Consists of the information passed down from the previous layer.


Access control based on user roles (i.e., a collection of access authorizations a user


To write data on a medium, such as a magnetic tape, magnetic disk, or optical disk.


An authentication and accounting system used to control access to an ISP.

Event Aggregation

The consolidation of similar log entries into a single entry containing a count of the number


Business Continuity Plan. The documentation of a predetermined set of instructions

Message Digest

The result of applying a cryptographic hash function to data (e.g., a message).


A computer program that can run independently, can propagate a complete working

Wireless Device

Any device that can connect to an ICS network via radio or infrared waves

Event Correlation

Finding relationships between two or more log entries. See NIST SP 800-92

Network Discovery

The process of discovering active and responding hosts on a network


Process intended to render magnetically stored information irretrievable by normal means.

Key Owner

A person authorized by an FCKMS service provider or FCKMS service

Information Owner

Official with statutory or operational authority for specified information

Remote Access

Access to an organizational information system by a user (or an information system)

Flash ROM

Non-volatile memory that is writable.
NIST SP 800-101 Rev. 1

Risk Assessment

The process of identifying risks to organizational operations, organizational assets,

Replay Attacks

An attack in which the Attacker is able to replay previously captured messages


The means used to confirm the identity of a user, processor, or device

Threat Intelligence

Threat information that has been aggregated, transformed, analyzed, interpreted


A token or packet of information that is used to provide assurance of timeliness