Cyber Glossary - C
Call Back – Procedure for identifying and authenticating a remote information system terminal, whereby the host system disconnects the terminal and reestablishes contact. (CNSSI-4009) (NISTIR)
Campaign Plan. A plan for a series of related military operations aimed at accomplishing a strategic or operational objective within a given time and space. (JP 1-02) (Jt Pub 3-13)
Canister – Type of protective package used to contain and dispense keying material in punched or printed tape form. (CNSSI-4009) (NISTIR)
Capability - The means to accomplish a mission, function, or objective. (Adapted from: DHS Risk Lexicon) (NICCS)
Related Term(s): intent
Capstone Policies – Those policies that are developed by governing or coordinating institutions of Health Information Exchanges (HIEs). They provide overall requirements and guidance for protecting health information within those HIEs. Capstone Policies must address the requirements imposed by:
(1) all laws, regulations, and guidelines at the federal, state, and local levels;
(2) business needs; and (3) policies at the institutional and HIE levels. (NISTIR-7497) (NISTIR)
Capture – The method of taking a biometric sample from an end user. (FIPS 201) (NISTIR)
Cardholder – An individual possessing an issued Personal Identity Verification (PIV) card. (FIPS 201) (NISTIR)
Cascading – Downward flow of information through a range of security levels greater than the accreditation range of a system, network, or component. (CNSSI-4009) (NISTIR)
Category – Restrictive label applied to classified or unclassified information to limit access. (CNSSI-4009) (NISTIR)
CBC/MAC – See Cipher Block Chaining-Message Authentication Code.
CCM – See Counter with Cipher-Block Chaining-Message Authentication Code
Central Office of Record (COR) – Office of a federal department or agency that keeps records of accountable COMSEC material held by elements subject to its oversight (CNSSI-4009) (NISTIR)
Central Services Node (CSN) – The Key Management Infrastructure core node that provides central security management and data management services. SOURCE: (CNSSI-4009) (NISTIR)
Certificate – A digital representation of information which at least
1) identifies the certification authority issuing it,
2) names or identifies its subscriber,
3) contains the subscriber's public key,
4) identifies its operational period, and
5) is digitally signed by the certification authority issuing it. (SP 800-32) (NISTIR)
A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its cryptoperiod. (SP 800-21) (NISTIR)
A digitally signed representation of information that
1) identifies the authority issuing it,
2) identifies the subscriber,
3) identifies its valid operational period (date issued / expiration date). In the information assurance (IA) community, certificate usually implies public key certificate and can have the following types:
Certificate Management – Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed. (CNSSI-4009) (NISTIR)
Certificate Management Authority – (CMA) A Certification Authority (CA) or a Registration Authority (RA). (SP 800-32) (NISTIR)
Certificate Policy (CP) – A specialized form of administrative policy tuned to electronic transactions performed during certificate management.
A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system.
By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications. (CNSSI-4009; SP 800-32) (NISTIR)
Certificate-Related Information – Information, such as a subscriber's postal address, that is not included in a certificate. May be used by a Certification Authority (CA) managing certificates. (SP 800-32) (NISTIR)
Data, such as a subscriber's postal address that is not included in a certificate. May be used by a Certification Authority (CA) managing certificates. (CNSSI-4009) (NISTIR)
Certificate Revocation List (CRL) – A list of revoked public key certificates created and digitally signed by a Certification Authority. SOURCE: SP 800-63; FIPS 201 (NISTIR)
Certificate Status Authority – A trusted entity that provides online verification to a Relying Party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate. (SP 800-32; CNSSI-4009) (NISTIR)
Certification – A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. (FIPS 200) (NISTIR)
The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness. (FIPS 201) (NISTIR)
Comprehensive evaluation of the technical and nontechnical security safeguards of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. See Security Control Assessment. (CNSSI-400) (NISTIR)
Certification Analyst – The independent technical liaison for all stakeholders involved in the C&A process responsible for objectively and independently evaluating a system as part of the risk management process. Based on the security requirements documented in the security plan, performs a technical and non-technical review of potential vulnerabilities in the system and determines if the security controls (management, operational, and technical) are correctly implemented and effective. (CNSSI-4009) (NISTIR)
Certification Authority (CA) – A trusted entity that issues and revokes public key certificates. (FIPS 201) (NISTIR)
The entity in a public key infrastructure (PKI) that is responsible for issuing certificates and exacting compliance to a PKI policy. (SP 800-21; FIPS 186) (NISTIR)
- For Certification and Accreditation (C&A) (C&A Assessment): Official responsible for performing the comprehensive evaluation of the security features of an information system and determining the degree to which it meets its security requirements
- For Public Key Infrastructure (PKI): A trusted third party that issues digital certificates and verifies the identity of the holder of the digital certificate. (CNSSI-4009) (NISTIR)
Certification Authority Facility – The collection of equipment, personnel, procedures and structures that are used by a Certification Authority to perform certificate issuance and revocation. (SP 800-32) (NISTIR)
Certification Authority Workstation (CAW) – Commercial off-the-shelf (COTS) workstation with a trusted operating system and special-purpose application software that is used to issue certificates (CNSSI-4009) (NISTIR)
Certification Package – Product of the certification effort documenting the detailed results of the certification activities. (CNSSI-400)
Certification Practice Statement – (CPS) A statement of the practices that a Certification Authority employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this Certificate Policy, or requirements specified in a contract for services). SOURCE: SP 800-32; CNSSI-4009) (NISTIR)
Certification Test and Evaluation – (CT&E) Software and hardware security tests conducted during development of an information system. (CNSSI-4009) (NISTIR)
Certified TEMPEST Technical Authority (CTTA) – An experienced, technically qualified U.S. government employee who has met established certification requirements in accordance with CNSS-approved criteria and has been appointed by a U.S. government department or agency to fulfill CTTA responsibilities. (CNSSI-4009) (NISTIR)
Certifier – Individual responsible for making a technical judgment of the system’s compliance with stated requirements, identifying and assessing the risks associated with operating the system, coordinating the certification activities, and consolidating the final certification and accreditation packages. (CNSSI-4009) (NISTIR)
Chain of Custody – A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer. (SP 800-72; CNSSI-4009) (NISTIR)
Chain of Evidence – A process and record that shows who obtained the evidence; where and when the evidence was obtained; who secured the evidence; and who had control or possession of the evidence. The “sequencing” of the chain of evidence follows this order: collection and identification; analysis; storage; preservation; presentation in court; return to owner. (CNSSI-4009) (NISTIR)
Challenge and Reply Authentication – Prearranged procedure in which a subject requests authentication of another and the latter establishes validity with a correct reply. (CNSSI-4009) (NISTIR)
Challenge-Response Protocol – An authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a secret (often by hashing the challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a response that is sent to the verifier.
