Cyber Glossary - D
Data – A subset of information in an electronic format that allows it to be retrieved or transmitted. (CNSSI-4009) (NISTIR)
Representation of facts, concepts, or instructions in a formalized manner suitable for communication, interpretation, or processing by humans or by automatic means. Any representations such as characters or analog quantities to which meaning is or might be assigned. (JP 1-02) (Jt Pub 3-13)
Data Administration
Definition: In the NICE Workforce Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data. (From: NICE Workforce Framework) (NICCS)
Data Aggregation – Compilation of individual data systems and data that could result in the totality of the information being classified, or classified at a higher level, or of beneficial use to an adversary. (CNSSI-4009) (NISTIR)
The process of gathering and combining data from different sources, so that the combined data reveals new information. (Adapted from: CNSSI 4009) ((NICCS)
Extended Definition: The new information is more sensitive than the individual data elements themselves and the person who aggregates the data was not granted access to the totality of the information.
Related Term(s): data mining
Data Asset – 1. Any entity that is comprised of data. For example, a database is a data asset that is comprised of data records. A data asset may be a system or application output file, database, document, or Web page. A data asset also includes a service that may be provided to access data from an application. For example, a service that returns individual records from a database would be a data asset. Similarly, a Web site that returns data in response to specific queries (e.g., www.weather.com) would be a data asset. 2. An information-based resource. (CNSSI-4009) (NISTIR)
Database - A structured repository of data that is organized to provide efficient retrieval. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Data Breach
Definition: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. (NICCS)
Related Term(s): data loss, data theft, exfiltration
Data Element – A basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Examples of data elements include gender, race, and geographic location. (SP 800-47; CNSSI-4009) (NISTIR)
Data Encryption Algorithm (DEA) – The DEA cryptographic engine that is used by the Triple Data Encryption Algorithm (TDEA). (SP 800-67) (NISTIR)
Data Encryption Standard (DES) – Cryptographic algorithm designed for the protection of unclassified data and published by the National Institute of Standards and Technology (NIST) in Federal Information Processing Standard (FIPS) Publication 46. (FIPS 46-3 withdrawn 19 May 2005) See Triple DES. (CNSSI-4009) (NISTIR)
Data Flow Control – Synonymous with information flow control. (CNSSI-4009) (NISTIR)
Data Governance - A set of processes or rules that ensure the integrity of data and that data management best practices are met.
Data Hosting - The activity or business of providing hardware, systems, software, and infrastructure to store and manage access to data. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Data Integrity – The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit. (SP 800-27) (NISTIR)
The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. (CNSSI-4009) (NISTIR)
The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner. (Adapted from: CNSSI 4009, NIST SP 800-27) (NICCS)
Related Term(s): integrity, system integrity
Data Leakage
Synonym(s): data breach (NICCS)
Data Loss – The exposure of proprietary, sensitive, or classified information through either data theft or data leakage. (SP 800-137) (NISTIR)
The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.
Related Term(s): data leakage, data theft
Data Loss Prevention
Definition: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary. (Adapted from: Liu, S., & Kuhn, R. (2010, March/April). Data loss prevention. IEEE IT Professional, 11(2), pp. 10-13.) (NICCS)
Related Term(s): data loss, data theft, data leak
Data Mining
Definition: The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations. (Adapted from: DHS personnel) (NICCS)
Related Term(s): data aggregation
Data Origin Authentication – The process of verifying that the source of the data is as claimed and that the data has not been modified. (CNSSI-4009) (NISTIR)
Data Security – Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. (CNSSI-4009) (NISTIR)
Data Spill
Synonym(s): data breach (NICCS)
Data Theft
Definition: The deliberate or intentional act of stealing of information. (NICCS)
Related Term(s): data aggregation, data leakage, data loss
Data Transfer Device (DTD) – Fill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key, designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems. (CNSSI-4009) (NISTIR)
Deception. Those measures designed to mislead the enemy by manipulation, distortion, or falsification of evidence to induce the enemy to react in a manner prejudicial to the enemy’s interests. (JP 1-02) (Jt Pub 3-13)
Decertification – Revocation of the certification of an information system item or equipment for cause. (CNSSI-4009) (NISTIR)
Decipher – Convert enciphered text to plain text by means of a cryptographic system. (CNSSI-4009) (NISTIR)
Decode
Definition: To convert encoded text to plain text by means of a code. (From: CNSSI 4009) (NICCS)
Synonym(s): decipher, decrypt
Decrypt – Generic term encompassing decode and decipher. (CNSSI-4009) (NISTIR)
Synonym(s): decipher, decode
Decryption
Definition: The process of transforming ciphertext into its original plaintext.
