
plan of action and milestones
plan of actions and milestones: Related:resource,
plan, do, check, act
platform: Related:application, communications, process, software, system,
platform it interconnection: IncludedBy:connection,; Related:access, assurance, security,
plug-in: Related:function, standard, system,
plug-in modules: IncludedBy:module,; Related:software, world wide web,
point estimate
point of control and observation: IncludedBy:control,; Related:security testing, test,
point-of-sale
point-to-point key establishment: IncludedBy:establishment, key,
point-to-point protocol: IncludedBy:internet, protocols,; Includes:point-to-point tunneling protocol,; Related:authentication,
point-to-point tunneling protocol: IncludedBy:point-to-point protocol, protocols, security protocol, tunnel, virtual private network,; Includes:private communication technology,; Related:access, access control, connection, control, function, internet, network, users, version,
policy: Includes:IT security policy, Internet Policy Registration Authority, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Policy, TOE security policy, TOE security policy model, acceptable use policy, certificate policy, certificate policy qualifier, certification policy, corporate security policy, cryptographic module security policy, designation policy, formal model of security policy, formal security policy, formal security policy model, identity-based security policy, informal security policy, information protection policy, information security policy, integrity policy, non-repudiation policy, organisational security policy, policy approving authority, policy certification authority, policy creation authority, policy management authority, policy mapping, public-key infrastructure, rule-based security policy, secrecy policy, security function policy, security policy, security policy information file, security policy model, system security policy, technical policy, technical security policy, term rule-based security policy, usage security policy,; Related:Bell-LaPadula security model, CKMS component, NTCB partition, National Security Decision Directive 145, National Security Telecommunications and Information Systems Security Committee, Office of Foreign Assets Control, SET qualifier, TCB subset, TOE security functions, abuse of privilege, access, access control, access control center, access control service, access mediation, accountability, assurance, attack, audit, authority, autonomous system, certificate, certificate domain, certification hierarchy, certification practice statement, classified, common security, component operations, compromise, confidence, consumers, control, controlled security mode, covert channel, covert channel analysis, covert timing channel, data encryption standard, dedicated security mode, demilitarized zone, discretionary access control, domain, domain parameter, dominated by, economy of mechanism, enclave, end entity, evaluation, exploitable channel, exploitation, extension, filtering router, firewall, formal method, formal top-level specification, formal verification, front-end security filter, functionality class, general controls, global information grid, guideline, identification data, information systems security equipment modification, information type, internal fraud, key management, loophole, mandatory access control, mode of operation, multilevel security mode, national security system, naval coastal warfare, network component, network sponsor, network trusted computing base, non-discretionary security, non-repudiation information, packet filter, partitioned security mode, personal security environment, personnel security, privacy, privacy impact assessment, private data, product rationale, proof, protected network, protection philosophy, rainbow series, risk management, root, root registry, ruleset, secure configuration management, security, security association, security audit, security authority, security clearance, security domain, security filter, security functions, security incident, security inspection, security label, security management infrastructure, security net control station, security perimeter, security program manager, security requirements, security violation, security-compliant channel, security-critical mechanisms, security-relevant event, sensitive information, source selection, system administrator, system security officer, system-high security mode, systems security steering group, trust, trusted channel, trusted computing base, trusted functionality, trusted path, trusted process, trusted subject, unprotected network, untrusted process, users, verification, vulnerability,
policy approving authority: IncludedBy:authority, multilevel information systems security initiative, policy, public-key infrastructure,; Related:X.509, certificate, certification, key, public-key, role,
policy certification authority: IncludedBy:authority, certification, policy, public-key infrastructure,; Related:X.509, certificate, internet, key, management, public-key, registration, security,
policy creation authority: IncludedBy:authority, multilevel information systems security initiative, policy, public-key infrastructure,; Related:X.509, certificate, certification, domain, key, public-key, role, users,
policy management authority: IncludedBy:authority, management, policy, public-key infrastructure,; Related:audit, certification,
policy mapping: IncludedBy:policy,; Related:authority, certificate, domain, public-key infrastructure,
policy-based access control: IncludedBy:access, control,; Related:authorization, identity, risk,
polling: Related:message, operation, process,
polymorphism: Related:code, message, object, operation, response, system,
pop-up box: Related:access, access control, internet, world wide web,
POP3 APOP: Related:attack, authentication, hash, key, protocols, shared secret, users,
POP3 AUTH: IncludedBy:internet,; Related:authentication, challenge/response, protocols, response, security,
population: Related:audit,
port: IncludedBy:internet,; Related:access, communications, computer, connection, cryptographic, cryptography, function, module,
port protection device: Related:assurance,
port scan: IncludedBy:attack,; Related:exploit, vulnerability,
port scanner: Related:connection, program, system, threat,
port scanning: Related:connection, internet, program, system,
portability: Related:application, code, computer, interoperability, module, program, software, system, users,
portable computer system: Includes:laptop,
portable electronic devices
portal: Related:access,
portfolio: Related:analysis, assessment,
portfolio management
positive control material: IncludedBy:control,; Related:code, system,
positive enable system: IncludedBy:system,
POSIX: Related:access, access control, application, audit, code, computer, control, function, information, interface, security, standard, system,
Post Office Protocol, version 3: IncludedBy:internet, protocols, version,; Related:access, authentication, message, security, standard,
post-accreditation phase: IncludedBy:accreditation,; Related:availability, confidentiality, information, integrity, operation, process, risk, security, software, system, threat,
post-nuclear event key: IncludedBy:key,
potential impact: Related:availability, integrity, operation,
practice statement: Related:authentication, entity,
practices dangerous to security: IncludedBy:security,
pre-activation state: IncludedBy:key lifecycle state,; Related:authorized, key, lifecycle,
pre-authorization: IncludedBy:authorization,; Related:certification, entity, public-key infrastructure, validate,
pre-certification phase: IncludedBy:certification,; Related:accreditation, assessment, control, identification, process, risk, security, system, validation, verification,
pre-shared key: IncludedBy:key,; Related:internet protocol security, internet security protocol,
pre-signature: IncludedBy:signature,; Related:digital signature, function, message, process, random,
precision: Related:sampling error,
precondition
precursor: Related:attack, incident, malware,
prediction resistance: Related:assurance,
predisposing condition: Related:threat,
preferred products list: IncludedBy:Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership,; Includes:TEMPEST,; Related:computer security, information, requirements, system,
prefix free representation
preliminary design review
preparedness
preproduction model: Related:evaluation, standard, version,
presidential historical materials and records
pressure regulator: Related:control,
pressure sensor: Related:flow, system,
pretty good privacy: IncludedBy:email security software, encryption, internet, key, privacy, security protocol, web of trust,; Includes:certificate,; Related:algorithm, application, authentication, computer, cryptographic, cryptography, digital signature, email, file, message, network, owner, program, protocols, public-key, signature, software, standard, system,
prevention
primary account number: IncludedBy:Secure Electronic Transaction,; Related:association, authority, code, cryptography, identification,
primary services node (prsn): Related:access, management, users,
prime contract
prime contractor
primitive: IncludedBy:trusted computing base,
principal: Related:entity, identity,
principal accrediting authority: IncludedBy:authority,; Related:intelligence, system,
principal certification authority: IncludedBy:certification,
principal disclosure authority: Related:authorized,
print suppression: Related:key, passwords, security,
printer
prioritization
privacy: IncludedBy:quality of protection,; Includes:confidentiality, data privacy, pretty good privacy, privacy enhanced mail, privacy impact assessment, privacy programs, privacy protection, privacy system, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, virtual private network, wired equivalent privacy,; Related:Diffie-Hellman, Generic Security Service Application Program Interface, S-box, Samurai, Sensitive Information Computer Security Act of 1987, access, access control, anonymous, authorized, compromise, control, cookies, cryptography, entity, formal access approval, individuals, information, information type, kerberos, key management/exchange, management message, policy, private communication technology, private key, public law 100-235, sandboxed environment, secret seed, secure hypertext transfer protocol, secure single sign-on, secure socket layer, security, sensitive information, simple key management for IP, spyware, system, system security plan, trusted channel, unclassified sensitive, users,
privacy enhanced mail: IncludedBy:email, privacy, security protocol,; Includes:certificate, encryption,; Related:X.509, authentication, certification, confidentiality, integrity, internet, key, key management, message, owner, protocols, public-key, public-key infrastructure, standard,
privacy impact assessment: IncludedBy:assessment, privacy,; Related:analysis, information, policy, process, requirements, risk, system,
privacy programs: IncludedBy:privacy, program,; Related:confidentiality, encryption, software, users,
privacy protection: IncludedBy:privacy,; Related:assurance, confidentiality, establishment, information, security, threat,
privacy system: IncludedBy:privacy, system,; Related:attack, communications, encryption, telecommunications,
privacy, authentication, integrity, identification, non-repudiation: IncludedBy:identification, integrity, non-repudiation, privacy,
privacy, authentication, integrity, non-repudiation: IncludedBy:authentication, availability, integrity, non-repudiation, privacy,
private accreditation exponent: IncludedBy:accreditation,; Related:authority, information, verification,
private accreditation information: IncludedBy:accreditation, information,; Related:authority, entity, identity,
private branch exchange: Related:network,
private communication technology: IncludedBy:communications, point-to-point tunneling protocol, technology,; Related:key, privacy, public-key, standard, system,
private component: Related:key,
private data: Related:information, policy,
private decipherment key: IncludedBy:cipher, key,
private decipherment transformation: IncludedBy:cipher,; Related:encipherment, key, network, system,
private extension: HasPreferred:extension,
private key: IncludedBy:asymmetric algorithm, key, public-key infrastructure,; Related:algorithm, cipher, cryptographic, cryptographic system, cryptography, encipherment, entity, information, privacy, public-key, secret, signature, system, users,
private signature key: IncludedBy:key, signature,; Related:digital signature,
private-key cryptography: HasPreferred:secret-key cryptography,; IncludedBy:cryptography, key,
privilege: IncludedBy:authorization,; Includes:least privilege,; Related:computer, function, operation, security, system,
privilege management: IncludedBy:management,; Related:access,
privilege management infrastructure: Related:authorization, certificate, process,
privileged: IncludedBy:access control,; Includes:privileged access, privileged instructions, privileged process, privileged user,; Related:backdoor, category, console logon, discretionary access control, executive state, program, protection ring, system, vulnerability,
privileged access: IncludedBy:access, privileged,; Related:authorized, computer, process, resource, users,
privileged accounts: Related:access, authorization, users,
privileged command: Related:control, security,
privileged instructions: IncludedBy:executive state, privileged,; Related:computer, control, system,
privileged process: IncludedBy:privileged, process,; Related:authorized, computer, function, security, trust,
privileged user: IncludedBy:privileged, users,; Related:access, assurance, control, function, program, security, system, trust,
probability-proportional-to-size
probe: IncludedBy:incident,; Related:access, access control, authorized, control, information, program, security, system, unauthorized access, users,
problem: Related:anomaly, failure, fault,
procedural controls: IncludedBy:control,; Related:system,
procedural security: IncludedBy:security,; PreferredFor:administrative security,; Related:access, access control, authorized, communications security, computer, computer security, control, emanation, emanations security, operation, system, unauthorized access,
procedure
process: IncludedBy:subject,; Includes:Automated Information System security, DoD Information Technology Security Certification and Accreditation Process, Federal Information Processing Standards, Federal Information Processing Standards Publication 140, Guidelines and Recommendations for Security Incident Processing, as-is process model, authorization to process, authorize processing, automated data processing system, automated information system, batch process, batch processing, business process, business process improvement, business process reengineering, bypass label processing, central processing unit, centralized data processing, continuous process, continuous process improvement, core or key process, data processing, development process, discrete process, distributed dataprocessing, distributed processing, execution, delivery, and process management, front-end processor, hierarchical input process output, information processing standard, key processor, local management device/key processor, logical co-processing kernel, management control processes, on-line transaction processing, periods processing, privileged process, process assurance, process controller, process management approach, process owner, real-time processing, signature process, software system test and evaluation process, statistical process control, subprocess, teleprocessing, to-be-process model, trusted process, untrusted process, verification process,; Related:2-factor authentication, 3-factor authentication, BLACK, Bell-LaPadula security model, CAPSTONE chip, COMSEC demilitarization, COMSEC equipment, CPU time, Clipper chip, Defense Information Infrastructure, Defensive Information Operations, Digital Signature Standard, Generic Security Service Application Program Interface, Green book, Gypsy verification environment, IT security database, International organization for standardization, Internet Engineering Steering Group, Internet Protocol Security Option, Internet Society Copyright, Internet Standard, Internet Standards document, MISSI user, National Security Decision Directive 145, OSI architecture, PIV registrar, RED, Rivest-Shamir-Adleman algorithm, Trusted Computer System Evaluation Criteria, Type III cryptography, X.500 Directory, abend, acceptance procedure, access, access category, access control, access control lists, access mediation, access mode, access with limited privileges, accountability, accreditation, accreditation phase, accreditation range, acquirer, activity analysis, add-on security, alert, algorithm transition, alignment, analysis of alternatives, applicant assertion, application, application controls, application data backup/recovery, application level gateway, application software, application system, application-level firewall, approval/accreditation, architectural design, assessment, assurance, assurance element, assure, assured software, asynchronous transfer mode, audit trail, authentication, authentication code, authentication protocol, authentication system, authenticity, authority, authorization, authorized, automated security monitoring, availability, backup, banner grabbing, baselining, batch mode, benchmark, benchmarking, best practices, bias, binding, block cipher, brand CRL identifier, brute force attack, buffer overflow, business case, business impact analysis, card initialization, centralized operations, certificate, certificate creation, certificate management, certificate reactivation, certificate rekey, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification and accreditation, certification path, certification phase, challenge/response, change management, chief information agency officer, ciphony, cleartext, client, client server, color change, communications security, comparisons, compartmented mode, compromised state, compromising emanations, computer abuse, computer architecture, computer cryptography, computer security, concept of operations, confidentiality, configuration control, configuration item, configuration management, conformance testing, construction, content filtering, contingency plan, continuity of operations, control center, control loop, control network, control zone, cost/benefit analysis, cost/benefit estimate, counter, covert channel, covert storage channel, covert timing channel, critical, criticality/sensitivity, cross-certification, cryptanalysis, cryptographic algorithm, cryptographic hash function, cryptographic key, cryptographic logic, cryptographic module, cryptographic synchronization, cryptographic system, cryptoperiod, cryptosynchronization, cryptosystem analysis, cryptosystem evaluation, cyberspace, cycle time, daemon, data, data architecture, data confidentiality, data contamination, data driven attack, data encryption standard, data historian, data input, data integrity, data key, data reengineering, database, deactivated state, deadlock, deadly embrace, decomposition, decryption, dedicated mode, dedicated security mode, default classification, degauss, deliverable, delivery, designation policy, detailed design, development assurance, development assurance requirements, digital signature, direct data feed, disaster recovery, disaster recovery plan, discretionary access control, distinguishing identifier, distributed control system, distributed database, download, dual control, dynamic analysis, egress filtering, electronic authentication, emanation, encryption, encryption algorithm, enrollment service, enterprise, entry control, erasure, error, error seeding, evaluation, executive steering committee, extensible markup language, external security controls, facilities, fail safe, fail soft, failure control, fallback procedures, fault, fault tolerance, fedwire, feedback buffer, fetch protection, file encryption, file infector virus, file protection, file transfer, firewall, flooding, fork bomb, formal access approval, formal proof, formal top-level specification, formal verification, format, forward engineering, front-end security filter, full accreditation, full disk encryption, function, gas and oil production, storage and transportation, global command and control system, global information grid, global network information environment, guard, handle, hardening, hardware, hash result, hierarchical development methodology, hierarchy management, identification, identification authentication, identification data, identity management systems, identity proofing, identity verification, identity-based security policy, implementation, incident, information, information and communications, information category, information environment, information owner, information security, information security testing, information superiority, information system, information systems security, information systems security engineering, information technology, information warfare, ingress filtering, initialization value, initialization vector, initializing value, input preparation cycle, inspectable space, integration test, integrity, intelligence, intelligent electronic device, interface, interim accreditation, interim approval to operate, internal subject, internal system exposure, internet control message protocol, internet protocol security, intrusion detection, intrusion detection and prevention, intrusion detection systems, intrusion prevention, key agreement, key center, key distribution, key entry, key establishment, key exchange, key generation, key management, key management infrastructure, key output, key recovery, key state transition, key stream, key transport, key updating, key-escrow, key-escrow system, lifecycle management, light tower, line managers, local-area network, logging, logical access control, loop, macro virus, maintenance, malicious code, malware, management controls, manipulated variable, manual cryptosystem, match, metadata, metrics, mirroring, mission critical, mission critical system, mockingbird, mode of operation, model, modeling or flowcharting, modes of operation, modular software, monitoring and evaluation, multi-security level, multilevel device, multilevel mode, multilevel security, multilevel security mode, multiuser mode of operation, mutually suspicious, national security information, network architecture, network discovery, non-repudiation, non-repudiation service, non-technical countermeasure, normal operation, object, one-time passwords, open system interconnection model, operation, operational data security, operational risk, operations security, operator, output, overwrite procedure, packet filtering, password cracking, passwords, patch management, path discovery, path validation, payment gateway, penetration test, performance gap, performance measurement, personal identity verification, personal identity verification card, platform, polling, post-accreditation phase, pre-certification phase, pre-signature, privacy impact assessment, privilege management infrastructure, privileged access, production, program, programmable logic controller, proprietary information, protection ring, protective technologies, protocols, proxy server, pseudo-random number generator, public law 100-235, public-key cryptography, public-key infrastructure, purge, quality, quality control, random number generator, randomizer, read-only memory, real-time, real-time system, reciprocal agreement, recovery procedures, recovery site, recovery time objectives, registration, registration authority, rekey, release, relying party, renewal, requirements, residue, resource, resource encapsulation, resource starvation, response, response time, reverse engineering, reverse software engineering, revocation, risk analysis, risk assessment, risk evaluation, risk identification, risk index, risk management, risk treatment, role-based access control, routing, routing control, safeguarding statement, salami technique, salt, sandboxed environment, sanitize, screen scraping, security architecture, security audit trail, security certification level, security clearance, security evaluation, security management, security management infrastructure, security mechanism, security parameters index, security policy, security program manager, security requirements, security service, security test & evaluation, security testing, seed key, sensitive compartmented information, sensitive compartmented information facility, sensitivity analysis, separation of duties, server, settlement, signaling, signature, signature function, signature generation, signature key, signature verification, significant change, simple authentication, simulation modeling, single loop controller, single-level device, smartcards, social engineering, software, software development, software quality assurance, software reengineering, source data automation, source selection, special information operations, spoofing, stateful packet filtering, stateful protocol analysis, static analysis, stream cipher, stretch goal, strong authentication, superencryption, superuser, supervisory control and data acquisition, symmetric encryption algorithm, system entity, system high mode, system low, system retention/backup, system-high security mode, systems engineering, systems software, technical countermeasures, technical security policy, technical vulnerability, technology, telecommunications, test, test execution, test facility, test plan, testing, threat assessment, time-stamp verifier, timing attacks, token management, tokens, total quality management, traceability, tranquility, transaction file, transport, trojan horse, trust, trusted agent, trusted computer system, trusted path, two-person control, type 1 products, type 2 product, type certification, update, updating, upload, user id revalidation, user identifier, user representative, users, validate, validate vs. verify, validation, value-added, vaulting, verification, verification and validation, verification function, verification key, verification techniques, version scanning, vulnerability, vulnerability assessment, vulnerability audit, web risk assessment, web server, website hosting, work product, workflow, workstation, world class organizations, worm,
process assurance: IncludedBy:assurance, process,; Related:assessment,
process controller: IncludedBy:control, process,; Related:algorithm, computer, system,
process management approach: IncludedBy:process,; Related:business process, quality,
process owner: IncludedBy:owner, process,
producers: Related:security,
product: Includes:software product,; Related:function, software, system,
product rationale: IncludedBy:protection profile,; Includes:object,; Related:assurance, file, function, information, policy, profile, security, system, threat,
product source node: Related:management,
production: IncludedBy:target of evaluation,; Related:process, target,
production model
profile: IncludedBy:file,; Includes:CKMS profile, COMSEC profile, access profile, assurance profile, communications profile, profile assurance, protection profile, protection profile family, secure profile inspector, system profile, user profile,; Related:Federal Criteria Vol. I, Minimum Interoperability Specification for PKI Components, PKIX, assignment, attack signature recognition, component, cookies, correctness, decomposition, deliverable, development assurance requirements, effectiveness, evaluation, evaluation assurance requirements, external security controls, functional protection requirements, national computer security assessment program, national information assurance partnership, product rationale, refinement, security, security target, stateful protocol analysis, tracking cookie, users,
profile assurance: IncludedBy:assurance, file, profile,; Related:confidence,
profiling
program: Includes:COMSEC Resources Program, COMSEC Utility Program, COMSEC control program, Commercial COMSEC Endorsement Program, Commercial COMSEC Evaluation Program, Common Criteria Testing Program, Cryptographic Application Program Interface, Generic Security Service Application Program Interface, National Voluntary Laboratory Accreditation Program, Programmable key storage device, TEMPEST Endorsement Program, Trusted Products Evaluation Program, application program interface, application programming interface, audit program, authorized vendor program, computer security technical vulnerability reporting program, cryptographic application programming interface, defense-wide information assurance program, delegated development program, malicious program, national computer security assessment program, object-oriented programming, privacy programs, program automated information system security incident support team, program evaluation and review technique, program manager, programmable logic controller, programmable read-only memory, programming languages and compilers, rating maintenance program, security program manager, security support programming interface, source program, special access program, special access program facility, tinkerbell program, traditional INFOSEC program, user partnership program, utility programs, work program,; Related:CASE tools, Common Criteria Testing Laboratory, GRC senior staff, Green book, Gypsy verification environment, IT security database, Internet Protocol Security Option, Internet worm, Java, Message Security Protocol, PHF, Rexd, SATAN, Secure Data Network System, TOE security functions interface, abend, abort, access category, access control, access control lists, access type, active content, agent, alternative work site, ankle-biter, antispyware software, antivirus software, applet, application, application controls, application generator, application software, application system, assure, audit software, authorization, automated logon sequences, backdoor, backup, backup procedures, bebugging, benchmark, black-box testing, branch coverage, browser, brute force attack, bug, certificate, change control and lifecycle management, check_password, client, client server, code, coding, common criteria, common gateway interface, compiled viruses, compiler, compliance-based, computer, computer architecture, computer cryptography, computer emergency response teams' coordination center, computer fraud, computer oracle and password system, computer-assisted audit technique, configuration item, confinement, console, contingency plan, controller, correctness, cost/benefit, covert channel analysis, data dictionary, data processing, data transfer device, dedicated mode, delete access, demon dialer, digital signature, domain, domain name system, dongle, dynamic analysis, encapsulation, enhanced hierarchical development methodology, ensure, error, error seeding, exception, executable code, execute access, exercised, exhaustive testing, exploit, extensible, extensible markup language, fail safe, failure, fault, fault injection, fetch protection, file infector virus, firmware, flexibility, flow, formal development methodology, formal language, formal proof, formal top-level specification, formal verification, gateway, general controls, graphical-user interface, hackers, handler, handshaking procedures, hard copy key, hardware, hierarchical development methodology, host-based intrusion prevention system, information system security officer, information systems security manager, information systems security officer, instrumentation, integration test, intelligence community, interface, interim accreditation action plan, internal security controls, interoperability standards/protocols, key logger, key-escrow system, legacy systems, logic bombs, logical access control, loop, macro virus, maintainability, major application, major information system, malicious applets, malicious code, malware, management control processes, mechanisms, microcode, mobile code, mockingbird, modes of operation, morris worm, multilevel information systems security initiative, mutation analysis, mutation testing, mutually suspicious, national information assurance partnership, national telecommunications and information system security directives, nations, natural benchmark, network worm, network-based intrusion prevention system, object, on-line system, operating system, operational risk loss, organization computer security representative, packet filter, packet sniffer, password cracker, password sniffing, patch, phage, pilot testing, port scanner, port scanning, portability, pretty good privacy, privileged, privileged user, probe, process, proprietary information, protection ring, proxy, pseudo-flaw, read access, records, regression testing, reliability, remote administration tool, replicator, requirements traceability matrix, restart, reusability, reverse engineering, risk management, run, sandboxed environment, scan, scope of a requirement, script bunny, security, security policy, sensitive information, sensitivity analysis, server, set point, silver bullet, simulation modeling, smurf, sniffer, software, software development methodologies, software product, software reliability, software security, source code, spam, spam filtering software, spyware detection and removal utility, stakeholder, static analysis, stress testing, structural testing, supervisory control, symbolic execution, synthetic benchmarks, system high mode, system resources, system security authorization agreement, system security officer, system software, systems software, test bed, test case, test generator, testability, tester, time bomb, tokens, trapdoor, trigger, trojan horse, unit, update access, user data protocol, users, utility, vaccines, validation, virus, virus scanner, vulnerability, waiver, war dialer, war dialing, web content filtering software, white-box testing, workstation, worm, zombie,
program access request: IncludedBy:access,
program automated information system security incident support team: IncludedBy:computer security, incident, information, program, security incident, system,
program channels or program security channels: IncludedBy:security,; Related:access, authorized, classified,
program evaluation and review technique: IncludedBy:evaluation, program,
program executive agent
program executive office, enterprise information systems
program manager: IncludedBy:program,; Related:security, system,
program material: Related:access,
program office: Related:access,
program protection plan: Related:authorized, classified, foreign, intelligence,
program security officer: IncludedBy:security,; Related:access,
program sensitive information: Related:classified,
Programmable key storage device: IncludedBy:key, program,
programmable logic controller: IncludedBy:control, program,; Related:control systems, file, function, process, system, users,
programmable read-only memory: IncludedBy:program,; Related:access,
programming languages and compilers: IncludedBy:program, software, target of evaluation,; Related:target,
project/program manager
promiscuous mode: IncludedBy:threat,; Related:ethernet sniffing, information, interface, packet sniffer,
proof: Related:evidence, non-repudiation, policy,
proof of possession protocol: IncludedBy:protocols,; Related:3-factor authentication, authentication, control, key, passwords,
property: Includes:*-property, intellectual property, simple security property,; Related:Federal Information Processing Standards, accountability, assurance, asymmetric cryptographic technique, authenticity, availability, block cipher, bug, collision-resistant hash function, confidentiality, congruence, connectivity, correctness, data confidentiality, data integrity, digital watermarking, effectiveness, emergency response, external fraud, forward secrecy with respect to A, forward secrecy with respect to both A and B individually, hash function, integrity, internal fraud, key generating function, major information system, mask generation function, message digest, mutual forward secrecy, mutually suspicious, n-bit block cipher, one-way function, passive, proprietary, public-key forward secrecy, reliability, restricted area, safety, security, security kernel, sensor, stream cipher, system parameter, tranquility, trusted subject, unforgeable,
proprietary: Related:entity, information, property,
proprietary information: IncludedBy:information,; Related:computer, development, process, program,
proprietary protocol: IncludedBy:protocols,; Related:network, resource,
protected channel: Related:cryptographic, entity, identity, integrity, key, message,
protected checksum: Related:attack, object,
protected communications: IncludedBy:communications,; Related:encryption, standard, telecommunications,
protected communications zone: IncludedBy:communications,
Protected Critical Infrastructure Information (PCII): IncludedBy:critical,
protected distribution systems: IncludedBy:system,; Related:classified, control, encryption, information, security,
protected information: Related:classified, critical,
protected network: Antonym:unprotected network,; IncludedBy:demilitarized zone, firewall, network,; Related:access, access control, authorized, control, policy, ruleset, unauthorized access,
protected services list
protected wireline distribution system: IncludedBy:system,
protection
protection needs elicitation: IncludedBy:requirements, security,; Related:assurance, information,
protection philosophy: Includes:object,; Related:assurance, control, evaluation, policy, security, system,
protection profile: IncludedBy:Common Criteria for Information Technology Security Evaluation, Federal Criteria Vol. I, file, profile, requirements,; Includes:assignment, decomposition, external security controls, functional protection requirements, product rationale, protection profile family, refinement, trusted computing base,; Related:IT security, assurance, computer security, criteria, function, object, security, security target, security testing, system, target, test,
protection profile family: IncludedBy:file, profile, protection profile,; Related:assurance, function,
protection ring: IncludedBy:modes of operation,; Related:access, access control, assurance, authorized, operation, privileged, process, program, system, users,
protection suite: Related:algorithm, authentication, encryption, integrity, internet protocol security, internet security protocol,
