Cyber Glossary - E
Easter Egg – Hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening. (SP 800-28) (NISTIR)
Eavesdropping Attack – An attack in which an Attacker listens passively to the authentication protocol to capture information which can be used in a subsequent active attack to masquerade as the Claimant. (SP 800-63) (NISTIR)
E-Commerce – electronic commerce. Trade conducted, or facilitated by, the Internet. (UK 2016)
Education (Information Security) – Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge . . . and strives to produce IT security specialists and professionals capable of vision and proactive response. (SP 800-50) (NISTIR)
Education and Training
Definition: In the NICE Workforce Framework, cybersecurity work where a person: Conducts training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate. (From: NICE Workforce Framework) (NICCS)
E-Government (e-gov) – The use by the U.S. government of Web-based Internet applications and other information technology. (CNSSI-4009 NIST IR 7298 Revision 2, Glossary of Key) (NISTIR)
Egress Filtering – Filtering of outgoing network traffic. (SP 800-41) (NISTIR)
Election Infrastructure - Information and communications technology and systems used by or on behalf of the federal government or a state or local government in managing the election process, including voter registration databases, voting machines, voting tabulation equipment, and equipment for the secure transmission of election results. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Electromagnetic Spectrum. The range of frequencies of electromagnetic radiation from zero to infinity. It is divided into 26 alphabetically designated bands. See also electronic warfare. (JP 1-02) (Jt Pub 3-13)
Electromagnetic Spectrum Management. Planning, coordinating, and managing joint use of the electromagnetic spectrum through operational, engineering, and administrative procedures. The objective of spectrum management is to enable electronic systems to perform their functions in the intended environment without causing or suffering unacceptable interference. (This term and its definition are provided for information and are proposed for inclusion in the next edition of JP 1-02 by JP 6-0) (Jt Pub 3-13)
Electronic Authentication – (E-authentication) The process of establishing confidence in user identities electronically presented to an information system. (SP 800-63; CNSSI-4009) (NISTIR)
Electronic Business (e-business) – Doing business online. (CNSSI-4009) (NISTIR)
Electronic Credentials – Digital documents used in authentication that bind an identity or an attribute to a subscriber's token. (CNSSI-4009) (NISTIR)
Electronic Evidence – Information and data of investigative value that is stored on or transmitted by an electronic device. (SP 800-72) (NISTIR)
Electronic Key Entry – The entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. (The operator of the key may have no knowledge of the value of the key being entered. (FIPS 140-2) (NISTIR)
Electronic Key Management System (EKMS) – Interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material. (CNSSI-4009) (NISTIR)
Electronic Messaging Services – Services providing interpersonal messaging capability; meeting specific functional, management, and technical requirements; and yielding a business-quality electronic mail service suitable for the conduct of official government business. (CNSSI-4009) (NISTIR)
Electronic Signature – The process of applying any mark in electronic form with the intent to sign a data object. See also Digital Signature. (CNSSI-4009) (NISTIR)
Any mark in electronic form associated with an electronic document, applied with the intent to sign the document. (Adapted from: CNSSI 4009) (NICCS)
Related Term(s): digital signature
Electronic Warfare. Any military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy. Also called EW. The three major subdivisions within electronic warfare are: electronic attack, electronic protection, and electronic warfare support. a. electronic attack. That division of electronic warfare involving the use of electromagnetic energy, directed energy, or antiradiation weapons to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat capability and is considered a form of fires. Also called EA. EA includes: 1) actions taken to prevent or reduce an enemy’s effective use of the electromagnetic spectrum, such as jamming and electromagnetic deception, and 2) employment of weapons that use either electromagnetic or directed energy as their primary destructive mechanism (lasers, radio frequency weapons, particle beams). b. electronic protection. That division of electronic warfare involving passive and active means taken to protect personnel, facilities, and equipment from any effects of friendly or enemy employment of electronic warfare that degrade, neutralize, or destroy friendly combat capability. Also