NISTIR 7298
`Revision 2
`
`Glossary of Key Information
`Security Terms
`
`Richard Kissel, Editor
`
`This publication is intended to be informative, guiding users to term definitions that exist
`in various NIST standards and guidelines (along with terms in external publications like
`CNSSI-4009). This document is out-of-date, and does not reflect additions, deletions, or
`modifications of term definitions that have occurred since May 2013.
`
`Although this publication is being reviewed and updated, NIST encourages users to
`review the more up-to-date online glossary, available at
`https://csrc.nist.gov/glossary.
`
`Cellspin Ex. 2005 - Pg. 1
`
`http://dx.doi.org/10.6028/NIST.IR.7298r2
`
`Petition for Inter Parties Review
`of U.S. Patent No. 9,258,698
`EXHIBIT
`
`Cellspin-2005
`
`IPR2019-00131
`
`exhibitsticker.com
`
`

`

`NISTIR 7298
`Revision 2
`
`Glossary of Key Information Security
`Terms
`
`
`Richard Kissel, Editor
` Computer Security Division
`Information Technology Laboratory
`
`
`
`
`
`
`
`
`
`
`
`May 2013
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Department of Commerce
`Rebecca Blank, Acting Secretary
`
`National Institute of Standards and Technology
`Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director
`
`
`
`
`
`
`Cellspin Ex. 2005 - Pg. 2
`
`http://dx.doi.org/10.6028/NIST.IR.7298r2
`
`

`

`National Institute of Standards and Technology Interagency or Internal Report 7298r2
`222 pages (May 2013)
`
`
`
`
`
`Certain commercial entities, equipment, or materials may be identified in this document in order to
`describe an experimental procedure or concept adequately. Such identification is not intended to imply
`
`recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or
`
`
`equipment are necessarily the best available for the purpose.
`
`There may be references in this publication to other publications currently under development by NIST
`in accordance with its assigned statutory responsibilities. The information in this publication, including
`
`concepts and methodologies, may be used by Federal agencies even before the completion of such
`companion publications. Thus, until each publication is completed, current requirements, guidelines,
`
`and procedures, where they exist, remain operative. For planning and transition purposes, Federal
`agencies may wish to closely follow the development of these new publications by NIST.
`
`Organizations are encouraged to review all draft publications during public comment periods and
`provide feedback to NIST. All NIST Computer Security Division publications, other than the ones
`
`noted above, are available at http://csrc.nist.gov/publications.
`
`
`
`National Institute of Standards and Technology
`Attn: Computer Security Division, Information Technology Laboratory
`100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930
`Email: secglossary@nist.gov
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ii
`
`
`
`
`
`
`
`
`
`Cellspin Ex. 2005 - Pg. 3
`
`

`

`Reports on Computer Systems Technology
`
`The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
`(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s
`measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
`concept implementations, and technical analyses to advance the development and productive use of
`information technology. ITL’s responsibilities include the development of management, administrative,
`technical, and physical standards and guidelines for the cost-effective security and privacy of other than
`national security-related information in Federal information systems.
`
`
`
`
`
`
`Abstract
`
`The National Institute of Standards and Technology (NIST) has received numerous requests to
`provide a summary glossary for our publications and other relevant sources, and to make the
`glossary available to practitioners. As a result of these requests, this glossary of common
`security terms has been extracted from NIST Federal Information Processing Standards (FIPS),
`the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the
`Committee for National Security Systems Instruction 4009 (CNSSI-4009). This glossary
`includes most of the terms in the NIST publications. It also contains nearly all of the terms and
`definitions from CNSSI-4009. This glossary provides a central resource of terms and definitions
`most commonly used in NIST information security publications and in CNSS information
`assurance publications. For a given term, we do not include all definitions in NIST documents –
`especially not from the older NIST publications. Since draft documents are not stable, we do not
`refer to terms/definitions in them.
`
`Each entry in the glossary points to one or more source NIST publications, and/or CNSSI-4009,
`and/or supplemental sources where appropriate. The NIST publications referenced are the most
`recent versions of those publications (as of the date of this document).
