Terms

Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

A Standard [ITSEC] jointly developed by France, Germany, the Netherlands, and the United Kingdom for use in the European Union; accommodates a wider range of security assurance and functionality combinations than the TCSEC. Superseded by the Common Criteria.

A method [R2827] for countering attacks that use packets with false IP source addresses, by blocking such packets at the boundary between connected networks.

Adversaries may transfer tools or other files from an external system onto a compromised device to facilitate follow on actions. Files may be copied from an external adversary controlled system through the command and control channel or through alternate protocols with another tool such as FTP.

An input parameter that sets the starting state of a cryptographic algorithm or mode. (Compare: activation data.)

Synonym for "initialization value".

Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal device usage, users often provide credentials to various locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Keylogging) or rely on deceiving the user into providing input into what they believe to be a genuine application prompt (e.g. GUI Input Capture).

A malicious application can inject input to the user interface to mimic user interaction through the abuse of Android's accessibility APIs.

See: secondary definition under "stream integrity service".

See: secondary definition under "attack". Compare: insider.

A user (usually a person) that accesses a system from a position that is inside the system's security perimeter. (Compare: authorized user, outsider, unauthorized user.)

A person or group of persons within an organization who pose a potential risk through violating security policies.

"Three dimensional space surrounding equipment that process classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and/or remove a potential TEMPEST exploitation exists." [C4009] (Compare: control zone, TEMPEST zone.)

The IEEE is a not for profit association of approximately 300,000 individual members in 150 countries. The IEEE produces nearly one third of the world's published literature in electrical engineering, computers, and control technology; holds hundreds of major, annual conferences; and maintains more than 800 active standards, with many more under development. (See: SILS.)

The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.

Integrity is the property that data is accurate and has not been improperly modified or destroyed.

A computation that is part of a mechanism to provide data integrity service or data origin authentication service. (Compare: checksum.)

A security label that tells the degree of confidence that may be placed in the data, and may also tell what countermeasures are required to be applied to protect the data from alteration and destruction. (See: integrity. Compare: classification label.)

A circumstance in which an adversary has the technical and operational ability to detect and exploit a vulnerability and also has the demonstrated, presumed, or inferred intent to do so. (See: threat.)

A state of mind or desire to achieve an objective.

A type of threat action whereby an unauthorized entity directly accesses sensitive data while the data is traveling between authorized sources and destinations. (See: unauthorized disclosure.)

See: secondary definition under "obstruction".

The CA that issues a cross certificate to another CA. [X509] (See: cross certification.)

Functions, features, and technical characteristics of computer hardware and software, especially of operating systems. Includes mechanisms to regulate the operation of a computer system with regard to access control, flow control, and inference control. (Compare: external controls.)

A patented, symmetric block cipher that uses a 128 bit key and operates on 64 bit blocks. [Schn] (See: symmetric cryptography.)

See: secondary definition under "ISO".

Rules issued by the U.S. State Department, by authority of the Arms Export Control Act (22 U.S.C. 2778), to control export and import of defense articles and defense services, including information security systems, such as cryptographic systems, and TEMPEST suppression technology. (See: type 1 product, Wassenaar Arrangement.)

Adversaries may gain access into industrial environments through systems exposed directly to the internet for remote access rather than through External Remote Services. Internet Accessible Devices are exposed to the internet unintentionally or intentionally without adequate protections. This may allow for adversaries to move directly into the control system network. Access onto these devices is accomplished without the use of exploits, these would be represented within the Exploit Public Facing Application technique.

A technical advisory group of the ISOC, chartered by the ISOC Trustees to provide oversight of Internet architecture and protocols and, in the context of Internet Standards, a body to which decisions of the IESG may be appealed. Responsible for approving appointments to the IESG from among nominees submitted by the IETF nominating committee. (RFC 2026)

From the early days of the Internet, the IANA was chartered by the ISOC and the U.S. Government's Federal Network Council to be the central coordination, allocation, and registration body for parameters for Internet protocols. Superseded by ICANN.

Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using Ping, <code tracert</code , and GET requests to websites, or performing initial speed testing to confirm bandwidth.

An Internet Standard protocol (RFC 792) that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.

The non profit, private corporation that has assumed responsibility for the IP address space allocation, protocol parameter assignment, DNS management, and root server system management functions formerly performed under U.S. Government contract by IANA and other entities.

A working document of the IETF, its areas, and its working groups. (RFC 2026) (Compare: RFC.)

The part of the ISOC responsible for technical management of IETF activities and administration of the Internet Standards Process according to procedures approved by the ISOC Trustees. Directly responsible for actions along the "standards track", including final approval of specifications as Internet Standards. Composed of IETF Area Directors and the IETF chairperson, who also chairs the IESG. (RFC 2026)

A self organized group of people who make contributions to the development of Internet technology. The principal body engaged in developing Internet Standards, although not itself a part of the ISOC. Composed of Working Groups, which are arranged into Areas (such as the Security Area), each coordinated by one or more Area Directors. Nominations to the IAB and the IESG are made by a committee selected at random from regular IETF meeting attendees who have volunteered. (RFCs 2026, 3935) [R2323]

Abbreviation of "internetwork".

An Internet, IPsec, key establishment protocol [R4306] for putting in place authenticated keying material (a) for use with ISAKMP and (b) for other security associations, such as in AH and ESP.

See: Internet Protocol Suite.

An Internet protocol (RFC 2060) by which a client workstation can dynamically access a mailbox on a server host to manipulate

An Internet protocol [R2801] proposed as a general framework for Internet commerce, able to encapsulate transactions of various proprietary payment systems (e.g., GeldKarte, Mondex, SET, Visa Cash). Provides optional security services by incorporating various Internet security mechanisms (e.g., MD5) and protocols (e.g., TLS).

An X.509 compliant CA that is the top CA of the Internet certification hierarchy operated under the auspices of the ISOC [R1422]. (See: /PEM/ under "certification hierarchy".)

A successor to the PLI, updated to use TCP/IP and newer military grade COMSEC equipment (TSEC/KG 84). The IPLI was a portable, modular system that was developed for use in tactical, packet radio networks. (See: end to end encryption.)

An Internet Standard, Internet Layer protocol that moves datagrams (discrete sets of bits) from one computer to another across an internetwork but does not provide reliable delivery, flow control, sequencing, or other end to end services that TCP provides. IP version 4 (IPv4) is specified in RFC 791, and IP version 6 (IPv6) is specified in RFC 2460. (See: IP address, TCP/IP.)

Refers to one of three types of IP security options, which are fields that may be added to an IP datagram for carrying security information about the datagram. (Compare: IPsec.)

The set of network communication protocols that are specified by the IETF, and approved as Internet Standards by the IESG, within the oversight of the IAB. (See: OSIRM Security Architecture. Compare: OSIRM.)

An Internet IPsec protocol [R2408] to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.

A professional society concerned with Internet development (including technical Internet Standards); with how the Internet is and can be used; and with social, political, and technical issues that result. The ISOC Board of Trustees approves appointments to the IAB from among nominees submitted by the IETF nominating committee. (RFC 2026)

A specification, approved by the IESG and published as an RFC, that is stable and well understood, is technically competent, has multiple, independent, and interoperable implementations with substantial operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Internet. (RFC 2026) (Compare: RFC.)

A system of interconnected networks; a network of networks. Usually shortened to "internet". (See: internet, Internet.)