called EP. c. electronic warfare support. That division of electronic warfare involving actions tasked by, or under direct control of, an operational commander to search for, intercept, identify, and locate or localize sources of intentional and unintentional radiated electromagnetic energy for the purpose of immediate threat recognition, targeting, planning and conduct of future operations. Thus, electronic warfare support provides information required for decisions involving electronic warfare operations and other tactical actions such as threat avoidance, targeting, and homing. Also called ES. Electronic warfare support data can be used to produce signals intelligence, provide targeting for electronic or destructive attack, and produce measurement and signature intelligence. See also directed energy; electromagnetic spectrum. (JP 1-02) (Jt Pub 3-13)
Electronically Generated Key – Key generated in a COMSEC device by introducing (either mechanically or electronically) a seed key into the device and then using the seed, together with a software algorithm stored in the device, to produce the desired key. (CNSSI-4009) (NISTIR)
Emanations Security (EMSEC) – Protection resulting from measures taken to deny unauthorized individuals information derived from intercept and analysis of compromising emissions from crypto-equipment or an information system. See TEMPEST. (CNSSI-4009) (NISTIR)
Embedded Computer – Computer system that is an integral part of a larger system. (CNSSI-4009) (NISTIR)
Embedded Cryptographic System – Cryptosystem performing or controlling a function as an integral element of a larger system or subsystem. (CNSSI-4009) (NISTIR)
Embedded Cryptography – Cryptography engineered into an equipment or system whose basic function is not cryptographic. (CNSSI-4009) (NISTIR)
Emission Security. The component of communications security that results from all measures taken to deny unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations from crypto-equipment and telecommunications systems. (This term and its definition are provided for information and are proposed for inclusion in the next edition of JP 1-02 by JP 6-0) (Jt Pub 3-13)
Encipher – Convert plain text to cipher text by means of a cryptographic system. (CNSSI-4009) (NISTIR)
Enclave – Collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location. (CNSSI-4009) (NISTIR)
Enclave Boundary – Point at which an enclave’s internal network service layer connects to an external network’s service layer, i.e., to another enclave or to a Wide Area Network (WAN). (CNSSI-4009) (NISTIR)
Encode – Convert plain text to cipher text by means of a code. (CNSSI-4009) (NISTIR)
Encrypt – Generic term encompassing encipher and encode. (CNSSI-4009) (NISTIR)
Encrypted Key – A cryptographic key that has been encrypted using an Approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key. (FIPS 140-2) (NISTIR)
Encrypted Network – A network on which messages are encrypted (e.g., using DES, AES, or other appropriate algorithms) to prevent reading by unauthorized parties. (SP 800-32) (NISTIR)
Encryption – Conversion of plaintext to ciphertext through the use of a cryptographic algorithm. (FIPS 185) (NISTIR)
The process of changing plaintext into ciphertext for the purpose of security or privacy. (SP 800-21; CNSSI-4009) (NISTIR)
Cryptographic transformation of data (called ‘plaintext’) into a form (called ‘cipher text’) that conceals the data’s original meaning, to prevent it from being known or used. (UK 2016)
Encryption Algorithm – Set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key. (CNSSI-4009) (NISTIR)
Encryption Certificate – a certificate containing a public key that can encrypt or decrypt electronic messages, files, documents, or data transmissions, or establish or exchange a session key for these same purposes. Key management sometimes refers to the process of storing, protecting, and escrowing the private component of the key pair associated with the encryption certificate. ((NISTIR)
End Cryptographic Unit (ECU) – Device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted. (CNSSI-4009) (NISTIR)
End-Item Accounting – Accounting for all the accountable components of a COMSEC equipment configuration by a single short title. (CNSSI-4009) (NISTIR)
End-to-End Encryption – Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible. SOURCE: SP 800-12 Encryption of information at its origin and decryption at its intended destination without intermediate decryption. (CNSSI-4009) (NISTIR)
End-to-End Security – Safeguarding information in an information system from point of origin to point of destination. (CNSSI-4009) (NISTIR)
Enrollment Manager – The management role that is responsible for assigning user identities to management and non-management roles. (CNSSI-4009) (NISTIR)
Enterprise – An organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance.