protection-critical portions of the TCB: IncludedBy:critical, trusted computing base,; Includes:object, subject,; Related:access, access control, assurance, control, function, operation, system,
protective distribution system: IncludedBy:system,; Related:countermeasures, information,
protective measures
protective packaging: Related:communications security, key, penetration,
protective security service: IncludedBy:security,; Related:access, authorized, connection,
protective technologies: Related:compromise, incident, information, key, penetration, process, tamper,
protocol analyzer: IncludedBy:protocols,; Related:application, software, users,
protocol converter: IncludedBy:protocols,; Related:information,
protocol data unit: IncludedBy:protocols,; Related:control, information, interface, message,
protocol entity
protocol run: IncludedBy:protocols,; Related:authentication, message,
protocol suite: IncludedBy:protocols,; Related:communications, computer, computer network, network,
protocols: Includes:Challenge Handshake Authentication Protocol, Directory Access Protocol, Extensible Authentication Protocol, Identification Protocol, Internet Message Access Protocol, version 4, Internet Protocol Security Option, Internet Security Association and Key Management Protocol, Key Management Protocol, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Lightweight Directory Access Protocol, Message Security Protocol, Network Layer Security Protocol, Password Authentication Protocol, Post Office Protocol, version 3, Security Protocol 3, Security Protocol 4, Simple Key-management for Internet Protocols, Transport Layer Security Protocol, authentication header protocol, authentication protocol, challenge-response protocol, communications protocol, encapsulating security payload protocol, file transfer protocol, host to front-end protocol, hypertext transfer protocol, internet control message protocol, internet key exchange protocol, internet protocol, internet protocol security, interoperability standards/protocols, ip payload compression protocol, key management protocol data unit, network management protocol, network protocol stack, online certificate status protocol, point-to-point protocol, point-to-point tunneling protocol, proof of possession protocol, proprietary protocol, protocol analyzer, protocol converter, protocol data unit, protocol run, protocol suite, secure hypertext transfer protocol, security protocol, simple mail transfer protocol, simple network management protocol, stateful protocol analysis, transmission control protocol, transmission control protocol/internet protocol, tunneled password protocol, user data protocol, wireless application protocol, zero-knowledge password protocol,; Related:Abstract Syntax Notation One, Diffie-Hellman, Distributed Authentication Security Service, Estelle, FIREFLY, Generic Security Service Application Program Interface, ICMP flood, IMAP4 AUTHENTICATE, IP address, IPsec Key Exchange, ITU-T, Internet Architecture Board, Internet Assigned Numbers Authority, Internet Corporation for Assigned Names and Numbers, Internet Engineering Task Force, Internet Standard, MIME Object Security Services, Network File System, OAKLEY, OSI architecture, Open Systems Interconnection Reference model, PKIX, POP3 APOP, POP3 AUTH, Photuris, SOCKS, SYN flood, Secure Data Exchange, Secure Data Network System, Secure Electronic Transaction, Secure/MIME, Simple Authentication and Security Layer, Standards for Interoperable LAN/MAN Security, Terminal Access Controller Access Control System, active attack, anonymous and guest login, anonymous login, application gateway firewall, application proxy, application-level firewall, association, authentication header, automated key distribution, backdoor, bastion host, bridge, brouters, certification, claimant, code, common security, communications, computer, computer architecture, connection, connection establishment, connection establishment time, connection maintenance, connection teardown, connection teardown time, control, countermeasures, cyclic redundancy check, domain name service server, domain name system, eavesdropping attack, egress filtering, encapsulating security payload, encapsulation, end system, extensibility, fieldbus, file transfer, firewall, function, gateway, goodput, gopher, hackers, host, https, implementation under test, information, internet, internet vs. Internet, internetwork, kerberos, key confirmation, key distribution center, key recovery, key translation center, language of temporal ordering specification, man-in-the-middle attack, management server, multipurpose internet mail extensions, network, network analyzer, network architecture, network connection, network front-end, network level firewall, network sniffing, nonce, object, object identifier, off-line attack, one-time passwords, online attack, open systems interconnection, packet filtering, packet filtering firewall, passive attack, pretty good privacy, privacy enhanced mail, process, proxy, proxy server, public-key forward secrecy, remote authentication dial-in user service, router, scheme, secure multipurpose internet mail extensions, secure shell, secure socket layer, security association, security association identifier, security certificate, security gateway, security parameters index, signaling system 7, simple key management for IP, software, stealth probe, subnetwork, system, telnet, token authenticator, tokens, transport layer security, transport mode vs. tunnel mode, tunnel, tunneling, uniform resource identifier, uniform resource locator, verifier, verifier impersonation attack, vishing, vulnerability, wireless intrusion detection and prevention system, world wide web,
prototyping: Related:application, computer, model, system,
prove a correspondence: Related:system,
provider
prowler: IncludedBy:threat,; Related:file,
proximity: Related:access, access control, control, interface, technology,
proximity sensor: Related:target,
proxy: IncludedBy:firewall,; Includes:application proxy, circuit proxy, proxy server,; Related:access, application, attack, authentication, authorized, connection, function, network, operation, packet filtering, program, protocols, software, stateful packet filtering, system, users,
proxy agent: Related:software,
proxy server: IncludedBy:internet, proxy,; Related:access, access control, application, association, authentication, computer, connection, control, entity, identity, message, process, protocols, response, router, security, software, system, users, version, world wide web,
pseudo-flaw: IncludedBy:risk management, threat,; Related:program, system,
pseudo-random: IncludedBy:random,; Related:algorithm,
pseudo-random number generator: IncludedBy:random,; Related:process, software, test,
pseudonym: Related:entity, identity,
psychological operations: IncludedBy:operation, threat,; Related:foreign, information, object,
public accreditation verification exponent: IncludedBy:accreditation, verification,
public component: Related:key, public-key,
public confidence: IncludedBy:confidence,; Related:critical, security,
public domain
public domain software: IncludedBy:domain, software,; Related:subject,
public encipherment key: IncludedBy:cipher, encipherment, key, public-key infrastructure,; Related:public-key,
public encipherment transformation: IncludedBy:cipher, encipherment, public-key infrastructure,; Related:key, public-key, system,
public information: IncludedBy:information,
public key enabling: IncludedBy:key,; Related:authentication, security,
public law 100-235: Related:classified, computer, computer security, establishment, information, privacy, process, security, standard, system, technology,
public seed
public verification key: IncludedBy:key, public-key infrastructure, verification,; Related:public-key,
public-key: IncludedBy:asymmetric algorithm, key,; Includes:Federal Public-key Infrastructure, Simple Public-Key Infrastructure, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, X.509 public-key certificate, mesh PKI, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key derivation function, public-key forward secrecy, public-key information, public-key system,; Related:CA certificate, Diffie-Hellman, FIREFLY, IEEE P1363, MISSI user, OAKLEY, PKCS #10, PKIX, RSA algorithm, Rivest-Shamir-Adleman algorithm, The Exponential Encryption System, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, account authority digital signature, algorithm, archive, asymmetric cryptographic technique, asymmetric cryptography, asymmetric key pair, asymmetric keys, attribute certificate, authority revocation list, bind, binding, certificate, certificate directory, certificate domain, certificate policy, certificate policy qualifier, certificate rekey, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification authority digital signature, certification hierarchy, certification path, certification request, certify, challenge-response protocol, cipher, common name, cross-certification, cryptographic, cryptographic system, cryptography, cryptoperiod, data origin authentication service, digital certificate, digital certification, digital envelope, digital id, digital signature, digital signature algorithm, directly trusted CA, directly trusted CA key, distinguished name, distribution point, domain name system, elliptic curve cryptosystem, encipherment, encryption certificate, end entity, entity, ephemeral key, extension, fingerprint, hierarchy management, information, internet protocol security, key agreement, key exchange, key lifetime, key management infrastructure, key management/exchange, key material identifier, key pair, key transport, key validation, key-escrow system, merchant certificate, modulus, non-repudiation, online certificate status protocol, organizational certificate, path discovery, personality label, policy approving authority, policy certification authority, policy creation authority, pretty good privacy, privacy enhanced mail, private communication technology, private key, public component, public encipherment key, public encipherment transformation, public verification key, registration, registration authority, repository, root, root certificate, root key, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure socket layer, self-signed certificate, signature, signature certificate, signature verification, strong authentication, subject, subordinate certification authority, symmetric cryptography, system, tokens, trust anchor, trust-file PKI, trusted certificate, trusted key, tunneled password protocol, unforgeable, users, v1 certificate, v2 certificate, v3 certificate, validate, validate vs. verify, validity period, verification, virtual private network, web of trust,
public-key algorithm: IncludedBy:algorithm, key, public-key,
public-key certificate: IncludedBy:certificate, key, public-key,; Related:access, authority, certification, cipher, control, digital signature, domain, encipherment, entity, identity, information, integrity, owner, signature, system, test, trust, users, verification,
public-key cryptography: IncludedBy:cryptography, key, public-key,; Includes:Rivest-Shamir-Adleman algorithm,; Related:cipher, encryption, process, public-key infrastructure, signature, standard, system, users,
public-key cryptography standards: IncludedBy:Rivest-Shamir-Adleman algorithm, asymmetric algorithm, cryptography, key, public-key, standard,; Includes:PKCS #10, PKCS #11, PKCS #7,; Related:algorithm, application, authority, operation, public-key infrastructure, security, system,
public-key derivation function: IncludedBy:asymmetric cryptography, function, key, public-key, public-key infrastructure,; Related:domain, entity, identification, random, requirements, security, verification,
public-key forward secrecy: IncludedBy:forward secrecy, key, public-key,; Related:algorithm, authentication, compromise, cryptographic, cryptography, encryption, establishment, hash, internet, operation, passwords, property, protocols, security, standard, system,
public-key information: IncludedBy:asymmetric cryptography, information, key, public-key, public-key infrastructure,; Related:algorithm, authority, certification, entity,
public-key infrastructure: IncludedBy:key, policy,; Includes:Federal Public-key Infrastructure, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, PKIX private extension, RA domains, SET private extension, SET qualifier, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, X.509, X.509 authority revocation list, X.509 certificate revocation list, account authority digital signature, attribute authority, bilateral trust, brand CRL identifier, brand certification authority, cardholder certification authority, certificate creation, certificate directory, certificate management, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate status responder, certificate update, certificate validation, certification authority, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification practice statement, certification request, certification service, certificaton authority, class 2, 3, 4, or 5, common name, compromised key list, delta CRL, digital id, digital signature, directly trusted CA, directly trusted CA key, distinguished name, distribution point, extension, hierarchical PKI, hierarchy management, hierarchy of trust, indirect certificate revocation list, invalidity date, merchant certification authority, mesh PKI, path discovery, path validation, payment gateway certification authority, personality label, policy approving authority, policy certification authority, policy creation authority, policy management authority, private key, public encipherment key, public encipherment transformation, public verification key, public-key derivation function, public-key information, public-key system, registration authority, revocation date, root, subordinate certification authority, top CA, trust-file PKI, v1 CRL, v2 CRL, validity period,; Related:Abstract Syntax Notation One, Cryptographic Message Syntax, Internet Policy Registration Authority, MISSI user, Open Systems Interconnection Reference model, X.500 Directory, application, archive, assurance, authenticate, authentication, authority, backup, bind, capability, certificate, certificate chain, certificate chain validation, certificate domain parameters, certificate expiration, certificate management services, certification, certification policy, certify, common security, communications, confidentiality, control, critical, cryptographic, cryptography, cryptoperiod, directory service, directory vs. Directory, domain, end entity, end-user, entity, escrow, function, geopolitical certificate authority, identity, information, information security, integrity, issue, issuer, key lifetime, key material identifier, message, object identifier, permissions, personal security environment, policy mapping, pre-authorization, privacy enhanced mail, process, public-key cryptography, public-key cryptography standards, registration, registration service, relying party, repository, revocation, role, secure hypertext transfer protocol, security, security event, signature, slot, software, standard, strong authentication, subject, system, tokens, trust, trust chain, trust hierarchy, trusted key, trusted third party, tunnel, unforgeable, users, valid signature, validate, validate vs. verify, validation, web of trust,
public-key system: IncludedBy:asymmetric cryptography, key, public-key, public-key infrastructure, system,; Related:cryptographic, function, message, signature, verification,
purge: Related:application, assurance, attack, classified, file, information, network, process, risk, system,
purging: Related:file, information, sanitization,
push technology: IncludedBy:technology,; Related:computer, file, signature, update, users, virus, world wide web,
quadrant: Related:cryptography, tamper, technology,
qualitative assessment: Related:risk,
qualitative risk assessment: IncludedBy:assessment, risk,; Related:system, threat, vulnerability,
quality: Includes:European quality award, business process improvement, continuous process improvement, national quality award, quality assurance, quality assurance/control, quality attributes, quality control, quality function deployment, quality of protection, software quality assurance, total quality management,; Related:Forum of Incident Response and Security Teams, accountability, assurance level, attribute, benchmarking, business process reengineering, centralized operations, data integrity, electronic messaging services, evaluation, evaluation authority, integrity, national information assurance partnership, performance gap, process, process management approach, requirements, security, standard, statistical process control, stretch goal, system, system integrity, users, validation, value analysis,
quality assurance: IncludedBy:assurance, quality,; Related:confidence, requirements, system,
quality assurance/control: IncludedBy:assurance, control, quality,
quality attributes: IncludedBy:quality,; Related:requirements, software,
quality control: IncludedBy:control, quality,; Related:process, system,
quality function deployment: IncludedBy:function, quality,; Related:requirements, system,
quality of protection: IncludedBy:evaluation, quality,; Includes:authentication, encryption strength, integrity, non-repudiation, privacy,; Related:assurance, function, security,
quality of service: Related:requirements, security,
quantitative assessment: Related:risk,
quarantine: Related:file, malware,
quarantining: Related:file, malware, security,
questionnaire for national security positions: IncludedBy:security,; Related:personnel security questionnaire,
questions on controls: IncludedBy:control,; Related:assurance, object, security controls,
queuing theory: Related:network, operation,
quick mode: Related:establishment, internet protocol security, internet security protocol,
RA domains: IncludedBy:domain, public-key infrastructure,; Related:access, access control, authorization, certificate, certification, subject,
radio frequency identification: IncludedBy:identification,; Related:information,
radio frequency jamming: IncludedBy:jamming,; Related:adversary, attack, classified, threat,
radix
rainbow series: IncludedBy:National Security Agency, Trusted Computer System Evaluation Criteria,; Includes:Green book, Orange book, Red book, Yellow book,; Related:criteria, policy,
random: Includes:cryptographic randomization, pseudo-random, pseudo-random number generator, random access memory, random number, random number generator, random number sampling, random selection, randomized, randomizer, simple random sample, stratified random sample, systematic selection with a random start,; Related:Challenge Handshake Authentication Protocol, Internet Engineering Task Force, Rivest-Shamir-Adleman algorithm, adversary, application, challenge, challenge-response protocol, cluster sample, confidence level, cooperative key generation, cryptographic, cryptographic functions, cryptographic key, cryptographic service, cryptographic token, cryptography, degrees of freedom, deterministic, guessing entropy, hash function, key, key generator, key transport, metrics, min-entropy, nonce, one-time pad, pre-signature, public-key derivation function, replay attacks, salt, secure hash standard, security, session key, signature function, stream cipher, test, time variant parameter, trapdoor,
random access memory: IncludedBy:access, automated information system, random,
random bit generator
random number: IncludedBy:random,
random number generator: IncludedBy:FIPS PUB 140-1, random,; Related:control, process,
random number sampling: IncludedBy:random,
random procurement: Related:United States citizen,
random selection: IncludedBy:random,; Related:authorized, standard,
randomized: IncludedBy:random,
randomizer: IncludedBy:random,; Related:entity, function, key, process, signature,
range
rapid application development: IncludedBy:application,; Related:software, users,
rapid automatic cryptographic equipment: IncludedBy:cryptographic,
rating: IncludedBy:assurance,; Related:assessment, operation, security target, target,
rating maintenance program: IncludedBy:program,
ratio estimate
ratio variable
read: Includes:object, subject,; Related:flow, information, operation,
read access: IncludedBy:access,; Includes:object, subject,; Related:flow, information, operation, program, software,
read-only memory: Related:automated information system, computer, process,
real-time: Related:information, process,
real-time processing: IncludedBy:process,; Related:computer, operation,
real-time reaction: Related:access, access control, penetration, response,
real-time system: IncludedBy:system,; Related:computer, file, process, update,
realm: Related:application, authentication, authority, domain,
recipient: Related:entity, message, non-repudiation,
recipient usage period
reciprocal agreement: Related:computer, process, system,
reciprocity: Related:intelligence, security,
recommended practices: IncludedBy:risk management,; Related:best practices, interoperability,
reconstitution: Related:critical, disaster recovery, owner,
records: Related:access, access control, evidence, information, program, subject, system, test,
records having permanent historical value
records management: IncludedBy:management,; Related:requirements,
recover: Related:cryptographic, damage, destruction, key, retrieval, trust,
recoverable part: Related:message, signature,
recovery: IncludedBy:availability,; Includes:archive, backup, backup procedures, disaster recovery, disaster recovery plan, key recovery, recovery point objectives, recovery procedures, recovery site, recovery time objectives, recovery vendors, trusted recovery,; Related:accountability, contingency plan, contingency planning, continuity of services and operations, emergency services, failure control, general controls, laboratory attack, non-recoverable part, run manual, sanitize, security management infrastructure, system testing, vaulting, zeroization, zeroize,
recovery point objectives: IncludedBy:object, recovery,; Related:operation,
recovery procedures: IncludedBy:contingency plan, recovery,; Related:failure, file, process, system,
recovery site: IncludedBy:recovery,; Related:business process, computer, information, operation, process,
recovery time objectives: IncludedBy:object, recovery,; Related:process,
recovery vendors: IncludedBy:recovery,
recycled
RED: Related:RED/BLACK concept, classified, communications security, information, process, security, system,
Red book: IncludedBy:rainbow series,; Related:computer, criteria, evaluation, network, system, trust,
RED signal: IncludedBy:threat,; Related:RED/BLACK concept, control, emissions security, information, key, security,; Synonym:emanation,
RED team: Related:RED/BLACK concept, adversary, assurance, attack, authorized, covert, information, security, security testing, system, test, threat, vulnerability,
RED team exercise: Related:security,
RED/BLACK concept: Related:BLACK, RED, RED signal, RED team, RED/BLACK separation, classified, information, security, system,
RED/BLACK separation: Related:RED/BLACK concept, cipher, communications security, cryptographic, cryptography, information, system,
redaction
reduction-function: IncludedBy:function,; Related:code, hash,
redundancy: IncludedBy:contingency plan,; Related:archive, backup, file, information, risk, system,
redundant array of inexpensive disks
redundant control server: IncludedBy:control,; Related:availability, backup,
redundant identity: IncludedBy:entity, identity,; Related:identification,
reference material: Related:classified,
reference monitor: IncludedBy:reference monitor concept, target of evaluation,; Includes:network reference monitor, object, subject,; Related:access, access control, analysis, confidence, control, function, integrity, security, system, tamper, target, test,
reference monitor concept: Includes:object, reference monitor, security kernel, subject,; Related:access, access control, control,
reference validation mechanism: IncludedBy:trusted computing base, validation,; Includes:object, subject,; Related:access, access control, analysis, function, operation, security testing, system, tamper, test,
references: Related:entity, identity, information, security, subject,
refinement: IncludedBy:protection profile,; Related:file, profile,
reflection attack: IncludedBy:attack,; Related:message,
register: Related:file, information, registration,
register entry: Related:information,
registration: Includes:Internet Policy Registration Authority, JTC1 Registration Authority, organizational registration authority, registration authority, registration service, sub-registration authority,; Related:Computer Security Objects Register, Internet Assigned Numbers Authority, applicant assertion, authentication, authority, authorization, backup, binding, biometrics, certificate, certificate management services, certification hierarchy, credentials service provider, domain, entity, identity, identity proofing, key, key management, metadata, notarization, policy certification authority, process, public-key, public-key infrastructure, register, role, security, security management infrastructure, subject, system, trusted agent, validate,
registration authority: IncludedBy:Secure Electronic Transaction, authority, public-key infrastructure, registration,; Related:application, authentication, certificate, entity, function, identification, identity, information, key, process, public-key, revocation, subject, tokens, trust, users,
registration service: IncludedBy:registration,; Related:certificate, identify, public-key infrastructure,
regrade: IncludedBy:authorization,; Related:authorized, classification levels, classified, information,
regression testing: IncludedBy:security testing, test,; Related:program, software,
reimbursable suitability investigation sabotage
reinstatement: Related:access, authorization, classified,
rejected traffic: IncludedBy:firewall,; Related:bit forwarding rate, ruleset,; Synonym:illegal traffic,
rekey (a certificate): IncludedBy:key,
rekey: IncludedBy:key,; Includes:area interswitch rekeying key, automatic key distribution/rekeying control unit, automatic remote rekeying, certificate rekey, common interswitch rekeying key, cooperative remote rekeying, interarea interswitch rekeying key, interswitch rekeying key, manual remote rekeying, over-the-air rekeying, remote rekeying, unique interswitch rekeying key,; Related:application, certificate management, certificate renewal, certificate update, cryptographic, cryptography, cryptoperiod, over-the-air key distribution, process, security event, security management infrastructure, session key, system,
relay
relay station: Related:security,
release: Related:baseline, classified, disclosure, process, software,
release prefix: Related:foreign, key,
reliability: IncludedBy:risk management,; Includes:software reliability,; Related:availability, communications, computer, confidence, function, information, operation, program, property, requirements, software, system, telecommunications,
reliability qualification tests: IncludedBy:test,
relying party: Related:access, application, certificate, entity, federation, identification, identity, information, process, public-key infrastructure, signature, system, users,
remanence: IncludedBy:overwrite procedure,; Related:information,; Synonym:magnetic remanence,
remediation: IncludedBy:risk management,; Related:availability, backup, business process, critical, software, system, threat, vulnerability,
remediation plan: Related:threat,
remote access: IncludedBy:access,; Related:authorized, boundary, communications, computer, computer network, connection, control, information, remote login, security, security perimeter, software, system, users,
remote access software: IncludedBy:access, software,; Related:computer, network, remote login, secure socket layer, system, telnet,
remote administration tool: Related:access, access control, attack, program, system,
remote authentication dial-in user service: IncludedBy:Simple Authentication and Security Layer, security protocol, security software, users,; Related:access, access control, authorization, information, internet, network, protocols, shared secret,
remote diagnostics: Related:information, security, security perimeter, system,
remote job entry: IncludedBy:automated information system,
remote login: IncludedBy:login,; Related:access, network, remote access, remote access software, system, users,; Synonym:remote logon,
remote logon: IncludedBy:logon, risk,; Related:dial-up capability, users,; Synonym:remote login,
remote maintenance: Related:analysis, connection, security,
remote procedure call: Related:automated information system,
remote rekeying: IncludedBy:key, rekey,
remote terminal
remote terminal emulation: IncludedBy:automated information system,; Related:communications, computer, interface, system, test,
remote terminal unit: Related:communications, computer,
removable hard disk
removable media
renew (a certificate)
renew: HasPreferred:certificate renewal,
renewal: Includes:certificate renewal,; Related:certificate update, key, process, security event,
repair action: Related:application, communications security, control, identification, operation,
replay attacks: IncludedBy:attack,; Related:access, adversary, authentication, communications, control, fraud, impersonation, malicious, message, random,
replicator: Related:program, virus, worm,
report of investigation: Related:criminal, intelligence, security,
repository: Related:access, access control, certificate, information, key, login, public-key, public-key infrastructure, system, trust, users,
representative of a foreign interest: IncludedBy:foreign,
repudiation: Antonym:non-repudiation,; IncludedBy:threat consequence,; Related:association, entity, information, internet, system,
Request for Comment: IncludedBy:Internet Society,; Includes:Internet Standards document, draft RFC,; Related:Internet Standard, internet, standard,
request for information: IncludedBy:information,
request for proposal
requirements: IncludedBy:certification, software development, target of evaluation,; Includes:DoD Information Technology Security Certification and Accreditation Process, certification and accreditation, construction of TOE requirements, development assurance requirements, downgrade, evaluation assurance level, evaluation assurance requirements, functional security requirements specification, global requirements, granularity of a requirement, information systems security engineering, local requirements, minimum essential requirements, protection needs elicitation, protection profile, requirements analysis, requirements for content and presentation, requirements for evidence, requirements for procedures and standards, requirements traceability matrix, reserve requirements, sanitization, scope of a requirement, security requirements, security requirements review, software requirement, strength of a requirement, system requirement, system security authorization agreement,; Related:British Standard 7799, CASE tools, CKMS profile, Capstone policies, Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, DD 254 - Final, DD 254 - Original, Defense Information Systems Network, Engineering, FIPS PUB 140-1, FIPS-Validated Cryptography, For Official Use Only Certified TEMPEST Technical Authority, Lightweight Directory Access Protocol, SET private extension, TEMPEST approved, Trusted Computer System Evaluation Criteria, Yellow book, acceptable level of risk, acceptance testing, access, access eligibility determination, accesses, accreditation, accreditation disapproval, accreditation range, acquisition plan, acquisition special access program, anomaly, application generator, approved access control device, approved combination padlock, approved electronic, mechanical, or electromechanical device, approved key-operated padlock, assurance, assurance component, assurance level, authorized vendor, authorized vendor program, benchmark, body of evidence, business impact analysis, certificate, certificate policy, certification agent or certifier, certification analyst, certification authority, certification practice statement, certified TEMPEST technical authority, certifier, classified contract, clients, products, and business practices, closed area, collision-resistant hash function, common criteria, completeness, component hierarchy, computer, computing security methods, configuration management, conformance, consumers, controlled area, controlled cryptographic item, controlled security mode, correctness, critical design review, cryptographic key, cryptographic module security policy, defect, dependency, designated approving authority representative, designation policy, development assurance, development assurance component, development process, effectiveness, electronic messaging services, ephemeral key, evaluation assurance component, explain, extension, failure, formal access approval, formal development methodology, formal top-level specification, full accreditation, function, functional component, functionality, handle via special access control channels only, hash function, independent validation and verification, independent validation authority, information assurance, information security architect, information security program plan, information security testing, information sharing, information system security engineer/system design security officer, initial operating capability, interconnection security agreements, interim security clearance, key validation, major application, management control processes, mandatory declassification review, message authentication code algorithm, mission assurance category, multiuser mode of operation, national information assurance partnership, non-disclosure agreement, pass/fail, passive security testing, periods processing, personal security environment, preferred products list, privacy impact assessment, process, public-key derivation function, quality, quality assurance, quality attributes, quality function deployment, quality of service, records management, reliability, reserve account, reverse software engineering, secure single sign-on, security, security architecture, security assurance, security control assessment, security controls, security engineering, security incident, security plan, security policy, security program plan, security safeguards, security service, security violation, sensitive information, site certification, software lifecycle, software quality assurance, software system test and evaluation process, sound group, source code generator, source selection, special access program, special access program/special access required, special background investigation, special information operations, special program review group, specification, standard practice procedures, stress testing, subcontract, system, system administrator, system interconnection, tailoring (assessment procedures), target, temporary access eligibility, test coverage, top-level specification, trusted network interpretation, trusted operating system, two-person control, type accreditation, type certification, user representative, users, validation, verification, verification and validation, verification techniques, virtual password, waiver,
requirements analysis: IncludedBy:analysis, requirements,; Related:resource,
requirements for content and presentation: IncludedBy:requirements,; Related:criteria, evaluation, identify, information,
requirements for evidence: IncludedBy:evidence, requirements,; Related:criteria, evaluation,
requirements for procedures and standards: IncludedBy:requirements, standard, target of evaluation,; Related:availability, confidentiality, criteria, identify, integrity, operation, security,
requirements traceability matrix: IncludedBy:requirements,; Related:computer, function, program,
research and technology
reserve account: Related:requirements, role,
reserve keying material: IncludedBy:key,
reserve requirements: IncludedBy:requirements,; Related:system,
residual risk: IncludedBy:threat,; Related:IT security, computer security, control, countermeasures, information, network, system,
residue: IncludedBy:risk,; Related:information, operation, process,
resilience: Related:management, risk,
resource: IncludedBy:target of evaluation,; Includes:COMSEC Resources Program, IT resources, MEI resource elements, TOE resource, TOE security functions, enterprise resource planning, information resources, object, resource encapsulation, resource starvation, system resources, uniform resource identifier, uniform resource locator, uniform resource name,; Related:COMSEC manager, IT security incident, Lightweight Directory Access Protocol, TOE security functions interface, access, access category, access control, access control lists, access control service, access mediation, accessibility, accountability, accreditation boundary, alarm reporting, alarm surveillance, alert, anonymous login, application server attack, application system, assessment, asset, attack, attack potential, audit plan, audit trail, authenticate, authentication, authenticity, authorization, authorized, automated information system, availability, availability service, back up vs. backup, backdoor, baselining, bastion host, business areas, capability, chief information agency officer, chief information officer, common gateway interface, computer abuse, contingency plan, contingency planning, controlled access protection, covert channel, covert storage channel, covert timing channel, critical, criticality assessment, defense-in-depth, defense-wide information assurance program, demilitarized zone, denial-of-service, discretionary access control, domain, domain name, domain name system, dual control, encapsulation, end-user, entry control, expert review team, facilities, failed logon, firewall, function, general support system, honeypot, identification, identification authentication, identity credential issuer, identity validation, identity-based security policy, information, information system, information technology, input, insider, interim accreditation action plan, internal security controls, intruder, intrusion, intrusion detection, intrusion detection systems, least privilege, lines of business, logic bombs, logical access control, login, major application, major information system, malicious applets, malicious logic, mandatory access control, misappropriation, multilevel secure, network configuration, network information services, noncomputing security methods, one-time pad, open systems interconnection, operating system, penetration, permissions, personal identification number, physical security, plan of actions and milestones, privileged access, process, proprietary protocol, requirements analysis, risk analysis, risk assessment, risk management, role-based access control, rule-based security policy, sandboxed environment, secure operating system, secure single sign-on, secure subsystem, security, security clearance, security compromise, security intrusion, security kernel, security label, security management, security management infrastructure, security perimeter, security policy, security service, security testing, security violation, segregation of duties, simulation modeling, single sign-on, spoofing, state variable, stress testing, system, system assets, system integrity, system integrity service, system life, system low, system retention/backup, system security policy, technical security policy, term rule-based security policy, test plan, thrashing, ticket, tokens, trust relationship, trusted gateway, unauthorized access, users, virtual private network, vulnerability, vulnerability assessment, website, work factor, worm,