Extended Definition: The process of converting encrypted data back into its original form, so it can be understood. (Adapted from: ICAM SAML 2.0 WB SSO Profile 1.0.2) (NICCS)
Conversion of ciphertext to plaintext through the use of a cryptographic algorithm. (FIPS 185) (NISTIR)
Synonym(s): decode, decrypt, decipher
Dedicated Mode – Information systems security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: 1. valid security clearance for all information within the system, 2. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs), and 3. valid needto-know for all information contained within the information system. When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time. (CNSSI-4009) (NISTIR)
Deepfake - A digital picture or video that has been maliciously edited using an algorithm in a way that makes the video appear authentic. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Default Classification – Classification reflecting the highest classification being processed in an information system. Default classification is included in the caution statement affixed to an object. (CNSSI-4009) (NISTIR)
Defend Forward - The proactive observing, pursuing, and countering of adversary operations and imposing of costs in day-to-day competition to disrupt and defeat ongoing malicious adversary cyber campaigns, deter future campaigns, and reinforce favorable international norms
of behavior, using all of the instruments of national power. This is a reimagining and expansion of the defend forward concept as initially conceived of in the 2018 DoD Cyber Strategy, which focuses solely on the military instrument. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Defense-in-Breadth – A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or sub-component life cycle (system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement). (CNSSI-4009) (NISTIR)
Defense-in-Depth – Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization. (CNSSI-4009; SP 800-53) (NISTIR)
Defensive Cyber Campaign - A coordinated set of actions across the U.S. government, utilizing any or all available instruments of U.S. national power, to respond to an adversary cyber campaign, mitigate its potential effects, and impose consequences. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Defensive Cyber Operations (DCO) - Missions to preserve the ability to utilize one’s own network capabilities and protect data, computers, cyberspace-enabled devices, and other designated systems by defeating ongoing or imminent malicious cyberspace activity. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Degauss – Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing. (CNSSI-4009) (NISTIR)
Delegated Development Program – INFOSEC program in which the Director, NSA, delegates, on a caseby-case basis, the development and/or production of an entire telecommunications product, including the INFOSEC portion, to a lead department or agency. (CNSSI-4009) (NISTIR)
Deleted File – A file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence. Deleting files does not always necessarily eliminate the possibility of recovering all or part of the original data. (SP 800-72) (NISTIR)
Demilitarized Zone (DMZ) – An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied. (SP 800-41) (NISTIR)
A host or network segment inserted as a “neutral zone” between an organization’s private network and the Internet. (SP 800-45) (NISTIR)
Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks. (CNSSI-4009) (NISTIR)
Denial of Service (DoS) – The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided. (CNSSI-4009) (NISTIR)
An attack that prevents or impairs the authorized use of information system resources or services. (Adapted from: NCSD Glossary) (NICCS)
[See also DDoS]
Depth – An attribute associated with an assessment method that addresses the rigor and level of detail associated with the application of the method. The values for the depth attribute, hierarchically from less depth to more depth, are basic, focused, and comprehensive. (SP 800-53A) (NISTIR)
Descriptive Top-Level Specification (DTLS) – A natural language descriptive of a system’s security requirements, an informal design notation, or a combination of the two. (CNSSI-4009) (NISTIR)
Designated Approval Authority – (DAA) Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with authorizing official, designated accrediting authority, and delegated accrediting authority. (CNSSI-4009) (NISTIR)
Also Designated Accrediting Authority – See Authorizing Official. (NISTIR)
Designed-in Security
Synonym(s): Build Security In (NICCS)
Deterministic Random Bit Generator (DRBG) – A Random Bit Generator (RBG) that includes a DRBG mechanism and (at least initially) has access to a source of entropy input. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator. (SP 800-90A) (NISTIR)
Deterministic Random Bit Generator (DRBG) Mechanism – The portion of an RBG that includes the functions necessary to instantiate and uninstantiate the RBG, generate pseudorandom bits, (optionally) reseed the RBG and test the health of the DRBG mechanism. (SP 800-90A) (NISTIR)
Deterrence - Dissuading someone from doing something by making them believe that the costs to them will exceed their expected benefit. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Device Distribution Profile – An approval-based Access Control List (ACL) for a specific product that 1) names the user devices in a specific key management infrastructure (KMI) Operating Account (KOA) to which PRSNs distribute the product, and 2) states conditions of distribution for each device. (CNSSI-4009) (NISTIR)
Device Registration Manager – The management role that is responsible for performing activities related to registering users that are devices. (CNSSI-4009) (NISTIR)
Dial Back – Synonymous with call back. (CNSSI-4009) (NISTIR)
Differential Power Analysis – (DPA) An analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm. (FIPS 140-2) (NISTIR)
Digital Citizenship - The position or status of being an internet user, particularly as it pertains to knowledge of responsible behaviors pertaining to internet use, including internet safety, digital footprint, online media balance, cyberbullying, online privacy and communication, information literacy, creative credit and copyright, and other related topics. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Digital Evidence – Electronic information stored or transferred in digital form. (SP 800-72) (NISTIR)
Digital Forensics – The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. (SP 800-86) (NISTIR)
The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. (Adapted from: CNSSI 4009; From: NICE Workforce Framework) (NICCS)
Extended Definition: In the NICE Workforce Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations. (NICCS)
Synonym(s): computer forensics, forensics
Digital Literacy - The ability to use information and communication technologies to find, evaluate, create, and communicate information, requiring both cognitive and technical skills. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Digital Rights Management
Definition: A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions. (NICCS)
Digital Signature
Definition: A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data. (Adapted from: CNSSI 4009, IETF RFC 2828, ICAM SAML 2.0 WB SSO Profile 1.0.2, InCommon Glossary, NIST SP 800-63 Rev 1) (NICCS)
Related Term(s): electronic signature
An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation. (SP 800-63) (NISTIR)
A nonforgeable transformation of data that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data. (FIPS 196) (NISTIR)
The result of a cryptographic transformation of data which, when properly implemented, provides the services of:
- origin authentication,
- data integrity, and
- signer non-repudiation. (FIPS 140-2) (NISTIR)
The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism for verifying origin authentication, data integrity, and signatory non-repudiation. (FIPS 186-3) (NISTIR)
The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, data integrity, and signatory non-repudiation. (SP 800-89) (NISTIR)
Cryptographic process used to assure data object originator authenticity, data integrity, and time stamping for prevention of replay. (CNSSI-4009) (NISTIR)
Digital Signature Algorithm – Asymmetric algorithms used for digitally signing data. (SP 800-49) (NISTIR)
Directed Energy. An umbrella term covering technologies that relate to the production of a beam of concentrated electromagnetic energy or atomic or subatomic particles. Also called DE. (JP 1-02) (Jt Pub 3-13)
Direct Shipment – Shipment of COMSEC material directly from NSA to user COMSEC accounts. (CNSSI-4009) (NISTIR)
Disaster Recovery Plan (DRP) – A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities. (SP 800-34) (NISTIR)
Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities.