The verifier can independently verify the response generated by the Claimant (such as by re-computing the hash of the challenge and the shared secret and comparing to the response, or performing a public key operation on the response) and establish that the Claimant possesses and controls the secret. (SP 800-63) (NISTIR)
Check Word – Cipher text generated by cryptographic logic to detect failures in cryptography. (CNSSI-4009) (NISTIR)
Checksum – Value computed on data to detect error or manipulation. (CNSSI-400) (NISTIR)
Chief Information Officer (CIO) – Agency official responsible for:
1) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency;
2) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and
3) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency. (FIPS 200; Public Law 104-106, Sec. 5125(b)) (NISTIR)
Agency official responsible for: 1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information systems are acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; 2) developing, maintaining, and facilitating the implementation of a sound and integrated information system architecture for the agency; and 3) promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.
Note: Organizations subordinate to federal agencies may use the term Chief Information Officer to denote individuals filling positions with similar security responsibilities to agency-level Chief Information Officers. (CNSSI-4009; SP 800-53) (NISTIR)
Chief Information Security Officer – (CISO) See Senior Agency Information Security Officer (NISTIR)
Cipher – Series of transformations that converts plaintext to ciphertext using the Cipher Key. (FIPS 197) (NISTIR)
Any cryptographic system in which arbitrary symbols or groups of symbols, represent units of plain text, or in which units of plain text are rearranged, or both. (CNSSI-4009) (NISTIR)
Cipher Block Chaining-Message Authentication Code – (CBC-MAC) A secret-key block-cipher algorithm used to encrypt data and to generate a Message Authentication Code (MAC) to provide assurance that the payload and the associated data are authentic. (SP 800-38C) (NISTIR)
Cipher Suite – Negotiated algorithm identifiers. Cipher suites are identified in human-readable form using a pneumonic code. (SP 800-52) (NISTIR)
Ciphertext – Data output from the Cipher or input to the Inverse Cipher. (SOURCE: FIPS 197) (SP 800-56B) (NISTIR)
Data in its encrypted form. (SP 800-21; CNSSI-4009) (NISTIR)
Cipher Text Auto-Key (CTAK) – Cryptographic logic that uses previous cipher text to generate a key stream. (CNSSI-4009) (NISTIR)
Cipher - Synonym(s): cryptographic algorithm
Ciphertext - Definition: Data or information in its encrypted form. (From: CNSSI 4009) (NICCS)
Related Term(s): plaintext
Ciphony – Process of enciphering audio information, resulting in encrypted speech. (CNSSI-4009) (NISTIR)
Civil-Military Operations. The activities of a commander that establish, maintain, influence, or exploit relations between military forces, governmental and nongovernmental civilian organizations and authorities, and the civilian populace in a friendly, neutral, or hostile operational area in order to facilitate military operations, to consolidate and achieve operational US objectives. Civil-military operations may include performance by military forces of activities and functions normally the responsibility of the local, regional, or national government. These activities may occur prior to, during, or subsequent to other military actions. They may also occur, if directed, in the absence of other military operations. Civil-military operations may be performed by designated civil affairs, by other military forces, or by a combination of civil affairs and other forces. Also called CMO. (JP 1-02) (Jt Pub 3-13)
Claimant – A party whose identity is to be verified using an authentication protocol. (SP 800-63; FIPS 201) (NISTIR)
An entity which is or represents a principal for the purposes of authentication, together with the functions involved in an authentication exchange on behalf of that entity. A claimant acting on behalf of a principal must include the functions necessary for engaging in an authentication exchange. (e.g., a smartcard [claimant] can act on behalf of a human user [principal]) (FIPS 196) (NISTIR)
An entity (user, device or process) whose assertion is to be verified using an authentication protocol. (CNSSI-4009) (NISTIR)
Classified Information – Information that has been determined pursuant to Executive Order (E.O.) 13292 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form. SOURCE: SP 800-60; E.O. 13292
See Classified National Security Information. (CNSSI-4009) (NISTIR)
Information that has been determined: (i) pursuant to Executive Order 12958 as amended by Executive Order 13292, or any predecessor Order, to be classified national security information; or (ii) pursuant to the Atomic Energy Act of 1954, as amended, to be Restricted Data (RD). (SP 800-53) (NISTIR)
Classified Information Spillage – Security incident that occurs whenever classified data is spilled either onto an unclassified information system or to an information system with a lower level of classification. (CNSSI-4009) (NISTIR)
Classified National Security Information – Information that has been determined pursuant to Executive Order 13526 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form. (CNSSI-4009) (NISTIR)
Clear – To use software or hardware products to overwrite storage space on the media with nonsensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations. See comments on Clear/Purge Convergence. (SP 800-88) (NISTIR)
Clear Text – Information that is not encrypted. (SP 800-82) (NISTIR)
Clearance – Formal certification of authorization to have access to classified information other than that protected in a special access program (including SCI). Clearances are of three types: confidential, secret, and top secret. A top secret clearance permits access to top secret, secret, and confidential material; a secret clearance, to secret and confidential material; and a confidential clearance, to confidential material. (CNSSI-4009) (NISTIR)
Clearing – Removal of data from an information system, its storage devices, and other peripheral devices with storage capacity, in such a way that the data may not be reconstructed using common system capabilities (i.e., through the keyboard); however, the data may be reconstructed using laboratory methods. (CNSSI-4009) (NISTIR)
Client – Individual or process acting on behalf of an individual who makes requests of a guard or dedicated server. The client’s requests to the guard or dedicated server can involve data transfer to, from, or through the guard or dedicated server. (CNSSI-4009) (NISTIR)
Client (Application) – A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server. (SP 800-32) (NISTIR)
Clinger-Cohen Act of 1996 – Also known as Information Technology Management Reform Act. A statute that substantially revised the way that IT resources are managed and procured, including a requirement that each agency design and implement a process for maximizing the value and assessing and managing the risks of IT investments. (SP 800-64) (NISTIR)
Closed Security Environment – Environment providing sufficient assurance that applications and equipment are protected against the introduction of malicious logic during an information system life cycle. Closed security is based upon a system's developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control. (CNSSI-4009) (NISTIR)
Closed Storage – Storage of classified information within an accredited facility, in General Services Administration-approved secure containers, while the facility is unoccupied by authorized personnel. (CNSSI-4009) (NISTIR)
Cloud Computing – A model for enabling on-demand network access to a shared pool of configurable IT capabilities/ resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. It allows users to access technology-based services from the network cloud without knowledge of, expertise with, or control over the technology infrastructure that supports them. This cloud model is composed of five essential characteristics (on-demand selfservice, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service); three service delivery models (Cloud Software as a Service [SaaS], Cloud Platform as a Service [PaaS], and Cloud Infrastructure as a Service [IaaS]); and four models for enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid cloud). (NISTIR)
Note: Both the user's data and essential security services may reside in and be managed within the network cloud. (CNSSI-4009) (NISTIR)
A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (Adapted from: CNSSI 4009, NIST SP 800-145) (NICCS)
Code – System of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length. (CNSSI-4009) (NISTIR)
Code Book – Document containing plain text and code equivalents in a systematic arrangement, or a technique of machine encryption using a word substitution technique. (CNSSI-4009) (NISTIR)
Code Group – Group of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence. (CNSSI-4009) (NISTIR)
Code Vocabulary – Set of plain text words, numerals, phrases, or sentences for which code equivalents are assigned in a code system. (CNSSI-4009) (NISTIR)
Cold Site – Backup site that can be up and operational in a relatively short time span, such as a day or two. Provision of services, such as telephone lines and power, is taken care of, and the basic office furniture might be in place, but there is unlikely to be any computer equipment, even though the building might well have a network infrastructure and a room ready to act as a server room. In most cases, cold sites provide the physical location and basic services. (CNSSI-4009) (NISTIR)
