Recently updated

To work on something, especially to program a computer. (See: hacker.)

See: information operations condition

An OSI protocol [X519] for communication between a Directory User Agent (a type of X.500 client) and a Directory System Agent (a type of X.500 server). (See: LDAP.)

Synonym for "security audit trail".

The U.S. DoD's shared, interconnected system of computers, communications, data, applications, security, people, training, and support structures, serving information needs worldwide. (See: DISN.) Usage: Has evolved to be called the GIG.

A mechanism that facilitates the adjudication of the different security policies of interconnected systems. (See: domain, guard.)

Information that pertains to a certificate policy and is included in a "certificatePolicies" extension in a v3 X.509 public key certificate.

Adversaries may utilize standard operating system APIs to collect data from permission backed data stores on a device, such as the calendar or contact list. These permissions need to be declared ahead of time. On Android, they must be included in the application’s manifest. On iOS, they must be included in the application’s file.

An Internet protocol [R2402, R4302] designed to provide connectionless data integrity service and connectionless data origin authentication service for IP datagrams, and (optionally) to provide partial sequence integrity and protection against replay attacks. (See: IPsec. Compare: ESP.)

A person who has been authorized to direct selected functions of a system. (Compare: manager, user.)

Adversaries may hook into application programming interface (API) functions used by processes to redirect calls for execution and privilege escalation means. Windows processes often leverage these API functions to perform tasks that require reusable system resources. Windows API functions are typically stored in dynamic link libraries (DLLs) as exported functions. (Citation: Enterprise ATT&CK)

A PKI being planned to establish facilities, specifications, and policies needed by the U.S. Government to use public key certificates in systems involving unclassified but sensitive applications and interactions between Federal agencies as well as with entities of state and local governments, the business community, and the public. [FPKI]

A small, trusted part of a system that provides services on which the other parts of the system depend. (See: security kernel.)

Adversaries may attempt to get a listing of security applications and configurations that are installed on a device. This may include things such as mobile security products. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow on behaviors, including whether or not to fully infect the target and/or attempt specific actions.

"A statement of the practices which a certification authority employs in issuing certificates." [DSG, R3647] (See: certificate policy.)

The organization that has the final statutory and operational authority for specified information.

Purdue University's Center for Education and Research in Information Assurance and Security, which includes faculty from multiple schools and departments and takes a multidisciplinary approach to security problems ranging from technical to ethical, legal, educational, communicational, linguistic, and economic.

Used to mean either a CA or an RA. [DoD7, SP32]

The non profit, private corporation that has assumed responsibility for the IP address space allocation, protocol parameter assignment, DNS management, and root server system management functions formerly performed under U.S. Government contract by IANA and other entities.

Adversaries may seek to capture radio frequency (RF) communication used for remote control and reporting in distributed environments. RF communication frequencies vary between 3 kHz to 300 GHz, although are commonly between 300 MHz to 6 GHz. (Citation: Candell, R., Hany, M., Lee, K. B., Liu,Y., Quimby, J., Remley, K. April 2018) The wavelength and frequency of the signal affect how the signal propagates through open air, obstacles (e.g. walls and trees) and the type of radio required to capture them. These characteristics are often standardized in the protocol and hardware and may have an effect on how the signal is captured. Some examples of wireless protocols that may be found in cyber physical environments are: WirelessHART, Zigbee, WIA FA, and 700 MHz Public Safety Spectrum.

See: Federal Information Processing Standards.

See: Message Security Protocol.

Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for subsequent Lateral Movement or Discovery techniques. Functionality could exist within adversary tools to enable this, but utilities available on the operating system or vendor software could also be used. (Citation: Enterprise ATT&CK January 2018)

A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources.

Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the mobile device, and often the results of those commands, will be embedded within the protocol traffic between the mobile device and server.

See: counter mode.

A person that is responsible for configuring, maintaining, and administering the TOE in a correct manner for maximum security. (See: administrative security.)

Information that has been determined, pursuant to Executive Order 12958 or any predecessor order, to require protection against unauthorized disclosure. [C4009]

A method of generating authentication information for a person by digitizing measurements of a physical or behavioral

A cryptographic key that is used in an asymmetric cryptographic algorithm. (See: asymmetric cryptography, private key, public key.)

The security level of information to which a security clearance authorizes a person to have access.

Synonym for "erase". [C4009]

Adversaries may exploit the lack of authentication in signaling system network nodes to track the location of mobile devices by impersonating a node.(Citation: Engel SS7)(Citation: Engel SS7 2008)(Citation: 3GPP Security)(Citation: Positive SS7)(Citation: CSRIC5 WG10 FinalReport)

Adversaries may cause loss of productivity and revenue through disruption and even damage to the availability and integrity of control system operations, devices, and related processes. This technique may manifest as a direct effect of an ICS targeting attack or tangentially, due to an IT targeting attack against non segregated environments.

A block cipher mode that enhances ECB mode by ensuring that each encrypted block is different from every other block encrypted under the same key. [SP38A] (See: block cipher.)

A scheme that encodes 128 specified characters the numbers 0 9, the letters a z and A Z, some basic punctuation symbols, some control codes that originated with Teletype machines, and a blank space into the 7 bit binary integers. Forms the basis of the character set representations used in most computers and many Internet standards. [FP001] (See: code.)

To physically separate or isolate a system from other systems or networks (verb).

An OSI protocol (IS0 11577) for end to end encryption services at the top of OSIRM Layer 3. NLSP is derived from SP3 but is more complex. (Compare: IPsec.)

A physical (usually electronic) token used to store, transport, and protect cryptographic keys and activation data. (Compare: dongle, fill device.)

An organized assembly of computing and communication resources and procedures i.e., equipment and services, together with their supporting infrastructure, facilities, and personnel that create, collect, record, process, store, transport, retrieve, display, disseminate, control, or dispose of information to accomplish a specified set of functions. (See: system entity, system resource. Compare: computer platform.)

The U.S. Government standard [FP140] for security requirements to be met by a cryptographic module when the module is used to protect unclassified information in computer and communication systems. (See: Common Criteria, FIPS, Federal Standard 1027.)

A client computer program that can retrieve and display information from servers on the World Wide Web. Examples: Netscape Navigator and Microsoft Internet Explorer.

The main Internet operations database, which is distributed over a collection of servers and used by client software for purposes such as (a) translating a domain name style host name into an IP address (e.g., "rosslyn.bbn.com" translates to "192.1.7.10") and (b) locating a host that accepts mail for a given mailbox address. (RFC 1034) (See: domain name.)

"Definable perimeter encompassing all hardware, firmware, and software components performing critical COMSEC functions, such as key generation and key handling and storage." [C4009] (Compare: cryptographic boundary.)

The definition or representation of a resource, tool, or mechanism used to maintain a condition of security in computerized environments. Includes many items referred to in standards that are either selected or defined by separate user communities. [CSOR] (See: object identifier, Computer Security Objects Register.)

A security service that provides the originator of data with evidence that proves the data was received as addressed, and thus protects the originator against an attempt by the recipient to falsely deny receiving the data. (See: non repudiation service.)

Adversaries may use legitimate remote access software, such as , , , , etc., to establish an interactive command and control channel to target mobile devices.

A grouping of classified information to which a hierarchical, restrictive security label is applied to increase protection of the data from unauthorized disclosure. (See: aggregation, classified, data confidentiality service. Compare: category, compartment.)

Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: credentials changed) to remove access to accounts.

A data object often, a printable, non blank character string that definitively represents a specific identity of a system entity, distinguishing that identity from all others. (Compare: identity.)