`
`
`
`
`Keywords
`
`Cyber Security; Definitions; Glossary; Information Assurance; Information Security; Terms
`
`
`
`
`
`
`iii
`
`Cellspin Ex. 2005 - Pg. 4
`
`

`

`Introduction
`
`We have received numerous requests to provide a summary glossary for our publications and
`other relevant sources, and to make the glossary available to practitioners. As a result of these
`requests, this glossary of common security terms has been extracted from NIST Federal
`Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST
`Interagency Reports (NISTIRs), and from the Committee for National Security Systems
`Instruction 4009 (CNSSI-4009). The glossary includes most of the terms in the NIST
`publications. It also contains nearly all of the terms and definitions from CNSSI-4009. The
`glossary provides a central resource of terms and definitions most commonly used in NIST
`information security publications and in CNSS information assurance publications. For a given
`term, we do not include all definitions in NIST documents – especially not from the older NIST
`publications. Since draft documents are not stable, we do not refer to terms/definitions in them.
`
`Each entry in the glossary points to one or more source NIST publications, and/or CNSSI-4009,
`and/or supplemental sources where appropriate. A list of the supplemental (non-NIST) sources
`may be found on pages 221-222. As we are continuously refreshing our publication suite, terms
`included in the glossary come from our more recent publications. The NIST publications
`referenced are the most recent versions of those publications (as of the date of this document).
`
`It is our intention to keep the glossary current by providing updates online. New definitions will
`be added to the glossary as required, and updated versions will be posted on the Computer
`Security Resource Center (CSRC) Web site at http://csrc.nist.gov/.
`
`The Editor, Richard Kissel, would like to express special thanks to Ms. Tanya Brewer for her
`outstanding work in the design of the original cover page and in the overall design and
`organization of the document. Thanks also to all who provided comments during the public
`review period of this document. The Editor also expresses special thanks to the CNSS Glossary
`Working Group for encouraging the inclusion of CNSSI-4009 terms and definitions into this
`glossary.
`
`Comments and suggestions on this publication should be sent to secglossary@nist.gov.
`
`
`
`
`
`1
`
`Cellspin Ex. 2005 - Pg. 5
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`
`Access –
`
`
`
`Access Authority –
`
`Access Control –
`
`Access Control List (ACL) –
`
`
`Access Control Lists (ACLs) –
`
`
`Access Control Mechanism –
`
`Access Level –
`
`
`
`Ability to make use of any information system (IS) resource.
`SOURCE: SP 800-32
`
`Ability and means to communicate with or otherwise interact with a
`system, to use system resources to handle information, to gain
`knowledge of the information the system contains, or to control
`system components and functions.
`SOURCE: CNSSI-4009
`
`An entity responsible for monitoring and granting access privileges
`for other authorized entities.
`SOURCE: CNSSI-4009
`
`The process of granting or denying specific requests to: 1) obtain and
`use information and related information processing services; and 2)
`enter specific physical facilities (e.g., federal buildings, military
`establishments, border crossing entrances).
`SOURCE: FIPS 201; CNSSI-4009
`
`1. A list of permissions associated with an object. The list specifies
`who or what is allowed to access the object and what operations are
`allowed to be performed on the object.
`
`2. A mechanism that implements access control for a system resource
`by enumerating the system entities that are permitted to access the
`resource and stating, either implicitly or explicitly, the access modes
`granted to each entity.
`SOURCE: CNSSI-4009
`
`A register of:
`1. users (including groups, machines, processes) who have been
`given permission to use a particular system resource, and
`2. the types of access they have been permitted.
`SOURCE: SP 800-12
`
`Security safeguards (i.e., hardware and software features, physical
`controls, operating procedures, management procedures, and various
`combinations of these) designed to detect and deny unauthorized
`access and permit authorized access to an information system.
`SOURCE: CNSSI-4009
`
`A category within a given security classification limiting entry or
`system connectivity to only authorized persons.
`SOURCE: CNSSI-4009
`
`2
`
`Cellspin Ex. 2005 - Pg. 6
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Access List –
`
`Access Point –
`
`Access Profile –
`
`Access Type –
`
`Account Management, User –
`
`Accountability –
`
`
`
`Roster of individuals authorized admittance to a controlled area.
`SOURCE: CNSSI-4009
`
`A device that logically connects wireless client devices operating in
`infrastructure to one another and provides access to a distribution
`system, if connected, which is typically an organization’s enterprise
`wired network.