resource encapsulation: IncludedBy:resource,; Includes:subject,; Related:access, access control, audit, process,
resource starvation: IncludedBy:resource,; Related:availability, computer, process, threat,
responder: Related:authentication,
response: Includes:Challenge-Response Authentication Mechanism, Forum of Incident Response and Security Teams, challenge-response protocol, challenge/response, computer emergency response team, computer emergency response teams' coordination center, computer security emergency response team, computer security incident response capability, computer security incident response team, emergency response, emergency response time, incident handling, incident response capability, response time,; Related:Attack Sensing and Warning, Challenge Handshake Authentication Protocol, Computer Incident Advisory Capability, Extensible Authentication Protocol, Guidelines and Recommendations for Security Incident Processing, IMAP4 AUTHENTICATE, POP3 AUTH, application proxy, authentication token, bit forwarding rate, challenge, contingency plan, contingency planning, covert channel, covert timing channel, domain name system, electromagnetic compatibility, emergency services, entity, functional testing, handler, hijacking, hypertext transfer protocol, identification authentication, identity, incident, infrastructure assurance, interactive mode, keystroke monitoring, mitigation, negotiated acquisition, network management protocol, nonce, object, online certificate status protocol, owner, polymorphism, process, proxy server, real-time reaction, security controls, server, smurf, solicitation, think time, troll, validation,
response force: Related:access, security, threat,
response time: IncludedBy:response,; Related:computer, process, system,
responsibility to provide: Related:users,
responsible individual: Related:trust,
restart: Related:computer, program,
restricted area: Includes:subject,; Related:access, access control, classified, control, property, security,
restricted data: Related:classified,
restructuring: Related:function, semantics, subject, system,
retrieval: Related:archive, backup, cryptographic, database management system, escrow, key, key recovery, non-repudiation service, operation, recover, world wide web,
retro-virus: IncludedBy:threat, virus,; Related:availability, backup, system,
reusability: Related:application, automated information system, computer, function, program,
reusable software asset: IncludedBy:software,
reverse engineering: IncludedBy:threat consequence,; Includes:reverse software engineering,; Related:code, computer, identify, process, program, subject, system, version,
reverse software engineering: IncludedBy:reverse engineering, software,; Related:process, requirements,
review board: Related:authority, system,
review techniques: Related:application, file, information, information security, integrity, security, security testing, system, test, vulnerability,
revision: Related:baseline, function,
revocation: Includes:X.509 authority revocation list, X.509 certificate revocation list, authority revocation list, certificate revocation list, certificate revocation tree, indirect certificate revocation list, revocation date,; Related:Abstract Syntax Notation One, access, certificate, certificate management services, certificate reactivation, certificate validation, classified, compromise, cryptographic key management system, decertification, distribution point, extension, invalidity date, key, key management, notary, online certificate status protocol, operation, process, public-key infrastructure, registration authority, security, security event,
revocation date: IncludedBy:public-key infrastructure, revocation,; Related:X.509, certificate, compromise, digital signature, key, signature,
revocation of facility security clearance: IncludedBy:security,; Related:classified,
revoke: HasPreferred:certificate revocation,
revoke a certificate
revoked: HasPreferred:revoked state,
revoked state: IncludedBy:key lifecycle state,; PreferredFor:revoked,; Related:X.509 certificate revocation list, certificate rekey, certificate renewal, certificate revocation list, certificate validation, code, cryptographic, delta CRL, distribution point, domain, invalidity date, key, key lifecycle state, lifecycle, online certificate status protocol, security association, unit of transfer,
Rexd: IncludedBy:internet,; Related:program,
risk: Antonym:security software,; IncludedBy:Secure Electronic Transaction, security,; Includes:IS related risk, IT-related risk, acceptable risk, attack, certification and accreditation, community risk, compromising emanation performance requirement, contamination, critical, debilitated, defect, designated approving authority, destruction, electromagnetic interference, enterprise risk management, failure, false negative, false positive, illegal, incapacitation, information security risk, loop, maintenance hook, operational risk, qualitative risk assessment, remote logon, residue, risk assessment methodology, risk assessment report, risk assessor, risk avoidance, risk evaluation, risk executive, risk identification, risk management, risk management framework, risk mitigation, risk model, risk monitoring, risk plane, risk reduction analysis, risk response, risk response measure, risk tolerance, risk treatment, risk value, risk-adaptable access control, risk-based, risk-informed decisionmaking, security-relevant event, shared account, threat, total risk, unauthorized disclosure, undesired signal data emanations, untrusted process, web risk assessment,; Related:Clinger-Cohen Act of 1996, Common Criteria for Information Technology Security Evaluation, Defense Information Systems Network Designated Approving Authority, IA infrastructure, IT security policy, Wassenaar Arrangement, accreditation, accreditation disapproval, accreditation phase, accreditation range, acknowledged special access program, adequate security, adjudicative process, adversary, approval to operate, association, assured information sharing, authorization (to operate), authorize processing, authorized, authorizing official, availability, backdoor, blue team, business case, business continuity plan, capability, certification agent or certifier, certification analyst, certification package, certifier, class 2, 3, 4, or 5, clean system, common vulnerabilities and exposures, computer, confinement, contingency plan, continuity of operations plan, continuous monitoring, controlled security mode, cost/benefit analysis, counterintelligence assessment, cover-coding, cryptoperiod, cybersecurity, cyberspace, dangling vulnerability, defense-in-breadth, defense-in-depth, denial time, designated accrediting authority, designated approval authority, disaster recovery plan, effectiveness, enterprise, entity, entity-wide security, environment of operation, exposures, fault tolerance, function, graduated security, group user id, inadvertent disclosure, independent validation authority, information, information security, infrastructure assurance, infrastructure protection, interconnection security agreements, interdependence, interim accreditation action plan, letter of compelling need, level of protection, levels of concern, likelihood of occurrence, low probability of detection, low probability of intercept, major application, malicious, management controls, management countermeasure, management security controls, minimum level of protection, minor application, monitoring and evaluation, multi-hop problem, multilevel device, operation, operations security, operations security process, policy-based access control, post-accreditation phase, pre-certification phase, privacy impact assessment, purge, qualitative assessment, quantitative assessment, redundancy, resilience, robustness, root cause analysis, rules of behavior, safety, scoping guidance, security control effectiveness, security controls, security countermeasures, security goals, security purpose, security safeguards, security-relevant change, semi-quantitative assessment, separation of duties, significant change, simulation modeling, single-hop problem, situational awareness, special information operations, symmetric cryptography, system, system security authorization agreement, system security plan, tactical edge, target, technical vulnerability, technology control plan, test plan, trusted gateway, trusted process, unacknowledged special access program, vaulting, virus scanner, virus-detection tool, work factor,
risk analysis: IncludedBy:analysis, risk management,; Includes:business impact analysis, cost-risk analysis, gap analysis, security fault analysis, security objectives, security requirements, security specifications, security testing, threat analysis, vulnerability analysis,; Related:application, assessment, compromise, countermeasures, critical, evaluation, identification, identify, information, management, process, resource, system, threat, vulnerability,; Synonym:risk assessment,
risk assessment: IncludedBy:assessment, risk management,; Related:analysis, control, countermeasures, critical, critical infrastructures, criticality assessment, evaluation, exposures, function, identification, identify, impact, information, management, operation, process, resource, system, threat, vulnerability,; Synonym:risk analysis,
risk assessment methodology: IncludedBy:risk,
risk assessment report: IncludedBy:risk,
risk assessor: IncludedBy:risk,
risk avoidance: IncludedBy:risk,; Related:access, assessment, evaluation, intelligence,
risk evaluation: IncludedBy:evaluation, risk,; Related:criteria, identify, process,
risk executive: IncludedBy:risk,; Related:authorization,
risk identification: IncludedBy:identification, risk,; Related:analysis, identify, object, process, threat, vulnerability,
risk index: IncludedBy:risk management,; Includes:security range,; Related:authorization, classification levels, classified, process, system, users,
risk management: IncludedBy:management, risk, security,; Includes:Automated Information System security, access control, automated security monitoring, availability, best practices, configuration management, consequence management, continuity of services and operations, control objectives, countermeasures, crisis management, critical infrastructures, disaster recovery, emergency shutdown controls, entrapment, environmental failure protection, external security controls, failure control, flaw hypothesis methodology, internal security controls, mitigation, penetration study, pseudo-flaw, recommended practices, reliability, remediation, risk analysis, risk assessment, risk index, risk-based management, security enforcing, security evaluation, security measures, security mechanism, security policy, security-critical mechanisms, segregation of duties, test, threat consequence, threat monitoring, user profile, waiver,; Related:analysis, assessment, authority, authorization, control, cost/benefit analysis, cybersecurity, disaster recovery plan, entity, evaluation, function, identification, identify, information, information systems security engineering, infrastructure assurance, management controls, monitoring and evaluation, operation, opportunity cost, policy, process, program, resource, security controls, security software, strengths, weaknesses, opportunities, threats, system, technology, vulnerability,
risk management framework: IncludedBy:management, risk,
risk mitigation: IncludedBy:risk,; Related:control, management,
risk model: IncludedBy:risk,
risk monitoring: IncludedBy:risk,; Related:management,
risk plane: IncludedBy:risk,; Related:attack, operation,
risk reduction analysis: IncludedBy:analysis, risk,; Related:control,
risk response: IncludedBy:risk,
risk response measure: IncludedBy:risk,
risk tolerance: IncludedBy:risk,
risk treatment: IncludedBy:risk,; Related:IT security, computer security, evaluation, process,
risk value: IncludedBy:risk,; Related:attack, threat, vulnerability,
risk-adaptable access control: IncludedBy:access, control, risk,; Related:authorization,
risk-based: IncludedBy:risk,; Related:IT security,
risk-based management: IncludedBy:risk management,
risk-informed decisionmaking: IncludedBy:risk,
Rivest Cipher 2: IncludedBy:cipher, symmetric algorithm,; Related:algorithm, encryption, key, security,
Rivest Cipher 4: IncludedBy:cipher, symmetric algorithm,; Related:algorithm, encryption, key, security,
Rivest, Shamir, and Adleman: HasPreferred:Rivest-Shamir-Adleman algorithm,
Rivest-Shamir-Adleman: HasPreferred:Rivest-Shamir-Adleman algorithm,
Rivest-Shamir-Adleman algorithm: IncludedBy:algorithm, asymmetric algorithm, public-key cryptography,; Includes:public-key cryptography standards,; PreferredFor:Rivest, Shamir, and Adleman, Rivest-Shamir-Adleman,; Related:authentication, cipher, communications, cryptographic, destruction, digital signature, encryption, function, hash, integrity, key, key management, message, process, public-key, random, security, signature, standard, test,
robust security network: IncludedBy:network, security,
robustness: IncludedBy:assurance,; Related:analysis, compromise, confidence, countermeasures, function, risk, software reliability, system, threat, vulnerability,
rogue device: Related:authorized, threat,
role: IncludedBy:target of evaluation,; Includes:role-based access control,; Related:FIPS PUB 140-1, Guidelines and Recommendations for Security Incident Processing, IA-enabled information technlogogy product, IP splicing/hijacking, authorization, brand, common criteria, end entity, function, gas and oil production, storage and transportation, major information system, online attack, operator, organizational registration authority, personality label, physical access control, policy approving authority, policy creation authority, public-key infrastructure, registration, reserve account, subordinate certification authority, system, system entity, system security officer, transportation, trust, users,
role-based access control: IncludedBy:access, control, role,; Related:authorization, entity, function, identity, process, resource, subject, system,
rolling cost forecasting technique: IncludedBy:business process,; Related:system, update,
root: IncludedBy:multilevel information systems security initiative, public-key infrastructure,; Related:authority, certificate, certification, entity, key, operation, policy, public-key, subject, system, trust, users,
root CA: IncludedBy:certification authority,; Related:authority, certificate,
root cause analysis: IncludedBy:analysis,; Related:identify, risk,
root certificate: IncludedBy:certificate,; Related:certification, key, public-key, subject,
root certification authority: IncludedBy:certification,; Related:security, trust,
root key: IncludedBy:key,; Related:public-key,
root registry: IncludedBy:multilevel information systems security initiative,; Related:authority, policy,
rootkit: IncludedBy:attack, malicious code,; Related:access, access control, compromise, computer, covert, file, function, information, malicious, message, network, passwords, software, standard, system,
rotational delay: Related:automated information system,
round key: IncludedBy:key,
round-function: IncludedBy:function,; Related:hash,
router: IncludedBy:internet,; Includes:brouters, filtering router, router flapping, router-based firewall, screening router, tunneling router,; Related:Extensible Authentication Protocol, IA-enabled information technlogogy product, Terminal Access Controller Access Control System, autonomous system, bastion host, bridge, computer, connection, deny by default, end-to-end encryption, entity, firewall, gateway, internet control message protocol, internet protocol, message, network, network device, packet filtering, packet filtering firewall, protocols, proxy server, screened host firewall, smurf, system resources, technology area, trusted process, vendor,
router flapping: IncludedBy:router,; Related:update,
router-based firewall: IncludedBy:firewall, router,; Related:network, security,
routine changes: Related:access, security,
routing: Related:information, process,
routing control: IncludedBy:control,; Related:application, network, process,
RSA algorithm: IncludedBy:algorithm,; Related:cryptographic, key, public-key,
rule-based security policy: IncludedBy:policy, security,; Related:access, access control, control, object, resource, subject, users,
rules based detection: Related:intrusion, intrusion detection, misuse detection model, security software, signature, system, vulnerability,
rules of behavior: Related:access, access control, connection, internet, risk, security, system,
rules of engagement: Related:authority, information, information security, security, security testing, test,
ruleset: IncludedBy:firewall,; Related:access, access control, allowed traffic, control, demilitarized zone, illegal traffic, interface, network, policy, protected network, rejected traffic, security association, signature, system, test, unprotected network,
run: Related:computer, program,
run manual: Related:application, message, recovery,
S-box: Related:authentication, privacy, security,
S/Key: IncludedBy:key,; Related:application, authentication, cryptographic, function, hash, login, security, users,
safeguarding and safeguarding measures: Related:classified,
safeguarding statement: Related:authorized, classified, computer, control, process,
safeguards: HasPreferred:security safeguards,
safety: Related:control, damage, property, risk, software, system,
safety-critical software: IncludedBy:critical, software,; Related:automated information system, system,
salami technique: IncludedBy:threat,; Related:process,
salt: Related:access, access control, attack, control, control systems, cryptographic, encryption, entity, function, message, passwords, process, random, signature, system,
SAML authentication assertion: IncludedBy:authentication, security assertion markup language,; Related:information, subject,
sample: Related:information, test,
sampling distribution
sampling error: Related:confidence, precision,
sampling frame: Related:access, access control, file,
Samurai: Related:hackers, privacy,
sandboxed environment: IncludedBy:access control,; Related:access, authentication, control, file, integrity, malicious, non-repudiation, privacy, process, program, resource,
sandboxing: Related:access, control, software, trust,
sanitization: IncludedBy:requirements, security,; Related:analysis, information, network, purging,
sanitize: Related:classification levels, classified, file, information, process, recovery, security, system,
sanitizing: Related:analysis, classified, information,
sas 70 report: Related:audit, standard,
SATAN: IncludedBy:intrusion, security software,; Related:identify, network, program, system, vulnerability,
SAVILLE Advanced Remote Keying: IncludedBy:key,
SCADA server: Related:system,
scalability: Related:application, code, open system environment, scoping guidance, software, system,
scaling
scan: Related:computer, connection, internet, program, software,
scanning: IncludedBy:attack,; Related:information, system,
scattered castles: Related:access, intelligence, security,
scatternet
scavenging: IncludedBy:attack, threat consequence,; Includes:object,; Related:authorized, cryptography, system,
scenario: Related:attack, critical, target,
scheduled records
scheme: Related:assessment, criteria, cryptographic, protocols,
scope: Related:security,
scope of a requirement: IncludedBy:requirements, trusted computing base,; Includes:object, subject,; Related:application, interface, program, users,
Scope of Accreditation: IncludedBy:Common Criteria Testing Laboratory, accreditation,; Related:IT security, computer security, criteria, evaluation, security, technology, test, validation,
scoping guidance: Related:access, access control, control, risk, scalability, security, technology,
scrambling: Related:attack,
scratch pad store
screen scraping: Related:access, access control, automated information system, computer, information, process, target,
screened host firewall: IncludedBy:automated information system, firewall,; Related:application, gateway, router,
screened subnet firewall: IncludedBy:firewall,; Related:gateway, network, system,
screening router: IncludedBy:router,; Related:firewall, network, security,; Synonym:filtering router,
script: Related:computer, file,
script bunny: IncludedBy:hackers,; Related:computer, program,
seal: Related:cryptography, digital signature, integrity, object, signature,
secrecy policy: IncludedBy:policy,; Related:authorized, information, security, security policy, users,
secret: IncludedBy:TOE security functions, classification levels,; Related:authentication, authorized, classified, damage, entity, information, key, operation, passwords, private key, shared secret, system, tokens, users,
secret and below interoperability
secret key: IncludedBy:key, secret-key cryptography, symmetric algorithm,; Related:algorithm, attack, classified, cryptographic, message,
secret seed: Related:authentication, privacy, security,
secret-key cryptography: IncludedBy:cryptography, key,; Includes:secret key,; PreferredFor:private-key cryptography,; Related:algorithm, cipher, cryptographic, encryption, message, standard,
sector: Related:function,
sector coordinating council
sector coordinator: Related:critical, critical infrastructures, information, system,
sector liaison: Related:critical, critical infrastructures, information, system,
sector partnership model
sector specialists
sector-specific agency
sector-specific plan
secure channel: Related:information, security,
secure communication protocol: Related:authentication,
secure communications: IncludedBy:communications,; Related:security, telecommunications,
secure configuration management: IncludedBy:configuration management,; Related:computer, control, policy, security, software, system,
secure copy: Related:security, target,
secure data device: Related:access, classified, users,
Secure Data Exchange: IncludedBy:security protocol,; Related:communications security, network, protocols, standard,
Secure Data Network System: IncludedBy:network, security protocol, system,; Related:National Security Agency, email, key, key management, message, program, protocols,
secure digital net radio interface unit: IncludedBy:interface,; Related:security,
secure DNS: Related:authentication, integrity, security,
Secure Electronic Transaction: Includes:SET private extension, SET qualifier, acquirer, baggage, bank identification number, brand, brand CRL identifier, brand certification authority, cardholder, cardholder certificate, cardholder certification authority, certificate, certificate policy, certification, certification hierarchy, dual signature, electronic commerce, encryption, geopolitical certificate authority, issuer, key, merchant, merchant certificate, merchant certification authority, payment card, payment gateway, payment gateway certification authority, primary account number, registration authority, risk, tokens, tunnel,; Related:authentication, confidentiality, information, integrity, internet, network, owner, protocols, standard,
secure envelope: Related:entity, evidence, integrity, key, security,
secure erase
secure hash algorithm: IncludedBy:algorithm, hash, integrity,; Related:cryptographic, digital signature algorithm, file, message,
secure hash standard: IncludedBy:hash, standard,; Related:algorithm, authentication, code, cryptographic, cryptography, function, key, message, random, signature,
secure hypertext transfer protocol: IncludedBy:internet, protocols, security protocol, world wide web,; Related:algorithm, certificate, communications, cryptographic, integrity, key, key management, message, model, operation, privacy, public-key, public-key infrastructure, trust,; Synonym:secure socket layer,
secure mobile unit: Related:security,
secure multipurpose internet mail extensions: IncludedBy:email, encryption, internet, key, multipurpose internet mail extensions, security protocol,; Related:message, protocols, public-key, technology, version,; Synonym:Secure/MIME,
secure network server: IncludedBy:network, security,; Related:gateway,
secure operating system: IncludedBy:system,; Related:classified, control, function, resource, software,
secure profile inspector: IncludedBy:file, profile, security,; Related:network,
secure shell: IncludedBy:internet,; Related:authentication, confidentiality, connection, encryption, integrity, login, network, protocols, tunnel, users,
secure single sign-on: IncludedBy:authorization, passwords,; Related:access, access control, audit, integrity, logon, non-repudiation, privacy, requirements, resource, security, single sign-on,
secure socket layer: IncludedBy:security protocol, world wide web,; Related:algorithm, application, authentication, communications, confidentiality, connection, cryptography, encryption, entity, hash, hypertext transfer protocol, identity, integrity, internet, internet protocol security, internet security protocol, key, network, privacy, protocols, public-key, remote access software, standard, system, transport layer security, users, version,; Synonym:secure hypertext transfer protocol,
secure state: IncludedBy:access control,; Includes:object, subject,; Related:access, authorized, system,
secure subsystem: IncludedBy:system,; Includes:object, subject,; Related:control, resource, security,
secure telephone unit: Related:security,
Secure Telephone Unit III: Related:classified, security,
secure terminal equipment: Related:security,
secure working area: Related:access,
Secure/MIME: IncludedBy:internet,; Related:digital signature, encryption, message, protocols, signature,; Synonym:secure multipurpose internet mail extensions,
security: IncludedBy:accreditation,; Includes:C2-protect, Common Criteria for Information Technology Security, Common IP Security Option, Cryptographic Application Program Interface, Defense Central Security Index, Defense Industrial Security Clearance Office, Defense Security Service, Defense Security Service Personnel Investigations Center, Generic Upper Layer Security, IP security, IT security achitecture, IT security architecture, IT security awareness, IT security controls, IT security database, IT security education, IT security goal, IT security investment, IT security metrics, IT security objective, IT security plan, IT security support functions, IT security training, National Industrial Security Advisory Committee, National Security Agency, National Security Agency/Central Security Service, National Security Decision Directive, National Security Decision Directive 145, National Security Directive, National Security Emergency Preparedness, National Security Telecommunications Advisory Committee, Sensitive Information Computer Security Act of 1987, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Standard Security Label, Standards for Interoperable LAN/MAN Security, TEMPEST, TOE security policy model, access control, accredited security parameter, acoustic security, activity security manager, add-on security, adequate security, administrative security, adversary, application program interface, application-level firewall, approved security container, approved security function, assurance, asynchronous transfer mode, attack, audit, authentication, authorized data security association list, automated data processing security, automated information system, availability, awareness (information security), baseline, baseline security, binding of security functionality, biometrics, call back, call back security, classified, closed security environment, code division multiple access, cognizant security agency, cognizant security office, common data security architecture, communication and data security architecture, communications deception, communications security, communications security monitoring, compensating security controls, computer emergency response team, computer security, computer security toolbox, concept of operations, contractor special security officer, contractor/command program security officer, control zone, correctness proof, cryptographic security, cybersecurity, damage to the national security, data encryption security association type indicator, data security, dedicated security mode, defense-in-depth, developer security, dial-up security, downgrade, dual control, economy of mechanism, electronic personnel security questionnaire, electronic security, emission security, encapsulating security payload protocol, end-to-end security, entity-wide security, extraordinary security measures, facility security clearance, formal model of security policy, formal security policy, front-end security filter, functional security requirements specification, future narrow band digital terminal, generally accepted system security principles, global command and control system, global information grid, global network information environment, graduated security, guard, hash, host-based security, hybrid security control, identity-based security policy, incident of security concern, industrial security, informal security policy, information security, information security architect, information security architecture, information security program plan, information system and network security, information system security engineer/system design security officer, information systems security product, information systems security representative, interconnection security agreements, interim security clearance, internet control message protocol, key management, labeled security protections, layered solution, management security controls, motivation, multi-security level, multilevel security, multilevel security mode, multiple security levels, mutual suspicion, mutually suspicious, national security information, national security system, national security-related information, network layer security, non-discretionary security, non-technical countermeasure, noncomputing security methods, nonkernel security related, open security, open security environment, open system interconnection model, open systems security, operational data security, operations security, operations security assessment, operations security indicator, operations security plan, operations security process, operations security program, operations security survey, operations security working group, organisational security policies, organization computer security representative, overseas security policy board, parity, partitioned security mode, personal security environment, personnel security, personnel security - issue information, personnel security clearance, personnel security determination, personnel security exceptions, personnel security interview, personnel security investigation, personnel security program, personnel security questionnaire, physical security waiver, practices dangerous to security, procedural security, program channels or program security channels, program security officer, protection needs elicitation, protective security service, questionnaire for national security positions, revocation of facility security clearance, risk, risk management, robust security network, rule-based security policy, sanitization, secure network server, secure profile inspector, security architecture, security assertion markup language, security association lifetime, security attribute, security authority, security awareness, training, and education, security banner, security breach, security categorization, security category, security certificate, security certification level, security class, security classification guides, security clearance, security cognizance, security compromise, security concept of operations, security control assessment, security control assessor, security control baseline, security control effectiveness, security control enhancements, security control inheritance, security controls, security countermeasures, security director, security domain, security element, security engineering, security environment, security environment changes, security environment threat list, security event, security fault analysis, security features users guide, security filter, security flaw, security flow analysis, security functions, security gateway, security goals, security impact analysis, security in-depth, security incident, security information object, security information object class, security infraction, security inspection, security intrusion, security label, security level, security management, security management dashboard, security management infrastructure, security markings, security model, security net control station, security objectives, security officer, security parameters index, security plan, security policy automation network, security policy board, security policy information file, security posture, security profile, security program manager, security program plan, security protocol, security purpose, security range, security relevant, security requirements review, security service, security situation, security software, security specifications, security strength, security tag, security target, security test & evaluation, security testing, security threat, security token, security violation, security zone, security-compliant channel, security-relevant change, security-relevant information, security/suitability investigations index, semantic security, separation of duties, signals security, signature, site security manager, software security, special security center, special security officer, strength of mechanisms, subject security level, system security authorization agreement, system security management, system security officer, system-specific security control, systems security steering group, tailored security control baseline, tamper, technical countermeasures, technical security, technical security controls, telecommunications and automated information systems security, term rule-based security policy, time division multiple access, top-level security objectives, traffic-flow security, training (information security), transmission security, transmission security key, transport layer security, trusted computing system, tunneling router, unfavorable personnel security determination, virtual network perimeter,; Related:Abrams, Jojodia, Podell essays, BLACK, BUSTER, British Standard 7799, CGI scripts, CKMS profile, COMSEC, DD 254 - Final, DD 254 - Original, Defense Central Index of Investigations, Defense Information Infrastructure, Defense Information Systems Network, Defense Information Systems Network Designated Approving Authority, Defense Travel Briefing, Defense Treaty Inspection Readiness Program, Defensive Information Operations, Department of Defense National Agency Check Plus Written Inquiries, Engineering, FIPS PUB 140-1, Federal Information Processing Standards, Federal Standard 1027, For Official Use Only Certified TEMPEST Technical Authority, IA architecture, IA infrastructure, IA product, IA-enabled information technlogogy product, IA-enabled product, IEEE 802.10, IMAP4 AUTHENTICATE, International Traffic in Arms Regulations, Internet Engineering Task Force, Management Act, Monitoring of Evaluations, National Voluntary Laboratory Accreditation Program, Office of Foreign Assets Control, Open Systems Interconnection Reference model, Orange book, PKIX, POP3 AUTH, POSIX, Post Office Protocol, version 3, RED, RED signal, RED team, RED team exercise, RED/BLACK concept, Rivest Cipher 2, Rivest Cipher 4, Rivest-Shamir-Adleman algorithm, S-box, S/Key, SOF-basic, SOF-high, SOF-medium, Scope of Accreditation, Secure Telephone Unit III, Suite B, TEMPEST approved, TEMPEST zoned equipment, TOP SECRET, TSEC, Trusted Computer System Evaluation Criteria, Type 1 key, Type 2 key, US-CERT, Wassenaar Arrangement, Yellow book, access, access control center, access control mechanisms, access control service, access control system, access eligibility determination, access evaluation, access national agency check and inquiries, access with limited privileges, accesses, accounting legend code, accreditation boundary, accreditation disapproval, accreditation package, accreditation phase, accreditation range, accrediting authority, acquisition systems protection, active state, adjudication, adjudicative process, adjudicator, administrative safeguards, adverse information, aggregation, agreement, alert, allocation, anonymity, anonymous, approval/accreditation, approved, approved access control device, approved electronic, mechanical, or electromechanical device, approved mode of operation, approved technologies list, approved test methods list, assessment, assessment objective, asset identification, assured information sharing, attribute certificate, authorization, authorization (to operate), authorized, authorized classification and control markings register, authorized vendor program, automated information system media control system, backdoor, background investigation, behavioral outcome, benign environment, beta i, beta ii, beyond A1, billets, binding, binding of