Glossary I
ISSO

Information System Security Officer (ISSO)

See system security officer (SSO).See the following for more information:NIST SP 800-30 Rev. 1 under Information System Security OfficerNIST SP 800-39 under Information System Security ...

Read More

Initialization Vector

IV

A binary vector used as the input to initialize the algorithm for the encryption of a plaintext block sequence to increase security by introducing additional ...

Read More

IT

IT

(A) with respect to an executive agency means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, ...

Read More

Intranet

Intranet

A computer network, especially one based on Internet technology, that an organization uses for its own internal (and usually private) purposes and that is closed ...

Read More

PSK

Interface

In a service-oriented architecture, a specification of the operations that a service offers its clients. In WSDL 2.0 an interface component describes sequences of messages ...

Read More

Individuals

Individuals

An assessment object that includes people applying specifications, mechanisms, or activities.See the following under Individuals for more information.CNSSI 4009-2015 NIST SP 800-39.NIST SP 800-137  (NISTIR ...

Read More

Identification-and-authentication

IA

Identification and AuthenticationIdentification and Authentication (NIST SP 800-53 security control family) Information Assurance Measures that protect and defend information and information systems by ensuring ...

Read More

Identifiable-person

Identifiable Person

One who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his ...

Read More

Identification

Identification

The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items. See CNSSI ...

Read More

Identified-information

Identified Information

Information that explicitly identifies an individual  See NISTIR 8053 for more information. 

Read More

Identifier

Identifier

Unique data used to represent a person’s identity and associated attributes. A name or a card number are examples of identifiers. See NIST SP 800-79-2 under Identifier and  NIST SP ...

Read More

Identity

Identity

The set of physical and behavioral characteristics by which an individual is uniquely recognizable. See FIPS 201 under Identity [Withdrawn] and  NIST SP 800-79-2 under Identity for more information. A set ...

Read More

Identity Assurance Level (IAL)

Identity Assurance Level (IAL)

A category that conveys the degree of confidence that the applicant’s claimed identity is their real identity. See NIST SP 800-63-3 for more information.  

Read More

Identity-Provider

Identity Provider (IdP)

The party that manages the subscriber’s primary authentication credentials and issues assertions derived from those credentials. This is commonly the CSP as discussed within this ...

Read More

Identity Registration

Identity Registration

The process of making a person’s identity known to the personal identity verification (PIV) system, associating a unique identifier with that identity, and collecting and ...

Read More

Identity prooofing

Identity Proofing

Verifying the claimed identity of an applicant by authenticating the identity source documents provided by the applicant.  See NIST SP 800-79-2 for more information. The process by which a ...

Read More

Identity Token

Identity Token

Smart card, metal key, or other physical object used to authenticate identity. See CNSSI 4009-2015 for more information. 

Read More

Identity-Verification-1

Identity Verification

The process of testing the media to ensure the information cannot be read. See NIST SP 800-88 Rev. 1 under Verification for more information. Confirmation, through the provision of objective ...

Read More

Image

Image

A package that contains all the files required to run a container. See NIST SP 800-190 for more information.  A file or directory that contains, at a minimum, the ...

Read More

IMPACT

Impact

The effect on organizational operations, organizational assets, individuals, other organizations, or the Nation (including the national security interests of the United States) of a loss ...

Read More

IMAP

IMAP

Internet Message Access ProtocolInternet Message Access Protocol Mail Delivery AgentA method of communication used to read electronic messages stored in a remote server. See NISTIR ...

Read More

IMEI

IMEI

International Mobile Equipment IdentifierInternational Mobile Equipment IdentityA unique number programmed into GSM and UMTS mobile phones.See NISTIR 7250 and  NISTIR 7387 under International Mobile Equipment Identity for more ...

Read More

Impact Level

Impact Level

The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of ...

Read More

Impact Value

Impact Value

The assessed potential impact resulting from a compromise of the confidentiality, integrity, or availability of information expressed as a value of low, moderate ...

Read More

Incident

Incident

An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits ...

Read More

Incident Handling

Incident Handling

An IT security incident is an adverse event in a computer system or network caused by the failure of a security mechanism or an attempted ...

Read More

Incident Response

Incident Response

The mitigation of violations of security policies and recommended practices. See CNSSI 4009-2015 under incident handling (NIST SP 800-61 Rev. 2) for more information.

Read More

Incident Response Plan

Incident Response Plan

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against ...

Read More

Incineration

Incineration

A physically Destructive method of sanitizing media; the act of burning completely to ashes. See  NIST SP 800-88 Rev. 1 for more information. 

Read More

Indirect Identifier

Indirect Identifier

Information that can be used to identify an individual through association with other information.See  NISTIR 8053 for more information. 

Read More

Individual

Individual

A citizen of the United States or an alien lawfully admitted for permanent residence. Agencies may, consistent with individual practice, choose to extend the protections ...

Read More

Individual Accountability

Individual Accountability

Ability to associate positively the identity of a user with the time, method, and degree of access to an information system.  See  CNSSI 4009-2015 for more information. 

Read More

IIHI

IIHI

Individually Identifiable Health InformationInformation that is a subset of health information, including demographic information collected from an individual, and:  (1) Is created or received by a ...

Read More

Industrial Control System (ICS)

Industrial Control System (ICS)

An information system used to control industrial processes such as manufacturing, product handling, production, and distribution.  Industrial control systems include supervisory control and data acquisition ...

Read More

Inference

Inference

This refers to the ability to deduce the identity of a person associated with a set of data through clues contained in that information. This ...

Read More

Information

Information

An instance of an information type. See the following under Information for more details: NIST SP 800-53 Rev. 4(FIPS 199). FIPS 200  (FIPS 199). NIST SP 800-137  (FIPS 199). NIST ...

Read More

Integrity

Integrity

Integrity provides assurances that data has not changed. This includes ensuring that no one has modified, tampered with, or corrupted the data. Ideally, only authorized ...

Read More

Information Leakage

Information Leakage

The intentional or unintentional release of information to an untrusted environment. See NIST SP 800-53 Rev. 4 for more information. 

Read More

Information Management Policy

Information Management Policy

The high-level policy of an organization that specifies what information is to be collected or created, and how it is to be managed. See NIST SP 800-152 for ...

Read More

Information Owner

Information Owner

Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, classification, collection, processing, dissemination, and disposal. See ...

Read More

Information Security Policy

Information Security Policy

A high-level policy of an organization that is created to support and enforce portions of the organization’s Information Management Policy by specifying in more detail ...

Read More

Internet

Internet

The single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share (a) the protocol suite specified by the Internet Architecture Board (IAB) ...

Read More

Internet of Things

Internet of Things

As used in this publication, user or industrial devices that are connected to the internet. IoT devices include sensors, controllers, and household appliances.See the following ...

Read More