A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site. (SP 800-34) (NISTIR)
Collect & Operate – A NICE Workforce Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. (From: NICE Workforce Framework) (NIST Special Publication 800-53 Revision 4)
Collection Operations – In the NICE Workforce Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process. (From: NICE Workforce Framework) (NICCS)
Synonym(s): digital forensics
Cold Start – Procedure for initially keying crypto-equipment. (CNSSI-4009) (NISTIR)
Collision – Two or more distinct inputs produce the same output. Also see Hash Function. (SP 800-57 Part 1) (NISTIR)
Combatant Command. A unified or specified command with a broad continuing mission under a single commander established and so designated by the President, through the Secretary of Defense and with the advice and assistance of the Chairman of the Joint Chiefs of Staff. Combatant commands typically have geographic or functional responsibilities. (JP 1-02) (Jt Pub 3-13)
Combatant Command (Command Authority). Nontransferable command authority established by title 10 (“Armed Forces”), United States Code, section 164, exercised only by commanders of unified or specified combatant commands unless otherwise directed by the President or the Secretary of Defense. Combatant command (command authority) cannot be delegated and is the authority of a combatant commander to perform those functions of command over assigned forces involving organizing and employing commands and forces, assigning tasks, designating objectives, and giving authoritative direction over all aspects of military operations, joint training, and logistics necessary to accomplish the missions assigned to the command. Combatant command (command authority) should be exercised through the commanders of subordinate organizations. Normally, this authority is exercised through subordinate joint force commanders and Service and/or functional component commanders. Combatant command (command authority) provides full authority to organize and employ commands and forces as the combatant commander considers necessary to accomplish assigned missions. Operational control is inherent in combatant command (command authority). Also called COCOM. (JP 1-02) (Jt Pub 3-13)
Combat Camera. The acquisition and utilization of still and motion imagery in support of combat, information, humanitarian, special force, intelligence, reconnaissance, engineering, legal, public affairs, and other operations involving the Military Services. Also called COMCAM. (JP 1-02) (Jt Pub 3-13)
Command and Control. The exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission. Command and control functions are performed through an arrangement of personnel, equipment, communications, facilities, and procedures employed by a commander in planning, directing, coordinating, and controlling forces and operations in the accomplishment of the mission. Also called C2. (JP 1-02) (Jt Pub 3-13)
Command and Control Warfare. None. (Approved for removal from the next edition of JP 1-02) (Jt Pub 3-13)
Command Authority – Individual responsible for the appointment of user representatives for a department, agency, or organization and their key ordering privileges. (CNSSI-4009) (NISTIR)
Command Relationships. The interrelated responsibilities between commanders, as well as the operational authority exercised by commanders in the chain of command; defined further as combatant command (command authority), operational control, tactical control, or support. (JP 1-02) (Jt Pub 3-13)
Commercial COMSEC Evaluation Program (CCEP) – Relationship between NSA and industry in which NSA provides the COMSEC expertise (i.e., standards, algorithms, evaluations, and guidance) and industry provides design, development, and production capabilities to produce a type 1 or type 2 product. Products developed under the CCEP may include modules, subsystems, equipment, systems, and ancillary devices. (CNSSI-4009) (NISTIR)
Commodity malware – malware that is widely available for purchase, or free download, which is not customised and is used by a wide range of different threat actors.
Commodity Service – An information system service (e.g., telecommunications service) provided by a commercial service provider typically to a large and diverse set of consumers. The organization acquiring and/or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not in a position to require that the provider implement specific security controls. (SP 800-53) (NISTIR)
Common Access Card (CAC) – Standard identification/smart card issued by the Department of Defense that has an embedded integrated chip storing public key infrastructure (PKI) certificates. (CNSSI-4009) (NISTIR)
Common Carrier – In a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services. Note: In the United States, such companies are usually subject to regulation by federal and state regulatory commissions. (SP 800-53) (NISTIR)
Common Configuration Enumeration (CCE) – A SCAP specification that provides unique, common identifiers for configuration settings found in a wide variety of hardware and software products. (SP 800-128) (NISTIR)
Common Configuration Scoring System (CCSS) – A set of measures of the severity of software security configuration issues. (NISTIR 7502) (NISTIR)
Common Control – A security control that is inherited by one or more organizational information systems. See Security Control Inheritance. (SP 800-53; SP 800-53A; SP 800-37; CNSSI-4009) (NISTIR)
Common Control Provider – An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., security controls inherited by information systems). (SP 800-37; SP 800-53A) (NISTIR)
Common Criteria – Governing document that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems. (CNSSI-4009) (NISTIR)
Common Fill Device – One of a family of devices developed to read-in, transfer, or store key. (CNSSI-4009) (NISTIR)
Common Misuse Scoring System – (CMSS) A set of measures of the severity of software feature misuse vulnerabilities. A software feature is a functional capability provided by software. A software feature misuse vulnerability is a vulnerability in which the feature also provides an avenue to compromise the security of a system. (NISTIR 7864) (NISTIR)
Common Platform Enumeration – (CPE) A SCAP specification that provides a standard naming convention for operating systems, hardware, and applications for the purpose of providing consistent, easily parsed names that can be shared by multiple parties and solutions to refer to the same specific platform type. (SP 800-128) (NISTIR)
Common Vulnerabilities and Exposures (CVE) – A dictionary of common names for publicly known information system vulnerabilities. (SP 800-51; CNSSI-4009) (NISTIR)
Common Vulnerability Scoring System (CVSS) – An SCAP specification for communicating the characteristics of vulnerabilities and measuring their relative severity. (SP 800-128) (NISTIR)
Communications Cover – Concealing or altering of characteristic communications patterns to hide information that could be of value to an adversary. (CNSSI-4009) (NISTIR)
Communications Deception – Deliberate transmission, retransmission, or alteration of communications to mislead an adversary's interpretation of the communications. (CNSSI-4009) (NISTIR)
Communications Profile – Analytic model of communications associated with an organization or activity. The model is prepared from a systematic examination of communications content and patterns, the functions they reflect, and the communications security measures applied. (CNSSI-4009) (NISTIR)
Communications Security – (COMSEC) A component of Information Assurance that deals with measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes crypto security, transmission security, emissions security, and physical security of COMSEC material. (CNSSI-4009) (NISTIR)
The protection resulting from all measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study. Communications security includes: cryptosecurity, transmission security, emission security, and physical security. Also called COMSEC. (This term and its definition are provided for information and are proposed for inclusion in the next edition of JP 1-02 by JP 6-0.) (Jt Pub 3-13)
Community of Interest (COI) – A collaborative group of users who exchange information in pursuit of their shared goals, interests, missions, or business processes, and who therefore must have a shared vocabulary for the information they exchange. The group exchanges information within and between systems to include security domains. (CNSSI-4009) (NISTIR)
Community Risk – Probability that a particular vulnerability will be exploited within an interacting population and adversely impact some members of that population. SOURCE: CNSSI-4009 Comparison – The process of comparing a biometric with a previously stored reference. (FIPS 201) (NISTIR)
Compartmentalization – A nonhierarchical grouping of sensitive information used to control access to data more finely than with hierarchical security classification alone. (CNSSI-4009) (NISTIR)
Compartmented Mode – Mode of operation wherein each user with direct or indirect access to a system, its peripherals, remote terminals, or remote hosts has all of the following:
(1) valid security clearance for the most restricted information processed in the system;
(2) formal access approval and signed nondisclosure agreements for that information which a user is to have access; and (3) valid need-to-know for information which a user is to have access. (CNSSI-4009) (NISTIR)
Compensating Security Control – A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.
