Glossary A
ABAC

ABAC

An access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. The policies can use any ...

Read More

Acceptable Risk

Acceptable Risk

The level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system. See NIST SP ...

Read More

Availability

Availability

Availability indicates that data and services are available when needed. For some organizations, this simply means that the data and services must be available between ...

Read More

Access Control

Access Control

Procedures and controls that limit or detect access to critical information resources. This can be accomplished through software, biometrics devices, or physical access to a ...

Read More

ACL

Access Control List (ACL)

A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed ...

Read More

Access-Control-Matrix

Access Control Matrix

A table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that ...

Read More

ACM

Access Control Mechanism

Security safeguards (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access ...

Read More

Access-Control-System

Access Control System

A set of procedures and/or processes, normally automated, which allows access to a controlled area or to information to be controlled, in accordance with ...

Read More

Access-List

Access List

Roster of individuals authorized admittance to a controlled area. See CNSSI 4009-2015 for more information. 

Read More

Access-Point

Access Point (AP)

A device that logically connects wireless client devices operating in infrastructure to one another and provides access to a distribution system, if connected, which is ...

Read More

Accountability

Accountability

The principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss ...

Read More

Active Content

Active Content

Electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user. See CNSSI 4009-2015 (NIST SP 800-28) and NIST SP 800-28 ...

Read More

Active Attack

Active Attack

An attack on the authentication protocol where the Attacker transmits data to the Claimant, Credential Service Provider, Verifier, or Relaying Party. Examples of active attacks ...

Read More

active cyber defense

Active Cyber Defense

Active Cyber Defense (ACD)Synchronized, real-time capability to discover, detect, analyze,and mitigate threats and vulnerabilities.See CNSSI 4009-2015 (DSOC 2011) for more information.

Read More

Active Security Testing

Active Security Testing

Security testing that involves direct interaction with a target, such as sending packets to a target.See NIST SP 800-115  for more information.

Read More

Advanced Persistent Threat

Advanced Persistent Threat

APTAn adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack ...

Read More

Adversary

Adversary

Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. See CNSSI 4009-2015 (NIST SP 800-30 Rev. 1) under Adversary (DHS Risk Lexicon) for more ...

Read More

Adverse Consequence

Adverse Consequence

An undesirable consequence associated with a loss. See (ISO/IEC 15026) for more information. 

Read More

AES

AES

Advanced Encryption Standard (as specified in FIPS 197). See the following for more information:  FIPS 197.NIST SP 800-56C . NIST SP 800-38D . NIST SP 800-57 Part 1 Rev. ...

Read More