functionality, blacklisting, blue team, body of evidence, boundary protection device, breach, browse access protection, cascading, category, caveat, center for information technology excellence, central adjudication facility, central services node, certificate, certificate domain, certificate policy, certification agent or certifier, certification analyst, certification authority, certification package, certification phase, certification practice statement, certification test and evaluation, classification, classifier, clean system, clearance, clearance certification, clearance level, cleared commercial carrier, cleared employees, closed storage, cloud computing, code amber, code red, code word, collateral information, command and control warfare, commodity service, common control, common control provider, common criteria, common misuse scoring system, communications, communications profile, community of interest, compartmentalization, compartmented mode, compliance-based, component, compromise, computer incident response team, concealment system, confidential, confidential source, conformant validation certificate, connectionless data integrity service, constant surveillance service, construction of TOE requirements, construction surveillance technician, consumers, contingency plan, continuous monitoring, contractor, control, control class, control family, control identification list, controlled access protection, controlled area/compound, controlled building, controlled interface, counterintelligence, covert channel, covert channel analysis, covert storage channel, covert timing channel, crack, crack root, cracker, credit check, criteria, critical asset, critical elements, critical mechanism, critical system, critical system files, criticality assessment, cross domain solution, cross-domain capabilities, cryptanalysis, cryptographic module, cryptography, cryptology, damage assessment, data compromise, data confidentiality service, data integrity service, database management system, declassification guide, declassification of AIS storage media, dedicated mode, deliverable, deliverables list, demilitarized zone, deny by default, derogatory information, designated, designated approving authority representative, designated laboratories list, designation policy, diameter, digital certificate, discretionary access control, disinfecting, documentation, domain, domain of interpretation, domain parameter, dominated by, dominates, due care, egress filtering, electronic questionnaire for investigative processing, element, eligibility, enclave, encrypted key, encryption, end cryptographic unit, endorsement, enhanced hierarchical development methodology, ensure, enterprise, enterprise architecture, entrance national agency check, environment of operation, establishment, evaluated system, evaluation, evaluation work plan, evaluator, examine, exception, expected output, expert review team, exploit, exploitable channel, exploitation, export license, extension, facilities accreditation, facilities certification, facility manager, false acceptance, false rejection, false rejection rate, family, filtering router, financial disclosure, firewall machine, flush, foreign disclosure, foreign liaison officer, foreign military sales, foreign travel briefing, formal access approval, formal development methodology, formal method, formal top-level specification, formal verification, full accreditation, function, functionality, functionality class, gateway, general controls, group of users, hackers, hacking, handle via special access control channels only, hardening, hardware and system software maintenance, high impact, high-impact system, https, identification data, identity, impact level, inadvertent disclosure incident, incident, incident handling, incident response capability, independent assessment, independent validation authority, indication, indistinguishability, information, information category, information domain, information flow control, information sharing environment, information steward, information type, infrastructure, ingress filtering, insider, insider threat, integrity policy, intelligence community, intent, interim accreditation, interim accreditation action plan, interim approval to operate, internal network, internal system exposure, internet key exchange protocol, interview, intrusion, intrusion detection, intrusion detection and prevention system, isolator, joint authorization, joint personnel adjudication system, joint use agreement, key establishment, key stream, keying material, language, least privilege, least trust, letter of compelling need, letter of intent, level of protection, levels of concern, line of business, line supervision, local agency check, logical access, logical completeness measure, loophole, low impact, low-impact system, major application, malicious, malware, management, management control processes, management controls, management countermeasure, management network, mandatory access control, master crypto-ignition key custodian, media protection, minor application, minor derogatory information, mission critical, misuse, mode of operation, model, moderate impact, moderate-impact system, modes of operation, multi-hop problem, multilevel device, multilevel mode, multilevel secure, national agency check, national agency check plus written inquiries, national agency check with local agency checks and credit check, national intelligence, national vulnerability database, naval coastal warfare, network address translation, network front-end, network management, network management software, network sponsor, network system, network trusted computing base, no-lone zone, non-disclosure agreement, non-repudiation, non-repudiation service, non-repudiation token, nonce, null, object identifier, observation reports, office of personnel management, officer, on-access scanning, on-demand scanning, one-time access, open storage, open storage area, operation, operational controls, operations manager, optional modification, original classification, out-of-band, outside(r) threat, outsourced information technology based process, over-the-air rekeying, overt testing, overwrite procedure, owner, package, packet filter, parameters, party, pass/fail, patch, penetration test, people, periods processing, personal financial statement, personal firewall, personalization service, personally identifiable information, physical and environmental protection, physical protection, platform it interconnection, policy, policy certification authority, post-accreditation phase, pre-certification phase, print suppression, privacy, privacy protection, privilege, privileged command, privileged process, privileged user, probe, producers, product rationale, profile, program, program manager, property, protected distribution systems, protection philosophy, protection profile, proxy server, public confidence, public key enabling, public law 100-235, public-key cryptography standards, public-key derivation function, public-key forward secrecy, public-key infrastructure, quality, quality of protection, quality of service, quarantining, random, reciprocity, reference monitor, references, registration, relay station, remote access, remote diagnostics, remote maintenance, report of investigation, requirements, requirements for procedures and standards, resource, response force, restricted area, review techniques, revocation, root certification authority, router-based firewall, routine changes, rules of behavior, rules of engagement, sanitize, scattered castles, scope, scoping guidance, screening router, secrecy policy, secret seed, secure DNS, secure channel, secure communications, secure configuration management, secure copy, secure digital net radio interface unit, secure envelope, secure mobile unit, secure single sign-on, secure subsystem, secure telephone unit, secure terminal equipment, security safeguards, senior officials of the intelligence community, sensitive compartmented information facility - fixed facility checklist, sensitive compartmented information facility accreditation, sensitive information, sensitive label, sensitive position, service, signal flags, signed applet, significant change, simple network management protocol, single scope background investigation, single scope background investigation - periodic reinvestigation, single-hop problem, single-level device, site certification, situational awareness, smartcards, sneaker, special access program facility, special access programs central office, special access required programs oversight committee, special background investigation, special information operations, special investigative inquiry, special program document control center, specialized boundary host, specification, spillage, split knowledge, statement of reasons, status monitoring, suitability of functionality, suspicious event, system, system administrator, system and data integrity, system development and acquisition, system files, system high, system high mode, system integrity service, system interconnection, system low, system profile, system software, tactical approval to operate, tailoring, target identification and analysis techniques, target of evaluation, target vulnerability validation techniques, technical controls, technical non-repudiation, technical surveillance countermeasures, technical surveillance countermeasures inspection, technical surveillance countermeasures surveys and evaluations, technology, technology area, technology critical, terrorists, threat action, threat analysis, threat shifting, tiger team, token copy, token management, token restore, token storage key, tokens, top-level specification, training effectiveness evaluation, tranquility, transportation, trapdoor, tri-homed, trojan horse, trust anchor, trust level, trusted channel, trusted computing base, trusted network interpretation, trusted operating system, trusted third party, trustworthiness, trustworthy system, two-person control, two-person integrity, type 1 products, type 2 product, type accepted telephone, type certification, unfavorable administrative action, unified network, unit of transfer, upgrade, user partnership program, user registration, user representative, validate, validate vs. verify, validation, verification techniques, vishing, vulnerability, vulnerability analysis, vulnerability assessment, white team, wi-fi protected access-2, wired equivalent privacy, wireless local area network, work factor, zero-day exploit,
security architecture: IncludedBy:security,; Includes:computer architecture, network architecture,; Related:communications security, computer, computer security, emanation, emanations security, network, process, requirements, system, threat, users,
security assertion markup language: IncludedBy:security,; Includes:SAML authentication assertion,; Related:application, authentication, authorization, information, internet, interoperability, standard, trust,
security association: IncludedBy:association, security protocol,; Related:authentication, connection, connection establishment, establishment, information, internet protocol security, internet security protocol, policy, protocols, revoked state, ruleset, tunnel,
security association identifier: IncludedBy:association, security protocol,; Related:authentication, identify, key, protocols,
security association lifetime: IncludedBy:association, security,
security assurance: IncludedBy:assurance,; Related:access, classified, foreign, requirements,
security attribute: IncludedBy:security,; Includes:TOE security functions, object, subject,; Related:access, control, information, users,
security audit: IncludedBy:audit,; Related:attack, compromise, computer, control, countermeasures, object, policy, system, vulnerability,
security audit trail: IncludedBy:audit trail,; Related:evidence, operation, process, system,
security authority: IncludedBy:authority, security,; Related:domain, entity, policy,
security awareness, training, and education: IncludedBy:security,; Related:control, operation,
security banner: IncludedBy:security,; Related:access, users,
security breach: IncludedBy:security, threat,; Related:control, information, system,
security categorization: IncludedBy:security,
security category: IncludedBy:security,; Related:assessment, availability, information, integrity, operation, system,
security certificate: IncludedBy:certificate, security,; Related:connection, file, information, protocols,
security certification level: IncludedBy:certification, security,; Related:control, function, penetration, process, security testing, system, test, verification,
security class: IncludedBy:security,
security classification guides: IncludedBy:security,; Related:classified,
security clearance: IncludedBy:security,; Related:access, access approval, access control, authorization, authorized, classified, clearance level, collateral information, controlled access programs, information, policy, process, resource, special access program, standard, system, trust,
security cognizance: IncludedBy:security,
security compromise: IncludedBy:compromise, security,; Related:access, access control, authorized, classified, resource, system, unauthorized access,
security concept of operations: IncludedBy:security,; Related:users,
security control assessment: IncludedBy:control, security,; Related:evaluation, management, requirements,
security control assessor: IncludedBy:control, security,
security control baseline: IncludedBy:control, security,
security control effectiveness: IncludedBy:control, security,; Related:risk,
security control enhancements: IncludedBy:control, security,
security control inheritance: IncludedBy:control, security,
security controls: IncludedBy:control, security,; Includes:external security controls, internal security controls,; Related:IT security controls, access, access control, application controls, audit, authentication, availability, baseline controls, communications, computer related controls, confidentiality, connection, countermeasures, identification, incident, information, integrity, management, management controls, operation, operational controls, questions on controls, requirements, response, risk, risk management, software, system, technical controls,; Synonym:security measures,
security countermeasures: IncludedBy:countermeasures, security,; Related:risk, vulnerability,
security director: IncludedBy:security,; Related:access,
security domain: IncludedBy:domain, security,; Related:access, access control, classified, connection, information, object, policy, subject, system, users,
security element: IncludedBy:security,
security enforcing: IncludedBy:risk management, target of evaluation,; Includes:object,; Related:target,
security engineering: IncludedBy:security,; Related:development, requirements,
security environment: IncludedBy:security,; Related:operation, system,
security environment changes: IncludedBy:security,
security environment threat list: IncludedBy:security, threat,; Related:adversary, attack, compromise, criminal, critical, evaluation, evidence, intelligence, target,
security evaluation: IncludedBy:evaluation, risk management,; Related:accreditation, application, assurance, computer, information, operation, process, software, system, trust,
security event: IncludedBy:security,; Related:availability, backup, certificate, certification, compromise, computer, confidentiality, cryptographic, cryptography, incident, information, integrity, key, lifecycle, module, operation, public-key infrastructure, rekey, renewal, revocation, security incident, security-relevant event, software, system, test, update,
security fault analysis: IncludedBy:analysis, fault, risk analysis, security,; Related:assessment,
security features: IncludedBy:security safeguards,; Related:audit, function, software, system, users,
security features users guide: IncludedBy:security, users,; Related:system,
security filter: IncludedBy:security,; Includes:firewall,; Related:policy, system, trust,
security flaw: IncludedBy:security, threat,; Related:system,
security flow analysis: IncludedBy:analysis, flow, security,; Related:information, system,
security function policy: IncludedBy:function, policy, security policy,; Includes:object,
security functions: IncludedBy:function, security, target of evaluation,; Includes:object,; Related:policy, security testing, software, target, test,
security gateway: IncludedBy:gateway, security,; Related:internet protocol security, internet security protocol, network, protocols, system, trust,
security goals: IncludedBy:security,; Includes:accountability, assurance, availability, confidentiality, integrity,; PreferredFor:IT security goal,; Related:IT security, object, risk, system,
security impact analysis: IncludedBy:security,
security in-depth: IncludedBy:security,; Related:authorized,
security incident: IncludedBy:incident, security,; Includes:Guidelines and Recommendations for Security Incident Processing, IT security incident, automated security incident measurement, computer security incident, computer security incident response capability, computer security incident response team, program automated information system security incident support team,; Related:Forum of Incident Response and Security Teams, access, access control, activity security manager, authorized, classified, classified information spillage, communications security, compromise, computer, data compromise, inadvertent disclosure incident, information, network, policy, requirements, security event, security intrusion, suspicious event, system, unauthorized access, vulnerability,
security information object: IncludedBy:information, object, security,
security information object class: IncludedBy:information, object, security,
security infraction: IncludedBy:security,; Related:classified, compromise,
security inspection: IncludedBy:security,; Related:policy,
security intrusion: IncludedBy:incident, intrusion, security,; Related:access, access control, authorization, resource, security incident, system,
security kernel: IncludedBy:access control, reference monitor concept,; Related:access, computer, control, network, property, resource, software, system, trust,
security label: IncludedBy:security,; Includes:label, object, sensitivity label,; Related:access, access control, classification levels, classified, computer, control, critical, file, information, policy, resource, subject, system, virus,
security level: IncludedBy:security,; Includes:access level,; Related:access, classification levels, classified, information, object, subject, threat, users,
security management: IncludedBy:security,; Related:access, access control, control, information, network, process, resource,
security management dashboard: IncludedBy:management, security,
security management infrastructure: IncludedBy:key, security,; Related:access, access control, attack, authorization, certificate, compromise, control, encryption, function, information, policy, process, recovery, registration, rekey, resource, system,
security markings: IncludedBy:security,
security measures: IncludedBy:risk management,; Related:software, system,; Synonym:security controls,
security mechanism: IncludedBy:risk management,; Related:algorithm, assurance, authentication, digital signature, encryption, function, process, signature, software, system,
security model: IncludedBy:model, security,; Includes:Bell-LaPadula security model,; Related:system,
security net control station: IncludedBy:control, security,; Related:communications security, management, network, policy, system,
security objectives: IncludedBy:object, risk analysis, security, target of evaluation,; PreferredFor:IT security objective,; Related:accountability, assurance, confidentiality, integrity, system, target, threat,
security officer: IncludedBy:officer, security,; Related:system,
security parameters index: IncludedBy:security,; Related:association, connection, internet protocol security, internet security protocol, process, protocols, system,
security perimeter: IncludedBy:access control,; Includes:perimeter-based security,; PreferredFor:perimeter,; Related:authorization, boundary, code, communications, control, domain, external security testing, insider, internal security testing, policy, remote access, remote diagnostics, resource, system, trust,; Synonym:accreditation boundary,
security plan: IncludedBy:security,; Related:control, information, requirements, system,
security policy: IncludedBy:component operations, policy, risk management, security-relevant event,; Includes:FIPS approved security method, TOE security policy, corporate security policy, critical security parameters, cryptographic module security policy, formal security policy model, object, organisational security policy, security function policy, security policy model, system security policy, technical security policy, trusted functionality, trusted process, trusted subject, usage security policy,; Related:access, access control, authority, availability, confidentiality, critical, function, incident, information, information protection policy, information security, integrity, integrity policy, model, operation, process, program, requirements, resource, secrecy policy, software, system, technology, threat, users,
security policy automation network: IncludedBy:network, security,; Related:classified, computer network, foreign,
security policy board: IncludedBy:security,
security policy information file: IncludedBy:file, information, policy, security,; Related:domain,
security policy model: IncludedBy:model, policy, security policy,; Includes:anomaly detection model, misuse detection model,; Related:computer, criteria, evaluation, identify, information, system, trust, trusted computer system,
security posture: IncludedBy:security,; Related:software,
security profile: IncludedBy:security,
security program manager: IncludedBy:program, security,; Related:certification, policy, process, standard,
security program plan: IncludedBy:security,; Related:control, management, requirements,
Security Protocol 3: IncludedBy:protocols, security protocol,; Related:connection,
Security Protocol 4: IncludedBy:protocols, security protocol,; Related:connection,
security protocol: IncludedBy:protocols, security,; Includes:Challenge Handshake Authentication Protocol, Distributed Authentication Security Service, Extensible Authentication Protocol, Generic Security Service Application Program Interface, Identification Protocol, Internet Protocol Security Option, Internet Security Association and Key Management Protocol, Key Management Protocol, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Lightweight Directory Access Protocol, MIME Object Security Services, Message Security Protocol, Network Layer Security Protocol, Password Authentication Protocol, Secure Data Exchange, Secure Data Network System, Security Protocol 3, Security Protocol 4, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, Transport Layer Security Protocol, authentication header, encapsulating security payload, internet protocol security, multipurpose internet mail extensions, online certificate status protocol, point-to-point tunneling protocol, pretty good privacy, privacy enhanced mail, remote authentication dial-in user service, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure socket layer, security association, security association identifier, simple key management for IP, virtual private network,
security purpose: IncludedBy:security,; Related:computer security, object, risk, system,
security range: IncludedBy:risk index, security,; Related:network, system,
security relevant: IncludedBy:security, target of evaluation,; Includes:security-relevant event,; Related:function, target,
security requirements: IncludedBy:requirements, risk analysis, security target,; Includes:security requirements baseline,; Related:application, availability, computer security, information, integrity, policy, process, security testing, system, test,
security requirements baseline: IncludedBy:baseline, security requirements,; Related:system,
security requirements review: IncludedBy:requirements, security,
security safeguards: IncludedBy:Automated Information System security,; Includes:security features,; PreferredFor:safeguards,; Related:access, access control, availability, control, countermeasures, management, requirements, risk, security, security software, software, system,
security service: IncludedBy:security,; Related:access, authentication, availability, computer, control, management, process, requirements, resource, security software, system,
security situation: IncludedBy:security,; PreferredFor:situation,; Related:association, classification levels, classified, information, network, operation,
security software: Antonym:attack, risk, threat, vulnerability,; IncludedBy:security, software,; Includes:Intrusion Detection In Our Time, SATAN, Tiger, Tripwire, activity analysis, anomaly detection, antivirus software, attack signature recognition, authentication tools, automated security incident measurement, automated security monitoring, computer oracle and password system, email security software, encryption tools, firewall, integrity-checking tools, intrusion detection systems, intrusion detection tools, kerberos, remote authentication dial-in user service, security support programming interface, tcpwrapper, tinkerbell program, vaccines, virus scanner, virus-detection tool,; Related:Automated Information System security, alarm reporting, alarm surveillance, anti-spoof, audit, computer security object, countermeasures, risk management, rules based detection, security safeguards, security service, software security, trap, trusted computing system,
security specifications: IncludedBy:development process, risk analysis, security,; Related:system,
security strength: IncludedBy:security,; Related:algorithm, cipher, critical, cryptographic, encryption, information, operation, system,
security support programming interface: IncludedBy:Generic Security Service Application Program Interface, interface, program, security software, software,; Related:application, standard,
security tag: IncludedBy:security,; Related:information,
security target: IncludedBy:Common Criteria for Information Technology Security Evaluation, component extensibility, construction of TOE requirements, functional package, security, target, target of evaluation,; Includes:functional component, security requirements,; Related:IT security, assurance, baseline, computer security, correctness, criteria, deliverable, deliverables list, effectiveness, evidence, file, function, profile, protection profile, rating, security testing, suitability of functionality, system, test, threat, vulnerability assessment,
security test & evaluation: IncludedBy:evaluation, security, test,; Related:control, operation, process, system,
security test and evaluation: IncludedBy:software security, software system test and evaluation process, test,; Includes:security testing,; Related:analysis, computer, operation, system,
security testing: IncludedBy:risk analysis, security, security test and evaluation, test,; Includes:Common Criteria Testing Laboratory, Common Criteria Testing Program, acceptance testing, active security testing, ad hoc testing, black-box testing, boundary value testing, conformance testing, environmental failure testing, exhaustive testing, external security testing, functional testing, information security testing, interface testing, internal security testing, mutation testing, operational testing, passive security testing, penetration testing, pilot testing, regression testing, smart testing, stress testing, structural testing, syntax testing, system testing, testing, unit testing, verification, white-box testing,; Related:CASE tools, FIPS PUB 140-1, RED team, acceptance inspection, accreditation, application, blue team, boundary value analysis, certificate, certification, change management, component, countermeasures, credentials, flaw hypothesis methodology, function, homed, implementation under test, independent validation and verification, information processing standard, instrument, monitoring and evaluation, national information assurance partnership, negative tests, object, patch management, path coverage, penetration, penetration test, point of control and observation, process, protection profile, reference validation mechanism, resource, review techniques, rules of engagement, security certification level, security functions, security requirements, security target, system, system development lifecycle, target identification and analysis techniques, target vulnerability validation techniques, test cycle, test facility, test item, test key, test plan, test report, tiger team, trusted certificate, users,
security threat: IncludedBy:security, threat,; Related:adversary, exploit, operation, vulnerability,
security token: IncludedBy:security, tokens,
security violation: IncludedBy:security, threat,; PreferredFor:violation,; Related:access, access control, authorized, classified, compromise, control, information, penetration, policy, requirements, resource, system, threat consequence, unauthorized access, users,
security zone: IncludedBy:security,; Related:trust,
security-compliant channel: Antonym:covert channel,; IncludedBy:channel, security,; Related:computer security, evaluation, network, policy, trust,; Synonym:trusted channel,
security-critical mechanisms: IncludedBy:critical, risk management,; Related:operation, policy,
security-relevant change: IncludedBy:security,; Related:risk, users,
security-relevant event: IncludedBy:risk, security relevant,; Includes:access control, security policy, subject, users,; Related:IT security incident, access, audit, computer, control, file, login, logon, passwords, policy, security event, system,
security-relevant information: IncludedBy:security,
security/suitability investigations index: IncludedBy:security,
seed key: IncludedBy:key,; Related:process,
seek time
segregation of duties: IncludedBy:risk management,; Related:access, access control, authorized, computer, control, key, minimum essential infrastructure, operation, resource, unauthorized access,
selection
self-inspection: Related:evaluation,
self-signed certificate: IncludedBy:certificate,; Related:X.509, key, public-key, subject,
semantic security: IncludedBy:security,; Related:algorithm, cipher, cryptography, encryption, information,
semantics: Related:certificate validation, critical, formal, formal security policy model, formal specification, hypertext markup language, interoperability, meta-language, restructuring, semiformal,
semi-quantitative assessment: Related:risk,
semiformal: Related:semantics,
senior agency official: Related:classified,
senior foreign official: IncludedBy:foreign,; Related:access,
senior intelligence officer: IncludedBy:intelligence,; Related:foreign,
senior officials of the intelligence community: IncludedBy:intelligence,; Related:security,
senior review group: Related:access, intelligence,
sensitive: IncludedBy:classification levels,; Related:information, owner, users,
sensitive activities: Related:access, critical, intelligence,
sensitive but unclassified: IncludedBy:classification levels, classified, sensitive information,
sensitive but unclassified information: IncludedBy:classified,; Related:unclassified sensitive,
sensitive compartmented information: IncludedBy:information,; Related:access, access control, classified, control, control systems, intelligence, process, system,
sensitive compartmented information courier: Related:access,
sensitive compartmented information facility - coutilization
sensitive compartmented information facility - fixed facility checklist: Related:security,
sensitive compartmented information facility: IncludedBy:information,; Related:intelligence, process,
sensitive compartmented information facility accreditation: Related:authorization, intelligence, security,
sensitive compartmented information facility database: Related:intelligence,
sensitive information: IncludedBy:information,; Includes:critical and sensitive information list, sensitive but unclassified,; Related:access, access control, authority, authorized, classified, code, computer, computer security, control, criteria, damage, foreign, policy, privacy, program, requirements, security, system, unauthorized access,
Sensitive Information Computer Security Act of 1987: IncludedBy:security,; Related:information security, privacy, users,
sensitive label: Related:information, object, security,
sensitive position: Related:critical, security,
sensitivity: Related:information, owner,
sensitivity analysis: IncludedBy:analysis,; Related:process, program, test,
sensitivity label: IncludedBy:access control, security label,; Includes:object,; Related:access, classification levels, classified, control, information, subject, trust,
sensor: Related:flow, intrusion, intrusion detection, property, system,
sensor or monitor: Related:system,
separation of duties: IncludedBy:security,; Related:function, process, risk, system,
sequence number
serial number: HasPreferred:certificate serial number,
server: Related:computer, entity, file, network, process, program, response, system,
service: Related:access, security,
service-level agreement
servo valve: Related:control,
session hijack attack: IncludedBy:attack,; PreferredFor:session hijacking,; Related:authentication, authorized, communications, control, hijacking, users,
session hijacking: HasPreferred:session hijack attack,
session key: IncludedBy:kerberos, key, key recovery, trust, virtual private network,; Related:application, computer, connection, cryptographic, encryption, module, operation, random, rekey,
set point: Related:control, program,
SET private extension: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:X.509, certificate, encryption, hash, information, key, message, requirements, tunnel,
SET qualifier: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:algorithm, certificate, certification, email, hash, information, policy,
settlement: Related:owner, process,
shall: Includes:object,
shared account: IncludedBy:risk,; Related:users,
shared secret: Related:Challenge-Response Authentication Mechanism, POP3 APOP, authentication, cryptographic, cryptography, key, key agreement, out-of-band, passwords, personal identification number, remote authentication dial-in user service, secret,
shielded enclosure
shim: Related:code, intrusion, intrusion detection,
shipper: Related:consignor,
short title: Related:communications security, control, identify,
should: Includes:object,; Related:technology,
shoulder surfing: IncludedBy:attack,; Related:eavesdropping, identity theft,
shrink-wrapped software: IncludedBy:software,; Related:computer,
sign: Related:digital signature, object, signature,
signal flags: Related:intelligence, security,
signaling: Related:communications, connection, control, function, information, message, network, operation, process, system, telecommunications,
signaling system 7: IncludedBy:system,; Related:function, network, protocols,
signals analysis: IncludedBy:analysis, threat consequence,; Related:system,
signals security: IncludedBy:security,
signature: IncludedBy:security,; Includes:Digital Signature Standard, Elliptic Curve Digital Signature Algorithm, account authority digital signature, asymmetric signature system, attack signature, attack signature recognition, authentic signature, certification authority digital signature, continuous signature service, digital signature, digital signature algorithm, digitized signature, dual signature, electronic signature, penetration signature, pre-signature, private signature key, signature certificate, signature equation, signature function, signature generation, signature key, signature process, signature system, signature verification, valid signature, virus signature,; Related:ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman algorithm, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, access, access control, appendix, archive, assignment, asymmetric cryptographic technique, asymmetric cryptography, asymmetric keys, attack, attribute certificate, authenticate, authentication, authorized, bind, biometrics, brand CRL identifier, capacity, card personalization, certificate, certificate validation, certification path, cryptographic algorithm, cryptographic key, cryptographic system, cryptography, data encryption key, data input, data origin authentication service, digital certificate, digital notary, elliptic curve cryptography, email packages, email security software, encryption certificate, end entity, hash token, identification data, identify, incident, integrity, invalidity date, key, key pair, malware, merchant certificate, message, message digest, message representative, no prior relationship, non-recoverable part, non-repudiation, personality label, pretty good privacy, private key, process, public-key, public-key certificate, public-key cryptography, public-key infrastructure, public-key system, push technology, randomizer, recoverable part, relying party, revocation date, rules based detection, ruleset, salt, seal, secure hash standard, security mechanism, sign, signed message, signer, symmetric cryptography, system, threat, time-stamping service, triple DES, unauthorized access, unforgeable, vaccines, validate vs. verify, verification key, verification process, virus, virus definitions,; Synonym:indication,
signature certificate: IncludedBy:certificate, signature,; Related:X.509, cryptographic, digital signature, encryption, function, key, public-key,
signature equation: IncludedBy:signature,; Related:digital signature, function,
signature function: IncludedBy:function, signature,; Related:digital signature, domain, key, process, random,
signature generation: IncludedBy:signature,; Related:algorithm, key, process,
signature key: IncludedBy:key, signature,; Related:digital signature, entity, process,
signature process: IncludedBy:process, signature,; Related:digital signature, domain, key, message,
signature system: IncludedBy:signature, system,; Related:cryptographic, digital signature, verification,
signature validation: Related:assurance,
signature verification: IncludedBy:signature, verification,; Related:algorithm, key, process, public-key,
signed applet: IncludedBy:software,; Related:integrity, security, tamper,
signed data