NIST SP 800-53: A management, operational, and technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of the recommended control in the baselines described in NIST Special Publication 800-53 or in CNSS Instruction 1253, that provide equivalent or comparable protection for an information system. (CNSSI-4009) (NISTIR)
Compensating Security Controls – The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST Special Publication 800-53, that provide equivalent or comparable protection for an information system. (SP 800-37) (NISTIR)
The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253, that provide equivalent or comparable protection for an information system. (SP 800-53A; SP 800-53) (NISTIR)
Comprehensive National Cybersecurity Initiative – a US Government-wide initiative to establish a front line of cyber defense, demonstrate the resolve to secure US cyberspace and set the conditions necessary for long-term success, shape the future environment to secure the US technological advantage and address the new attack and defense vectors, and enable strategic activities to defend US networks. (ODNI)
Comprehensive Testing – A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing. (SP 800-53A) (NISTIR)
Compromise – Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. (SP 800-32) (NISTIR)
The unauthorized disclosure, modification, substitution, or use of sensitive data (including plaintext cryptographic keys and other CSPs). (FIPS 140-2) (NISTIR)
Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. (CNSSI-4009) (NISTIR)
Compromising Emanations – Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems equipment. See TEMPEST. (CNSSI-4009) (NISTIR)
Computer Abuse – Intentional or reckless misuse, alteration, disruption, or destruction of information processing resources. (CNSSI-4009) (NISTIR)
Computer Cryptography – Use of a crypto-algorithm program by a computer to authenticate or encrypt/decrypt information. (CNSSI-4009) (NISTIR)
Computer Forensics – The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data. (CNSSI-4009) (NISTIR)
Computer Incident Response Team – (CIRT) Group of individuals usually consisting of Security Analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents. Also called a Computer Security Incident Response Team (CSIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability, or Cyber Incident Response Team). (CNSSI-4009) (NISTIR)
Computer Intrusion. An incident of unauthorized access to data or an automated information system. (JP 1-02) (Jt Pub 3-13)
Computer Network Attack (CNA) – Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (CNSSI-4009) (NISTIR)
Computer Network Defense (CND) – Actions taken to defend against unauthorized activity within computer networks. CND includes monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities. (CNSSI-4009) (NISTIR)
Computer Network Defense Analysis - In the NICE Workforce Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats. (From: NICE Workforce Framework) (NICCS)
Computer Network Defense Infrastructure Support – In the NICE Workforce Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities. (From: NICE Workforce Framework) (NICCS)
Computer Network Exploitation – (CNE) Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary information systems or networks. (CNSSI-4009) (NISTIR)
Computer Network Operations – (CNO) Comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations. (CNSSI-4009) (NISTIR)
Computer Security (COMPUSEC) – Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated. (CNSSI-4009) (NISTIR)
Computer Security Incident – See Incident.
Computer Security Incident Response Team (CSIRT) – A capability set up for the purpose of assisting in responding to computer security-related incidents; also called a Computer Incident Response Team (CIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability). (SP 800-61) (NISTIR)
Computer Security Object (CSO) – A resource, tool, or mechanism used to maintain a condition of security in a computerized environment. These objects are defined in terms of attributes they possess, operations they perform or are performed on them, and their relationship with other objects. (FIPS 188; CNSSI-4009) (NISTIR)
Computer Security Objects Register – A collection of Computer Security Object names and definitions kept by a registration authority. (FIPS 188; CNSSI-4009) (NISTIR)
Computer Security Subsystem – Hardware/software designed to provide computer security features in a larger system environment. (CNSSI-4009) (NISTIR)
Computer Virus – See Virus.