`SOURCE: SP 800-48; SP 800-121
`
`Association of a user with a list of protected objects the user may
`access.
`SOURCE: CNSSI-4009
`
`Privilege to perform action on an object. Read, write, execute,
`append, modify, delete, and create are examples of access types. See
`Write.
`SOURCE: CNSSI-4009
`
`Involves
`1) the process of requesting, establishing, issuing, and closing user
`accounts;
`2) tracking users and their respective access authorizations; and
`3) managing these functions.
`SOURCE: SP 800-12
`
`The security goal that generates the requirement for actions of an
`entity to be traced uniquely to that entity. This supports non-
`repudiation, deterrence, fault isolation, intrusion detection and
`prevention, and after-action recovery and legal action.
`SOURCE: SP 800-27
`
`Principle that an individual is entrusted to safeguard and control
`equipment, keying material, and information and is answerable to
`proper authority for the loss or misuse of that equipment or
`information.
`SOURCE: CNSSI-4009
`
`Accounting Legend Code (ALC) – Numeric code used to indicate the minimum accounting controls
`required for items of accountable communications security
`(COMSEC) material within the COMSEC Material Control System.
`SOURCE: CNSSI-4009
`
`Accounting Number –
`
`Number assigned to an item of COMSEC material to facilitate its
`control.
`SOURCE: CNSSI-4009
`
`
`
`3
`
`Cellspin Ex. 2005 - Pg. 7
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Accreditation –
`
`See Authorization.
`
`Accreditation Authority –
`
`See Authorizing Official.
`
`Accreditation Boundary –
`
`See Authorization Boundary.
`
`Accreditation Package –
`
`Accrediting Authority –
`
`Activation Data –
`
`Active Attack –
`
`Active Content –
`
`
`
`Active Security Testing –
`
`Activities –
`
`
`
`Product comprised of a System Security Plan (SSP) and a report
`documenting the basis for the accreditation decision.
`SOURCE: CNSSI-4009
`
`Synonymous with Designated Accrediting Authority (DAA). See
`also Authorizing Official.
`SOURCE: CNSSI-4009
`
`Private data, other than keys, that are required to access
`cryptographic modules.
`SOURCE: SP 800-32
`
`An attack that alters a system or data.
`SOURCE: CNSSI-4009
`
`An attack on the authentication protocol where the Attacker
`transmits data to the Claimant, Credential Service Provider,
`Verifier, or Relying Party. Examples of active attacks include
`man-in-the-middle, impersonation, and session hijacking.
`SOURCE: SP 800-63
`
`Electronic documents that can carry out or trigger actions
`automatically on a computer platform without the intervention of a
`user.
`SOURCE: SP 800-28
`
`Software in various forms that is able to automatically carry out or
`trigger actions on a computer platform without the intervention of a
`user.
`SOURCE: CNSSI-4009
`
`Security testing that involves direct interaction with a target, such as
`sending packets to a target.
`SOURCE: SP 800-115
`
`An assessment object that includes specific protection-related
`pursuits or actions supporting an information system that involve
`people (e.g., conducting system backup operations, monitoring
`network traffic).
`SOURCE: SP 800-53A
`
`4
`
`Cellspin Ex. 2005 - Pg. 8
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Ad Hoc Network –
`
`Add-on Security –
`
`Adequate Security –
`
`
`
`
`Administrative Account –
`
`Administrative Safeguards –
`
`Advanced Encryption Standard –
` (AES)
`
`A wireless network that dynamically connects wireless client devices
`to each other without the use of an infrastructure device, such as an
`access point or a base station.
`SOURCE: SP 800-121
`
`Incorporation of new hardware, software, or firmware safeguards in
`an operational information system.
`SOURCE: CNSSI-4009
`
`Security commensurate with the risk and the magnitude of harm
`resulting from the loss, misuse, or unauthorized access to or
`modification of information.
`SOURCE: SP 800-53; FIPS 200; OMB Circular A-130, App. III
`
`Security commensurate with the risk and magnitude of harm resulting
`from the loss, misuse, or unauthorized access to or modification of
`information.
`
`Note: This includes assuring that information systems operate
`effectively and provide appropriate confidentiality, integrity, and
`availability, through the use of cost-effective management, personnel,
`operational, and technical controls.
