Glossary D
DSIG

DSIG

The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer ...

Read More

Disposal

Disposal

Disposal is a release outcome following the decision that media does not contain sensitive data. This occurs either because the media never contained sensitive data ...

Read More

Disruption

Disruption

An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power ...

Read More

Control

Disclosure

Divulging of, or provision of access to, data.See NISTIR 8053 from ISO/TS 25237:2008 for more information.

Read More

DH

DH

Diffie HellmanA method used to securely exchange or establish secret keys across an insecure network. Ephemeral Diffie-Hellman is used to create temporary or single-use secret ...

Read More

default classification

Default Classification

Classification reflecting the highest classification being processed in an information system. Default classification is included in the caution statement affixed to an object.See CNSSI 4009-2015 for ...

Read More

Decryption

Decryption

The process of transforming ciphertext into plaintext using a cryptographic algorithm and key.See NIST SP 800-56B Rev. 1 for more information.The process of changing ciphertext ...

Read More

Demilitarize

Demilitarize

The process of preparing National Security System equipment for disposal by extracting all CCI, classified, or CRYPTO-marked components for their secure destruction, as well as ...

Read More

classified information spillage

Decrypt

A generic term encompassing decoding and deciphering.See CNSSI 4009-2015 (NSA/CSS Manual Number 3-16 (COMSEC)) for more information.

Read More

decode

Decode

Convert encoded data back to its original form of representation.See CNSSI 4009-2015 and (IETF RFC 4949 Ver 2) for more information.

Read More

DAC

DAC

Discretionary Access ControlAn access control policy that is enforced over all subjects and objects in an information system where the policy specifies that a subject ...

Read More

Data Aggregation

Data Aggregation

Compilation of individual data systems and data that could result in the totality of the information being classified, or classified at a higher level, ...

Read More

Data-confidentiality

Data Confidentiality

Data Confidentiality deals with protecting against the disclosure of information by ensuring that the data is limited to those authorized or by representing the data in such ...

Read More

Data-Encryption-and-Symmetric-Block-Ciphers

Data Encryption Standard

The symmetric encryption algorithm defined by the Data Encryption Standard (FIPS 46-2).  See NIST SP 800-15 under DES for more information. Data Encryption Standard specified in FIPS 46-3. See NIST ...

Read More

Data-Governance

Data Governance

A set of processes that ensures that data assets are formally managed throughout the enterprise. A data governance model establishes authority and management and decision making parameters ...

Read More

Data-Integrity

Data Integrity

A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. In this Recommendation, the statement ...

Read More

Data-link-layer

Data Link Layer

Layer of the TCP/IP protocol stack that handles communications on the physical network components such as Ethernet. See NIST SP 800-113 for more information 

Read More

Data-Loss

Data Loss

The exposure of proprietary, sensitive, or classified information through either data theft or data leakage. See CNSSI 4009-2015 (NIST SP 800-137) and NIST SP 800-137 under Data Loss for more information. 

Read More

Data-Loss-Prevention

Data Loss Prevention

A systems ability to identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. ...

Read More

Database

Database

A repository of information that usually holds plant-wide information including process data, recipes, personnel data, and financial data. See NIST SP 800-82 Rev. 2 and (NISTIR 6859) for more information. A ...

Read More

DATO

DATO

Denial of Authorization to Operate; issued by a DAO to an issuer that is not authorized as being reliable for the issuance of PIV Cards ...

Read More

DDoS

DDoS

A Denial of Service technique that uses numerous hosts to perform the attack. See  NISTIR 7711 under Distributed Denial of Service for more information. 

Read More

Decipher

Decipher

Convert enciphered text to plain text by means of a cryptographic system.See CNSSI 4009-2015 for more information.

Read More

Dedicated Proxy Server

Dedicated Proxy Server

A form of proxy server that has much more limited firewalling capabilities than an application-proxy gateway.See NIST SP 800-41 Rev. 1  for more information.

Read More

Defense-in-Breadth

Defense-in-Breadth

A planned, systematicset of multidisciplinary activities that seek to identify, manage, and reducerisk of exploitable vulnerabilities at every stage of the system, network, orsub-component life ...

Read More

Defense-in-Depth

Defense-in-Depth

The application of multiple countermeasures in a layered or stepwise manner to achieve security objectives. The methodology involves layering heterogeneous security technologies in the common ...

Read More

Degauss

Degauss

To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Degaussing any current generation hard disk (including but not limited to ...

Read More

Deleted File

Deleted File

A file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence. Deleting files does not ...

Read More

Demilitarized Zone (DMZ)

Demilitarized Zone (DMZ)

Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance (IA) policy for external ...

Read More

Deprecated

Deprecated

Means that the use of the algorithm and key length is allowed, but the user must accept some risk. The term is used when discussing the key lengths ...

Read More

DES

DES

The symmetric encryption algorithm defined by the Data Encryption Standard (FIPS 46-2).  See NIST SP 800-15 for more information.  Data Encryption Standard specified in FIPS 46-3. See NIST SP 800-20 for more information. 

Read More

Destroy

Destroy

In this Recommendation, to destroy is an action applied to a key or a piece of secret data. After a key or a piece of ...

Read More

Deterministic Algorithm

Deterministic Algorithm

An algorithm that, given the same inputs, always produces the same outputs. See  NIST SP 800-90A Rev. 1 for more information. 

Read More

DRBG

DRBG

Deterministic Random Bit Generator (DRBG)An RBG that includes a DRBG mechanism and (at least initially) has access to a randomness source. The DRBG produces a ...

Read More

Development Life Cycle

Development Life Cycle

(SDLC)The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates ...

Read More

Denial of Service (DoS)

Denial of Service (DoS)

The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the ...

Read More

Deny by Default

Deny by Default

To block all inbound and outbound traffic that has not been expressly permitted by firewall policy.  See NIST SP 800-41 Rev. 1 for more information. 

Read More

DNS

DNS

Domain Name System (DNS) provides a method of resolving host names to IP addresses on the Internet.DNS servers host data in zones. You can think ...

Read More

DNSSEC

DNSSEC

Domain Name System Security Extensions (DNSSEC) adds security to Domain Name Server (DNS) systems. More specifically, it can help prevent DNS poisoning attacks.DNSDNS servers host ...

Read More