An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management. (CNSSI-4009) (NISTIR)
Enterprise Architecture (EA) – The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture. (CNSSI-4009) (NISTIR)
Enterprise Risk Management – The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary. (CNSSI-4009) (NISTIR)
Enterprise Service – A set of one or more computer applications and middleware systems hosted on computer hardware that provides standard information systems capabilities to end users and hosted mission applications and services. (CNSSI-4009) (NISTIR)
Entity – Either a subject (an active element that operates on information or the system state) or an object (a passive element that contains or receives information). (SP 800-27) (NISTIR)
An active element in an open system. (FIPS 188) (NISTIR)
Any participant in an authentication exchange; such a participant may be human or nonhuman, and may take the role of a claimant and/or verifier. (FIPS 196) (NISTIR)
Entrapment – Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations. (CNSSI-4009) (NISTIR)
Entropy – A measure of the amount of uncertainty that an Attacker faces to determine the value of a secret. Entropy is usually stated in bits. (SP 800-63) (NISTIR)
Environment – Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system. (FIPS 200; CNSSI-4009) (NISTIR)
Environment of Operation – The physical surroundings in which an information system processes, stores, and transmits information. (SP 800-37; SP 800-53A) (NISTIR)
The physical, technical, and organizational setting in which an information system operates, including but not limited to: missions/business functions; mission/business processes; threat space; vulnerabilities; enterprise and information security architectures; personnel; facilities; supply chain relationships; information technologies; organizational governance and culture; acquisition and procurement processes; organizational policies and procedures; organizational assumptions, constraints, risk tolerance, and priorities/trade-offs). (SP 800-30) (NISTIR)
Ephemeral Key – A cryptographic key that is generated for each execution of a key establishment process and that meets other requirements of the key type (e.g., unique to each message or session). In some cases, ephemeral keys are used more than once within a single session (e.g., broadcast applications) where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key. (SP 800-57 Part 1) (NISTIR)
Erasure – Process intended to render magnetically stored information irretrievable by normal means. (CNSSI-400) (NISTIR)
Error Detection Code – A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data. (FIPS 140-2; CNSSI-4009) (NISTIR)
Escrow – Something (e.g., a document, an encryption key) that is "delivered to a third person to be given to the grantee only upon the fulfillment of a condition." (FIPS 185) (NISTIR)
Evaluation Products List (EPL) – List of validated products that have been successfully evaluated under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS). (CNSSI-4009) (NISTIR)
Evaluation Assurance Level (EAL) – Set of assurance requirements that represent a point on the Common Criteria predefined assurance scale. (CNSSI-4009) (NISTIR)
Event – Any observable occurrence in a network or system. SOURCE: SP 800-61 Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring. (CNSSI-4009) (NISTIR)
Examination – A technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data. (SP 800-72) (NISTIR)
Examine – A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time. (SP 800-53A) (NISTIR)
Exculpatory Evidence – Evidence that tends to decrease the likelihood of fault or guilt. SOURCE: SP 800-72 Executive Agency – An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91. (SP 800-53; SP 800-37; FIPS 200; FIPS 199; 41 U.S.C., Sec. 403; CNSSI-4009) (NISTIR)
Exercise Key – Cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises. (CNSSI-4009) (NISTIR)
Expected Output – Any data collected from monitoring and assessments as part of the Information Security Continuous Monitoring (ISCM) strategy. (SP 800-137) (NISTIR)
Exfiltration - Definition: The unauthorized transfer of information from an information system. (From: NIST SP 800-53 Rev 4) (NICCS)
Related Term(s): data breach
Exploit - Definition: A technique to breach the security of a network or information system in violation of security policy. (Adapted from: ISO/IEC 27039 (draft), DHS personnel) (NICCS)
Exploit Code – A program that allows attackers to automatically break into a system. (SP 800-40) (NISTIR)
Exploitable Channel – Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. See Covert Channel. (CNSSI-4009) (NISTIR)
Exploitation Analysis - Definition: In the NICE Workforce Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation. (From: NICE Workforce Framework) (NICCS)
Exposure - Definition: The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network. (Adapted from: NCSD glossary) (NICCS)
Extensible Configuration Checklist Description Format (XCCDF) – SCAP language for specifying checklists and reporting checklist results. (SP 800-128) (NISTIR)
External Information System (or Component) – An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness. (SP 800-37; SP 800-53; CNSSI-4009) (NISTIR)
External Information System Service – An information system service that is implemented outside of the authorization boundary of the organizational information system (i.e., a service that is used by, but not a part of, the organizational information system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness. (SP 800-53; SP 800-37; CNSSI-4009((NISTIR)
External Information System Service Provider – A provider of external information system services to an organization through a variety of consumer-producer relationships, including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges. (SP 800-37; SP 800-53) (NISTIR)
External Network – A network not controlled by the organization. (SP 800-53; CNSSI-4009) (NISTIR)
External Security Testing – Security testing conducted from outside the organization’s security perimeter. (SP 800-115) (NISTIR)
Extraction Resistance – Capability of crypto-equipment or secure telecommunications equipment to resist efforts to extract key. (CNSSI-4009) (NISTIR)
Extranet – A private network that uses Web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises. (CNSSI-4009) (NISTIR)