`SOURCE: CNSSI-4009; SP 800-37
`
`A user account with full privileges on a computer.
`SOURCE: SP 800-69
`
`Administrative actions, policies, and procedures to manage the
`selection, development, implementation, and maintenance of security
`measures to protect electronic health information and to manage the
`conduct of the covered entity's workforce in relation to protecting
`that information.
`SOURCE: SP 800-66
`
`The Advanced Encryption Standard specifies a U.S. government-
`approved cryptographic algorithm that can be used to protect
`electronic data. The AES algorithm is a symmetric block cipher that
`can encrypt (encipher) and decrypt (decipher) information. This
`standard specifies the Rijndael algorithm, a symmetric block cipher
`that can process data blocks of 128 bits, using cipher keys with
`lengths of 128, 192, and 256 bits.
`
`SOURCE: FIPS 197
`
`
`
`5
`
`Cellspin Ex. 2005 - Pg. 9
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`
`
`Advanced Key Processor (AKP) –
`
`A U.S. government-approved cryptographic algorithm that can be
`used to protect electronic data. The AES algorithm is a symmetric
`block cipher that can encrypt (encipher) and decrypt (decipher)
`information.
`SOURCE: CNSSI-4009
`
`A cryptographic device that performs all cryptographic functions for
`a management client node and contains the interfaces to 1) exchange
`information with a client platform, 2) interact with fill devices, and 3)
`connect a client platform securely to the primary services node
`(PRSN).
`SOURCE: CNSSI-4009
`
`Advanced Persistent Threats(APT) – An adversary that possesses sophisticated levels of expertise and
`significant resources which allow it to create opportunities to achieve
`its objectives by using multiple attack vectors (e.g., cyber, physical,
`and deception). These objectives typically include establishing and
`extending footholds within the information technology infrastructure
`of the targeted organizations for purposes of exfiltrating information,
`undermining or impeding critical aspects of a mission, program, or
`organization; or positioning itself to carry out these objectives in the
`future. The advanced persistent threat: (i) pursues its objectives
`repeatedly over an extended period of time; (ii) adapts to defenders’
`efforts to resist it; and (iii) is determined to maintain the level of
`interaction needed to execute its objectives.
`SOURCE: SP 800-39
`
`Adversary –
`
`Advisory –
`
`Individual, group, organization, or government that conducts or has
`the intent to conduct detrimental activities.
`SOURCE: SP 800-30
`
`Notification of significant new trends or developments regarding the
`threat to the information systems of an organization. This
`notification may include analytical insights into trends, intentions,
`technologies, or tactics of an adversary targeting information
`systems.
`SOURCE: CNSSI-4009
`
`
`
`6
`
`Cellspin Ex. 2005 - Pg. 10
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Agency –
`
`Any executive department, military department, government
`corporation, government-controlled corporation, or other
`establishment in the executive branch of the government (including
`the Executive Office of the President), or any independent regulatory
`agency, but does not include: 1) the Government Accountability
`Office; 2) the Federal Election Commission; 3) the governments of
`the District of Columbia and of the territories and possessions of the
`United States, and their various subdivisions; or 4) government-
`owned contractor-operated facilities, including laboratories engaged
`in national defense research and production activities.
`SOURCE: FIPS 200; 44 U.S.C., Sec. 3502
`
`ALSO See Executive Agency.
`
`Agency Certification Authority –
`(CA)
`
`A CA that acts on behalf of an agency and is under the operational
`control of an agency.
`SOURCE: SP 800-32
`
`Agent –
`
`Alert –
`
`Allocation –
`
`Alternate COMSEC Custodian –
`
`Alternate Work Site –
`
`Analysis –
`
`
`
`A program acting on behalf of a person or organization.
`SOURCE: SP 800-95
`
`Notification that a specific attack has been directed at an
`organization’s information systems.
`SOURCE: CNSSI-4009
`
`The process an organization employs to determine whether security
`controls are defined as system-specific, hybrid, or common.
`
`The process an organization employs to assign security controls to
`specific information system components responsible for providing a
`particular security capability (e.g., router, server, remote sensor).
`SOURCE: SP 800-37
`
`Individual designated by proper authority to perform the duties of the
`COMSEC custodian during the temporary absence of the COMSEC
`custodian.