signed message: IncludedBy:message,; Related:signature,
signer: Related:digital signature, entity, key, object, signature,
significant change: Related:analysis, application, critical, function, information, interface, process, risk, security, software, system,
significant derogatory information
silver bullet: Related:program,
simple authentication: IncludedBy:authentication,; Related:entity, identity, information, passwords, process,
Simple Authentication and Security Layer: IncludedBy:authentication, internet, security protocol,; Includes:kerberos, remote authentication dial-in user service,; Related:connection, key, protocols, users,
Simple Distributed Security Infrastructure: IncludedBy:Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure,
simple key management for IP: IncludedBy:key management, security protocol,; Related:integrity, privacy, protocols,
Simple Key-management for Internet Protocols: IncludedBy:internet, key management, protocols, security protocol,; Related:algorithm, encryption,
simple mail transfer protocol: IncludedBy:internet, protocols,; Related:application, computer, email, message, standard,
simple network management protocol: IncludedBy:internet, network, protocols,; Related:access, access control, application, authentication, authorization, availability, code, communications, confidentiality, control, cryptographic, cryptography, information, integrity, message, operation, passwords, security, software, standard, version,
Simple Public-Key Infrastructure: IncludedBy:Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, key, public-key,
Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure: IncludedBy:key, public-key, public-key infrastructure, security,; Includes:Simple Distributed Security Infrastructure, Simple Public-Key Infrastructure,; Related:authorization, authorized, certificate, network,
simple random sample: IncludedBy:random,
simple security condition: IncludedBy:Bell-LaPadula security model, simple security property,; Includes:object, subject,; Related:access, access control, model,
simple security property: IncludedBy:Bell-LaPadula security model, property,; Includes:object, simple security condition, subject,; Related:access, access control, model,
simulation modeling: IncludedBy:model,; Related:business process, computer, operation, process, program, resource, risk, test,
single loop controller: IncludedBy:control,; Related:critical, process,
single point keying: IncludedBy:key,
single scope background investigation - periodic reinvestigation: Related:access, classified, critical, intelligence, security,
single scope background investigation: Related:security,
single sign-on: Related:access, access control, application, authentication, computer, login, network, resource, secure single sign-on, system, trust, users,
single-hop problem: Related:risk, security, software,
single-level device: IncludedBy:modes of operation,; Related:information, process, security, system, trust,
site accreditation: IncludedBy:accreditation,; Related:application, baseline, entity, interoperability, operation, system,
site certification: IncludedBy:certification,; Related:accreditation, assessment, function, operation, requirements, security, system,
site information assurance manager: IncludedBy:assurance,; Related:users,
site security manager: IncludedBy:security,; Related:United States citizen,
situation: HasPreferred:security situation,
situational awareness: Related:risk, security, threat,
skimming: Related:authorization, authorized, owner,
Skipjack: IncludedBy:National Security Agency, symmetric algorithm,; Related:algorithm, cipher, classified, encryption, escrow, key, operation,
slot: IncludedBy:multilevel information systems security initiative,; Related:Fortezza, X.509, certificate, key, public-key infrastructure,
smart testing: IncludedBy:security testing, test,
smartcards: IncludedBy:tokens,; Includes:PIV issuer, contactless smart card, personal identity verification card,; Related:application, computer, function, identify, information, interface, key, owner, passwords, process, security, standard, tamper, users,
smurf: IncludedBy:attack,; Related:denial-of-service, exploit, message, network, program, response, router, smurfing, software,
smurfing: IncludedBy:attack,; Related:network, smurf, spoof,
snake oil: IncludedBy:threat,
snarf: IncludedBy:threat,; Related:file,
sneaker: IncludedBy:threat,; Related:security, test, tiger team,
sniffer: IncludedBy:exploit, internet,; Includes:packet sniffer,; Related:audit, computer, computer network, covert, identify, information, message, network, operation, passwords, program, sniffing, software, users,
sniffing: IncludedBy:threat,; Includes:ethernet sniffing, password sniffing,; Related:sniffer,
social engineering: IncludedBy:attack,; Includes:phishing,; Related:access, access control, adversary, authorized, computer, file, hoax, identity theft, impersonation, information, key, malicious, passwords, process, system, target, technology, theft, tokens, trust, users,
SOCKS: IncludedBy:internet,; Related:access, access control, application, authentication, authorized, computer, connection, encryption, network, object, protocols, unauthorized access,
SOF-basic: IncludedBy:strength of function, target of evaluation,; Related:analysis, attack, function, security,
SOF-high: IncludedBy:strength of function, target of evaluation,; Related:analysis, attack, function, security,
SOF-medium: IncludedBy:strength of function, target of evaluation,; Related:analysis, attack, function, security,
soft TEMPEST: IncludedBy:TEMPEST,; Related:computer, information, key, software,
software: Includes:CGI scripts, COTS software, Java, antispyware software, antivirus software, application, application program interface, application software, assured software, audit software, commercial off-the-shelf software, commercial software, computer-aided software engineering, cryptographic application programming interface, customer/contractor-supplied software, email security software, encryption software, hardware and system software maintenance, hardware or software error, imported software, mass-market software, mobile software agent, modular software, network management software, networking features of software, programming languages and compilers, public domain software, remote access software, reusable software asset, reverse software engineering, safety-critical software, security software, security support programming interface, shrink-wrapped software, signed applet, software architecture, software assurance, software build, software configuration management, software development, software development lifecycle, software development methodologies, software engineering, software enhancement, software library, software lifecycle, software maintenance, software operation, software performance engineering, software product, software publisher certificate, software quality assurance, software reengineering, software release, software reliability, software repository, software requirement, software security, software system test and evaluation process, software verification and validation, software-based fault isolation, spam filtering software, support software, system software, systems software, trusted software, virus, web content filtering software,; Related:Automated Information System security, CASE tools, CKMS component, COMSEC boundary, COMSEC material, Clark Wilson integrity model, Common Criteria for Information Technology Security, FIPS PUB 140-1, Fortezza, IT resources, IT security controls, IT security product, IT security support functions, Integrated CASE tools, PIV issuer, PKCS #11, TCB subset, TOE security functions, Tiger, Tripwire, Trusted Computer System Evaluation Criteria, acceptance inspection, access, access control, access control mechanisms, active content, add-on security, anomaly, antivirus tools, application data backup/recovery, application generator, application programming interface, approval/accreditation, archive, assurance, authentication, authentication code, authentication mechanism, automated data processing system, automated information system, automated security monitoring, availability, backdoor, baseline, bastion host, benchmark, black-box testing, bomb, boundary, browse access protection, candidate TCB subset, cardholder, certification authority workstation, certification test and evaluation, clean system, clear, cloud computing, code coverage, coding, common misuse scoring system, communications, completeness, component, computer, computer architecture, computer emergency response teams' coordination center, computer fraud, computer oracle and password system, computer security, computer security subsystem, computer security technical vulnerability reporting program, computer-assisted audit technique, computing security methods, configuration, configuration control, configuration control board, configuration item, configuration management, controlled security mode, conversion, correctness, critical system files, cryptographic boundary, cryptographic module, cryptographic product, cryptographic service, cyberattack, data driven attack, database management system, debug, development process, dictionary attack, disaster recovery plan, documentation, domain name system, dongle, electronically generated key, ethernet sniffing, evaluated products list, execute access, executive state, fail safe, fail soft, failure, failure access, failure control, fault, fault injection, fault tolerance, fault tolerant, file integrity checker, file integrity checking, firewall, firmware, formal development methodology, formal specification, front-end security filter, function, general support system, global information grid, group of users, hardware, hashed message authentication code, high assurance guard, host, host-based firewall, hot site, human-machine interface, implementation, implementation vulnerability, independent validation and verification, independent validation authority, information and communications, information assurance component, information processing standard, information systems security equipment modification, information technology, instrument, instrumentation, integrity, interface, internal security controls, interoperable, intrusion detection, intrusion detection systems, intrusion prevention system, key management infrastructure, keystroke monitoring, license, logic bombs, loophole, maintenance, maintenance hook, major application, malicious code, malicious logic, malware, management network, mechanisms, message authentication code vs. Message Authentication Code, message integrity code, metrics, middleware, mobile code, mobile code technologies, modes of operation, modularity, multi-hop problem, negative tests, network analyzer, network architecture, network management architecture, network protocol stack, network trusted computing base, noncomputing security methods, operating system, operations manager, oracle, overwrite procedure, packet sniffer, packet switching, passive security testing, password cracker, patch, patch management, path histories, pharming, pilot testing, platform, plug-in modules, portability, post-accreditation phase, pretty good privacy, privacy programs, process, product, program, protocol analyzer, protocols, proxy, proxy agent, proxy server, pseudo-random number generator, public-key infrastructure, quality attributes, rapid application development, read access, regression testing, release, reliability, remediation, remote access, rootkit, safety, sandboxing, scalability, scan, secure configuration management, secure operating system, security controls, security evaluation, security event, security features, security functions, security kernel, security measures, security mechanism, security policy, security posture, security safeguards, significant change, simple network management protocol, single-hop problem, smurf, sniffer, soft TEMPEST, source code, source code generator, spyware, subsystem, supply chain attack, symbolic execution, system, system and data integrity, system assets, system development methodologies, system life, system low, system retention/backup, system safety, system-high security mode, tcpwrapper, technical attack, technical controls, technical countermeasures, technical security controls, technical security policy, technical vulnerability, technological attack, technology, telecommuting, test bed, test bed configuration, test case generator, test case suite, test coverage, test cycle, test design, test environment, test execution, test item, test plan, test result analyzer, test suite, testability, tester, testing, theft of functionality, trapdoor, trojan horse, trust anchor, trust-file PKI, trusted channel, trusted computer system, trusted computing base, trusted distribution, trusted gateway, trusted path, trustworthy system, type accreditation, unit, unit testing, update access, user initialization, utility programs, validation, vendor, verification, verification and validation, version, virtual machine, virus scanner, virus signature, virus-detection tool, vulnerability, web server, wedged, workgroup computing,
software architecture: IncludedBy:software, software development,; Related:module,
software assurance: IncludedBy:assurance, software,; Related:function, lifecycle, vulnerability,
software build: IncludedBy:software, software development,; Related:operation, system, version,
software configuration management: IncludedBy:software, software development,
software development: IncludedBy:software, software product,; Includes:acceptance procedure, advanced development model, architectural design, change control and lifecycle management, closed security environment, compiler, configuration management, detailed design, development process, requirements, software architecture, software build, software configuration management, software development lifecycle, software development methodologies, software engineering, software enhancement, software lifecycle, software performance engineering, software quality assurance, software reengineering, software system test and evaluation process, software verification and validation, source code,; Related:independent validation and verification, integrated test facility, integration test, metrics, process, software security, test, test case, test cycle, test design, test facility, white-box testing,
software development lifecycle: IncludedBy:software, software development,
software development methodologies: IncludedBy:development assurance, software, software development, system development methodologies,; Includes:Gypsy verification environment, enhanced hierarchical development methodology, formal development methodology, hierarchical development methodology,; Related:computer, program, system,
software engineering: IncludedBy:software, software development,; Related:operation, system,
software enhancement: IncludedBy:software, software development,; Related:function,
software library: IncludedBy:software,; Related:archive, baseline, control,
software lifecycle: IncludedBy:software, software development, software product,; Related:operation, requirements, test,
software maintenance: IncludedBy:software,
software operation: IncludedBy:operation, software,
software performance engineering: IncludedBy:software, software development,; Related:object,
software product: IncludedBy:product, software,; Includes:mass-market software, software development, software lifecycle, software requirement,; Related:computer, program, users,
software publisher certificate: IncludedBy:certificate, software,
software quality assurance: IncludedBy:assurance, quality, software, software development,; Related:confidence, process, requirements, system,
software reengineering: IncludedBy:software, software development,; Related:process, subject, system,
software release: IncludedBy:software,; Related:update, version,
software reliability: IncludedBy:reliability, software,; Related:failure, fault, function, program, robustness, system,
software repository: IncludedBy:software,
software requirement: IncludedBy:requirements, software, software product,; Includes:object, software security, testability,; Related:users,
software security: IncludedBy:security, software, software requirement,; Includes:security test and evaluation,; Related:application, program, security software, software development, system,
software system test and evaluation process: IncludedBy:evaluation, process, software, software development, system, test,; Includes:security test and evaluation,; Related:baseline, function, interface, operation, requirements,
software verification and validation: IncludedBy:software, software development, validation, verification,
software-based fault isolation: IncludedBy:software,; Related:access, control, trust,
sole proprietorship
sole source acquisition
solenoid valve
solicitation: Related:information, response,
sound group: Related:requirements,
sound masking system: Related:threat,
sound transmission class
source authentication: IncludedBy:authentication,; Related:entity, identity,
source code: IncludedBy:code, software development,; Includes:source code generator,; Related:compiler, computer, object, program, software,
source code generator: IncludedBy:code, source code,; Related:application, requirements, software,
source data automation: Related:process,
source data entry: Related:computer, system, version,
source document: Related:classified,
source integrity: IncludedBy:integrity,; Related:confidence, information, trust,
source program: IncludedBy:program,; Related:access, access control, computer, system, trust,
source selection: Related:evaluation, policy, process, requirements, system,
spam: IncludedBy:email, threat,; Includes:spam filtering software, spamming,; Related:association, denial-of-service, internet, message, object, program,
spam filtering software: IncludedBy:software, spam,; Related:message, program,
spammers: IncludedBy:threat,; Related:attack, information,
spamming: IncludedBy:spam,; Related:message,
spanning port
special access office: IncludedBy:access,
special access program: IncludedBy:access, program,; Related:authority, control, critical, information, intelligence, operation, requirements, security clearance, threat,
special access program facility: IncludedBy:access, program,; Related:classified, information, security,
special access program/special access required: IncludedBy:access,; Related:authorized, requirements,
special access programs central office: IncludedBy:access,; Related:security,
special access programs coordination office: IncludedBy:access,
special access required programs oversight committee: IncludedBy:access,; Related:foreign, intelligence, security,
special activity: Related:foreign, intelligence, object,
special background investigation: Related:requirements, security,
special character
special information operations: IncludedBy:information, operation,; Related:process, requirements, risk, security,
special intelligence: IncludedBy:intelligence,
special investigative inquiry: Related:security,
special program document control center: Related:security,
special program review group: Related:access, object, requirements,
special security center: IncludedBy:security,; Related:intelligence,
special security officer: IncludedBy:security,
specialized boundary host: IncludedBy:boundary,; Related:security, users,
specific SIO class
specification: Related:requirements, security, system,
spillage: Related:classified, information, security,
split key: IncludedBy:key,; Related:cryptographic,
split knowledge: IncludedBy:key recovery,; Related:authorized, control, cryptographic, information, key, module, security,
sponsor: Related:authorized, certificate, entity, evaluation, subject, test,
sponsoring agency: Related:access, classified, intelligence,
spoof: IncludedBy:threat consequence,; Includes:DNS spoofing, address spoofing, anti-spoof, ip spoofing, spoofing attack,; Related:access, access control, authentication, authorized, entity, firewall, impersonating, masquerading, mimicking, phishing, smurfing, system, users,
spoofing: Antonym:anti-spoof,; IncludedBy:attack, masquerade,; Includes:DNS spoofing, address spoofing, ip spoofing,; Related:access, access control, authentication, authorized, computer, control, critical, hijack attack, identification, impersonation, information, process, resource, subject, system, trust, users,; Synonym:mimicking,
spoofing attack: IncludedBy:attack, masquerade, spoof,
spread
spread spectrum: Related:communications, information, telecommunications,
spyware: IncludedBy:malicious code,; Related:code, identity theft, information, malicious, malware, privacy, software, system, users,
spyware detection and removal utility: Related:computer, identify, incident, program,
SSO PIN: IncludedBy:multilevel information systems security initiative,; Related:Fortezza, access, authority, certification, control, function, identification, users,
SSO-PIN ORA: IncludedBy:multilevel information systems security initiative,; Related:Fortezza, function, users,
stakeholder: Related:program,
stand-alone automated information system: Related:classified,
stand-alone, shared system: IncludedBy:modes of operation, system,; Related:computer, users,
stand-alone, single-user system: IncludedBy:modes of operation, system, users,; Related:computer,
standalone system
standard: Includes:American National Standards Institute, American Standard Code for Information Interchange, British Standard 7799, Digital Signature Standard, Escrowed Encryption Standard, Federal Information Processing Standards, Federal Information Processing Standards Publication 140, Federal Standard 1027, International organization for standardization, Internet Standard, Internet Standards document, National Institute of Standards and Technology, Standard Security Label, Standards for Interoperable LAN/MAN Security, advanced encryption standard, data encryption standard, endorsed data encryption standard products list, extended industry standard architecture, industry standard architecture, information processing standard, international standards organization, interoperability standards/protocols, public-key cryptography standards, requirements for procedures and standards, secure hash standard, standard deviation, standard error of the mean, standard generalized markup language,; Related:Abstract Syntax Notation One, Advanced Mobile Phone Service, Basic Encoding Rules, COTS software, Clipper chip, Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security, Computer Security Objects Register, Cryptographic Application Program Interface, DoD Information Technology Security Certification and Accreditation Process, EE, Elliptic Curve Digital Signature Algorithm, FIPS PUB 140-1, Federal Criteria Vol. I, Generic Security Service Application Program Interface, Generic Upper Layer Security, Green book, IEEE 802.10, IEEE P1363, IT Security Evaluation Criteria, IT Security Evaluation Methodology, ITU-T, Information Technology Security Evaluation Criteria, Integrated services digital network, Internet Architecture Board, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Society, Internet Society Copyright, JTC1 Registration Authority, Law Enforcement Access Field, OSI architecture, Open Systems Interconnection Reference model, PC card, PCMCIA, PKCS #10, PKCS #11, PKCS #7, PKIX, POSIX, Post Office Protocol, version 3, Request for Comment, Rivest-Shamir-Adleman algorithm, Secure Data Exchange, Secure Electronic Transaction, TEMPEST, Transport Layer Security Protocol, Trusted Computer System Evaluation Criteria, Type III cryptography, X.400, X.500 Directory, acceptance inspection, accreditation, accreditation body, application program interface, assessment, audit, bandwidth, benchmark, center for information technology excellence, certificate, certificate chain, certificate chain validation, certificate request, certification authority, coefficient of variation, common criteria, communications protocol, compliance-based, computer architecture, conformance, consistency, country code, credentials, cryptographic module security policy, data authentication code, data authentication code vs. Data Authentication Code, data encryption algorithm, deliverable, development environment, dial-up capability, digital signature algorithm, dispersion, electronic data interchange, encryption, evaluation and validation scheme, evaluation authority, evaluation pass statement, extension, file transfer protocol, framing, incident, internet control message protocol, internet protocol, internet vs. Internet, judgment sample, key, key center, key distribution center, key recovery, key translation center, key-escrow system, leapfrog attack, legacy data, level of protection, media access control address, message authentication code vs. Message Authentication Code, network architecture, object identifier, octet, open system environment, open systems, open systems interconnection, operational environment, operational risk, operational risk exposure, origin authenticity, parameters, plug-in, preproduction model, pretty good privacy, privacy enhanced mail, private communication technology, protected communications, public law 100-235, public-key cryptography, public-key forward secrecy, public-key infrastructure, quality, random selection, rootkit, sas 70 report, secret-key cryptography, secure socket layer, security assertion markup language, security clearance, security program manager, security support programming interface, simple mail transfer protocol, simple network management protocol, smartcards, starting variable, stealth probe, stovepipe systems, system administrator, telnet, transmission control protocol, trust hierarchy, trust level, type 3 product, user data protocol, validation, vulnerability, wireless application protocol, wrap,
standard deviation: IncludedBy:standard,
standard error of the mean: IncludedBy:standard,
standard generalized markup language: IncludedBy:standard,; Includes:extensible markup language, hypertext markup language, markup language,; Related:automated information system, hypertext, wireless application protocol,
standard operating procedure
standard practice procedures: Related:classified, requirements,
Standard Security Label: IncludedBy:security, standard,
Standards for Interoperable LAN/MAN Security: IncludedBy:security, standard,; Related:key, key management, model, protocols,
star (*) property: HasPreferred:*-property,
Star Trek attack: IncludedBy:attack,; Related:system,
start-up KEK: Related:encryption, key, network,
starting variable: Related:application, operation, standard,
state: Related:information,
state delta verification system: IncludedBy:system, verification,; Related:code, confidence,
state transition diagram: Related:network,
state variable: Related:computer, resource, system,
stateful inspection
stateful packet filtering: IncludedBy:firewall, packet filtering,; Related:connection, control, information, process, proxy,
stateful protocol analysis: IncludedBy:analysis, protocols,; Related:file, identify, process, profile,
statement coverage: Related:test,
statement of reasons: Related:security, subject,
static analysis: IncludedBy:analysis,; Related:process, program, system,
static binding: IncludedBy:backup,; Related:association, object,
static key: IncludedBy:key,
statistic
statistical estimate: Related:evidence,
statistical process control: IncludedBy:control, process,; Related:application, quality,
status information: IncludedBy:information,; Related:cryptographic, cryptography, module, operation,
status monitoring: Related:security,
steady-state
stealth mode: Related:interface, intrusion, intrusion detection,
stealth probe: IncludedBy:threat,; Related:connection, intrusion, intrusion detection, network, protocols, standard,
steganography: Related:cryptography, message,
storage channel: HasPreferred:covert channel,
storage object: IncludedBy:object,; Related:access, access control,
store: Related:access, authorized, operation,
stovepipe systems: IncludedBy:system,; Related:computer, connection, function, standard,
strata
stratified random sample: IncludedBy:random,; Related:classified,
stream cipher: IncludedBy:cipher,; Related:algorithm, encryption, function, key, process, property, random,
strength of a requirement: IncludedBy:evaluation, requirements,; Related:attack, failure, function,
strength of encryption: HasPreferred:encryption strength,
strength of function: IncludedBy:TOE security functions, function, target of evaluation,; Includes:SOF-basic, SOF-high, SOF-medium,; Related:attack,
strength of mechanisms: IncludedBy:security, target of evaluation,; Related:algorithm, assessment, attack, target,
strengths, weaknesses, opportunities, threats: IncludedBy:threat,; Includes:SWOT analysis,; Related:risk management,
stress testing: IncludedBy:security testing, test,; Related:black-box testing, boundary value, program, requirements, resource, subject, system,
stretch goal: Related:process, quality,
striped core
strong authentication: IncludedBy:authentication,; Related:certificate, cryptographic, cryptography, entity, identity, information, key, process, public-key, public-key infrastructure,
structural testing: IncludedBy:security testing, test,; Related:function, program, system,
structured query language: Related:automated information system,
sub-function: IncludedBy:function,; Related:information, operation, system, version,
sub-registration authority: IncludedBy:authority, registration,
subassembly: Related:function,
subclass
subcommittee on Automated Information System security: IncludedBy:National Security Decision Directive 145, computer security, information, system,; Includes:Automated Information System security,; Related:authorized, communications, establishment, telecommunications,
Subcommittee on Information Systems Security: IncludedBy:computer security, information, system,
subcommittee on telecommunications security: IncludedBy:National Security Decision Directive 145, communications, communications security, telecommunications,; Related:authorized, computer security, establishment, information, system,
subcontract: Related:access, classified, requirements,
subcontractor
subject: IncludedBy:Bell-LaPadula security model, TCB subset, access, candidate TCB subset, component reference monitor, covert storage channel, declassification of AIS storage media, exploitable channel, granularity of a requirement, internal security controls, isolation, least privilege, list-oriented, network reference monitor, object reuse, owner, permissions, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource encapsulation, restricted area, scope of a requirement, secure state, secure subsystem, security attribute, security-relevant event, simple security condition, simple security property, technical policy, ticket-oriented, transaction, write,; Includes:domain, evidence subject, internal subject, process, subject matter expert, subject security level, trusted subject,; Related:Biba Integrity model, Biba model, MISSI user, PIV issuer, RA domains, SAML authentication assertion, TSF scope of control, X.500 Directory, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, access control lists, access mode, anti-spoof, attribute certificate, authentication, authenticity, authorized, automated security monitoring, batch process, bind, category, central office of record, certificate, certificate holder, certificate owner, certificate rekey, certificate renewal, certificate update, certificate user, certification path, certify, challenge and reply authentication, ciphertext-only attack, classification guide, collateral information, component, compromised key list, confidentiality, confinement property, contract, controlled area/compound, controlled building, credit check, data integrity, delegation of disclosure authority letter, discretionary access control, distinguished name, end entity, entity, exception, extension, file series, financial disclosure, flow, hash code, hash function, identity, identity theft, identity-based security policy, information, key, key management infrastructure, lead, letter of intent, limited background investigation, local agency check, mandatory access control, minimum background investigation, model, national security system, network, non-repudiation service, object, operation, pass/fail, personality label, personnel security exceptions, personnel security questionnaire, phased periodic reinvestigation, public domain software, public-key, public-key infrastructure, records, references, registration, registration authority, restructuring, reverse engineering, role-based access control, root, root certificate, rule-based security policy, security domain, security label, security level, self-signed certificate, sensitivity label, software reengineering, sponsor, spoofing, statement of reasons, stress testing, system, system entity, target of evaluation, type 1 products, users, validity period, vulnerability,; Uses:object,
subject matter expert: IncludedBy:subject,
subject security level: IncludedBy:security, subject,; Includes:object,; Related:access, access control, users,
subnetwork: IncludedBy:network,; Related:communications, interface, protocols, system,
subordinate certification authority: IncludedBy:authority, certification, multilevel information systems security initiative, public-key infrastructure,; Related:certificate, key, public-key, role, users,
subordinate distinguished name: IncludedBy:distinguished name,
subprocess: IncludedBy:process,
subscriber: Related:authentication,
subscriber station
subset-domain: IncludedBy:domain, trusted computing base,; Related:access, access control, evaluation, system,
subsidiary
substantial issue information: IncludedBy:personnel security - issue information,
substitution: IncludedBy:threat consequence,; Related:authorized, entity,
subsystem: IncludedBy:system,; Related:function, information, software, technology,
subtest: IncludedBy:test,
subversion: IncludedBy:attack, version,; Related:intrusion, operation,
suitability of functionality: IncludedBy:function, target of evaluation,; Related:assessment, security, security target, target, threat,
Suite A: Related:critical,
Suite B: Related:security,
superclass
superencryption: IncludedBy:encryption,; Related:cipher, communications, information, message, operation, process,
superior certification authority: IncludedBy:certification,
supersession: Related:communications security,
superuser: IncludedBy:users,; Related:authorized, control, file, network, process, system,
supervisor state: HasPreferred:executive state,
supervisory control: IncludedBy:control,; Related:computer, program,
supervisory control and data acquisition: IncludedBy:control, control systems,; Related:computer, integrity, operation, process, system,
supplementary character: PreferredFor:supplementary check character,
supplementary check character: HasPreferred:supplementary character,
supply chain
supply chain attack: IncludedBy:attack,; Related:software,
support software: IncludedBy:software,; Related:application, computer, function, operation, system,
supporting information assurance infrastructures: IncludedBy:assurance,
suppression measure: Related:compromise, emanation, emanations security,
surface warfare: IncludedBy:warfare,
surreptitious entry: IncludedBy:threat,; Related:authorized, evidence,
surrogate access: IncludedBy:access, discretionary access control,; Related:control,
survivability: Related:attack, operation, system,
suspended state: IncludedBy:key lifecycle state,; Related:key, lifecycle,
suspicious activity report: Related:assurance, file, fraud, threat,
suspicious contact: IncludedBy:threat,; Related:access, authorized, classified, compromise, illegal, intelligence, target,
suspicious event: IncludedBy:incident,; Related:computer, computer security, security, security incident, validate,
switched multi-megabit data service
SWOT analysis: IncludedBy:analysis, strengths, weaknesses, opportunities, threats,; Related:identify,
syllabary: Related:code,
symbolic execution: Related:analysis, program, software,
symmetric algorithm: IncludedBy:algorithm, encryption, key,; Includes:International Data Encryption Algorithm, Rivest Cipher 2, Rivest Cipher 4, Skipjack, data encryption standard, secret key,
symmetric cryptographic technique: IncludedBy:cryptographic,; Related:encryption, key, symmetric cryptography,
symmetric cryptography: IncludedBy:cryptography,; Includes:Blowfish, CAST, advanced encryption standard, data encryption algorithm,; Related:algorithm, confidentiality, digital signature, encryption, key, key management, message, public-key, risk, signature, symmetric cryptographic technique, symmetric encipherment algorithm, symmetric encryption algorithm, verification,
symmetric encipherment algorithm: IncludedBy:algorithm, cipher, encipherment,; Related:key, symmetric cryptography,
symmetric encryption algorithm: IncludedBy:algorithm, encryption,; Related:cryptographic, key, process, symmetric cryptography,
symmetric key: IncludedBy:key,; Related:algorithm, authentication, code, cryptographic, encryption, message, operation,
symmetric measure of association: IncludedBy:association,
SYN flood: IncludedBy:synchronous flood,; Related:connection, denial-of-service, protocols,
synchronous crypto-operation: IncludedBy:cryptography, operation,; Related:system,
synchronous flood: IncludedBy:attack,; Includes:SYN flood,; Related:code, network, system,
synchronous transmission: Related:network,
syntax
syntax testing: IncludedBy:security testing, test,; Related:system,
synthetic benchmarks: Related:program, test,
