Term

indicator

An occurrence or sign that an incident may have occurred or may be in progress.

Senses

Sense 1

An occurrence or sign that an incident may have occurred or may be in progress.

References

NICCS (CISA) Cybersecurity VocabularyJan 06, 2026
NICCS glossary export (CSV)
https://niccs.cisa.gov/rest/vocab/export-csv
NICCS is a CISA (DHS) program. Individual glossary entries include a "From" attribution (e.g., CNSSI 4009, NIST SPs, NICE Framework). Treat "From" values as upstream provenance and verify before quoting large portions of text.
Source: NICCS (CISA) Cybersecurity Vocabulary (niccs.cisa.gov).

(N)

An action -- either specific, generalized, or theoretical -- that an adversary might be expected to take in preparation for an attack. [C4009] (See: "attack sensing, warning, and response". Compare: message indicator.)

References

IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026
RFC 4949 — Internet Security Glossary (Version 2)
https://www.rfc-editor.org/rfc/rfc4949.txt
RFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.
Source: IETF RFC 4949 (rfc-editor.org).