Skip to content
SynAc
Discovery

Recently updated

Published entries ordered by most recent updates.

  1. TERMchain

    See: trust chain.

  2. TERMTransient Cyber Asset

    Adversaries may target devices that are transient across ICS networks and external networks. Normally, transient assets are brought into an environment by authorized personnel and do not remain in that environment on a permanent basis. (Citation: North American Electric Reliability Corporation June 2021) Transient assets are commonly needed to support management functions and may be more common in systems where a remotely managed asset is not feasible, external connections for remote access do not exist, or 3rd party contractor/vendor access is required.

  3. TERMinformation assurance

    The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.

  4. TERMdowngrade

    Reduce the security level of data (especially the classification level) without changing the information content of the data. (Compare: downgrade.)

  5. TERMSupply Chain Compromise

    Adversaries may perform supply chain compromise to gain control systems environment access by means of infected products, software, and workflows. Supply chain compromise is the manipulation of products, such as devices or software, or their delivery mechanisms before receipt by the end consumer. Adversary compromise of these products and mechanisms is done for the goal of data or system compromise, once infected products are introduced to the target environment.

  6. ACRONYMCCEP

    See: Commercial COMSEC Endorsement Program.

  7. TERMover-the-air rekeying

    Changing a key in a remote cryptographic device by sending a new key directly to the device via a channel that the device is protecting. [C4009]

  8. TERMCOMSEC accounting

    The process of creating, collecting, and maintaining data records that describe the status and custody of designated items of COMSEC material. (See: accounting legend code.)

  9. TERMCompartments field

    A 16 bit field (the "C field") that specifies compartment values in the security option (option type 130) of version 4 IP's datagram header format. The valid field values are assigned by the U.S. Government, as specified in RFC 791.

  10. TERMdecode

    To convert encoded text to plain text by means of a code.

  11. TERMhoney pot

    A system (e.g., a web server) or system resource (e.g., a file on a server) that is designed to be attractive to potential crackers and intruders, like honey is attractive to bears. (See: entrapment.)

  12. TERMblock cipher

    An encryption algorithm that breaks plain text into fixed size segments and uses the same key to transform each plaintext segment into a fixed size segment of cipher text. Examples: AES, Blowfish, DEA, IDEA, RC2, and SKIPJACK. (See: block, mode. Compare: stream cipher.)

  13. TERMdecipherment

    Synonym for "decryption".

  14. TERM*-property

    Synonym for "confinement property" in the context of the Bell LaPadula model. Pronunciation: star property.

  15. TERMevaluated system

    A system that has been evaluated against security criteria (for example, against the TCSEC or against a profile based on the Common Criteria).

  16. ACRONYMBCR

    See: BLACK/Crypto/RED.

  17. TERMbaked-in security

    The inclusion of security mechanisms in an information system beginning at an early point in the system's lifecycle, i.e., during the design phase, or at least early in the implementation phase. (Compare: add on security.)

  18. TERMcleartext

    Synonym for "clear text" [I7498 2].

  19. TERMinterception

    A type of threat action whereby an unauthorized entity directly accesses sensitive data while the data is traveling between authorized sources and destinations. (See: unauthorized disclosure.)

  20. TERMCOMSEC custodian

    "Individual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account." [C4009]

  21. ACRONYMKMID

    See: keying material identifier.

  22. TERMDynamic Resolution

    Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. This algorithm can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.

  23. TERMidentifying information

    Synonym for "identifier"; synonym for "authentication information". (See: authentication, identification information.)

  24. TERMbrain-damaged

    "Obviously wrong: extremely poorly designed. Calling something brain damaged is very extreme. The word implies that the thing is completely unusable, and that its failure to work is due to poor design, not accident." [NCSSG] (See: flaw.)

  25. TERMkey loader

    Synonym for "fill device".

  26. TERMcompartment

    A grouping of sensitive information items that require special access controls beyond those normally provided for the basic classification level of the information. (See: compartmented security mode. Compare: category, classification.)

  27. TERMonion routing

    A system that can be used to provide both (a) data confidentiality and (b) traffic flow confidentiality for network packets, and also provide (c) anonymity for the source of the packets.

  28. TERMcovert action

    An operation that is planned and executed in a way that conceals the identity of the operator.

  29. ACRONYMHIPAA

    Health Information Portability and Accountability Act of 1996, a U.S. law (Public Law 104 191) that is intended to protect the privacy of patients' medical records and other health information in all forms, and mandates security for that information, including for its electronic storage and transmission.

  30. TERMkey

    An input parameter used to vary a transformation function performed by a cryptographic algorithm. (See: private key, public key, storage key, symmetric key, traffic key. Compare: initialization value.)

  31. ACRONYMOTAR

    See: over the air rekeying.

  32. TERMidentity proofing

    A process that vets and verifies the information that is used to establish the identity of a system entity. (See: registration.)

  33. ACRONYMCAM

    See: Certificate Arbitrator Module.

  34. TERMformal access approval

    Documented approval by a data owner to allow access to a particular category of information in a system. (See: category.)

  35. TERMAffirm

    A formal methodology, language, and integrated set of software tools developed at the University of Southern California's Information Sciences Institute for specifying, coding, and verifying software to produce correct and reliable programs. [Cheh]

  36. TERMlevel of concern

    A rating assigned to an information system that indicates the extent to which protective measures, techniques, and procedures must be applied. (See: critical, sensitive, level of robustness.)

  37. TERMIEEE P1363

    An IEEE working group, Standard for Public Key Cryptography, engaged in developing a comprehensive reference standard for asymmetric cryptography. Covers discrete logarithm (e.g., DSA), elliptic curve, and integer factorization (e.g., RSA); and covers key agreement, digital signature, and encryption.

  38. TERMcryptographic module

    A set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the module's "cryptographic boundary", which is an explicitly defined contiguous perimeter that establishes the physical bounds of the module. [FP140]

  39. TERMAcceptable Risk

    Level of residual risk to the organization’s operations, assets, or individuals that falls within the defined risk appetite and risk tolerance by the organization.

    Governance & Risk
  40. ACRONYMOAKLEY

    A key establishment protocol (proposed for IPsec but superseded by IKE) based on the Diffie Hellman Merkle algorithm and designed to be a compatible component of ISAKMP. [R2412]

  41. TERMlattice model

    A description of the semantic structure formed by a finite set of security levels, such as those used in military organizations. (See: dominate, lattice, security model.)

  42. TERMNetwork Denial of Service

    Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Network DoS can be performed by exhausting the network bandwidth that services rely on, or by jamming the signal going to or coming from devices.

  43. ACRONYMP1363

    See: IEEE P1363.

  44. TERMidentification information

    Synonym for "identifier"; synonym for "authentication information". (See: authentication, identifying information.)

  45. ACRONYMCMM

    See: Capability Maturity Model.

  46. TERMkey confirmation

    "The assurance [provided to] the legitimate participants in a key establishment protocol that the [parties that are intended to share] the symmetric key actually possess the shared symmetric key." [A9042]

  47. TERMC field

    See: Compartments field.

  48. TERMbump-in-the-stack

    An implementation approach that places a network security mechanism inside the system that is to be protected. (Compare: bump in the wire.)

  49. ACRONYMMARS

    A symmetric, 128 bit block cipher with variable key length (128 to 448 bits), developed by IBM as a candidate for the AES.

  50. TERMMultics

    MULTiplexed Information and Computing Service, an MLS computer timesharing system designed and implemented during 1965 69 by a consortium including Massachusetts Institute of Technology, General Electric, and Bell Laboratories, and later offered commercially by Honeywell.