`SOURCE: CNSSI-4009
`
`Governmentwide, national program allowing federal employees to
`work at home or at geographically convenient satellite offices for part
`of the work week (e.g., telecommuting).
`SOURCE: CNSSI-4009
`
`The examination of acquired data for its significance and probative
`value to the case.
`SOURCE: SP 800-72
`
`7
`
`Cellspin Ex. 2005 - Pg. 11
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Anomaly-Based Detection –
`
`Anti-jam –
`
`Anti-spoof –
`
`Antispyware Software –
`
`Antivirus Software –
`
`Applicant –
`
`Application –
`
`
`
`
`Approval to Operate (ATO) –
`
`The process of comparing definitions of what activity is considered
`normal against observed events to identify significant deviations.
`SOURCE: SP 800-94
`
`Countermeasures ensuring that transmitted information can be
`received despite deliberate jamming attempts.
`SOURCE: CNSSI-4009
`
`Countermeasures taken to prevent the unauthorized use of legitimate
`Identification & Authentication (I&A) data, however it was obtained,
`to mimic a subject different from the attacker.
`SOURCE: CNSSI-4009
`
`A program that specializes in detecting both malware and non-
`malware forms of spyware.
`SOURCE: SP 800-69
`
`A program that monitors a computer or network to identify all major
`types of malware and prevent or contain malware incidents.
`SOURCE: SP 800-83
`
`The subscriber is sometimes called an “applicant” after applying to a
`certification authority for a certificate, but before the certificate
`issuance procedure is completed.
`SOURCE: SP 800-32
`
`A software program hosted by an information system.
`SOURCE: SP 800-37
`
`Software program that performs a specific function directly for a user
`and can be executed without access to system control, monitoring, or
`administrative privileges.
`SOURCE: CNSSI-4009
`
`The official management decision issued by a DAA or PAA to
`authorize operation of an information system and to explicitly accept
`the residual risk to agency operations (including mission, functions,
`image, or reputation), agency assets, or individuals.
`SOURCE: CNSSI-4009
`
`
`
`8
`
`Cellspin Ex. 2005 - Pg. 12
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Approved –
`
`Approved –
`
`
`
`Approved Mode of Operation –
`
`Approved Security Function –
`
`Federal Information Processing Standard (FIPS)-approved or
`National Institute of Standards and Technology (NIST)-
`recommended. An algorithm or technique that is either
`1) specified in a FIPS or NIST Recommendation, or
`2) adopted in a FIPS or NIST Recommendation.
`SOURCE: FIPS 201
`
`FIPS-approved and/or NIST-recommended.
`SOURCE: FIPS 140-2
`
`FIPS-approved and/or NIST-recommended. An algorithm or
`technique that is either 1) specified in a FIPS or NIST
`Recommendation, 2) adopted in a FIPS or NIST
`Recommendation, or 3) specified in a list of NIST-approved
`security functions.
`SOURCE: FIPS 186
`
`A mode of the cryptographic module that employs only Approved
`security functions (not to be confused with a specific mode of an
`Approved security function, e.g., Data Encryption Standard Cipher-
`Block Chaining (DES CBC) mode).
`SOURCE: FIPS 140-2
`
`A security function (e.g., cryptographic algorithm, cryptographic key
`management technique, or authentication technique) that is either
`
`
`a) specified in an Approved Standard;
`b) adopted in an Approved Standard and specified either in an
`appendix of the Approved Standard or in a document
`referenced by the Approved Standard; or
`c) specified in the list of Approved security functions.
`SOURCE: FIPS 140-2
`
`Assessment –
`
`See Security Control Assessment.
`
`Assessment Findings –
`
`Assessment Method –
`
`
`
`Assessment results produced by the application of an assessment
`procedure to a security control or control enhancement to achieve an
`assessment objective; the execution of a determination statement
`within an assessment procedure by an assessor that results in either
`a satisfied or other than satisfied condition.
`SOURCE: SP 800-53A
`
`One of three types of actions (i.e., examine, interview, test) taken by
`assessors in obtaining evidence during an assessment.