Computing Environment – Workstation or server (host) and its operating system, peripherals, and applications. (CNSSI-4009) (NISTIR)
COMSEC – Communications Security. (CNSSI-4009) (NISTIR)
COMSEC Account – Administrative entity, identified by an account number, used to maintain accountability, custody, and control of COMSEC material. (CNSSI-4009) (NISTIR)
COMSEC Account Audit – Examination of the holdings, records, and procedures of a COMSEC account ensuring all accountable COMSEC material is properly handled and safeguarded. (CNSSI-4009) (NISTIR)
COMSEC Aid – COMSEC material that assists in securing telecommunications and is required in the production, operation, or maintenance of COMSEC systems and their components. COMSEC keying material, callsign/frequency systems, and supporting documentation, such as operating and maintenance manuals, are examples of COMSEC aids. (CNSSI-4009) (NISTIR)
COMSEC Assembly – Group of parts, elements, subassemblies, or circuits that are removable items of COMSEC equipment. (CNSSI-4009) (NISTIR)
COMSEC Boundary – Definable perimeter encompassing all hardware, firmware, and software components performing critical COMSEC functions, such as key generation, handling, and storage. (CNSSI-4009) (NISTIR)
COMSEC Chip Set – Collection of NSA-approved microchips. (CNSSI-4009) (NISTIR)
COMSEC Control Program – Computer instructions or routines controlling or affecting the externally performed functions of key generation, key distribution, message encryption/decryption, or authentication. (CNSSI-4009) (NISTIR)
COMSEC Custodian – Individual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. (CNSSI-4009) (NISTIR)
COMSEC Demilitarization – Process of preparing COMSEC equipment for disposal by extracting all CCI, classified, or cryptographic (CRYPTO) marked components for their secure destruction, as well as defacing and disposing of the remaining equipment hulk. (CNSSI-4009) (NISTIR)
COMSEC Element – Removable item of COMSEC equipment, assembly, or subassembly; normally consisting of a single piece or group of replaceable parts. (CNSSI-4009) (NISTIR)
COMSEC End-item – Equipment or combination of components ready for use in a COMSEC application. (CNSSI-4009) (NISTIR)
COMSEC Equipment – Equipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process. COMSEC equipment includes crypto-equipment, cryptoancillary equipment, cryptographic production equipment, and authentication equipment. (CNSSI-4009) (NISTIR)
COMSEC Facility – Authorized and approved space used for generating, storing, repairing, or using COMSEC material. (CNSSI-4009) Authorized and approved space used for generating, storing, repairing, or using COMSEC material. (CNSSI-4009) (NISTIR)
COMSEC Incident – Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission of national security information or information governed by 10 U.S.C. Section 2315. (CNSSI-4009) (NISTIR)
COMSEC Insecurity – COMSEC incident that has been investigated, evaluated, and determined to jeopardize the security of COMSEC material or the secure transmission of information. (CNSSI-4009) (NISTIR)
COMSEC Manager – Individual who manages the COMSEC resources of an organization. (CNSSI-4009) (NISTIR)
COMSEC Material – Item designed to secure or authenticate telecommunications. COMSEC material includes, but is not limited to key, equipment, devices, documents, firmware, or software that embodies or describes cryptographic logic and other items that perform COMSEC functions. (CNSSI-4009) (NISTIR)
COMSEC Material Control System (CMCS) – Logistics and accounting system through which COMSEC material marked "CRYPTO" is distributed, controlled, and safeguarded. Included are the COMSEC central offices of record, crypto logistic depots, and COMSEC accounts. COMSEC material other than key may be handled through the CMCS. (CNSSI-4009) (NISTIR)
COMSEC Modification – See Information Systems Security Equipment Modification. (CNSSI-4009) (NISTIR)
COMSEC Module – Removable component that performs COMSEC functions in a telecommunications equipment or system. (CNSSI-4009) (NISTIR)
COMSEC Monitoring – Act of listening to, copying, or recording transmissions of one's own official telecommunications to analyze the degree of security. (CNSSI-4009) (NISTIR)
COMSEC Profile – Statement of COMSEC measures and materials used to protect a given operation, system, or organization. (CNSSI-4009) (NISTIR)
COMSEC Survey – Organized collection of COMSEC and communications information relative to a given operation, system, or organization. (CNSSI-4009) (NISTIR)
COMSEC System Data – Information required by a COMSEC equipment or system to enable it to properly handle and control key. (CNSSI-4009) (NISTIR)
COMSEC Training – Teaching of skills relating to COMSEC accounting, use of COMSEC aids, or installation, use, maintenance, and repair of COMSEC equipment. (CNSSI-4009) (NISTIR)
Concept of Operations (CONOP) – A verbal or graphic statement, in broad outline, of a commander’s assumptions or intent in regard to an operation or series of operations. The concept of operations frequently is embodied in campaign plans and operation plans; in the latter case, particularly when the plans cover a series of connected operations to be carried out simultaneously or in succession. The concept is designed to give an overall picture of the operation. It is included primarily for additional clarity of purpose. Also called commander’s concept or CONOPS. (JP 1-02) (Jt Pub 3-13)
See also Security Concept of Operations. (CNSSI-4009) (NISTIR)
Confidentiality – Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. (NISTIR)
Configuration Control – Process of controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modification prior to, during, and after system implementation. (CNSSI-4009; SP 800-37; SP 800-53) (NISTIR)
Configuration Control Board – (CCB) A group of qualified people with responsibility for the process of regulating and approving changes to hardware, firmware, software, and documentation throughout the development and operational life cycle of an information system. (CNSSI-4009) (NISTIR)
Confinement Channel – See Covert Channel. (CNSSI-4009) (NISTIR)
Consequence
Definition: The effect of an event, incident, or occurrence. (Adapted from: DHS Risk Lexicon, National Infrastructure Protection Plan) (NICCS)
Extended Definition: In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization's operations, its assets, on individuals, other organizations, or on national interests.
Container – The file used by a virtual disk encryption technology to encompass and protect other files. (SP 800-111) (NISTIR)
Contamination – Type of incident involving the introduction of data of one security classification or security category into data of a lower security classification or different security category. (CNSSI-4009) (NISTIR)
Content Filtering – The process of monitoring communications such as email and Web pages, analyzing them for suspicious content, and preventing the delivery of suspicious content to users. (SP 800-114) (NISTIR)
Contingency Key – Key held for use under specific operational conditions or in support of specific contingency plans. See Reserve Keying Material. (CNSSI-4009) (NISTIR)
Contingency Plan – Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the Continuity of Operations Plan (COOP) or Disaster Recovery Plan for major disruptions. (CNSSI-4009) (NISTIR)
See also Information System Contingency Plan.
Continuity of the Economy (COTE) - An effort to ensure that critical data and technology would be available, with priority for critical functions across corporations and industry sectors, to get the economy back up and running after a catastrophic event. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Continuity of Government (COG) – A coordinated effort within the federal government's executive branch to ensure that national essential functions continue to be performed during a catastrophic emergency. (CNSSI-4009) (NISTIR)
Continuity of Operations Plan – (COOP) A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations. (SP 800-34) (NISTIR)
Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The COOP is the third plan needed by the enterprise risk managers and is used when the enterprise must recover (often at an alternate site) for a specified period of time. Defines the activities of individual departments and agencies and their sub-components to ensure that their essential functions are performed.
