Unauthorized user who attempts to or gains access to an information system. See CNSSI 4009-2015 and NIST SP 800-12 Rev. 1 under Hacker (CNSSI 4009) for more information.
Protocol dialogue between two systems for identifying and authenticating themselves to each other, or for synchronizing their operations with each other. See CNSSI 4009-2015 (IETF RFC 4949 Ver 2) for more ...
A process intended to eliminate a means of attack by patching vulnerabilities and turning off nonessential services. See NIST SP 800-152 for more information.
Any adverse effects that would be experienced by an individual (i.e., that may be socially, physically, or financially damaging) or an organization if the confidentiality ...
A cryptographic hash function, such as SHA-1. See NIST SP 800-135 Rev. 1 under HASH for more information. A function which maps strings of bits to fixed-length strings of bits, satisfying ...
Hash- Based Message Authentication CodeKeyed-Hash Message Authentication Code specified in [FIPS198].See NIST SP 800-57 Part 1 Rev. 4 under HMAC for more information.Keyed-hash Message Authentication ...
The result ofapplying a hash function to a message. Also known as a “hash value” or “hashoutput”.See CNSSI4009-2015 under message digest (NIST SP 800-107 Rev. 1) for more ...
The result of applying a cryptographic hash function to data (e.g., a message). Also known as a “message digest”.See NISTSP 800-106 formore information.The fixed-length bitstring produced ...
The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data. See the following under Hashing ...
Any information, whether oral or recorded in any form or medium,that: Is created or received by a healthcare provider, health plan, public health authority, employer, ...
Health Insurance Portability and Accountability ActThe primary law in the United States that governs the privacy of healthcare information. See NISTIR 8053 under Health Insurance Portability ...
The loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, ...
An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS Publication 199 potential impact value of ...
A system (e.g., a webserver) or system resource (e.g., a file on a server) that is designed to beattractive to potential crackers and intruders, like ...
A host is any hardware device that has the capability of permitting access to a network via a user interface, specialized software, network address, protocol ...
Host-based Intrusion Detection and Prevention SystemA program that monitors the characteristics of a single host and the events occurring within that host to identify and ...
Asoftware-based firewall installed on a server to monitor and control itsincoming and outgoing network traffic.See NISTSP 800-41 Rev. 1 for more information.
The operating system kernel shared by multiple applications within an application virtualization architecture. See NIST SP 800-190 for more information. In a hosted virtualization solution, the OS that the ...
A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. See CNSSI 4009-2015 (NIST SP ...
Updated code from Microsoft that addresses a specific security problem. See NIST SP 800-69 for more information. Microsoft’s term for “patch”. See NIST SP 800-44 Version 2 for more information.
A standard method for communication between clients and Web servers. See NISTIR 7250 and NISTIR 7387 under HyperText Transfer Protocol for more information.
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together ...
A security control that is implemented in an information system in part as a common control and in part as a system-specific control. See the following under Hybrid Security Control for ...
The virtualization component that manages the guest OSs on a host and controls the flow of instructions between the guest OSs and the physical hardware. See NIST ...