system: Includes:Automated Information System security, COMSEC Material Control System, COMSEC system data, Defense Information System Network, DoD Trusted Computer System Evaluation Criteria, Information Systems Security products and services catalogue, National Communications System, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Network File System, Open Systems Interconnection Reference model, Secure Data Network System, Subcommittee on Information Systems Security, Terminal Access Controller Access Control System, The Exponential Encryption System, Trusted Computer System Evaluation Criteria, Trusted Systems Interoperability Group, application system, asymmetric encipherment system, asymmetric signature system, authentication system, auto-manual system, automated data processing system, automated information system, automated key management system, automated office support systems, autonomous system, biometric system, bulletin board services (systems), business disruption and system failures, certified information systems security professional, check character system, clean system, coded switch system, computer oracle and password system, computer security subsystem, concealment system, control systems, critical system, critical system files, cryptographic key management system, cryptographic system, cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, database management system, decision support systems, defense communications system, defense message system, distributed control system, domain name system, electrical power systems, electronic document management system, electronic funds transfer system, electronic generation, accounting, and distribution system, electronic key management system, elliptic curve cryptosystem, embedded cryptographic system, embedded system, end system, evaluated system, executive information systems, external system exposure, federal telecommunications system, fire suppression system, general support system, general-purpose system, generally accepted system security principles, global command and control system, global positioning system, hardware and system software maintenance, high-impact system, host-based intrusion prevention system, identity management systems, imaging system, improved emergency message automatic transmission system, information system, information system security officer, information systems audit and control association, information systems audit and control foundation, information systems security, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, information systems security product, information systems/technology, information technology system, internal system exposure, intrusion detection system load balancer, intrusion detection systems, intrusion prevention system, kernelized secure operating system, key management system, key management system Agent, key-escrow system, legacy systems, lock-and-key protection system, logical system definition, low-impact system, major information system, manual cryptosystem, message handling system, mission critical system, moderate-impact system, multilevel information systems security initiative, national security system, national telecommunications and information system security directives, network behavior analysis system, network system, network-based intrusion prevention system, off-line cryptosystem, on-line cryptosystem, on-line system, one-time cryptosystem, open system environment, open system interconnection, open system interconnection model, open systems, open systems interconnection, open systems security, operating system, operating system fingerprinting, password system, positive enable system, privacy system, program automated information system security incident support team, protected distribution systems, protected wireline distribution system, protective distribution system, public-key system, real-time system, secure operating system, secure subsystem, signaling system 7, signature system, software system test and evaluation process, stand-alone, shared system, stand-alone, single-user system, state delta verification system, stovepipe systems, subcommittee on Automated Information System security, subsystem, system accreditation, system acquisition plan, system administrator, system administrator privileges, system and data integrity, system assets, system boundary, system design review, system development, system development and acquisition, system development lifecycle, system development methodologies, system entity, system entry, system files, system high, system high mode, system indicator, system integrity, system integrity service, system interconnection, system life, system lifecycle, system low, system owner, system parameter, system profile, system requirement, system resources, system retention/backup, system safety, system security, system security authorization agreement, system security engineering, system security management, system security officer, system security plan, system security policy, system software, system testing, system under test, system verification, system-high security mode, systematic selection with a random start, systems administrator, systems engineering, systems security steering group, systems software, tri-service tactical communications system, trusted computer system, trusted computing system, trusted operating system, trustworthy system, user interface system, water supply system, weapons system, wireless intrusion detection and prevention system,; Related:Advanced Mobile Phone Service, BLACK, Bell-LaPadula security model, Biba Integrity model, British Standard 7799, C2-attack, C2-protect, COMSEC aid, COMSEC modification, COMSEC module, COMSEC profile, COMSEC survey, Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security, DNS spoofing, Defense Information Infrastructure, Defensive Information Operations, Directory Access Protocol, DoD Information Technology Security Certification and Accreditation Process, Escrowed Encryption Standard, FIPS PUB 140-1, Federal Criteria for Information Technology Security, Federal Information Processing Standards, Generic Security Service Application Program Interface, Green book, IA architecture, IA-enabled information technlogogy product, IS related risk, IS security architecture, IT default file protection parameters, IT resources, IT security, IT security achitecture, IT security database, IT security incident, IT security plan, IT security policy, IT security product, IT security support functions, IT-related risk, ITU-T, Identification Protocol, Integrated services digital network, International Traffic in Arms Regulations, International organization for standardization, Internet Corporation for Assigned Names and Numbers, Internet worm, Intrusion Detection In Our Time, Java, MISSI user, Message Security Protocol, National Computer Security Center, National Security Agency, National Security Decision Directive 145, OSI architecture, Orange book, PHF, PKIX, POSIX, RED, RED team, RED/BLACK concept, RED/BLACK separation, Red book, SATAN, SCADA server, Star Trek attack, TEMPEST, TSEC nomenclature, Tiger, Tripwire, USENET, X.400, X.500 Directory, Yellow book, acceptable risk, acceptable use policy, acceptance criteria, acceptance inspection, acceptance procedure, acceptance testing, access, access control, access control center, access control lists, access control mechanisms, access control service, access mode, access with limited privileges, accessibility, accountability, accounting legend code, accreditation, accreditation boundary, accreditation disapproval, accreditation package, accreditation phase, accreditation range, acquirer, acquisition strategy, active security testing, add-on security, address spoofing, adequate security, administrative access, adversary, alignment, allowed traffic, anomaly detection, anomaly detection model, anonymous, anonymous and guest login, anonymous login, antivirus software, antivirus tools, application, application controls, application gateway firewall, application level gateway, application program interface, application programming interface, application server attack, application software, application-level firewall, approval/accreditation, architecture, archive, assessment, association, assurance, asymmetric cipher, asymmetric cryptographic technique, asymmetric encryption algorithm, asynchronous attacks, attack, attackers, audit, audit data, audit service, audit trail, audit/review, auditing tool, authenticate, authentication, authentication code, authenticity, authorization, authorization to process, authorize processing, authorized, authorizing official, automated security monitoring, availability, availability service, back up vs. backup, backdoor, backup, backup procedures, banking and finance, banner, baseline controls, bastion host, benchmark, best practices, beyond A1, bias, bit error rate, blue box devices, bomb, boot sector virus, bot-network operators, boundary, boundary host, boundary value, breach, break, browse access protection, buffer overflow, business process reengineering, call back, call back security, capability, cascading, cell, centrally-administered network, certificate, certificate holder, certificate owner, certificate user, certification, certification agent or certifier, certification authority, certification authority workstation, certification phase, certification practice statement, certifier, challenge/response, channel, channel scanning, checksum, cipher, circuit switching, class 2, 3, 4, or 5, clearing, client, client server, closed security environment, code, code book, code group, code vocabulary, cold site, color change, common criteria, common data security, communications, communications profile, communications security, compartmented mode, compensating security controls, compiled viruses, compliance-based, component, compromise, compromised key list, compromising emanations, computer, computer architecture, computer emergency response team, computer emergency response teams' coordination center, computer fraud, computer intrusion, computer network, computer network defense, computer network exploitation, computer operations, audit, and security technology, computer security, computer security incident, computer security intrusion, computing environment, computing security methods, concept of operations, confidentiality, configuration, configuration control, configuration identification, configuration management, consistency, console, console logon, console logs, consumers, contingency plan, contingency planning, control, control server, controlled interface, controlled security mode, controlled sharing, controlled variable, cookies, correctness, correctness proof, corruption, cost-risk analysis, countermeasures, covert channel, covert timing channel, crack, crack root, cracker, cracking, crash, credentials, criminal groups, critical, critical elements, critical infrastructures, criticality, criticality assessment, criticality/sensitivity, cryptanalysis, crypto-security, cryptographic component, cryptonet, cryptoperiod, cybersecurity, cyberspace, daemon, data aggregation, data communications, data confidentiality, data driven attack, data integrity service, data origin authentication service, data reengineering, data transfer device, decipher, dedicated mode, dedicated security mode, default account, default classification, default file protection, defense-in-depth, degausser, degausser products list, deliverable, denial-of-service, descriptive top-level specification, designated approval authority, designated approving authority, designer, developer, dial back, dial-up capability, dial-up line, dictionary attack, digital signature, digital telephony, directory vs. Directory, disaster recovery plan, discrete event simulation, discretionary access control, disruption, distributed computing environment, distributed database, distributed denial-of-service, distributed processing, disturbance, documentation, domain, domain name, dual control, due care, dynamic analysis, economy of mechanism, electromagnetic compatibility, electromagnetic interference, electronic authentication, email, emanation, emanations analysis, emanations security, embedded computer, embedded cryptography, emergency services, emergency shutdown controls, emissions security, encipher, encode, encryption, encryption strength, end entity, end-to-end encryption, end-to-end security, end-user, endorsed tools list, entrapment, entry-level certification, environment, error, evaluated products list, evaluation, evaluation and validation scheme, evaluation assurance level, evaluation criteria, evaluator, event, executive state, expert review team, exploit, exploit tools, exploitable channel, exploitation, exposures, extensibility, external it entity, facility manager, fail safe, fail soft, failure, failure access, failure control, fallback procedures, false acceptance, false acceptance rate, false negative, false positive, false rejection, false rejection rate, fault, fault tolerance, fault tolerant, federated identity, federation, fedwire, fetch protection, field site, file protection, file transfer, firewall, fishbowl, flaw, flaw hypothesis methodology, flooding, flow, fork bomb, formal development methodology, formal method, formal security policy model, formal specification, formal top-level specification, formal verification, forward engineering, frame relay, framework, front-end security filter, full accreditation, full disk encryption, function, functional testing, functionality class, gas and oil production, storage and transportation, gateway, general controls, global information grid, global information infrastructure, global network information environment, global requirements, graduated security, guard, guessing entropy, hackers, hacking, hardware, hardware or software error, hierarchical decomposition, hijacking, hoax, honeypot, host, host-based security, hot site, human error, hypertext markup language, identification, identification and authentication, identity verification, identity-based security policy, impact, impersonation, incapacitation, incident, incident response capability, incomplete parameter checking, independent assessment, independent review and evaluation, individual accountability, individual electronic accountability, information, information assurance, information assurance manager, information assurance officer, information assurance product, information category, information engineering, information environment, information flow, information flow control, information operations, information security, information security testing, information superhighway, information technology, information warfare, infrastructure, insider, instrument, instrumentation, integrity, interconnection security agreements, interface, interface testing, interference, interim accreditation, interim accreditation action plan, interim approval to operate, interim approval to test, internal security controls, internal subject, internet, internet protocol, internet protocol security, internet vs. Internet, internetwork, interoperability, interoperate, intruder, intrusion, intrusion detection, intrusion detection and prevention, intrusion detection tools, intrusion prevention, ip spoofing, isolation, joint task force-computer network defense, kerberos, key center, key management, key management/exchange, key pair, key stream, key-escrow, killer packets, lattice model, leakage, least privilege, level of protection, levels of concern, lifecycle, lifecycle management, link encryption, list-oriented, local-area network, logged in, logging, logic bombs, logical access, login, login prompt, loophole, machine controller, mailbomb, maintenance, major application, malicious code, malicious logic, malware, management controls, management server, mandatory access control, markup language, masquerade, masquerade attack, masquerading, mass mailing worm, mechanisms, media protection, memorandum of understanding, memory resident, message indicator, mid-level certification, middleware, min-entropy, misappropriation, mission critical, misuse, misuse detection model, mobile code, mockingbird, mode of operation, model, modes of operation, multicast, multilevel mode, multilevel secure, multilevel security, multilevel security mode, multipurpose internet mail extensions, multiuser mode of operation, mutual suspicion, mutually suspicious, nak attack, national computer security assessment program, national information assurance partnership, national security information, natural disaster, network, network component, network device, network front-end, network management software, network security, network security officer, network service worm, network services, network sponsor, network trusted computing base, network worm, non-technical countermeasure, normal operation, object, obstruction, octet, off-line attack, one-part code, one-time pad, one-time passwords, one-time tape, open security, open security environment, operation, operational controls, operational integrity, operational risk, operational testing, operations manager, operations security, organizational certificate, overload, overt channel, partitioned security mode, passive, passive fingerprinting, passive security testing, passive threat, passphrase, password cracking, password-locked screensaver, passwords, payload, payment gateway, peer entity authentication service, penetration, penetration signature, penetration study, penetration test, penetration testing, people, per-call key, performance measurement, periods processing, personal communications network, personal identification number, personal security environment, personnel security, phreaker, phreaking, physical access control, physical and environmental protection, physical controls, physical destruction, physical security, piggyback, piggyback attack, piggyback entry, ping of death, platform, plug-in, polymorphism, port scanner, port scanning, portability, positive control material, post-accreditation phase, pre-certification phase, preferred products list, pressure sensor, pretty good privacy, principal accrediting authority, privacy, privacy impact assessment, private communication technology, private decipherment transformation, private key, privilege, privileged, privileged instructions, privileged user, probe, procedural controls, procedural security, process controller, product, product rationale, program manager, programmable logic controller, protection philosophy, protection profile, protection ring, protection-critical portions of the TCB, protocols, prototyping, prove a correspondence, proxy, proxy server, pseudo-flaw, public encipherment transformation, public law 100-235, public-key, public-key certificate, public-key cryptography, public-key cryptography standards, public-key forward secrecy, public-key infrastructure, purge, qualitative risk assessment, quality, quality assurance, quality control, quality function deployment, reciprocal agreement, records, recovery procedures, redundancy, reference monitor, reference validation mechanism, registration, rekey, reliability, relying party, remediation, remote access, remote access software, remote administration tool, remote diagnostics, remote login, remote terminal emulation, repository, repudiation, requirements, reserve requirements, residual risk, resource, response time, restructuring, retro-virus, reverse engineering, review board, review techniques, risk, risk analysis, risk assessment, risk index, risk management, robustness, role, role-based access control, rolling cost forecasting technique, root, rootkit, rules based detection, rules of behavior, ruleset, safety, safety-critical software, salt, sanitize, scalability, scanning, scavenging, screened subnet firewall, secret, sector coordinator, sector liaison, secure configuration management, secure socket layer, secure state, security, security architecture, security audit, security audit trail, security breach, security category, security certification level, security clearance, security compromise, security controls, security domain, security environment, security evaluation, security event, security features, security features users guide, security filter, security flaw, security flow analysis, security gateway, security goals, security incident, security intrusion, security kernel, security label, security management infrastructure, security measures, security mechanism, security model, security net control station, security objectives, security officer, security parameters index, security perimeter, security plan, security policy, security policy model, security purpose, security range, security requirements, security requirements baseline, security safeguards, security service, security specifications, security strength, security target, security test & evaluation, security test and evaluation, security testing, security violation, security-relevant event, sensitive compartmented information, sensitive information, sensor, sensor or monitor, separation of duties, server, signaling, signals analysis, signature, significant change, single sign-on, single-level device, site accreditation, site certification, social engineering, software, software build, software development methodologies, software engineering, software quality assurance, software reengineering, software reliability, software security, source data entry, source program, source selection, specification, spoof, spoofing, spyware, state variable, static analysis, stress testing, structural testing, sub-function, subcommittee on telecommunications security, subject, subnetwork, subset-domain, superuser, supervisory control and data acquisition, support software, survivability, synchronous crypto-operation, synchronous flood, syntax testing, tamper, tampering, target identification and analysis techniques, target of evaluation, technical attack, technical controls, technical countermeasures, technical policy, technical security policy, technical vulnerability, technological attack, technology, technology area, telecommunications, teleprocessing, telnet, temperature sensor, terminal identification, test, test bed, test bed configuration, test cycle, test facility, test key, test report, testability, testing, theft of functionality, think time, thrashing, threat, threat action, threat agent, threat analysis, threat assessment, threat monitoring, ticket, ticket-oriented, tiger team, tokens, top-level certification, top-level specification, total risk, trace packet, traffic analysis, traffic-flow security, transfer time, transmission control protocol, transportation, trapdoor, trespass, trojan horse, trust, trust level, trusted computing base, trusted gateway, trusted identification forwarding, trusted network interpretation, trusted path, trusted process, trusted recovery, tuning, tunneling attack, tunneling router, two-part code, two-person control, two-person integrity, type 1 products, type 2 product, type 3 product, type accreditation, type certification, unauthorized access, under sea warfare, untrusted process, updating, user id, user identifier, user partnership program, user representative, users, usurpation, utility programs, validate vs. verify, validation, value-added network, valve, vendor, verification, verification and validation, verification procedure refinements, violation of permissions, virtual machine, virtual private network, virus, vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit, war dialer, warehouse attack, web browser cache, wedged, wireless device, wiretapping, work factor, workgroup computing, workstation, world wide web, worm, zombie,
system accreditation: IncludedBy:accreditation, system,; Related:application, operation,
system acquisition plan: IncludedBy:system,
system administrator: IncludedBy:system,; Related:assurance, audit, backup, control, information assurance officer, operation, policy, requirements, security, standard, users,
system administrator privileges: IncludedBy:system,; Related:file,
system and data integrity: IncludedBy:integrity, system,; Related:control, operation, security, software,
system assets: IncludedBy:system,; Related:communications, resource, software,
system boundary: IncludedBy:boundary, system,
system design review: IncludedBy:system,
system development: IncludedBy:system,; Related:analysis,
system development and acquisition: IncludedBy:system,; Related:control, security,
system development lifecycle: IncludedBy:development, system,; Related:computer, security testing, test,
system development methodologies: IncludedBy:system,; Includes:software development methodologies,; Related:analysis, software,
system entity: IncludedBy:entity, system,; Related:authentication, information, object, process, role, subject,
system entry: IncludedBy:access control, system,; Related:access, authentication,
system files: IncludedBy:file, system,; Related:computer, function, security, users,
system high: Antonym:system low,; IncludedBy:modes of operation, system, system-high security mode,; Related:security,
system high mode: IncludedBy:system,; Related:access, access control, computer security, information, operation, process, program, security, users,
system indicator: IncludedBy:system,; Related:cryptographic system, cryptography, encryption, identify, key, message,
system integrity: IncludedBy:integrity, system,; Related:authorized, computer, function, operation, quality, resource, users,
system integrity service: IncludedBy:integrity, system,; Related:authorized, resource, security,
system interconnection: IncludedBy:connection, system,; Related:control, operation, requirements, security,
system life: IncludedBy:system,; Related:resource, software,
system lifecycle: IncludedBy:system,; Related:computer,
system low: Antonym:system high,; IncludedBy:modes of operation, system,; Related:information, operation, process, resource, security, software,
system of records: Related:control,
system owner: IncludedBy:owner, system,; Related:development, operation, users,
system parameter: IncludedBy:system,; Related:computer, property,
system profile: IncludedBy:file, profile, system,; Related:security,
system requirement: IncludedBy:requirements, system,; Related:users,
system resources: IncludedBy:resource, system,; Related:access, access control, automated information system, file, program, router, users,
system retention/backup: IncludedBy:availability, backup, system,; Related:critical, information, process, resource, software,
system safety: IncludedBy:system,; Related:damage, software,
system security: IncludedBy:information systems security, system,; Related:information,
system security authorization agreement: IncludedBy:authorization, requirements, security, system,; Includes:system security plan,; Related:connection, countermeasures, identify, operation, program, risk, threat, vulnerability,
system security engineering: IncludedBy:information systems security, system,; Related:information,
system security management: IncludedBy:security, system,
system security officer: IncludedBy:officer, security, system,; Includes:information system security officer,; Related:audit, authority, authorized, computer, function, information, owner, policy, program, role, users,
system security plan: IncludedBy:system, system security authorization agreement,; Related:control, management, privacy, risk,
system security policy: IncludedBy:policy, security policy, system,; Related:information, resource,
system software: IncludedBy:software, system,; Related:access, access control, application, computer, control, file, operation, program, security,
system testing: IncludedBy:security testing, system, test,; Related:identify, recovery,
system under test: IncludedBy:system, test,
system verification: IncludedBy:system, verification,
system-high security mode: IncludedBy:modes of operation, multilevel security mode, system,; Includes:system high,; Related:access, access control, accreditation, authorization, authorized, classification levels, classified, dedicated security mode, information, operation, policy, process, software, trust, users,
system-specific security control: IncludedBy:control, security,
systematic declassification review: Related:classified,
systematic selection with a random start: IncludedBy:random, system,
systems administrator: IncludedBy:system,
systems engineering: IncludedBy:system,; Related:application, operation, process, test,
systems security steering group: IncludedBy:security, system,; Related:communications, communications security, computer security, information, intelligence, policy, telecommunications,
systems software: IncludedBy:software, system,; Related:application, communications, computer, control, process, program, update,
T-1 line
tactical approval to operate: Related:security,
tactical data
tactical edge: Related:availability, risk, threat, users,
tactical sensitive compartmented information facility
tactical special access program facility: IncludedBy:access,
tactical terminal
tactical trunk encryption device: IncludedBy:encryption,
tailored security control baseline: IncludedBy:control, security,
tailoring (assessment procedures): Related:requirements,
tailoring: Related:control, security,
tamper: IncludedBy:encryption, security, threat consequence,; Includes:anti-tamper, anti-tamper executive agent, tamper resisting, tampering,; Related:Clipper chip, Federal Standard 1027, TCB subset, authorized, computer security, control, cryptographic, denial-of-service, function, information, operation, personal security environment, protective technologies, quadrant, reference monitor, reference validation mechanism, signed applet, smartcards, system, trusted foundry, trusted platform module chip,
tamper resisting: IncludedBy:tamper,; Related:authorized, technology,
tampering: IncludedBy:attack, tamper,; Related:authorized, function, system,
target: Includes:security target, target identification and analysis techniques, target of evaluation, target vulnerability validation techniques,; Related:Defense Travel Briefing, European Information Technology Security Evaluation Criteria, Office of Foreign Assets Control, TOE security policy, acceptance procedure, account aggregation, active security testing, administration documentation, administrator, advanced persistent threats, adversary, advisory, architectural design, assurance, assurance level, attack, attribute-based access control, automated security incident measurement, binding of functionality, component, computer network exploitation, configuration, configuration control, construction, controlled information, correctness, counterintelligence assessment, critical mechanism, cross site scripting, deliverable, deliverables list, delivery, detailed design, developer, development environment, development process, documentation, ease of use, effectiveness, electronic warfare support, end-user, evaluation, evaluation assurance, evasion, external it entity, functionality class, implementation, intrusion detection systems, intrusion prevention system, message passing, network sniffing, object, operating procedure, operating system fingerprinting, operation, operational documentation, operational environment, pagejacking, passive security testing, penetration testing, production, programming languages and compilers, protection profile, proximity sensor, rating, reference monitor, requirements, risk, scenario, screen scraping, secure copy, security enforcing, security environment threat list, security functions, security objectives, security relevant, social engineering, strength of mechanisms, suitability of functionality, suspicious contact, technical threat analysis, threat, threat source, tool, trusted path, uniform resource identifier, user documentation, vulnerability, vulnerability assessment,
target identification and analysis techniques: IncludedBy:analysis, identification, target,; Related:application, information, information security, security, security testing, system, test, vulnerability,
target of evaluation: IncludedBy:evaluation, target, trusted computing base,; Includes:European Information Technology Security Evaluation Criteria, IT security certification, SOF-basic, SOF-high, SOF-medium, TOE resource, TOE security functions, TOE security functions interface, TOE security policy, TOE security policy model, TSF data, TSF scope of control, acceptance procedure, administration documentation, administrator, architectural design, asset, assurance, binding of functionality, component, configuration, configuration control, connectivity, construction, construction of TOE requirements, critical mechanism, deliverables list, delivery, detailed design, developer, development environment, development process, documentation, ease of use, end-user, external it entity, formal model of security policy, functionality, functionality class, human user, implementation, inter-TSF transfers, internal TOE transfer, internal communication channel, operating procedure, operation, operational documentation, operational environment, penetration testing, production, programming languages and compilers, reference monitor, requirements, requirements for procedures and standards, resource, role, security enforcing, security functions, security objectives, security relevant, security target, strength of function, strength of mechanisms, suitability of functionality, tool, transfers outside TSF control, user documentation, vulnerability, vulnerability assessment,; Related:criteria, security, subject, system, users,
target vulnerability validation techniques: IncludedBy:target, validation, vulnerability,; Related:access, analysis, identification, information, information security, passwords, security, security testing, test,
task
TCB subset: IncludedBy:trusted computing base,; Includes:object, subject,; Related:access, access control, analysis, control, policy, software, tamper, test,
tcpwrapper: IncludedBy:security software,; Related:access, access control, authorized, network, software,
tear line: Related:classified, foreign, intelligence,
technical attack: IncludedBy:attack,; Related:software, system, users,
technical controls: IncludedBy:control,; Related:application, countermeasures, information, security, security controls, software, system,
technical countermeasures: IncludedBy:countermeasures, security,; Related:access, audit, authentication, information, information security, network, process, software, system,
technical data: Related:classified,
technical non-repudiation: Related:security,
technical policy: IncludedBy:access control, policy,; Includes:object, subject,; Related:access, computer, system, trust,
technical reference model
technical review board
technical security: IncludedBy:security,; Related:foreign,
technical security controls: IncludedBy:control, security,; Related:software,
technical security policy: IncludedBy:policy, security policy,; Includes:object,; Related:control, information, process, resource, software, system, threat,
technical surveillance countermeasures: IncludedBy:countermeasures,; Related:security,
technical surveillance countermeasures inspection: IncludedBy:countermeasures,; Related:security,
technical surveillance countermeasures surveys and evaluations: IncludedBy:countermeasures, evaluation,; Related:security,
technical threat analysis: IncludedBy:analysis, threat,; Related:intelligence, target,
technical vulnerability: IncludedBy:vulnerability,; Related:computer, damage, exploit, owner, process, risk, software, system, users,
technical vulnerability information: IncludedBy:information, vulnerability,; Related:code,
technological attack: IncludedBy:attack,; Related:access, access control, control, software, system, users,
technology: Includes:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IA-enabled information technology product, Information Technology Security Evaluation Criteria, National Institute of Standards and Technology, center for information technology excellence, computer operations, audit, and security technology, control objectives for information and related technology, information systems/technology, information technology, information technology system, private communication technology, push technology, technology area, technology gap, wireless technology,; Related:Defensive Information Operations, Digital Signature Standard, Federal Criteria Vol. I, Federal Information Processing Standards, Guidelines and Recommendations for Security Incident Processing, IA-enabled information technlogogy product, IT-related risk, International Traffic in Arms Regulations, International organization for standardization, Internet Engineering Task Force, PCMCIA, Scope of Accreditation, access, access control, antivirus tools, approved technologies list, archive, assurance, asynchronous transfer mode, beyond A1, broadband network, cellular transmission, chief information agency officer, chief information officer, code division multiple access, collaborative computing, common criteria, common criteria version 1.0, common criteria version 2.0, computer related crime, container, control, correctness, countermeasures, criteria, cyberattack, cyberspace, data encryption standard, defense-in-depth, digital telephony, electronic commerce, emanations security, extranet, facilities, false negative, false positive, frame relay, graduated security, information assurance product, information category, information resources, intranet, intrusion, kerberos, key-escrow system, major application, national information assurance partnership, personal communications network, phreaking, process, proximity, public law 100-235, quadrant, risk management, scoping guidance, secure multipurpose internet mail extensions, security, security policy, should, social engineering, software, subsystem, system, tamper resisting, tokens, tunneling, vendor, vulnerability, web vs. Web,
technology area: IncludedBy:technology,; Related:IT security, application, communications, computer security, criteria, evaluation, function, network, router, security, system, telecommunications,
technology control plan: Related:access, foreign, risk,
technology critical: IncludedBy:critical,; Related:security,
technology gap: IncludedBy:technology, threat,
technology transfer: Related:foreign,