This includes plans and procedures that delineate essential functions; specifies succession to office and the emergency delegation of authority; provide for the safekeeping of vital records and databases; identify alternate operating facilities; provide for interoperable communications, and validate the capability through tests, training, and exercises. See also Disaster Recovery Plan and Contingency Plan. (CNSSI-4009) (NISTIR)
A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption. (Adapted from: CPG 101, CNSSI 4009) (NICCS)
Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan
Continuous Monitoring – The process implemented to maintain a current security status for one or more information systems or for the entire suite of information systems on which the operational mission of the enterprise depends. The process includes: 1) The development of a strategy to regularly evaluate selected IA controls/metrics, 2) Recording and evaluating IA relevant events and the effectiveness of the enterprise in dealing with those events, 3) Recording changes to IA controls, or changes that affect IA risks, and 4) Publishing the current security status to enable information-sharing decisions involving the enterprise. (CNSSI-4009) (NISTIR)
Maintaining ongoing awareness to support organizational risk decisions. (SP 800-137) (NISTIR)
Control Information – Information that is entered into a cryptographic module for the purposes of directing the operation of the module. (FIPS 140-2) (NISTIR)
Controlled Access Area – Physical area (e.g., building, room, etc.) to which only authorized personnel are granted unrestricted access. All other personnel are either escorted by authorized personnel or are under continuous surveillance. (CNSSI-4009) (NISTIR)
Controlled Access Protection – Minimum set of security functionality that enforces access control on individual users and makes them accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation. (CNSSI-4009) (NISTIR)
Controlled Area – Any area or space for which the organization has confidence that the physical and procedural protections provided are sufficient to meet the requirements established for protecting the information and/or information system. (SP 800-53) (NISTIR)
Controlled Cryptographic Item – (CCI) Secure telecommunications or information system, or associated cryptographic component, that is unclassified and handled through the COMSEC Material Control System (CMCS), an equivalent material control system, or a combination of the two that provides accountability and visibility. Such items are marked “Controlled Cryptographic Item,” or, where space is limited, “CCI”. (CNSSI-4009) (NISTIR)
Controlled Cryptographic Item (CCI) Assembly – Device embodying a cryptographic logic or other COMSEC design that NSA has approved as a Controlled Cryptographic Item (CCI). It performs the entire COMSEC function, but depends upon the host equipment to operate. (CNSSI-4009) (NISTIR)
Controlled Cryptographic Item (CCI) Component – Part of a Controlled Cryptographic Item (CCI) that does not perform the entire COMSEC function but depends upon the host equipment, or assembly, to complete and operate the COMSEC function. (CNSSI-4009) (NISTIR)
Controlled Cryptographic Item (CCI) Equipment – Telecommunications or information handling equipment that embodies a Controlled Cryptographic Item (CCI) component or CCI assembly and performs the entire COMSEC function without dependence on host equipment to operate. (CNSSI-4009) (NISTIR)
Controlled Interface – A boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems. (CNSSI-4009; SP 800-37) (NISTIR)
Controlled Space – Three-dimensional space surrounding information system equipment, within which unauthorized individuals are denied unrestricted access and are either escorted by authorized individuals or are under continuous physical or electronic surveillance. (CNSSI-4009) (NISTIR)
Controlled Unclassified Information (CUI) – A categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the national interests of the United States or to the important interests of entities outside the federal government, and (ii) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. Henceforth, the designation CUI replaces "Sensitive But Unclassified" (SBU). (SP 800-53; SP 800-53A) (NISTIR)
Controlling Authority – Official responsible for directing the operation of a cryptonet and for managing the operational use and control of keying material assigned to the cryptonet. (CNSSI-4009) (NISTIR)
Cookie – A piece of state information supplied by a Web server to a browser, in a response for a requested resource, for the browser to store temporarily and return to the server on any subsequent visits or requests. (SP 800-28) (NISTIR)
Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. (CNSSI-4009) (NISTIR)
Cooperative Key Generation – Electronically exchanging functions of locally generated, random components, from which both terminals of a secure circuit construct traffic encryption key or key encryption key for use on that circuit. See Per-Call Key. (CNSSI-4009) (NISTIR)
Cooperative Remote Rekeying – Synonymous with manual remote rekeying. (CNSSI-4009) (NISTIR)
Coordinating Authority. A commander or individual assigned responsibility for coordinating specific functions or activities involving forces of two or more Military Departments, two or more joint force components, or two or more forces of the same Service. The commander or individual has the authority to require consultation between the agencies involved, but does not have the authority to compel agreement. In the event that essential agreement cannot be obtained, the matter shall be referred to the appointing authority. Coordinating authority is a consultation relationship, not an authority through which command may be exercised. Coordinating authority is more applicable to planning and similar activities than to operations. (JP 1-02) (Jt Pub 3-13)
Correctness Proof – A mathematical proof of consistency between a specification and its implementation. (CNSSI-4009) (NISTIR)
Counter with Cipher Block Chaining-Message Authentication Code (CCM) – A mode of operation for a symmetric key block cipher algorithm. It combines the techniques of the Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm to provide assurance of the confidentiality and the authenticity of computer data. (SP 800-38C) (NISTIR)
Counterintelligence. Information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities. Also called CI. (JP 1-02) (Jt Pub 3-13)
Countermeasure – Actions, devices, procedures, or techniques that meet or oppose (i.e., counters) a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. (CNSSI-4009) (NISTIR)
Cover-Coding – A technique to reduce the risks of eavesdropping by obscuring the information that is transmitted. (SP 800-98) (NISTIR)
Coverage – An attribute associated with an assessment method that addresses the scope or breadth of the assessment objects included in the assessment (e.g., types of objects to be assessed and the number of objects to be assessed by type). The values for the coverage attribute, hierarchically from less coverage to more coverage, are basic, focused, and comprehensive. (SP 800-53A) (NISTIR)
Covert Channel – An unauthorized communication path that manipulates a communications medium in an unexpected, unconventional, or unforeseen way in order to transmit information without detection by anyone other than the entities operating the covert channel. (CNSSI-4009) (NISTIR)
Covert Channel Analysis – Determination of the extent to which the security policy model and subsequent lower-level program descriptions may allow unauthorized access to information. (CNSSI-4009) (NISTIR)
Covert Storage Channel – Covert channel involving the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. (CNSSI-4009) (NISTIR)
Covert Testing – Testing performed using covert methods and without the knowledge of the organization’s IT staff, but with the full knowledge and permission of upper management. (SP 800-115) (NISTIR)
Covert Timing Channel – Covert channel in which one process signals information to another process by modulating its own use of system resources (e.g., central processing unit time) in such a way that this manipulation affects the real response time observed by the second process. (CNSSI-4009) (NISTIR)
Credential – An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. (SP 800-63) (NISTIR)
Credential – Evidence attesting to one’s right to credit or authority. SOURCE: FIPS 201 Evidence or testimonials that support a claim of identity or assertion of an attribute and usually are intended to be used more than once. (CNSSI-4009) (NISTIR)
Credential Service Provider – (CSP) A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use. (SP 800-63) (NISTIR)
Critical Infrastructure – System and assets, whether physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. [Critical Infrastructures Protection Act of 2001, 42 U.S.C. 5195c(e)] (CNSSI-4009) (NISTIR)
Critical Infrastructure Resilience Strategy - A proposed strategy that will set programmatic and budgetary priorities for a five-year national risk management cycle. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Critical Security Parameter (CSP) – Security-related information (e.g., secret and private cryptographic keys, and authentication data such as passwords and Personal Identification Numbers [PINs]) whose disclosure or modification can compromise the security of a cryptographic module. (FIPS 140-2; CNSSI-4009) (NISTIR)
Critical Technology Security Centers - Proposed entities/programs that provide the U.S. government with the capacity to test the security of critical technologies and, when appropriate, assist in identifying vulnerabilities, as well as developing and pushing mitigation techniques with relevant original equipment manufacturers. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Criticality – A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function. (SP 800-60) (NISTIR)
Criticality Level – Refers to the (consequences of) incorrect behavior of a system. The more serious the expected direct and indirect effects of incorrect behavior, the higher the criticality level. (CNSSI-4009) (NISTIR)
Cross-Certificate – A certificate used to establish a trust relationship between two Certification Authorities. (SP 800-32; CNSSI-4009) (NISTIR)
A certificate issued from a CA that signs the public key of another CA not within its trust hierarchy that establishes a trust relationship between the two CAs. (NISTIR)
Cross-Domain Capabilities – The set of functions that enable the transfer of information between security domains in accordance with the policies of the security domains involved. (CNSSI-4009) (NISTIR)
Cross-Domain Solution (CDS) – A form of controlled interface that provides the ability to manually and/or automatically access and/or transfer information between different security domains. (CNSSI-4009; SP 800-37) (NISTIR)
Cross Site Scripting (XSS) – A vulnerability that allows attackers to inject malicious code into an otherwise benign website. These scripts acquire the permissions of scripts generated by the target website and can therefore compromise the confidentiality and integrity of data transfers between the website and client. Websites are vulnerable if they display user supplied data from requests or forms without sanitizing the data so that it is not executable. (SP 800-63) (NISTIR)
Cryptanalysis – 1) Operations performed in defeating cryptographic protection without an initial knowledge of the key employed in providing the protection. 2) The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security.