`SOURCE: SP 800-53A
`
`9
`
`Cellspin Ex. 2005 - Pg. 13
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Assessment Object –
`
`Assessment Objective –
`
`Assessment Procedure –
`
`Assessor –
`
`Asset –
`
`Asset Identification –
`
`Asset Reporting Format (ARF) –
`
`Assurance –
`
`
`
`
`
`
`
`The item (i.e., specifications, mechanisms, activities, individuals)
`upon which an assessment method is applied during an assessment.
`SOURCE: SP 800-53A
`
`A set of determination statements that expresses the desired outcome
`for the assessment of a security control or control enhancement.
`SOURCE: SP 800-53A
`
`A set of assessment objectives and an associated set of assessment
`methods and assessment objects.
`SOURCE: SP 800-53A
`
`See Security Control Assessor.
`
`A major application, general support system, high impact program,
`physical plant, mission critical system, personnel, equipment, or a
`logically related group of systems.
`SOURCE: CNSSI-4009
`
`Security Content Automation Protocol (SCAP) constructs to uniquely
`identify assets (components) based on known identifiers and/or
`known information about the assets.
`SOURCE: SP 800-128
`
`SCAP data model for expressing the transport format of information
`about assets (components) and the relationships between assets and
`reports.
`SOURCE: SP 800-128
`
`Grounds for confidence that the other four security goals (integrity,
`availability, confidentiality, and accountability) have been adequately
`met by a specific implementation. “Adequately met” includes (1)
`functionality that performs correctly, (2) sufficient protection against
`unintentional errors (by users or software), and (3) sufficient
`resistance to intentional penetration or by-pass.
`SOURCE: SP 800-27
`
`The grounds for confidence that the set of intended security controls
`in an information system are effective in their application.
`SOURCE: SP 800-37; SP 800-53A
`
`Measure of confidence that the security features, practices,
`procedures, and architecture of an information system accurately
`mediates and enforces the security policy.
`SOURCE: CNSSI-4009; SP 800-39
`
`10
`
`Cellspin Ex. 2005 - Pg. 14
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`
`
`Assurance Case –
`
`Assured Information Sharing –
`
`Assured Software –
`
`In the context of OMB M-04-04 and this document, assurance is
`defined as 1) the degree of confidence in the vetting process used
`to establish the identity of an individual to whom the credential
`was issued, and 2) the degree of confidence that the individual
`who uses the credential is the individual to whom the credential
`was issued.
`SOURCE: SP 800-63
`
`A structured set of arguments and a body of evidence showing that an
`information system satisfies specific claims with respect to a given
`quality attribute.
`SOURCE: SP 800-53A; SP 800-39
`
`The ability to confidently share information with those who need it,
`when and where they need it, as determined by operational need and
`an acceptable level of security risk.
`SOURCE: CNSSI-4009
`
`Computer application that has been designed, developed, analyzed,
`and tested using processes, tools, and techniques that establish a level
`of confidence in it.
`SOURCE: CNSSI-4009
`
`Asymmetric Cryptography –
`
`See Public Key Cryptography.
`SOURCE: CNSSI-4009
`
`Asymmetric Keys –
`
`Attack –
`
`
`
`Attack Sensing and Warning
`(AS&W) –
`
`
`
`Two related keys, a public key and a private key that are used to
`perform complementary operations, such as encryption and
`decryption or signature generation and signature verification.
`SOURCE: FIPS 201
`
`An attempt to gain unauthorized access to system services, resources,
`or information, or an attempt to compromise system integrity.
`SOURCE: SP 800-32
`
`Any kind of malicious activity that attempts to collect, disrupt, deny,
`degrade, or destroy information system resources or the information
`itself.
`SOURCE: CNSSI-4009
`
`Detection, correlation, identification, and characterization of
`intentional unauthorized activity with notification to decision makers
`so that an appropriate response can be developed.
`SOURCE: CNSSI-4009
`
`11
`
`Cellspin Ex. 2005 - Pg. 15
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Attack Signature –
`
`
`
`Attribute Authority –
`
`Attribute-Based Access Control –
`
`Attribute-Based Authorization –
`
`Audit –
`
`
`
`Audit Data –
`
`Audit Log –
`
`
`
`A specific sequence of events indicative of an unauthorized access
`attempt.
`SOURCE: SP 800-12
`
`A characteristic byte pattern used in malicious code or an indicator,
`or set of indicators, that allows the identification of malicious
`network activities.
