Plain text

Plain text is simple text displayed in a readable format. Encryption converts plain text

Volatile Data

Data on a live system that is lost after a computer is powered down.


A flexible text format designed to describe data for electronic publishing.

Watering Hole Attack

Security exploit where the attacker infects websites that are frequently visited

Zero Day Attack

An attack that exploits a previously unknown hardware, firmware, or software

Tabletop Exercise

A discussion-based exercise where personnel with roles and responsibilities


The means used to associate a set of security attributes with a specific information object

XML Encryption

A process or mechanism for encrypting and decrypting XML documents or parts


Passive information system-related entity (e.g., devices, files, records, tables, processes,

Media Access Control

An access control policy that is uniformly enforced across all subjects and objects


A string of characters (letters, numbers, and other symbols) used to authenticate an identity

Passive Attack

An attack against an authentication protocol where the attacker intercepts data


A hidden, self-replicating section of computer software, usually malicious logic,


Weakness in an information system, system security procedures, internal controls


A logical portion of a media that functions as though it were physically separate from other


Protected information system link utilizing tunneling, security controls, and endpoint address

Virtual Machine

A simulated environment created by virtualization. See under Virtual Machine.


The simulation of the software and/or hardware upon which other software runs.


A commercial supplier of software or hardware. See NISTIR 4734

Packet Sniffer

Software that observes and records network traffic. See CNSSI 4009-2015