D - Cybersecurity Glossary

This page is having a slideshow that uses Javascript. Your browser either doesn't support Javascript or you have it turned off. To see this page as it is meant to appear please use a Javascript enabled browser.Verticalis WordPress Slider Plugin.

Glossary D

Disinfecting

Removing malware from within a file.See NIST SP 800-83 Rev. 1 for more information

DSA

A Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiations and the discrete logarithm problem.See the following for more ...

Domain

A domain that implements a security policy and is administered by a single authority.See the following for more information:CNSSI 4009-2015 under security domain from CNSSP ...

DSIG

The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer ...

Disposal

Disposal is a release outcome following the decision that media does not contain sensitive data. This occurs either because the media never contained sensitive data ...

Disruption

An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power ...

Disclosure

Divulging of, or provision of access to, data.See NISTIR 8053 from ISO/TS 25237:2008 for more information.

DH

Diffie HellmanA method used to securely exchange or establish secret keys across an insecure network. Ephemeral Diffie-Hellman is used to create temporary or single-use secret ...

Default Classification

Classification reflecting the highest classification being processed in an information system. Default classification is included in the caution statement affixed to an object.See CNSSI 4009-2015 for ...

Decryption

The process of transforming ciphertext into plaintext using a cryptographic algorithm and key.See NIST SP 800-56B Rev. 1 for more information.The process of changing ciphertext ...

Demilitarize

The process of preparing National Security System equipment for disposal by extracting all CCI, classified, or CRYPTO-marked components for their secure destruction, as well as ...

Decrypt

A generic term encompassing decoding and deciphering.See CNSSI 4009-2015 (NSA/CSS Manual Number 3-16 (COMSEC)) for more information.

Decode

Convert encoded data back to its original form of representation.See CNSSI 4009-2015 and (IETF RFC 4949 Ver 2) for more information.

DAC

Discretionary Access ControlAn access control policy that is enforced over all subjects and objects in an information system where the policy specifies that a subject ...

Data Aggregation

Compilation of individual data systems and data that could result in the totality of the information being classified, or classified at a higher level, ...

Data Confidentiality

Data Confidentiality deals with protecting against the disclosure of information by ensuring that the data is limited to those authorized or by representing the data in such ...

Data-Encryption-and-Symmetric-Block-Ciphers

Data Encryption Standard

The symmetric encryption algorithm defined by the Data Encryption Standard (FIPS 46-2). See NIST SP 800-15 under DES for more information. Data Encryption Standard specified in FIPS 46-3. See NIST ...

Data Governance

A set of processes that ensures that data assets are formally managed throughout the enterprise. A data governance model establishes authority and management and decision making parameters ...

Data Integrity

A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. In this Recommendation, the statement ...

Data Link Layer

Layer of the TCP/IP protocol stack that handles communications on the physical network components such as Ethernet. See NIST SP 800-113 for more information

Data Loss

The exposure of proprietary, sensitive, or classified information through either data theft or data leakage. See CNSSI 4009-2015 (NIST SP 800-137) and NIST SP 800-137 under Data Loss for more information.

Data Loss Prevention

A systems ability to identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. ...

Database

A repository of information that usually holds plant-wide information including process data, recipes, personnel data, and financial data. See NIST SP 800-82 Rev. 2 and (NISTIR 6859) for more information. A ...

DATO

Denial of Authorization to Operate; issued by a DAO to an issuer that is not authorized as being reliable for the issuance of PIV Cards ...

DDoS

A Denial of Service technique that uses numerous hosts to perform the attack. See NISTIR 7711 under Distributed Denial of Service for more information.

Decipher

Convert enciphered text to plain text by means of a cryptographic system.See CNSSI 4009-2015 for more information.

Dedicated Proxy Server

A form of proxy server that has much more limited firewalling capabilities than an application-proxy gateway.See NIST SP 800-41 Rev. 1 for more information.

Defense-in-Breadth

A planned, systematicset of multidisciplinary activities that seek to identify, manage, and reducerisk of exploitable vulnerabilities at every stage of the system, network, orsub-component life ...

Defense-in-Depth

The application of multiple countermeasures in a layered or stepwise manner to achieve security objectives. The methodology involves layering heterogeneous security technologies in the common ...

Degauss

To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Degaussing any current generation hard disk (including but not limited to ...

Deleted File

A file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence. Deleting files does not ...

Demilitarized Zone (DMZ)

Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance (IA) policy for external ...

Deprecated

Means that the use of the algorithm and key length is allowed, but the user must accept some risk. The term is used when discussing the key lengths ...

DES

The symmetric encryption algorithm defined by the Data Encryption Standard (FIPS 46-2). See NIST SP 800-15 for more information. Data Encryption Standard specified in FIPS 46-3. See NIST SP 800-20 for more information.

Destroy

In this Recommendation, to destroy is an action applied to a key or a piece of secret data. After a key or a piece of ...

Deterministic Algorithm

An algorithm that, given the same inputs, always produces the same outputs. See NIST SP 800-90A Rev. 1 for more information.

DRBG

Deterministic Random Bit Generator (DRBG)An RBG that includes a DRBG mechanism and (at least initially) has access to a randomness source. The DRBG produces a ...

Development Life Cycle

(SDLC)The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates ...

Denial of Service (DoS)

The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the ...

Deny by Default

To block all inbound and outbound traffic that has not been expressly permitted by firewall policy. See NIST SP 800-41 Rev. 1 for more information.

DNS

Domain Name System (DNS) provides a method of resolving host names to IP addresses on the Internet.DNS servers host data in zones. You can think ...

DNSSEC

Domain Name System Security Extensions (DNSSEC) adds security to Domain Name Server (DNS) systems. More specifically, it can help prevent DNS poisoning attacks.DNSDNS servers host ...