C - Cybersecurity Glossary

This page is having a slideshow that uses Javascript. Your browser either doesn't support Javascript or you have it turned off. To see this page as it is meant to appear please use a Javascript enabled browser.Verticalis WordPress Slider Plugin.

Glossary C

Cyber

Refers to both information and communications networks.See NISTIR 8074 Vol. 2 for more information.

Cryptographic

Pertaining to, or concerned with, cryptography.See CNSSI 4009-2015 from NSA/CSS Manual Number 3-16 (COMSEC) for more information.

Control

The part of the ICS used to perform the monitoring and control of the physical process. This includes all control servers, field devices, actuators, sensors, ...

Cyberspace

A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded ...

Certificate Status Authority

A trusted entity that provides on-line verification to a Relying Party of a subject certificate's trustworthiness, and may also provide additional attribute information for the ...

Classified Information Spillage

Security incident that occurs whenever classified data is spilled either onto an unclassified information system or to an information system with a lower level of ...

Certificate Revocation List (CRL)

A list of revoked public key certificates created and digitally signed by a Certification Authority.See NISTIR 7711 under Certificate Revocation List for more information.A list of revoked ...

Certificate Policy (CP)

A specialized form of administrative policy tuned to electronic transactions performed during certificate management. A certificate policy addresses all aspects associated with the generation, production, ...

Call Back

Procedure for identifying and authenticating a remote information system terminal, whereby the host system disconnects the terminal and reestablishes contact. See CNSSI 4009-2015  for more information.

CC (Common Criteria)

Governing document that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems. See NIST SP 800-53 Rev. 4 under Common Criteria ...

CCB

Configuration Control Board A group of qualified people with responsibility for the process of regulating and approving changes to hardware, firmware, software, and documentation throughout the ...

CEO

Chief Executive Officer “C” level officers aren’t really defined by NIST. However, the acronyms are used so often.

Certificate

Also known as a digital certificate. A digital representation of information which at least 1. identifies the certification authority issuing it, 2. names or identifies its subscriber, 3. contains the subscriber's ...

Certificate Authority (CA)

A trusted entity that issues and revokes public key certificates. See NISTIR 8149 for more information.

Certificate Management

Process whereby certificates are generated, stored, protected, transferred, loaded, used, and destroyed. See CNSSI 4009-2015 for more information.

Certification Path

A chain of trusted public-key certificates that begins with a certificate whose signature can be verified by a relying party using a trust anchor, and ...

CPS

Certification Practice StatementA statement of the practices that a certification authority (CA) employs in issuing, suspending, revoking, and renewing certificates and providing access to them, ...

Chain of Custody

A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time ...

Chain of Evidence

A process and record that shows who obtained the evidence; where and when the evidence was obtained; who secured the evidence; and who had ...

Challenge and Reply

Prearranged procedure in which a subject requests authentication of another and the latter establishes validity with a correct reply. See CNSSI 4009-2015 for more information.

Checksum

A value that:(a) is computed by a function that is dependent on the contents of a data object and (b) is stored or transmitted together ...

Chief Privacy Officer

The senior organizationalofficial with overall organization-wide responsibility for information privacyissues.See NIST SP 800-53 Rev. 4 under Senior Agency Official for Privacy and NIST SP 800-53A ...

Chief Information Officer

Agency official responsible for: (i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency ...

CISO

Chief Information Security Officer.Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the ...

Ciphertext

Ciphertext is the result of encrypting plain text. In other words, plain text is encrypted with an algorithm, resulting in ciphertext, which is unintelligible. If ...

Classified Information

Information that has been determined: pursuant to Executive Order 12958 as amended by Executive Order 13526, or any predecessor Order, to be classified national security information; ...

Classified National Security Information

Information that has been determined pursuant to Executive Order 13526 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate ...

Clear Text

Information that is not encrypted.See NIST SP 800-82 Rev. 2 under Clear Text for more information.Intelligible data, the semantic content of which is available. Note: Clear ...

Container Runtime

The environment for each container; comprised of binaries coordinating multiple operating system components that isolate resources and resource usage for running containers.See NIST SP 800-190 ...

Contingency Plan

Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used ...

Confidentiality

Confidentiality prevents the unauthorized disclosure of data. In other words, authorized personnel can access the data, but unauthorized personnel cannot access the data. You can ...

Cyber Security

Cyber security is a broad range of practices, tools, and concepts used to protect information technology assets. It is sometimes referred to as "cybersecurity" (without ...