This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself. (SP 800-57 Part 1; CNSSI-4009) (NISTIR)
The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection. (Adapted from: CNSSI 4009, NIST SP 800-130) (NICCS)
Extended Definition: The study of mathematical techniques for attempting to defeat or circumvent cryptographic techniques and/or information systems security.
Cryptocurrency - A type of digital currency in which encryption techniques are used to secure transactions and control the creation of additional units while operating independently of a central bank. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cryptographic – Pertaining to, or concerned with, cryptography. (CNSSI-4009) (NISTIR)
Cryptographic Alarm – Circuit or device that detects failures or aberrations in the logic or operation of crypto-equipment. Crypto-alarm may inhibit transmission or may provide a visible and/or audible alarm. (CNSSI-4009) (NISTIR)
Cryptographic Algorithm – A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output. (SP 800-21; CNSSI-4009) (NISTIR)
A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output. (From: CNSSI 4009) ((NICCS)
Related Term(s): key, encryption, decryption, symmetric key, asymmetric key
Cryptographic Ancillary Equipment – Equipment designed specifically to facilitate efficient or reliable operation of cryptographic equipment, without performing cryptographic functions itself. (CNSSI-4009) (NISTIR)
Cryptographic Binding – Associating two or more related elements of information using cryptographic techniques. (CNSSI-4009) (NISTIR)
Cryptographic Boundary – An explicitly defined continuous perimeter that establishes the physical bounds of a cryptographic module and contains all the hardware, software, and/or firmware components of a cryptographic module. (FIPS 140-2) (NISTIR)
Cryptographic Component – Hardware or firmware embodiment of the cryptographic logic. A cryptographic component may be a modular assembly, a printed wiring assembly, a microcircuit, or a combination of these items. (CNSSI-4009) (NISTIR)
Cryptographic Equipment – Equipment that embodies a cryptographic logic. (CNSSI-4009) (NISTIR)
Cryptographic Hash Function – A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties:
1) (One-way) It is computationally infeasible to find any input which maps to any pre-specified output, and
2) (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output. (SP 800-21) (NISTIR)
Cryptographic Ignition Key (CIK) – Device or electronic key used to unlock the secure mode of cryptoequipment. (CNSSI-4009) (NISTIR)
Cryptographic Initialization – Function used to set the state of a cryptographic logic prior to key generation, encryption, or other operating mode. (CNSSI-4009) (NISTIR)
Cryptographic Key – A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. (SP 800-63) (NISTIR)
A binary string used as a secret parameter by a cryptographic algorithm. (SP 800-108) (NISTIR)
Cryptographic Key – A parameter used in conjunction with a cryptographic algorithm that determines the specific operation of that algorithm. (FIPS 201; FIPS 198) (NISTIR)
A parameter used in conjunction with a cryptographic algorithm that determines
- the transformation of plaintext data into ciphertext data,
- the transformation of ciphertext data into plaintext data,
- a digital signature computed from data,
- the verification of a digital signature computed from data,
- an authentication code computed from data, or
- an exchange agreement of a shared secret.
(FIPS 140-2) (NISTIR)
Cryptographic Logic – The embodiment of one (or more) cryptographic algorithm(s) along with alarms, checks, and other processes essential to effective and secure performance of the cryptographic process(es). (CNSSI-4009) (NISTIR)
Cryptographic Material – (slang CRYPTO) COMSEC material used to secure or authenticate information. (CNSSI-4009) (NISTIR)
Cryptographic Module – The set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module. (SP 800-32; FIPS 196) (NISTIR)
Cryptographic Module Security Policy – A precise specification of the security rules under which a cryptographic module will operate, including the rules derived from the requirements of this standard (FIPS 140-2) and additional rules imposed by the vendor. (FIPS 140-2) (NISTIR)
Cryptographic Module Validation Program (CMVP) – Validates cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography-based standards. The CMVP is a joint effort between National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the government of Canada. Products validated as conforming to FIPS 140-2 are accepted by the federal agencies of both countries for the protection of sensitive information (United States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated cryptographic modules and provide federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules. (FIPS 140-2) (NISTIR)
Cryptographic Net – Stations holding a common key. (CNSSI-4009) (NISTIR)
Cryptographic Period – Time span during which each key setting remains in effect. (CNSSI-4009) (NISTIR)
Cryptographic Product – A cryptographic key (public, private, or shared) or public key certificate, used for encryption, decryption, digital signature, or signature verification; and other items, such as compromised key lists (CKL) and certificate revocation lists (CRL), obtained by trusted means from the same source which validate the authenticity of keys or certificates. Protected software which generates or regenerates keys or certificates may also be considered a cryptographic product. (CNSSI-4009) (NISTIR)
Cryptographic Randomization – Function that randomly determines the transmit state of a cryptographic logic. (CNSSI-4009) (NISTIR)
Cryptographic Security – [Also Cryptosecurity] Component of COMSEC resulting from the provision of technically sound cryptographic systems and their proper use. (CNSSI-4009) (NISTIR)
Cryptographic Strength – A measure of the expected number of operations required to defeat a cryptographic mechanism. (SP 800-63) (NISTIR)
Cryptographic Synchronization – Process by which a receiving decrypting cryptographic logic attains the same internal state as the transmitting encrypting logic. (CNSSI-4009) (NISTIR)
Cryptographic System – Associated information assurance items interacting to provide a single means of encryption or decryption. (CNSSI-4009) (NISTIR)
Cryptographic System Analysis – Process of establishing the exploitability of a cryptographic system, normally by reviewing transmitted traffic protected or secured by the system under study. (CNSSI-4009) (NISTIR)
Cryptographic System Evaluation – Process of determining vulnerabilities of a cryptographic system and recommending countermeasures. (CNSSI-4009) (NISTIR)
Cryptographic System Review – Examination of a cryptographic system by the controlling authority ensuring its adequacy of design and content, continued need, and proper distribution. (CNSSI-4009) (NISTIR)
Cryptographic System Survey – Management technique in which actual holders of a cryptographic system express opinions on the system's suitability and provide usage information for technical evaluations. (CNSSI-4009) (NISTIR)
Cryptographic Token – A token where the secret is a cryptographic key. SOURCE: SP 800-63 A portable, user-controlled physical device (e.g., smart card or PCMCIA card) used to store cryptographic information and possibly also perform cryptographic functions. (CNSSI-4009) (NISTIR)
Cryptography – The discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification. (SP 800-59) (NISTIR)
The discipline that embodies principles, means, and methods for providing information security, including confidentiality, data integrity, non-repudiation, and authenticity. (SP 800-21) (NISTIR)
Is categorized as either secret key or public key. Secret key cryptography is based on the use of a single cryptographic key shared between two parties. The same key is used to encrypt and decrypt data. This key is kept secret by the two parties. Public key cryptography is a form of cryptography which makes use of two keys: a public key and a private key. The two keys are related but have the property that, given the public key, it is computationally infeasible to derive the private key [FIPS 140-1].
