Glossary T
the federal information security management act (fisma)

The Federal Information Security Management Act (FISMA)

Requires agencies to integrate IT security into their capital planning and enterprise architecture processes at the agency, conduct annual IT security reviews of all programs ...

Read More

threat analysis

Threat Analysis

Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat.See CNSSI 4009-2015 under threat ...

Read More

URI

Time bomb

Resident computer program that triggers an unauthorized act at a predefined time.See CNSSI 4009-2015 for more information.

Read More

Tabletop Exercise

Tabletop Exercise

A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate ...

Read More

TTP

TTP

Tactics, Techniques, and Procedures (TTPs)The behavior of an actor. A tactic is the highest-level description of this behavior, while techniques give a more detailed description ...

Read More

Technical Controls

Technical Controls

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in ...

Read More

Technical Security Controls

Technical Security Controls

Security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the ...

Read More

Telecommuting

Telecommuting

The ability for an organization’s employees and contractors to conduct work from locations other than the organization’s facilities. See NIST SP 800-114 under Telework for more information. 

Read More

Telework

Telework

See Telecommuting for more information.

Read More

Tempest

Tempest

A name referring to the investigation, study, and control of unintentional compromising emanations from telecommunications and automated information systems equipment.  See FIPS 140-2 for more information. 

Read More

Third-Party Providers

Third-Party Providers

Service providers, integrators, vendors, telecommunications, and infrastructure support that are external to the organization that operates the manufacturing system.  See NISTIR 8183 for more information. 

Read More

Threats

Threats

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information ...

Read More

Threat Actor

Threat Actor

An individual or a group posing a threat. See  NIST SP 800-150 under Threat Actor for more information. See threat actor under NIST SP 800-150 for more information. 

Read More

Threat Intelligence

Threat Intelligence

Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes. See NIST SP 800-150 for more information.  

Read More

Timestamp

Timestamp

A token or packet of information that is used to provide assurance of timeliness; the timestamp contains timestamped data, including a time, and a signature ...

Read More

Token

Token

The means used to confirm the identity of a user, processor, or device (e.g., user password or token). See NIST SP 800-53 Rev. 4 under Authenticator for more ...

Read More

Total Risk

Total Risk

The potential for the occurrence of an adverse event if no mitigating action is taken (i.e., the potential for any applicable threat to exploit a ...

Read More

Training

Training

The ‘Training’ level of the learning continuum strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT ...

Read More

Transmission

Transmission

The state that exists when information is being electronically sent from one location to one or more other locations.See NIST SP 800-53 Rev. 5 for more ...

Read More

Transmission Control Protocol

Transmission Control Protocol

TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a ...

Read More

Transport Layer Security

Transport Layer Security

An authentication and encryption protocol widely implemented in browsers and Web servers. HTTP traffic transmitted using TLS is known as HTTPS. See NISTIR 7711 under Transport Layer ...

Read More