Recently updated

A table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object.

Descriptive information about a data object; i.e., data about data, or data labels that describe other data. (See: security label. Compare: metadata)

An organization "that coordinates and supports the response to security incidents that involve sites within a defined constituency." [R2350] (See: CERT, FIRST, security incident.)

A contraction of the term "binary digit"; the smallest unit of information storage, which has two possible states or values. The values usually are represented by the symbols "0" (zero) and "1" (one). (See: block, byte, nibble, word.)

Synonym for "data origin authentication". (See: authentication, data origin authentication.)

A kind of "security policy". (See: access, access control.)

A combination of computer hardware and an operating system (which may consist of software, firmware, or both) for that hardware. (Compare: computer system.)

An act or process by which a certificate user establishes that the assertions made by a digital certificate can be trusted. (See: valid certificate, validate vs. verify.)

Synonym for "hash result". (See: cryptographic hash.)

A cooperative relationship between system entities, usually for the purpose of transferring information between them. (See: security association.)

Information used to verify an identity claimed by or for an entity. (See: authentication, credential, user. Compare: identification information.)

A secure message handling protocol [SDNS7] for use with X.400 and Internet mail protocols. Developed by NSA's SDNS program and used in the U.S. DoD's Defense Message System.

"Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes." [C4009]

Incorporation of new or additional hardware, software, or firmware safeguards in an operational information system.

A mathematical proof of consistency between a specification for system security and the implementation of that specification. (See: correctness, formal specification.)

Information of a particular type concerning an identifiable system entity or object. An "attribute type" is the component of an attribute that indicates the class of information given by the attribute; and an "attribute value" is a particular instance of the class of information indicated by an attribute type. (See: attribute certificate.)

See: Generic Security Service Application Program Interface.

A CA owned by a payment card brand, such as MasterCard, Visa, or American Express. [SET2] (See: certification hierarchy, SET.)

"A self contained, independent entity of data [i.e., a packet] carrying sufficient information to be routed from the source [computer] to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network." [R1983] Example: A PDU of IP.

A symmetric block cipher, defined in the U.S. Government's DES. DEA uses a 64 bit key, of which 56 bits are independently chosen and 8 are parity bits, and maps a 64 bit block into another 64 bit block. [FP046] (See: AES, symmetric cryptography.)

A security label that tells the degree of confidence that may be placed in the data, and may also tell what countermeasures are required to be applied to protect the data from alteration and destruction. (See: integrity. Compare: classification label.)

Principles for managing system security that were stated by Robert H. Courtney, Jr.

A system entity, usually a human individual, that makes use of system resources, primarily for application purposes as opposed to system management purposes.

See: Internet Protocol.

An official, globally unique name for a thing, written as a sequence of integers (which are formed and assigned as defined in the ASN.1 standard) and used to reference the thing in abstract specifications and during negotiation of security services in a protocol.

See: Internet Protocol Suite.

Electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user.

See: electronic codebook.

An unauthorized act of bypassing the security mechanisms of a network or information system.

See: access control center.

An RA for an organization.

The generic term encompassing encipher and encode.

A U.S. Government standard [FP197] (the successor to DES) that (a) specifies "the AES algorithm", which is a symmetric block cipher that is based on Rijndael and uses key sizes of 128, 192, or 256 bits to operate on a 128 bit block, and (b) states policy for using that algorithm to protect unclassified, sensitive data.

Derive a new key from an existing key. (Compare: rekey.)

An integrated microcircuit (in MYK 7x series manufactured by Mykotronx, Inc.) that implements SKIPJACK, has a non deterministic random number generator, and supports key escrow. (See: Escrowed Encryption Standard. Compare: CLIPPER.)

Synonym for "initialization value". (Compare: indicator.)

See: Hypertext Transfer Protocol.

See: secondary definition under "stream integrity service".

To officially designate an information item or type of information as being classified and assigned to a specific security level. (See: classified, declassify, security level.)

See: security architecture, system architecture.

An Internet protocol [R2406, R4303] designed to provide data confidentiality service and other security services for IP datagrams. (See: IPsec. Compare: AH.)

A data structure that enumerates digital certificates that have been invalidated by their issuer prior to when they were scheduled to expire. (See: certificate expiration, delta CRL, X.509 certificate revocation list.)

A computer system in which the operating system and application system software and files have been freshly installed from trusted software distribution media. (Compare: secure state.)

See: output feedback.

Selective termination of affected, non essential system functions when a failure occurs or is detected in the system. (See: failure control.)

Synonym for "certification request".

Synonym for "Network Hardware Layer".

A type of key center (used in symmetric cryptography) that implements a key distribution protocol to provide keys (usually, session keys) to two (or more) entities that wish to communicate securely. (Compare: key translation center.)

See: Internet Protocol Suite.

See: secondary definition under "security".