In a public key cryptosystem, each party has its own public/private key pair. The public key can be known by anyone; the private key is kept secret. (FIPS 191) (NISTIR)
Art or science concerning the principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form. (CNSSI-4009) (NISTIR)
The science or study of analysing and deciphering codes and ciphers; cryptanalysis. (UK 2016)
The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. (From: NIST SP 800-130; Adapted from: CNSSI 4009) (NICCS)
Extended Definition: The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
Related Term(s): plaintext, ciphertext, encryption, decryption
Cryptology – The science that deals with hidden, disguised, or encrypted communications. It includes communications security and communications intelligence. (SP 800-60) (NISTIR)
The mathematical science that deals with cryptanalysis and cryptography. (CNSSI-4009) (NISTIR)
Related Term(s): cryptanalysis, cryptography
Crypto Officer – An operator or process (subject), acting on behalf of the operator, performing cryptographic initialization or management functions. (FIPS 140-2) (NISTIR)
Customer Service and Technical Support
Definition: In the NICE Workforce Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support). (From: NICE Workforce Framework) (NICCS)
CVE – See Common Vulnerabilities and Exposures. (NISTIR)
Cyber Actor/Cyber Operator - A person who employs the functions of computer networks, systems, devices, or services. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cyber Attack – An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. (CNSSI-4009) (NISTIR)
Deliberate exploitation of computer systems, digitally-dependent enterprises and networks to cause harm. (UK 2016)
Cyber Campaign - A cyber operation or series of cyber operations conducted by a single responsible party with the intention of achieving a strategic objective. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cyber crime – Cyber-dependent crime (crimes that can only be committed through the use of ICT devices, where the devices are both the tool for committing the crime and the target of the crime);or cyber–enabled crime (crimes that may be committed without ICT devices, like nancial fraud, but are changed signi cantly by use of ICT in terms of scale and reach). (UK 2016)
Cyber Crime marketplace – the totality of products and services that support the cyber crime ecosystem.
Cyber Disruption - An event that is likely to cause or is causing the temporary loss of normal cyber operations or services. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cyber Ecosystem
Definition: The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions. (Adapted from: DHS personnel) (NICCS)
Definition: A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption. (Adapted from: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program) (NICCS)
The totality of interconnected infrastructure, persons, processes, data, information and communications technologies, along with the environment and conditions that influence those interactions. (UK 2016)
Cyber Effect - The manipulation, disruption, denial, degradation, or destruction of data, computers, information or communication systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident on them or in transit. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cyber Espionage - Cyber operation whose primary purpose is to steal information for national security or commercial purposes. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cyber Incident – Actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein. See Incident. (CNSSI-4009) (NISTIR)
An occurrence that actually or potentially poses a threat to a computer, internet-connected device, or network – or data processed, stored, or transmitted on those systems – which may require a response action to mitigate the consequences. (UK 2016)
Cyber Incident Response Plan
Synonym(s): incident response plan
Cyber Infrastructure
Definition: An electronic information and communications systems and services and the information contained therein.
Extended Definition: The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: • Processing includes the creation, access, modification, and destruction of information. • Storage includes paper, magnetic, electronic, and all other media types. • Communications include sharing and distribution of information. (Adapted from: NIPP) (NICCS)
Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems (e.g., supervisory control and data acquisition–SCADA); networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure. (NISTIR 7628) (NISTIR)
CyberInvest – A £6.5m industry and government scheme to support cutting-edge cyber security research and protect the UK in cyberspace. (UK 2016)
Cyber Operations
Definition: In the NICE Workforce Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities. (From: NICE Workforce Framework) (NICCS)
Cyber Operations Planning
Definition: in the NICE Workforce Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations (From: NICE Workforce Framework) (NICCS)
Cyber-physical system – Systems with integrated computational and physical components; ‘smart’ systems. (UK 2016)
Cyber resilience – The overall ability of systems and organisations to withstand cyber events and, where harm is caused, recover from them. (UK 2016)
Cyber Response and Recovery Fund - A new fund, administered by the Federal Emergency Management Agency but directed by the Cybersecurity and Infrastructure Security Agency. Cyber Recovery Fund disbursement would be triggered by a “cyber state of distress” declaration. The funds could be used for a variety of purposes, including direct assistance to entities through purchases of equipment and services for their rapid response and recovery. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cyber Risk - Risk of financial loss, legal liability, reputational damage, regulatory action, operational disruption, or damage from the failure of the digital technologies employed for informational and/or operational functions introduced to a manufacturing system via electronic means from the unauthorized access, use, disclosure, disruption, modification, or destruction of the manufacturing system. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cybersecurity – The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
Extended Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
(Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009.) (NICCS)
The protection of internet connected systems (to include hardware, software and associated infrastructure), the data on them, and the services they provide, from unauthorised access, harm or misuse. This includes harm caused intentionally by the operator of the system, or accidentally, as a result of failing to follow security procedures or being manipulated into doing so. (UK 2016)
Cyber Security Challenge – Competitions encouraging people to test their skills and to consider a career in cyber. (UK 2016)
Cyberspace – A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (CNSSI-4009) (NISTIR)
The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (Adapted from: NSPD 54/HSPD -23, CNSSI 4009, NIST SP 800-53 Rev 4) (NICCS)
The notional environment in which digitized information is communicated over computer networks. (JP 1-02) (Jt Pub 3-13)
Cyber State of Distress - A proposed federal declaration that would trigger additional financial and material assistance. The declaration would be used exclusively for responding to, or preemptively preparing for, cyber incidents that are more serious than “routine” but do not warrant an emergency declaration. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Cyber Threat – Anything capable of compromising the security of, or causing harm to, information systems and internet connected devices (to include hardware, software and associated infrastructure), the data on them and the services they provide, primarily by cyber means. (UK 2016)
Cyclical Redundancy Check – (CRC) A method to ensure data has not been altered after being sent through a communication channel. (SP 800-72) (NISTIR)
Error checking mechanism that verifies data integrity by computing a polynomial algorithm based checksum. (CNSSI-4009) (NISTIR)