The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days. See Continuity of Operations Plan and Contingency Plan. (CNSSI-4009) (NISTIR)
Direct Recording Electronic (DRE) Voting Machine - A device that records votes by means of a ballot display provided with mechanical or electro-optical components that can be activated by the voter (typically buttons or a touch- screen), that processes data by means of a computer program, and that records voting data and ballot images in memory components. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Disconnection – The termination of an interconnection between two or more IT systems. A disconnection may be planned (e.g., due to changed business needs) or unplanned (i.e., due to an attack or other contingency). (SP 800-47) (NISTIR)
Discretionary Access Control – The basis of this kind of security is that an individual user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user’s control. (FIPS 191) (NISTIR)
A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). (CNSSI-4009) (NISTIR)
Disinformation - False information deliberately spread to deceive. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Disk Imaging – Generating a bit-for-bit copy of the original media, including free space and slack space. (SP 800-86) (NISTIR)
Disruption
Definition: An event which causes unplanned interruption in operations or functions for an unacceptable length of time. (Adapted from: CNSSI 4009) (NICCS)
Distributed Denial of service
Definition: A denial of service technique that uses numerous systems to perform the attack simultaneously. (Adapted from: CNSSI 4009) (NICCS)
Related Term(s): denial of service, botnet
Disruption – An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). (CNSSI-4009) (NISTIR)
An unplanned event that causes an information system to be inoperable for a length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). (SP 800-34) (NISTIR)
Distinguished Name (DN) – A unique name or character string that unambiguously identifies an entity according to the hierarchical naming conventions of X.500 directory service. (CNSSI-4009) (NISTIR)
Distinguishing Identifier – Information which unambiguously distinguishes an entity in the authentication process. SOURCE: FIPS 196; CNSSI-4009
Distributed Denial of Service – (DDoS) A Denial of Service technique that uses numerous hosts to perform the attack. (CNSSI-4009) (NISTIR)
DMZ – See Demilitarized Zone. (NISTIR)
Domain – A set of subjects, their information objects, and a common security policy. (SP 800-27) (NISTIR)
An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture. See Security Domain. (CNSSI-4009; SP 800-53; SP 800-37) (NISTIR)
A domain name locates an organisation or other entity on the Internet and corresponds to an Internet Protocol (IP) address. (UK 2016)
Domain-based Message Authentication, Reporting & Conformance - An email authentication, policy, and reporting protocol that verifies the authenticity of the sender of an email and blocks and reports fraudulent accounts. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Domain Name System (DNS) – a naming system for computers and network services based on a hierarchy of domains. (UK 2016)
Doxing – the practice of researching, or hacking, an individual’s personally identifiable information on the Internet, then publishing it. (UK 2016)
Drop Accountability – Procedure under which a COMSEC account custodian initially receipts for COMSEC material, and provides no further accounting for it to its central office of record. Local accountability of the COMSEC material may continue to be required. See Accounting Legend Code. (CNSSI-4009) (NISTIR)
Dual-Use Certificate – A certificate that is intended for use with both digital signature and data encryption services. (SP 800-32) (NISTIR)
Duplicate Digital Evidence – A duplicate is an accurate digital reproduction of all data objects contained on the original physical item and associated media. (SP 800-72) (NISTIR)
Duration – A field within a certificate that is composed of two subfields; “date of issue” and “date of next issue.” (SP 800-32) (NISTIR)
Dynamic Attack Surface
Definition: The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary. (Adapted from: DHS personnel) (NICCS)
Dynamic Subsystem – A subsystem that is not continually present during the execution phase of an information system. Service-oriented architectures and cloud computing architectures are examples of architectures that employ dynamic subsystems. (SP 800-37) (NISTIR)