Cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”)


Use a system of symbols to represent information, which might originally

Fail to Known State

Upon a disruption event that causes the system to fail, it fails to a pre-determined state.


An RBG that includes a DRBG mechanism and (at least initially) has access

Clear Text

Information that is not encrypted.See NIST SP 800-82 Rev. 2 under Clear Text

Air Gap

An interface between two systems at which (a) they are not connected physically


A brief, usually human-readable, technical notification regarding …


A device or function that signals the existence of an abnormal condition

Log Management

The process for generating, transmitting, storing, analyzing, and disposing of log data.

Log Entry

An individual record within a log. See NIST SP 800-92 for detailed information.


An incorrect or suboptimal configuration of an information system


A character that has some special meaning to a computer program


Information describing the characteristics of data including


A standard that defines the way in which Internet communications

Risk Response

Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations

Network Layer

Layer of the TCP/IP protocol stack that is responsible for routing packets

Exclusive OR

Bitwise logical “exclusive-or”, where 0⊕ 0 = 0, 0⊕ 1 = 1, 1⊕ 0 = 1, and 1⊕ 1 = 0.


Grounds for belief or disbelief; data on which to base proof or to establish truth or falsehood.


Risk Management Framework A structured approach used to oversee and manage risk