telecommunications: IncludedBy:communications,; Includes:National Security Telecommunications Advisory Committee, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Administration, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, diplomatic telecommunications service, federal telecommunications system, global telecommunications service, government emergency telecommunications service, national telecommunications and information system security directives, subcommittee on telecommunications security, telecommunications security,; Related:CCI equipment, COMSEC aid, COMSEC equipment, COMSEC material, COMSEC module, COMSEC monitoring, CRYPTO, Defense Information Infrastructure, Escrowed Encryption Standard, IT resources, ITU-T, National Security Decision Directive 145, TEMPEST, bit error rate, bulk encryption, communications security, component, controlled cryptographic item, cracker, cybersecurity, cyberspace, deception, delegated development program, emissions security, end-to-end encryption, extraction resistance, frequency hopping, information, information and communications, information processing standard, information technology, key recovery, line conditioning, line conduction, major application, manipulative communications deception, mission critical, national security system, network, per-call key, privacy system, process, protected communications, reliability, secure communications, signaling, spread spectrum, subcommittee on Automated Information System security, system, systems security steering group, technology area, teleprocessing, transmission security, users, war dialer,
telecommunications and automated information systems security: IncludedBy:security,
telecommunications security: IncludedBy:communications, communications security, information systems security, telecommunications,
telecommuting: Related:communications, computer, software,
telemetry: Related:analysis,
telemetry intelligence: IncludedBy:intelligence,; Related:analysis, foreign,
teleprocessing: IncludedBy:process,; Related:application, communications, computer, function, information, interface, system, telecommunications,
telework
telnet: IncludedBy:internet,; Related:application, computer, login, network, protocols, remote access software, standard, system,
temperature sensor: Related:system,
TEMPEST: IncludedBy:preferred products list, security,; Includes:Endorsed TEMPEST Products List, TEMPEST Endorsement Program, TEMPEST advisory group, TEMPEST shielded, TEMPEST test, TEMPEST zone, certified TEMPEST technical authority, compromising emanations, emanation, emanations security, emissions security, equipment radiation TEMPEST zone, soft TEMPEST,; Related:International Traffic in Arms Regulations, approval/accreditation, communications, compromise, computer, control, information, inspectable space, optional modification, standard, system, telecommunications, vulnerability,
TEMPEST advisory group: IncludedBy:TEMPEST, advisory,
TEMPEST approved: Related:requirements, security,
TEMPEST Endorsement Program: IncludedBy:TEMPEST, program,
TEMPEST shielded: IncludedBy:TEMPEST,; Related:compromise,
TEMPEST test: IncludedBy:TEMPEST, test,; Related:compromise, emanation, emanations security,
TEMPEST zone: IncludedBy:TEMPEST,
TEMPEST zoned equipment: Related:security,
temporary access eligibility: IncludedBy:access,; Related:interim access authorization, interim security clearance, requirements,
temporary help/job shopper: Related:access, classified,
temporary records
term rule-based security policy: IncludedBy:policy, security,; Related:access, access control, resource, users,
Terminal Access Controller Access Control System: IncludedBy:access, control, control systems, internet, security protocol, system,; Related:authentication, authorization, computer, connection, encryption, function, network, passwords, protocols, router, verification,
terminal hijacking: IncludedBy:attack,; Related:TTY watcher, control, derf, hijack attack, users,
terminal identification: IncludedBy:identification,; Related:identify, system,
terrorism: Related:threat,
terrorists: IncludedBy:threat,; Related:critical, damage, information, security,
test: IncludedBy:assurance, audit, risk management,; Includes:Common Criteria Testing Laboratory, Common Criteria Testing Program, TEMPEST test, acceptance testing, active security testing, ad hoc testing, ad-lib test, approved test methods list, black-box testing, boundary value testing, certification test and evaluation, conformance testing, covert testing, environmental failure testing, exhaustive testing, external security testing, functional test case design, functional testing, implementation under test, information security testing, integrated test facility, integration test, interface testing, interim approval to test, internal security testing, mutation testing, negative tests, operational testing, overt testing, passive security testing, penetration test, penetration testing, pilot testing, regression testing, reliability qualification tests, security test & evaluation, security test and evaluation, security testing, smart testing, software system test and evaluation process, stress testing, structural testing, subtest, syntax testing, system testing, system under test, test bed, test bed configuration, test case, test case generator, test case specification, test case suite, test coverage, test cycle, test design, test driver, test environment, test execution, test facility, test generator, test item, test key, test log, test method, test plan, test procedure, test report, test result analyzer, test strategy, test suite, testability, tester, testing, unit testing, white-box testing,; Related:CASE tools, FIPS PUB 140-1, RED team, Rivest-Shamir-Adleman algorithm, Scope of Accreditation, TCB subset, abend, acceptance inspection, accreditation, allowed traffic, approved technologies list, assured software, authentication, bebugging, benchmark, bit forwarding rate, blue team, boundary value analysis, boundary value coverage, branch coverage, certificate, certification, certification authority, change management, code coverage, commercial off-the-shelf software, component, computer-assisted audit technique, concurrent connections, configuration management, conformance, connection establishment, connection teardown, contingency plan, control, coverage, credentials, development assurance, error guessing, exercised, flaw hypothesis methodology, goodput, homed, hot wash, identify, identity validation, independent validation and verification, information processing standard, instrument, lattice, lattice model, logging, message digest, monitoring and evaluation, mutation analysis, national information assurance partnership, non-repudiation service, oracle, password cracker, patch management, path coverage, point of control and observation, process, protection profile, pseudo-random number generator, public-key certificate, random, records, reference monitor, reference validation mechanism, remote terminal emulation, review techniques, rules of engagement, ruleset, sample, security certification level, security event, security functions, security requirements, security target, sensitivity analysis, simulation modeling, sneaker, software development, software lifecycle, sponsor, statement coverage, synthetic benchmarks, system, system development lifecycle, systems engineering, target identification and analysis techniques, target vulnerability validation techniques, tiger team, time-stamping service, trusted certificate, trusted process, unit, unit of transfer, users, validate, validate vs. verify, validation, verification,; Synonym:analysis,
test bed: IncludedBy:test,; Related:application, program, software, system,
test bed configuration: IncludedBy:test,; Related:software, system, test case generator, test case specification, version,
test case: IncludedBy:test,; Related:object, program, software development, test procedure,
test case generator: IncludedBy:test,; Related:code, criteria, software, test bed configuration, test generator,
test case specification: IncludedBy:test,; Related:test bed configuration,
test case suite: IncludedBy:test,; Related:software,
test coverage: IncludedBy:test,; Related:requirements, software,
test cycle: IncludedBy:test,; Related:code, security testing, software, software development, system, users,
test design: IncludedBy:test,; Related:identify, software, software development,
test driver: IncludedBy:test,
test environment: IncludedBy:test,; Related:software,
test execution: IncludedBy:test,; Related:process, software,
test facility: IncludedBy:test,; Related:application, process, security testing, software development, system, validation,
test generator: IncludedBy:test,; Related:program, test case generator,
test item: IncludedBy:test,; Related:object, security testing, software,
test key: IncludedBy:key, test,; Related:communications security, security testing, system,
test log: IncludedBy:test,
test method: IncludedBy:test,; Related:criteria, evaluation,
test plan: IncludedBy:test,; Related:process, resource, risk, security testing, software,
test procedure: IncludedBy:test,; Related:evaluation, operation, test case,
test report: IncludedBy:test,; Related:security testing, system,
test result analyzer: IncludedBy:test,; Related:software,
test strategy: IncludedBy:test,; Related:criteria,
test suite: IncludedBy:test,; Related:software,
testability: IncludedBy:software requirement, test,; Related:computer, criteria, establishment, function, program, software, system,
tester: IncludedBy:test,; Related:program, software,
testing: IncludedBy:security testing, test,; Related:dynamic analysis, evaluation, process, software, system,
The Exponential Encryption System: IncludedBy:encryption, system,; Related:authentication, cryptographic, cryptography, digital signature, function, key, public-key, signature,
theft: IncludedBy:illegal, threat consequence,; Includes:identity theft, theft of data, theft of functionality, theft of service,; Related:access, access control, account fraud, computer abuse, criminal groups, password shadowing, phishing, physical security, social engineering, unclassified controlled nuclear information,
theft of data: IncludedBy:theft, threat consequence,; Related:authorized,
theft of functionality: IncludedBy:function, theft, threat consequence,; Related:authorized, software, system,
theft of service: IncludedBy:theft, threat consequence,; Related:authorized, entity,
thermostat: Related:control,
think time: Related:response, system, users,
third party trusted host model: IncludedBy:kerberos, model, trust,; Includes:ticket,; Related:authentication, key, passwords,
thrashing: Related:computer, function, operation, resource, system,
threat: Antonym:security software,; IncludedBy:component operations, risk,; Includes:CGI scripts, Chernobyl packet, PHF, PHF hack, RED signal, abuse of privilege, acceptable level of risk, advanced persistent threats, adversary threat strategy, ankle-biter, attack, blue box devices, bomb, bot-network operators, breach, buffer overflow, bug, chain letter, classified information spillage, code amber, code red, compromised key list, compromising emanations, computer abuse, computer related crime, countermeasures, crack, crash, criminal groups, dangling threat, dark-side hacker, deadlock, deadly embrace, derf, dumpster diving, emanation, espionage, ethernet meltdown, exploit, exploitable channel, failed logon, failure access, fault, flaw, foe, fork bomb, fraud, generic threat, hackers, hoax, hybrid threat, inappropriate usage, incident, incomplete parameter checking, infection, information systems security, information systems security engineering, information warfare, inside threat, insider, intelligent threat, intercept, leakage, letterbomb, loophole, lurking, macro virus, mailbomb, malicious applets, malicious code, malicious intruder, malicious program, memory scavenging, mission needs statement, mockingbird, nations, outside threat, outside(r) threat, passive threat, password cracker, perceived collection threat, phage, phishers, phracker, phreaker, piggyback entry, promiscuous mode, prowler, pseudo-flaw, psychological operations, residual risk, retro-virus, salami technique, security breach, security environment threat list, security flaw, security threat, security violation, snake oil, snarf, sneaker, sniffing, spam, spammers, stealth probe, strengths, weaknesses, opportunities, threats, surreptitious entry, suspicious contact, technical threat analysis, technology gap, terrorists, threat action, threat agent, threat analysis, threat assessment, threat consequence, threat event, threat monitoring, threat scenario, threat shifting, threat source, time bomb, trap, trapdoor, troll, unauthorized access, unlimited network analyzer, vulnerability, war dialer, war dialing, wedged, zombie,; Related:Common Criteria for Information Technology Security, IS related risk, IT-related risk, OAKLEY, RED team, Tiger, access, access control, adversary, advisory, anonymous login, authorized, blacklist, blue team, computer, computer emergency response team, counterintelligence, counterintelligence assessment, criminal, critical, criticality, damage, defense, disaster plan, easter egg, effectiveness, electronic warfare support, emergency plan, emergency response, enterprise risk management, entity, environment of operation, evaluation assurance, false negative, firewall, foreign, function, graduated security, high impact, hybrid warfare, information, information protection policy, information security, information sharing and analysis center, infrastructure assurance, infrastructure protection, integrity, joint task force-computer network defense, keyed hash, law enforcement sensitive, level of protection, levels of concern, likelihood of occurrence, malicious, moderate impact, national computer security assessment program, national intelligence, network, network behavior analysis system, network sniffing, object, one-time passwords, operating system fingerprinting, operation, operations security, operations security process, passive, physical and environmental protection, physical security, port scanner, post-accreditation phase, predisposing condition, privacy protection, product rationale, qualitative risk assessment, radio frequency jamming, remediation, remediation plan, resource starvation, response force, risk analysis, risk assessment, risk identification, risk value, robustness, rogue device, security architecture, security level, security objectives, security policy, security target, signature, situational awareness, sound masking system, special access program, suitability of functionality, suspicious activity report, system, system security authorization agreement, tactical edge, target, technical security policy, terrorism, tiger team, tinkerbell program, total risk, triangulation, web bug,
threat action: IncludedBy:threat,; Related:attack, security, system, threat consequence,
threat agent: IncludedBy:threat,; Related:exploit, information, operation, system, vulnerability,
threat analysis: IncludedBy:analysis, risk analysis, threat,; Related:adversary, countermeasures, identify, information, operation, security, system, vulnerability,
threat assessment: IncludedBy:assessment, threat,; Related:countermeasures, damage, evaluation, identification, information, intelligence, process, system,
threat consequence: IncludedBy:risk management, threat,; Includes:corruption, cryptanalysis, deception, deliberate exposure, disruption, emanations analysis, exposures, false denial of origin, false denial of receipt, falsification, hardware or software error, human error, incapacitation, inference, insertion, interception, interference, intrusion, malicious logic, masquerade, misappropriation, misuse, natural disaster, obstruction, overload, penetration, physical destruction, repudiation, reverse engineering, scavenging, signals analysis, spoof, substitution, tamper, theft, theft of data, theft of functionality, theft of service, traffic analysis, trespass, usurpation, violation of permissions, wiretapping,; Related:access control, attack, encryption, security violation, threat action,
threat event: IncludedBy:threat,; Related:analysis,
threat monitoring: IncludedBy:risk management, threat,; Includes:audit trail,; Related:analysis, assessment, audit, information, system,
threat scenario: IncludedBy:threat,
threat shifting: IncludedBy:threat,; Related:control, security,
threat source: IncludedBy:threat,; Related:target, vulnerability,
threshold
thumbprint: IncludedBy:biometric authentication,; Related:hash,
ticket: IncludedBy:credentials, third party trusted host model,; Related:access, access control, certificate, control, cryptography, entity, identity, key, model, passwords, resource, system,
ticket-oriented: Antonym:list-oriented,; IncludedBy:authorization,; Includes:object, subject,; Related:access, access control, authorized, computer, system,
tier 1
tier 2
Tiger: IncludedBy:security software,; Related:software, system, threat,
tiger team: Related:attack, computer, officer, security, security testing, sneaker, system, test, threat,
time bomb: IncludedBy:threat,; Related:authorized, code, computer, logic bombs, malicious, program,
time compliance data
time division multiple access: IncludedBy:access, security,
time stamp: Includes:time-stamp requester, time-stamp token, time-stamp verifier, time-stamping authority, time-stamping service, trusted time stamp, trusted time stamping authority,
time variant parameter: Related:entity, message, random,
time-and-materials contract: Related:users,
time-compliance date: Related:communications security, operation,
time-dependent password: IncludedBy:passwords,
time-stamp requester: IncludedBy:time stamp,; Related:authority, entity, trust,
time-stamp token: IncludedBy:time stamp, tokens,; Related:backup, cryptographic, cryptography,
time-stamp verifier: IncludedBy:time stamp,; Related:entity, process, trust, verification,
time-stamping authority: IncludedBy:authority, time stamp,; Related:evidence, trust,
time-stamping service: IncludedBy:time stamp,; Related:evidence, signature, test, validation,
time-to-recover
timing attacks: IncludedBy:attack,; Related:access, access control, computer, operation, process,
timing channel: HasPreferred:covert channel,
tinkerbell program: IncludedBy:program, security software,; Related:connection, login, network, threat,
to-be-process model: IncludedBy:model, process,; Related:business process, function,
TOE resource: IncludedBy:resource, target of evaluation,
TOE security functions: IncludedBy:function, object, resource, security attribute, target of evaluation,; Includes:TOE security functions interface, TSF data, TSF scope of control, inter-TSF transfers, secret, strength of function, transfers outside TSF control, trusted path, user data,; Related:policy, software, trusted channel,
TOE security functions interface: IncludedBy:TOE security functions, function, interface, target of evaluation,; Related:access, access control, application, information, program, resource,
TOE security policy: IncludedBy:policy, security policy, target of evaluation,; Includes:object, trusted path,; Related:target,
TOE security policy model: IncludedBy:model, policy, security, target of evaluation,
token authenticator: Related:control, message, protocols,
token backup: IncludedBy:availability, backup, tokens,; PreferredFor:card backup,; Related:damage, information, operation,
token copy: IncludedBy:tokens,; Related:information, key, operation, security,
token device: IncludedBy:tokens,; Related:identification, information,
token management: IncludedBy:tokens,; Related:availability, backup, certificate, control, function, key, key management, operation, process, security, users,
token restore: IncludedBy:tokens,; Related:operation, security,
token storage key: IncludedBy:key, tokens,; Related:cryptography, security,
tokens: IncludedBy:Secure Electronic Transaction, key,; Includes:NRD token, NRO token, NRS token, NRT token, authentication token, cryptographic card, cryptographic token, dongle, hash token, identity token, key token, non-repudiation token, notarization token, personal identity verification card, security token, smartcards, time-stamp token, token backup, token copy, token device, token management, token restore, token storage key,; PreferredFor:hardware token,; Related:3-factor authentication, Europay, MasterCard, Visa, Fortezza, Generic Security Service Application Program Interface, PKCS #11, X.509, access, access control, authentication, capability, card initialization, card personalization, cardholder certificate, cardholder certification authority, certificate, challenge/response, class 2, 3, 4, or 5, computer, control, cryptographic, cryptographic ignition key, domain parameter, encryption, entity, function, identity, information, message, notary, object, passwords, personal security environment, process, program, protocols, public-key, public-key infrastructure, registration authority, resource, secret, security, social engineering, system, technology, users, validate, witness,
tolerable error
toluene: Related:damage,
tool: IncludedBy:target of evaluation,; Related:target,
top CA: IncludedBy:public-key infrastructure,; Related:certification, trust,
TOP SECRET: IncludedBy:classification levels,; Related:authorized, damage, security,
top-level certification: IncludedBy:certification,; Related:availability, confidentiality, integrity, system,
top-level security objectives: IncludedBy:object, security, top-level specification,
top-level specification: IncludedBy:development process,; Includes:descriptive top-level specification, formal top-level specification, top-level security objectives,; Related:function, model, requirements, security, system,
topical areas: Related:control, object,
topology: Related:flow, information, network,
total quality management: IncludedBy:quality,; Related:business process, process,
total risk: IncludedBy:risk,; Related:system, threat, vulnerability,
trace a correspondence
trace packet: Related:control, network, system,
traceability: Related:attack, process,
traceroute: IncludedBy:internet,; Related:computer, information, operation,
tracking cookie: Related:computer, file, profile, users,
tradecraft identity: IncludedBy:identity,
traditional INFOSEC program: IncludedBy:program,; Related:authorized, development,
traffic analysis: IncludedBy:analysis, threat consequence,; Related:adversary, attack, cipher, communications, cryptography, encryption, flow, information, intelligence, system, traffic flow confidentiality, traffic padding, users,
traffic encryption key: IncludedBy:encryption, key,; Related:cipher,
traffic flow confidentiality: IncludedBy:confidentiality, flow,; Related:analysis, traffic analysis,
traffic load: Related:message, network,
traffic padding: Related:communications, cryptography, message, traffic analysis,
traffic-flow security: IncludedBy:flow, security,; Related:communications, cryptographic system, cryptography, message, system,
trailer: Related:message,
training (information security): IncludedBy:security,
training assessment: Related:evaluation,
training effectiveness
training effectiveness evaluation: IncludedBy:evaluation,; Related:security,
tranquility: IncludedBy:Bell-LaPadula security model,; Includes:object,; Related:model, process, property, security,
tranquility property: HasPreferred:Bell-LaPadula security model,
transaction: IncludedBy:database management system,; Includes:subject,; Related:access, access control, computer, information,
transaction file: IncludedBy:file,; Related:network, process,
transaction intermediary: Related:entity, trust,
transfer device: Related:network,
transfer time: Related:network, system,
transferred records
transfers outside TSF control: IncludedBy:TOE security functions, control, target of evaluation,
transmission: Related:authorized, classified, information, integrity, network,
transmission control protocol: IncludedBy:control, internet, protocols,; Related:application, computer, computer network, connection, network, standard, system,
transmission control protocol/internet protocol: IncludedBy:control, internet, protocols,
transmission medium: Related:network,
transmission security: IncludedBy:security,; Related:analysis, application, communications, communications security, confidentiality, control, information, network, telecommunications,
transmission security key: IncludedBy:key, security,
transport: Related:cryptographic, domain, key, process,
transport layer security: IncludedBy:internet, security,; Related:Transport Layer Security Protocol, application, authentication, protocols, secure socket layer, version,
Transport Layer Security Protocol: IncludedBy:protocols, security protocol,; Related:encryption, standard, transport layer security,
transport mode: Related:internet protocol security, internet security protocol,
transport mode vs. tunnel mode: IncludedBy:internet protocol security, tunnel,; Related:association, communications, gateway, internet security protocol, protocols,
transportation: IncludedBy:critical infrastructures,; Related:critical, role, security, system,
transportation plan: Related:classified,
transshipping activity
trap: IncludedBy:threat,; Related:fault, message, security software,
trapdoor: IncludedBy:threat,; Related:access, access control, algorithm, attack, authorized, code, computer, control, cryptographic, cryptography, entity, function, information, key, message, program, random, security, software, system,; Synonym:backdoor,
trashing: HasPreferred:dumpster diving,
tree diagram
trespass: IncludedBy:threat consequence,; Related:access, access control, authorized, system,
tri-homed: IncludedBy:homed,; Related:attack, compromise, interface, security,
tri-service tactical communications system: IncludedBy:communications, system,
triangulation: Related:identify, threat,
trigger: Related:file, program, users, virus,
triple DES: Related:algorithm, cipher, digital signature, encryption, internet protocol security, internet security protocol, key, signature,
Tripwire: IncludedBy:security software,; Related:file, identify, information, software, system,
trojan horse: IncludedBy:exploit, malicious code,; Includes:virus,; Related:access, access control, attack, authorization, authorized, code, computer, entity, file, function, information, integrity, internet, malicious, process, program, security, software, system, users, vulnerability, worm,
troll: IncludedBy:threat,; Related:message, response,
trunk
trunk encryption device: IncludedBy:encryption,
trust: Includes:Canadian Trusted Computer Product Evaluation Criteria, DoD Trusted Computer System Evaluation Criteria, Trusted Computer System Evaluation Criteria, Trusted Network Interpretation Environment Guideline, Trusted Products Evaluation Program, Trusted Systems Interoperability Group, bilateral trust, certification authority, confidence, directly trusted CA, directly trusted CA key, hierarchy of trust, least trust, session key, third party trusted host model, trust anchor, trust anchor store, trust chain, trust hierarchy, trust level, trust list, trust relationship, trust-file PKI, trusted agent, trusted certificate, trusted facility manual, trusted foundry, trusted functionality, trusted identification forwarding, trusted key, trusted network interpretation, trusted operating system, trusted platform module chip, trusted process, trusted recovery, trusted third party, trusted time stamp, trusted time stamping authority, trustworthiness, trustworthy system, tunneling router, untrusted process, virtual network perimeter, web of trust,; Related:Biba model, Common Criteria for Information Technology Security, Federal Criteria for Information Technology Security, IA-enabled information technlogogy product, IA-enabled product, Internet Architecture Board, Internet Engineering Steering Group, Internet Society, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, National Computer Security Center glossary, Orange book, PKIX, Red book, X.509, Yellow book, accountability, accreditation, accreditation authority, accreditation range, adjudication, algorithm, analysis, assured software, attribute authority, audit, authentic signature, authentication, authenticity, authority, authorization, binding, certificate policy, certificate status authority, certificate status responder, certificate validation, certification, certification authority workstation, certification path, certification practice statement, clean system, clearance, code, common security, component, compromise, controlled access protection, credential service provider, credentials service provider, criteria, cross-certificate, cryptographic product, data integrity, delivery authority, demilitarized zone, derogatory information, descriptive top-level specification, digital notary, domain modulus, dominated by, endorsed tools list, enterprise risk management, entity, escrow, evaluated products list, evidence, evidence requester, external it entity, foreign interest, foreign person, function, guard, identity, information, information assurance, information sharing environment, integrity, inter-TSF transfers, internal vulnerability, kerberos, key, key distribution center, key generation exponent, key recovery, key translation centre, key-escrow, key-escrow system, labeled security protections, mandatory access control, mesh PKI, minimum background investigation, modes of operation, monitor, multilevel device, multiple facility organization, multiple security levels, mutual suspicion, network component, non-repudiation service, notarization, notary, path discovery, penetration testing, personal security environment, personalization service, personnel security, personnel security determination, personnel security program, personnel security questionnaire, policy, privileged process, privileged user, process, public-key certificate, public-key infrastructure, recover, registration authority, repository, responsible individual, role, root, root certification authority, sandboxing, secure hypertext transfer protocol, security assertion markup language, security clearance, security evaluation, security filter, security gateway, security kernel, security perimeter, security policy model, security zone, security-compliant channel, sensitivity label, single sign-on, single-level device, social engineering, software-based fault isolation, source integrity, source program, spoofing, system, system-high security mode, technical policy, time-stamp requester, time-stamp verifier, time-stamping authority, top CA, transaction intermediary, tunneled VPN, unfavorable personnel security determination, users, valid certificate, validate, validate vs. verify, validation, web vs. Web,
trust anchor: IncludedBy:trust,; Related:certification, key, public-key, security, software,
trust anchor store: IncludedBy:trust,
trust chain: IncludedBy:trust,; Related:certification, public-key infrastructure,
trust hierarchy: IncludedBy:trust,; Related:certification, public-key infrastructure, standard,
trust level: IncludedBy:classification levels, trust,; Related:analysis, computer, security, standard, system,
trust list: IncludedBy:trust,
trust relationship: IncludedBy:trust,; Related:access, access control, domain, resource,
trust-file PKI: IncludedBy:file, public-key infrastructure, trust,; Related:application, certificate, certification, key, public-key, software, users,
trusted agent: IncludedBy:trust,; Related:authorized, certification, entity, identification, interface, process, registration,
trusted certificate: IncludedBy:certificate, trust,; Related:certification, file, key, public-key, security testing, test, users, validation,
trusted channel: IncludedBy:channel, trusted computing base,; Related:TOE security functions, confidence, function, information, integrity, operation, policy, privacy, security, software,; Synonym:security-compliant channel,
trusted computer system: IncludedBy:National Computer Security Center, computer, system, trusted computing base,; Includes:beyond A1,; Related:accreditation, accreditation range, assurance, classified, evaluated products list, information, integrity, network component, process, security policy model, software, trusted network interpretation,; Synonym:trusted computing system, trusted operating system,
Trusted Computer System Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer, criteria, evaluation, system, trust,; Includes:rainbow series, trusted computing base,; Related:assurance, classified, computer security, control, process, requirements, security, software, standard,
trusted computing base: IncludedBy:Trusted Computer System Evaluation Criteria, protection profile,; Includes:NTCB partition, TCB subset, access control, candidate TCB subset, dependency, depends, exploitable channel, formal security policy model, global requirements, granularity of a requirement, local requirements, monolithic TCB, network trusted computing base, output, primitive, protection-critical portions of the TCB, reference validation mechanism, scope of a requirement, subset-domain, target of evaluation, trusted channel, trusted computer system, trusted computing system, trusted distribution, trusted gateway, trusted path, trusted software, trusted subject,; Related:authorized, computer, policy, security, software, system, users,
trusted computing system: IncludedBy:security, system, trusted computing base,; Related:assurance, confidence, security software,; Synonym:trusted computer system,
trusted distribution: IncludedBy:trusted computing base,; Related:software, update,
trusted facility manual: IncludedBy:trust,
trusted foundry: IncludedBy:trust,; Related:assurance, classified, tamper,
trusted functionality: IncludedBy:function, security policy, trust,; Related:criteria, policy,
trusted gateway: IncludedBy:Common Criteria for Information Technology Security Evaluation, firewall, gateway, trusted computing base,; Related:access, access control, application, communications, criteria, information, internet, resource, risk, software, system,
trusted identification forwarding: IncludedBy:identification, trust,; Related:access, access control, authorized, connection, information, network, operation, system, users, validate,
trusted key: IncludedBy:key, trust,; Related:certificate, certification, file, public-key, public-key infrastructure, users,
trusted network interpretation: IncludedBy:network, trust,; Related:assurance, computer, computer security, criteria, evaluation, requirements, security, system, trusted computer system,
Trusted Network Interpretation Environment Guideline: IncludedBy:network, trust,
trusted operating system: IncludedBy:system, trust,; Related:requirements, security,; Synonym:trusted computer system,
trusted path: IncludedBy:TOE security functions, TOE security policy, trusted computing base,; Related:communications security, computer, confidence, cryptographic, cryptography, evaluation, function, information, module, policy, process, software, system, target, users,
trusted platform module chip: IncludedBy:module, trust,; Related:computer, cryptographic, information, key, operation, tamper,
trusted process: Antonym:untrusted process,; IncludedBy:process, security policy, trust,; Related:attack, malicious, network, policy, risk, router, system, test,
Trusted Products Evaluation Program: IncludedBy:evaluation, program, trust,
trusted recovery: IncludedBy:recovery, trust,; Related:compromise, system,
trusted software: IncludedBy:software, trusted computing base,
trusted subject: IncludedBy:Bell-LaPadula security model, security policy, subject, trusted computing base,; Includes:object,; Related:access, access control, information, model, policy, property,
Trusted Systems Interoperability Group: IncludedBy:interoperability, system, trust,; Related:computer, users,
trusted third party: IncludedBy:trust,; Related:authentication, authority, public-key infrastructure, security,
trusted time stamp: IncludedBy:time stamp, trust,; Related:authority, information,
trusted time stamping authority: IncludedBy:authority, time stamp, trust,; Related:evidence,
trustworthiness: IncludedBy:trust,; Related:security,
trustworthy system: IncludedBy:system, trust,; Related:availability, computer, function, intrusion, operation, security, software,
TSEC: Related:security,
TSEC nomenclature: Related:communications security, identify, system,
TSF data: IncludedBy:TOE security functions, target of evaluation,; Related:operation,
TSF scope of control: IncludedBy:TOE security functions, control, target of evaluation,; Related:subject,
TTY watcher: IncludedBy:attack,; Related:interface, terminal hijacking,
tuning: Related:intrusion, intrusion detection, system,
tunnel: IncludedBy:Secure Electronic Transaction, internet,; Includes:Layer 2 Tunneling Protocol, point-to-point tunneling protocol, transport mode vs. tunnel mode, tunnel mode, tunneled VPN, tunneled password protocol, tunneling, tunneling attack, tunneling router,; Related:SET private extension, algorithm, authentication header, communications, computer, computer network, encapsulating security payload, encryption, gateway, message, network, protocols, public-key infrastructure, secure shell, security association, virtual private network,
tunnel mode: IncludedBy:internet protocol security, tunnel,; Related:internet security protocol,
tunneled password protocol: IncludedBy:passwords, protocols, tunnel,; Related:certificate, cryptographic, key, public-key,
tunneled VPN: IncludedBy:tunnel, virtual private network,; Related:network, trust,
tunneling: IncludedBy:tunnel, virtual private network,; Related:connection, message, network, protocols, technology,
tunneling attack: IncludedBy:attack, tunnel,; Related:system,
tunneling router: IncludedBy:router, security, trust, tunnel,; Related:network, system,
turnaround time: Related:availability, function,
twisted-pair wire
two-part code: IncludedBy:code,; Related:system,
two-person control: IncludedBy:control,; Related:authorized, cryptography, process, requirements, security, system,
two-person integrity: IncludedBy:integrity,; Related:access, access control, authorized, communications security, key, security, system,
Type 1 key: IncludedBy:key,; Related:classified, cryptographic, information, security,
type 1 products: Related:algorithm, classified, cryptographic, information, key, process, security, subject, system, users,
Type 2 key: IncludedBy:key,; Related:classified, cryptographic, information, security,
type 2 product: Related:algorithm, classified, cryptographic, information, key, process, security, system,
type 3 key: IncludedBy:key,; Related:classified, cryptographic, information,
type 3 product: Related:algorithm, assurance, classified, cryptographic, information, key, module, standard, system,
Type 4 key: IncludedBy:key,; Related:cryptographic, function,
Type 4 product: Related:algorithm, cryptographic,
type accepted telephone: Related:security,
type accreditation: IncludedBy:accreditation,; Related:application, operation, requirements, software, system,
type certification: IncludedBy:certification,; Related:accreditation, evaluation, information, process, requirements, security, system,