`SOURCE: CNSSI-4009
`
`An entity, recognized by the Federal Public Key Infrastructure (PKI)
`Policy Authority or comparable agency body as having the authority
`to verify the association of attributes to an identity.
`SOURCE: SP 800-32
`
`Access control based on attributes associated with and about subjects,
`objects, targets, initiators, resources, or the environment. An access
`control rule set defines the combination of attributes under which an
`access may take place.
`SOURCE: SP 800-53; CNSSI-4009
`
`A structured process that determines when a user is authorized to
`access information, systems, or services based on attributes of the
`user and of the information, system, or service.
`SOURCE: CNSSI-4009
`
`Independent review and examination of records and activities to
`assess the adequacy of system controls, to ensure compliance with
`established policies and operational procedures, and to recommend
`necessary changes in controls, policies, or procedures.
`SOURCE: SP 800-32
`
`Independent review and examination of records and activities to
`assess the adequacy of system controls, to ensure compliance with
`established policies and operational procedures.
`SOURCE: CNSSI-4009
`
`Chronological record of system activities to enable the reconstruction
`and examination of the sequence of events and changes in an event.
`SOURCE: SP 800-32
`
`A chronological record of system activities. Includes records of
`system accesses and operations performed in a given period.
`SOURCE: CNSSI-4009
`
`12
`
`Cellspin Ex. 2005 - Pg. 16
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Audit Reduction Tools –
`
`Audit Review –
`
`Audit Trail –
`
`
`
`Authenticate –
`
`
`
`Authentication –
`
`Authentication –
`
`Authentication –
`
`
`
`Preprocessors designed to reduce the volume of audit records to
`facilitate manual review. Before a security review, these tools can
`remove many audit records known to have little security significance.
`These tools generally remove records generated by specified classes
`of events, such as records generated by nightly backups.
`SOURCE: SP 800-12; CNSSI-4009
`
`The assessment of an information system to evaluate the adequacy of
`implemented security controls, assure that they are functioning
`properly, identify vulnerabilities, and assist in implementation of new
`security controls where required. This assessment is conducted
`annually or whenever significant change has occurred and may lead
`to recertification of the information system.
`SOURCE: CNSSI-4009
`
`A record showing who has accessed an Information Technology (IT)
`system and what operations the user has performed during a given
`period.
`SOURCE: SP 800-47
`
`A chronological record that reconstructs and examines the sequence
`of activities surrounding or leading to a specific operation, procedure,
`or event in a security relevant transaction from inception to final
`result.
`SOURCE: CNSSI-4009
`
`To confirm the identity of an entity when that identity is presented.
`SOURCE: SP 800-32
`
`To verify the identity of a user, user device, or other entity.
`SOURCE: CNSSI-4009
`
`Verifying the identity of a user, process, or device, often as a
`prerequisite to allowing access to resources in an information system.
`SOURCE: SP 800-53; SP 800-53A; SP 800-27; FIPS 200; SP 800-30
`
`The process of establishing confidence of authenticity.
`SOURCE: FIPS 201
`
`Encompasses identity verification, message origin authentication, and
`message content authentication.
`SOURCE: FIPS 190
`
`13
`
`Cellspin Ex. 2005 - Pg. 17
`
`

`

`NIST IR 7298 Revision 2, Glossary of Key Information Security Terms
`
`Authentication –
`
`
`
`
`
`Authentication Code –
`
`Authentication Mechanism –
`
`
`
`Authentication Mode –
`
`Authentication Period –
`
`Authentication Protocol –
`
`
`
`
`
`A process that establishes the origin of information or determines an
`entity’s identity.
`SOURCE: SP 800-21
`
`The process of verifying the identity or other attributes claimed by or
`assumed of an entity (user, process, or device), or to verify the source
`and integrity of data.
`SOURCE: CNSSI-4009
`
`The process of establishing confidence in the identity of users or
`information systems.
`SOURCE: SP 800-63
`
`A cryptographic checksum based on an Approved security function
`(also known as a Message Authentication Code [MAC]).
`SOURCE: FIPS 140-2
`
`Hardware-or software-based mechanisms that force users to prove
`their identity before accessing data on a device.
`SOURCE: SP 800-72; SP 800-124
`
`Hardware or software-based mechanisms that forces users, devices,
`or processes to prove their identity before accessing data