Information that is not encrypted.See NIST SP 800-82 Rev. 2 under Clear Text

Information that has been determined pursuant

Information that has been determined: pursuant to Executive Order 12958

An interface between two systems at which (a) they are not connected physically

A method of testing where testers target individual binary components

A brief, usually human-readable, technical notification regarding …

A device or function that signals the existence of an abnormal condition

The process for generating, transmitting, storing, analyzing, and disposing of log data.

An individual record within a log. See NIST SP 800-92 for detailed information.

An incorrect or suboptimal configuration of an information system

A character that has some special meaning to a computer program

Information describing the characteristics of data including

A group of computers and other devices dispersed over a relatively limited area

A user account with full privileges on a computer. See NIST SP 800-69

A standard that defines the way in which Internet communications

facilitates the adjudication of different interconnected system security policies

Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations

Performs packet sniffing and network traffic analysis

Layer of the TCP/IP protocol stack that is responsible for routing packets

Bitwise logical “exclusive-or”, where 0⊕ 0 = 0, 0⊕ 1 = 1, 1⊕ 0 = 1, and 1⊕ 1 = 0.

Grounds for belief or disbelief; data on which to base proof or to establish truth or falsehood.

Risk Management Framework A structured approach used to oversee and manage risk

Cipher-based Message Authentication Code

The process of managing risks to organizational operations organizational assets

The level of risk an entity is willing to assume in order to achieve a potential desired

Prioritizing, evaluating, and implementing the appropriate risk-reducing controls

A family of functions and their inverses that is parameterized by cryptographic keys