Type I cryptography: IncludedBy:cryptography,; Related:National Security Agency, algorithm, classified, cryptographic, information,
Type II cryptography: IncludedBy:cryptography,; Related:National Security Agency, algorithm, classified, code, cryptographic, information,
Type III cryptography: IncludedBy:cryptography,; Related:algorithm, cryptographic, information, process, standard,
type time: Related:computer, users,
U.S. citizen: HasPreferred:United States citizen,
U.S. person: Related:United States citizen, United States national, association, control, foreign,
U.S.-controlled facility: IncludedBy:control,; Related:access, access control, authorized,
U.S.-controlled space: IncludedBy:control,; Related:access, access control, authorized, key,
umbrella special access program: IncludedBy:access,
unacknowledged special access program: IncludedBy:access,; Related:classified, compromise, risk, vulnerability,
unauthorized access: IncludedBy:access, authorized, threat,; Related:SOCKS, access control mechanisms, access control service, adequate security, application, between-the-lines-entry, computer intrusion, computer security intrusion, covert channel analysis, data compromise, failure access, fetch protection, file protection, firewall, information systems security, intrusion, intrusion detection tools, major application, malicious logic, motivation, network security, penetration, physical and environmental protection, physical security, piggyback, piggyback entry, probe, procedural security, protected network, resource, security compromise, security incident, security violation, segregation of duties, sensitive information, signature, system, vulnerability,
unauthorized disclosure: IncludedBy:authorized, risk,; Related:access, classified, exposures, information,
unauthorized person: IncludedBy:authorized,; Related:access, classified,
unclassified: IncludedBy:classified,; Related:authorized, information,
unclassified controlled nuclear information: IncludedBy:classified,; Related:authorized, illegal, theft,
unclassified internet protocol router network: IncludedBy:classified, network,; Related:access, users,
unclassified sensitive: IncludedBy:classified,; Related:access, authorized, foreign, privacy, sensitive but unclassified information,
unconventional warfare: IncludedBy:warfare,; Related:intelligence, version,
under sea warfare: IncludedBy:warfare,; Related:control, system,
undercover operation: Related:identity,
underflow: IncludedBy:flow,
undesired signal data emanations: IncludedBy:emanations security, risk,
unencrypted: Related:encryption,
unfavorable administrative action: Related:security,
unfavorable personnel security determination: IncludedBy:security,; Related:access, authorization, classified, trust,
unforgeable: Related:authorized, certificate, cryptographic, cryptography, digital signature, fraud, function, key, property, public-key, public-key infrastructure, signature, users,
unified network: IncludedBy:network,; Related:security, users,
uniform resource identifier: IncludedBy:internet, resource,; Related:identification, identify, object, protocols, target,
uniform resource locator: IncludedBy:internet, resource,; Related:access, access control, archive, domain, file, information, object, protocols,
uniform resource name: IncludedBy:internet, resource,; Related:availability,
unilateral authentication: IncludedBy:authentication,; Related:assurance, attack, entity, identity, mutual authentication, vulnerability,
uninterruptible power supply: Related:failure,
unique interswitch rekeying key: IncludedBy:key, rekey,
unit: Related:code, computer, program, software, test,
unit of transfer: Related:application, association, bit forwarding rate, connection, establishment, firewall, revoked state, security, test, users,
unit testing: IncludedBy:security testing, test,; Related:software,
United States
United States and its Territorial Areas
United States citizen: PreferredFor:U.S. citizen,; Related:U.S. person, United States national, alien, cleared escort, dual citizen, foreign contact, guard, limited access authorization, nations, random procurement, site security manager,
United States national: PreferredFor:National of the United States,; Related:U.S. person, United States citizen, foreign,
unlimited network analyzer: IncludedBy:network, threat,
unprotected network: Antonym:protected network,; IncludedBy:demilitarized zone, firewall, network,; Related:access, access control, control, policy, ruleset, users,
unscheduled records
unsigned data: Related:authentication,
untrusted process: Antonym:trusted process,; IncludedBy:process, risk, trust,; Related:code, malicious, operation, policy, system,
update (a certificate): Related:authorization,
update (key): IncludedBy:key,
update: Includes:certificate update, key update, update access,; Related:Advanced Mobile Phone Service, Internet Draft, OAKLEY, X.509 certificate revocation list, accreditation phase, certificate management, certificate rekey, certificate renewal, issuing authority, key, patch, process, push technology, real-time system, rolling cost forecasting technique, router flapping, security event, software release, systems software, trusted distribution, validation service,
update access: IncludedBy:access, update,; Related:program, software,
updating: Related:communications security, cryptographic, cryptography, key, process, system,
upgrade: Related:authorized, classified, security,
upload: Related:computer, file, process,
US-CERT: Related:attack, cyberspace, security,
usage security policy: IncludedBy:policy, security policy,
USENET: IncludedBy:internet,; Related:access, connection, system,
user agent: IncludedBy:users,
user data: IncludedBy:TOE security functions, users,; Related:operation,
user data protocol: IncludedBy:internet, protocols, users,; PreferredFor:user datagram protocol,; Related:application, communications, computer, control, flow, network, program, standard,
user datagram protocol: HasPreferred:user data protocol,; IncludedBy:users,
user documentation: IncludedBy:target of evaluation, users,; Related:information, target,
user id: IncludedBy:users,; Includes:group user id,; Related:computer, identify, system,; Synonym:user identifier,
user id revalidation: IncludedBy:users, validation,; Related:process,
user identification: IncludedBy:users,
user identifier: IncludedBy:users,; Related:authentication, identify, passwords, process, system,; Synonym:user id,
user initialization: Related:software,
user interface: IncludedBy:interface, users,; Related:computer, key,
user interface system: IncludedBy:interface, system, users,
user partnership program: IncludedBy:program, users,; Related:application, authorization, cryptography, development, information, security, system,
user PIN: IncludedBy:multilevel information systems security initiative, users,; Related:Fortezza, access, access control, control, function, identification,
user profile: IncludedBy:file, profile, risk management, users,
user registration: Related:security,
user representative: IncludedBy:users,; Related:authorized, communications security, information, interface, key, operation, process, requirements, security, system,
user-PIN ORA: IncludedBy:multilevel information systems security initiative, users,; Related:Fortezza, function,
users: IncludedBy:accountability, data source, security-relevant event,; Includes:MISSI user, access control, authorization, authorized user, certificate user, closed user group, directory user agent, end-user, end-user computing, graphical-user interface, group of users, human user, key management user agent, multiuser mode of operation, privileged user, remote authentication dial-in user service, security features users guide, stand-alone, single-user system, superuser, user PIN, user agent, user data, user data protocol, user datagram protocol, user documentation, user id, user id revalidation, user identification, user identifier, user interface, user interface system, user partnership program, user profile, user representative, user-PIN ORA,; PreferredFor:customer,; Related:Advanced Mobile Phone Service, American National Standards Institute, Defense Information Infrastructure, Defense Information Systems Network, Directory Access Protocol, Gypsy verification environment, IP splicing/hijacking, IT security incident, IT security policy, IT security support functions, Identification Protocol, Integrated services digital network, Internet Protocol Security Option, Key Management Protocol, Layer 2 Forwarding Protocol, OAKLEY, OSI architecture, PHF hack, POP3 APOP, Password Authentication Protocol, S/Key, SSO PIN, SSO-PIN ORA, Sensitive Information Computer Security Act of 1987, Simple Authentication and Security Layer, Trusted Systems Interoperability Group, X.500 Directory, X.509 certificate revocation list, abuse of privilege, acceptable use policy, acceptance criteria, acceptance testing, access, access category, access control lists, access level, access profile, access type, access with limited privileges, accreditation boundary, active wiretapping, administrative account, anomaly, anomaly detection, anomaly detection model, anonymity, anonymous, anonymous login, application, application program interface, application server attack, architecture, assurance, attack, attribute certificate, audit trail, authenticate, authentication, authentication code, authentication data, authentication mechanism, authenticity, authority, automated logon sequences, automatic log-on, availability, availability of data, backdoor, bastion host, benchmark, between-the-lines-entry, biometric measurement, biometric system, blacklist, boundary, browse access protection, capture, cardholder, certificate, certificate policy, certificate revocation, certificate revocation list, certificate status responder, certificate validation, certification, certification authority, certification hierarchy, certification path, certification practice statement, chain letter, challenge/response, classification levels, client, client server, cloud computing, cold start, command authority, community of interest, compartmented mode, compromised key list, computer, computer cryptography, concurrency control, concurrent connections, confidentiality, connection, connection maintenance, console, console logon, consumers, content filtering, control, controlled access protection, controlled security mode, corporate security policy, correctness, crack, critical, cross-certification, cryptographic token, cybersecurity, data driven attack, data integrity service, database management system, dedicated mode, dedicated security mode, default account, denial-of-service, device registration manager, dial-up capability, dictionary attack, direct shipment, disaster recovery, discretionary access control, documentation, domain, domain name system, ease of use, electrical power systems, electronic authentication, electronic key entry, email packages, email security software, encapsulation, encryption software, energy-efficient computer equipment, enterprise service, entity, environment, ethernet sniffing, executive state, external system exposure, extranet, failed logon, false acceptance, false acceptance rate, federated identity, federation, file, firewall, fishbowl, frame relay, framing, frequency division multiple access, general support system, gopher, granularity of a requirement, group, guard, hackers, handshaking procedures, hijacking, hoax, honeypot, host, hyperlink, identification, identification and authentication, identification authentication, identity, identity credential, identity credential issuer, identity validation, identity-based security policy, impersonation, independent validation and verification, individual accountability, individual electronic accountability, information, information security, information systems security, integrity policy, intelligence cycle, interface, interference, internal subject, internet, internet vs. Internet, intranet, issue, kerberos, key, key center, key management device, key management infrastructure, keys used to encrypt and decrypt files, keystroke monitoring, leapfrog attack, least privilege, local authority, local logon, local management device/key processor, local-area network, logging, logical access, logical access control, logical perimeter, login prompt, major application, malicious logic, mandatory access control, masquerading, mass-market software, mesh PKI, message handling system, min-entropy, mobile code, mockingbird, mode of operation, modes of operation, multi-releasable, multilevel mode, multilevel secure, multilevel security mode, multiple access rights terminal, national information assurance partnership, national information infrastructure, natural benchmark, network, network component, network services, no-PIN ORA, node, non-discretionary security, non-organizational user, office information system, officer, on-demand scanning, open system environment, operations manager, organizational maintenance, organizational registration authority, owner, packet filter, partitioned security mode, password-locked screensaver, passwords, patch management, peer-to-peer communication, penetration test, penetration testing, periods processing, persistent cookie, personal identification number, personality label, personnel registration manager, phishing, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, policy, policy creation authority, portability, primary services node (prsn), privacy, privacy programs, private key, privileged access, privileged accounts, probe, process, profile, program, programmable logic controller, protection ring, protocol analyzer, proxy, proxy server, public-key, public-key certificate, public-key cryptography, public-key infrastructure, push technology, quality, rapid application development, registration authority, relying party, remote access, remote login, remote logon, repository, requirements, resource, responsibility to provide, risk index, role, root, rule-based security policy, scope of a requirement, secrecy policy, secret, secure data device, secure shell, secure socket layer, security architecture, security attribute, security banner, security concept of operations, security domain, security features, security level, security policy, security testing, security violation, security-relevant change, sensitive, session hijack attack, shared account, single sign-on, site information assurance manager, smartcards, sniffer, social engineering, software product, software requirement, specialized boundary host, spoof, spoofing, spyware, stand-alone, shared system, subject, subject security level, subordinate certification authority, system, system administrator, system files, system high mode, system integrity, system owner, system requirement, system resources, system security officer, system-high security mode, tactical edge, target of evaluation, technical attack, technical vulnerability, technological attack, telecommunications, term rule-based security policy, terminal hijacking, test, test cycle, think time, time-and-materials contract, token management, tokens, tracking cookie, traffic analysis, trigger, trojan horse, trust, trust-file PKI, trusted certificate, trusted computing base, trusted identification forwarding, trusted key, trusted path, type 1 products, type time, unclassified internet protocol router network, unforgeable, unified network, unit of transfer, unprotected network, validate vs. verify, vendor, verification, virtual private network, virus, virus-detection tool, vulnerability, web bug, weblinking, wide-area network, wiki, workstation, world wide web, worm,
usurpation: IncludedBy:threat consequence,; Related:authorized, control, entity, function, system,
UTCTime: Related:GeneralizedTime, coordinated universal time,
utility: IncludedBy:critical infrastructures,; Related:program,
utility programs: IncludedBy:program,; Related:computer, file, operation, software, system,
v1 certificate: IncludedBy:certificate,; Related:X.509, key, public-key, version,
v1 CRL: IncludedBy:public-key infrastructure,; Related:X.509, certificate, version,
v2 certificate: IncludedBy:certificate,; Related:X.509, key, public-key, version,
v2 CRL: IncludedBy:public-key infrastructure,; Related:X.509, certificate, version,
v3 certificate: IncludedBy:certificate,; Related:X.509, key, public-key, version,
vaccines: IncludedBy:security software,; Related:program, signature, virus-detection tool,
valid certificate: IncludedBy:certificate,; Related:backup, trust, validate,
valid data element
valid signature: IncludedBy:signature,; Related:certificate, digital signature, public-key infrastructure, validate,
validate: Includes:corroborate, validate vs. verify, validated products list,; Related:algorithm, application, authenticate, authority revocation list, cardholder certificate, certificate, certificate revocation list, certificate validation, certification authority, certification path, circuit level gateway, cross-certification, cryptographic, domain, identity credential issuer, identity proofing, key, non-repudiation, non-repudiation information, pre-authorization, process, public-key, public-key infrastructure, registration, security, suspicious event, test, tokens, trust, trusted identification forwarding, valid certificate, valid signature, validation, verifier, web of trust,
validate vs. verify: IncludedBy:National Institute of Standards and Technology, validate,; Related:authentication, backup, certificate, certification, cryptographic, cryptography, digital signature, entity, evidence, identification, identity, information, internet, key, module, process, public-key, public-key infrastructure, security, signature, system, test, trust, users, validation, verification, verification and validation,
validated products list: IncludedBy:national information assurance partnership, validate,; Related:authority, certificate, criteria, evaluation, information, validation,
validation: IncludedBy:development process, evaluation,; Includes:NIAP Common Criteria Evaluation and Validation Scheme, Validation Certificate, certificate chain validation, certificate validation, conformant validation certificate, data validation, evaluation and validation scheme, identity validation, independent validation and verification, key validation, path validation, reference validation mechanism, software verification and validation, target vulnerability validation techniques, user id revalidation, validation report, validation service, verification and validation,; Related:Common Criteria Testing Laboratory, Common Criteria Testing Program, IT Security Evaluation Criteria, IT Security Evaluation Methodology, NIAP Oversight Body, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, application, application controls, assurance, authentication, certificate, certification hierarchy, designated, designated laboratories list, designating authority, designation policy, evaluation technical report, evidence, extensible markup language, identity management systems, mesh PKI, monitoring and evaluation, physical access control, pre-certification phase, process, program, public-key infrastructure, quality, requirements, response, security, software, standard, system, test, test facility, time-stamping service, trust, trusted certificate, validate, validate vs. verify, validated products list,; Synonym:verification,
Validation Certificate: IncludedBy:Common Criteria Testing Laboratory, certificate, validation,
validation report: IncludedBy:validation,; Related:criteria, evidence,
validation service: IncludedBy:validation,; Related:authority, entity, update,
validity period: IncludedBy:public-key infrastructure,; Related:backup, certificate, key, public-key, subject,
value analysis: IncludedBy:analysis,; Related:quality,
value proposition
value-added: Related:process,
value-added network: IncludedBy:network,; Related:computer, computer network, electronic data interchange, system, version,
valve: Related:flow, system,
variable sampling
variance
variant: Related:code,
vault: Related:access, authorized,
vaulting: Related:availability, backup, computer, computer network, information, process, recovery, risk,
vendor: Related:computer, entity, internet, router, software, system, technology, users,
verification: IncludedBy:development process, evaluation, security testing,; Includes:Gypsy verification environment, domain verification exponent, formal verification, identity verification, independent validation and verification, object, personal identity verification, personal identity verification card, public accreditation verification exponent, public verification key, signature verification, software verification and validation, state delta verification system, system verification, verification and validation, verification function, verification key, verification procedure refinements, verification process, verification techniques,; Related:PIV issuer, PKIX private extension, Terminal Access Controller Access Control System, access, access control, analysis, application, assessment, asymmetric cryptographic technique, asymmetric keys, asymmetric signature system, audit, authentication, binding, biometric system, cardholder certification authority, certification phase, certify, code, comparisons, component, computing security methods, control, correctness, cryptographic key, data integrity service, data origin authentication, digital signature, dual signature, endorsed tools list, entity, formal development methodology, formal proof, formal top-level specification, identification, identity, identity management systems, information, integrity, key, model, non-repudiation policy, policy, pre-certification phase, private accreditation exponent, process, public-key, public-key certificate, public-key derivation function, public-key system, requirements, security certification level, signature system, software, symmetric cryptography, system, test, time-stamp verifier, users, validate vs. verify, verified name, verifier,; Synonym:validation,
verification and validation: IncludedBy:validation, verification,; Related:process, requirements, software, system, validate vs. verify,
verification function: IncludedBy:function, verification,; Related:key, process,
verification key: IncludedBy:key, verification,; Related:cryptographic, entity, process, signature,
verification procedure refinements: IncludedBy:verification,; Related:operation, system,
verification process: IncludedBy:process, verification,; Related:domain, key, message, signature,
verification techniques: IncludedBy:verification,; Related:control, process, requirements, security,
verified name: Related:entity, identity, verification, verifier,
verifier: Related:authentication, control, entity, evidence, function, identity, man-in-the-middle attack, protocols, validate, verification, verified name, zero-knowledge password protocol,
verifier impersonation attack: IncludedBy:impersonation,; Related:authentication, information, protocols,
version: Includes:Internet Message Access Protocol, version 4, Post Office Protocol, version 3, common criteria version 1.0, common criteria version 2.0, conversion, subversion, version scanning,; Related:COMSEC equipment, Common Criteria for Information Technology Security, European Information Technology Security Evaluation Criteria, Federal Criteria Vol. I, IP address, Internet Engineering Task Force, Key Management Protocol, MD5, X.509 attribute certificate, X.509 authority revocation list, X.509 certificate revocation list, X.509 public-key certificate, banner grabbing, baseline, business areas, community string, compromise, controlled security mode, encryption, encryption algorithm, error, function, host-based security, internet protocol, internet protocol security, laptop computer, lines of business, non-repudiation service, pilot testing, point-to-point tunneling protocol, preproduction model, proxy server, reverse engineering, secure multipurpose internet mail extensions, secure socket layer, simple network management protocol, software, software build, software release, source data entry, sub-function, test bed configuration, transport layer security, unconventional warfare, v1 CRL, v1 certificate, v2 CRL, v2 certificate, v3 certificate, value-added network, worm,
version scanning: IncludedBy:version,; Related:application, process,
victim: Related:attack,
view: IncludedBy:database management system,
view definition: IncludedBy:database management system,
violation: HasPreferred:security violation,
violation of permissions: IncludedBy:threat consequence,; Related:authorized, entity, function, system,
virtual departments or divisions: Related:information,
virtual machine: Related:software, system,
virtual mall: IncludedBy:world wide web,; Related:internet,
virtual network perimeter: IncludedBy:network, security, trust,
virtual password: IncludedBy:passwords,; Related:requirements,
virtual private network: IncludedBy:internet, key, network, privacy, security protocol,; Includes:point-to-point tunneling protocol, session key, tunneled VPN, tunneling,; Related:assurance, authentication, communications, computer, computer network, control, encryption, extranet, gateway, information, integrity, public-key, resource, system, tunnel, users,
virus: IncludedBy:exploit, malicious code, software, trojan horse,; Includes:antivirus software, antivirus tools, boot sector virus, compiled viruses, file infector virus, interpreted virus, macro virus, multipartite virus, retro-virus, virus definitions, virus hoax, virus scanner, virus signature, virus-detection tool,; Related:access, access control, application, attack, clean system, code, computer, file, infection, logic bombs, malicious, malicious logic, malware, memory resident, obfuscation technique, overwriting, payload, phage, program, push technology, replicator, security label, signature, system, trigger, users, worm,
virus definitions: IncludedBy:virus,; Related:algorithm, countermeasures, malware, signature,
virus hoax: IncludedBy:virus,; Related:message,
virus scanner: IncludedBy:security software, virus,; Related:program, risk, software,; Synonym:virus-detection tool,
virus signature: IncludedBy:attack signature recognition, signature, virus,; Related:application, file, software,
virus-detection tool: IncludedBy:security software, virus,; Related:computer, risk, software, users, vaccines,; Synonym:virus scanner,
vishing: IncludedBy:exploit,; Related:criminal, internet, message, phishing, protocols, security,
vision
volatile memory components
voting securities
vulnerability: Antonym:security software,; IncludedBy:target of evaluation, threat,; Includes:areas of potential compromise, common vulnerabilities and exposures, computer security technical vulnerability reporting program, dangling vulnerability, exploitation, exploitation of vulnerability, implementation vulnerability, internal vulnerability, national vulnerability database, operational vulnerability information, target vulnerability validation techniques, technical vulnerability, technical vulnerability information, vulnerability analysis, vulnerability assessment, vulnerability audit, vulnerability scanning,; Related:IS related risk, IT security incident, IT-related risk, MEI resource elements, RED team, SATAN, TEMPEST, acceptable level of risk, access, access control, acknowledged special access program, active security testing, adversary, analysis, application, assessment, attack, audit, audit/review, authentication, authorization, authorized, availability, blue team, certification agent or certifier, common misuse scoring system, community risk, compromise, computer, computer emergency response team, confidentiality, control, controlled security mode, cost/benefit analysis, countermeasures, critical, critical asset, cross site scripting, cryptosystem evaluation, cyberattack, dangling threat, emergency shutdown controls, exploit, exploit tools, failure, firewall, flow, generic threat, incident, information, information assurance, information assurance product, information security, information sharing and analysis center, information systems security engineering, infrastructure protection, integrity, intelligent threat, kerberos, level of protection, levels of concern, likelihood of occurrence, malicious, mission critical, misuse detection model, national computer security assessment program, network, network service worm, non-technical countermeasure, object, operation, operations security, operations security process, owner, penetration testing, physical security, ping sweep, policy, port scan, privileged, process, program, protocols, qualitative risk assessment, remediation, resource, review techniques, risk analysis, risk assessment, risk identification, risk management, risk value, robustness, rules based detection, security, security audit, security countermeasures, security incident, security threat, software, software assurance, standard, subject, system, system security authorization agreement, target, target identification and analysis techniques, technology, threat agent, threat analysis, threat source, total risk, trojan horse, unacknowledged special access program, unauthorized access, unilateral authentication, users,
vulnerability analysis: IncludedBy:analysis, risk analysis, vulnerability,; Related:adversary, audit, critical, gap analysis, identify, information, security, system,; Synonym:vulnerability assessment,
vulnerability assessment: IncludedBy:assessment, target of evaluation, vulnerability,; Related:adversary, analysis, application, attack, compromise, control, countermeasures, critical, identification, identify, information, process, resource, security, security target, system, target,; Synonym:vulnerability analysis,
vulnerability audit: IncludedBy:audit, vulnerability,; Related:critical, identify, information, process, system,
vulnerability scanning: IncludedBy:vulnerability,
waived special access program: IncludedBy:access,
waiver: IncludedBy:risk management,; Related:IT security, program, requirements,
war dialer: IncludedBy:threat,; Related:communications, computer, program, system, telecommunications, war dialing,
war dialing: IncludedBy:threat,; Related:connection, program, war dialer,
war driving: IncludedBy:exploit,; Related:access, authorized, computer, computer network,
warehouse attack: IncludedBy:attack,; Related:compromise, system,
warfare: Includes:acoustic warfare, antisubmarine warfare, biological warfare, chemical warfare, command and control warfare, directed-energy warfare, electronic warfare, electronic warfare support, guerrilla warfare, hybrid warfare, information warfare, irregular warfare, mine warfare, multinational warfare, naval coastal warfare, naval expeditionary warfare, naval special warfare, nuclear warfare, surface warfare, unconventional warfare, under sea warfare,; Related:hybrid threat,
warm site
Wassenaar Arrangement: Related:control, information, key, operation, risk, security,
water supply system: IncludedBy:critical infrastructures, system,; Related:application, critical,
watermarking: HasPreferred:digital watermarking,
weapons of mass destruction
weapons system: IncludedBy:system,
web browser cache: IncludedBy:world wide web,; Related:access, access control, file, network, system,
web browser plug-in
web bug: Related:information, threat, users,
web content filtering software: IncludedBy:software,; Related:access, program,
web of trust: IncludedBy:trust,; Includes:certificate, pretty good privacy,; Related:file, key, network, public-key, public-key infrastructure, validate,
web risk assessment: IncludedBy:assessment, risk,; Related:process,
web server: IncludedBy:world wide web,; Related:computer, internet, process, software,
web vs. Web: IncludedBy:world wide web,; Related:network, technology, trust,
weblinking: IncludedBy:world wide web,; Related:users,
website: IncludedBy:world wide web,; Related:access, access control, function, information, resource,
website hosting: IncludedBy:world wide web,; Related:computer, internet, process,
wedged: IncludedBy:threat,; Related:operation, software, system,
white team: Related:attack, security,
white-box testing: IncludedBy:security testing, test,; Related:computer, function, module, program, software development,
whitelist: Related:application,
wi-fi protected access-2: IncludedBy:access,; Related:security,
wide area information service: IncludedBy:information, internet,
wide-area network: IncludedBy:network,; Related:access, access control, communications, computer network, local-area network, users,
wiki: Related:users,
wimax: Related:access,
wired equivalent privacy: IncludedBy:privacy,; Related:security,
wireless access point: IncludedBy:access,
wireless application protocol: IncludedBy:application, protocols,; Related:standard, standard generalized markup language,
wireless device: Related:control, system,
wireless gateway server: IncludedBy:gateway,; Related:access, access control, computer, computer network, message,
wireless intrusion detection and prevention system: IncludedBy:intrusion, intrusion detection, system,; Related:identify, protocols,
wireless local area network: IncludedBy:network,; Related:security,
wireless technology: IncludedBy:technology,; Related:connection, information,
wiretapping: IncludedBy:attack, threat consequence,; Includes:active wiretapping, passive wiretapping,; Related:access, access control, communications, connection, flow, gateway, information, network, system,
witness: Related:entity, evidence, hash, identity, tokens,
word: Related:function, hash,
work breakdown structure
work factor: Related:countermeasures, cryptographic, cryptography, resource, risk, security, system,
work product: Related:file, process,
work program: IncludedBy:program,; Related:audit, object,
workcraft identity: IncludedBy:identity,
workflow: IncludedBy:flow,; Related:automated information system, information, process,
workgroup computing: Related:application, flow, software, system,
working papers: Related:classified,
workload: Related:automated information system, business process, function,
workstation: IncludedBy:automated information system,; Related:access, access control, application, computer, information, key, process, program, system, users,
world class organizations: Related:business process, critical, model, process,
world wide web: IncludedBy:internet,; Includes:CGI scripts, browser, common gateway interface, hyperlink, hypertext markup language, hypertext transfer protocol, secure hypertext transfer protocol, secure socket layer, virtual mall, web browser cache, web server, web vs. Web, weblinking, website, website hosting,; Related:access, access control, applet, application, certificate, certificate owner, cookies, hypertext, information, link, pagejacking, plug-in modules, pop-up box, protocols, proxy server, push technology, retrieval, system, users,
worm: IncludedBy:exploit, internet, malicious code,; Includes:Internet worm, mass mailing worm, morris worm, network service worm, network worm,; Related:code, communications, computer, connection, distributed denial-of-service, infection, information, malicious, malware, module, network, process, program, replicator, resource, system, trojan horse, users, version, virus,
wrap: Related:confidentiality, cryptography, encryption, object, standard,
write: Includes:object, subject,; Related:access, flow, information, operation,
write access: IncludedBy:access,; Includes:object,
write protect
write-blocker
X.400: Related:email, message, standard, system,
X.500: HasPreferred:X.500 Directory,
X.500 Directory: PreferredFor:X.500,; Related:X.509, application, certificate, information, key, object, process, public-key, public-key infrastructure, standard, subject, system, users,
X.509: IncludedBy:public-key infrastructure,; Includes:X.509 attribute certificate, X.509 authority revocation list, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate,; Related:CA certificate, Internet Policy Registration Authority, MISSI user, Open Systems Interconnection Reference model, PKCS #10, PKIX, SET private extension, X.500 Directory, authentication, certificate, certificate policy, certificate policy qualifier, certificate rekey, certificate renewal, certificate revocation, certificate revocation tree, certificate status responder, certificate update, certificate validation, certification authority, certification path, certification request, common name, critical, delta CRL, distinguished name, distribution point, encryption certificate, end entity, entity, extension, indirect certificate revocation list, invalidity date, issuer, key, key lifetime, key material identifier, object identifier, organizational certificate, personality label, policy approving authority, policy certification authority, policy creation authority, privacy enhanced mail, public-key, revocation date, self-signed certificate, signature certificate, slot, tokens, trust, v1 CRL, v1 certificate, v2 CRL, v2 certificate, v3 certificate,
X.509 attribute certificate: IncludedBy:X.509, certificate,; Related:algorithm, digital signature, key, public-key, signature, subject, version,
X.509 authority revocation list: IncludedBy:X.509, authority, public-key infrastructure, revocation,; Related:certificate, version,
X.509 certificate: IncludedBy:X.509, certificate,; Related:key, public-key,
X.509 certificate revocation list: IncludedBy:X.509, certificate, public-key infrastructure, revocation,; Related:algorithm, backup, digital signature, key, public-key, revoked state, signature, subject, update, users, version,
X.509 public-key certificate: IncludedBy:X.509, certificate, key, public-key,; Related:algorithm, certification, digital signature, entity, signature, subject, version,
Yellow book: IncludedBy:rainbow series,; Related:computer, computer security, criteria, evaluation, requirements, security, system, trust,
zero fill: Related:zeroize,
zero-day exploit: IncludedBy:exploit,; Related:cyberspace, security,
zero-knowledge password protocol: IncludedBy:passwords, protocols,; Related:authentication, verifier,
zeroization: Related:FIPS PUB 140-1, recovery,; Synonym:zeroize,
zeroize: Related:FIPS PUB 140-1, cryptographic, cryptography, key, module, recovery, zero fill,; Synonym:zeroization,
zombie: IncludedBy:threat,; Related:attack, program, system,
zone of control: IncludedBy:control,