Cyber Glossary - F
Facility – COMSEC facility located in an immobile structure or aboard a ship. (CNSSI-4009) (NISTIR)
Fail Safe – Automatic protection of programs and/or processing systems when hardware or software failure is detected. (CNSSI-4009) (NISTIR)
Fail Soft – Selective termination of affected nonessential processing when hardware or software failure is determined to be imminent. (CNSSI-4009) (NISTIR)
Failover – The capability to switch over automatically (typically without human intervention or warning) to a redundant or standby information system upon the failure or abnormal termination of the previously active system. (SP 800-53; CNSSI-4009) (NISTIR)
Failure - Definition: The inability of a system or component to perform its required functions within specified performance requirements. (From: NCSD Glossary) (NICCS)
Failure Access – Type of incident in which unauthorized access to data results from hardware or software failure. (CNSSI-4009) (NISTIR)
Failure Control – Methodology used to detect imminent hardware or software failure and provide fail safe or fail soft recovery. (CNSSI-4009) (NISTIR)
False Acceptance – When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity (SP 800-76) (NISTIR)
In biometrics, the instance of a security system incorrectly verifying or identifying an unauthorized person. It typically is considered the most serious of biometric security errors as it gives unauthorized users access to systems that expressly are trying to keep them out. (CNSSI-4009) (NISTIR)
False Acceptance Rate (FAR) – The probability that a biometric system will incorrectly identify an individual or will fail to reject an impostor. The rate given normally assumes passive impostor attempts. SOURCE: SP 800-76
The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. A system’s false acceptance rate typically is stated as the ratio of the number of false acceptances divided by the number of identification attempts. (CNSSI-4009) (NISTIR)
False Positive – An alert that incorrectly indicates that malicious activity is occurring. (SP 800-61) (NISTIR)
False Rejection – When a biometric system fails to identify an applicant or fails to verify the legitimate claimed identity of an applicant. (SP 800-76) (NISTIR)
In biometrics, the instance of a security system failing to verify or identify an authorized person. It does not necessarily indicate a flaw in the biometric system; for example, in a fingerprint-based system, an incorrectly aligned finger on the scanner or dirt on the scanner can result in the scanner misreading the fingerprint, causing a false rejection of the authorized user. (CNSSI-4009) (NISTIR)
False Rejection Rate (FRR) – The probability that a biometric system will fail to identify an applicant, or verify the legitimate claimed identity of an applicant. (SP 800-76) (NISTIR)
The measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user. A system’s false rejection rate typically is stated as the ratio of the number of false rejections divided by the number of identification attempts. (CNSSI-4009) (NISTIR)
Federal Agency – See Agency, See Executive Agency. (NISTIR)
Federal Bridge Certification Authority (FBCA) – The Federal Bridge Certification Authority consists of a collection of Public Key Infrastructure components (Certificate Authorities, Directories, Certificate Policies and Certificate Practice Statements) that are used to provide peer-to-peer interoperability among Agency Principal Certification Authorities. (SP 800-32; CNSSI-4009) (NISTIR)
Federal Bridge Certification Authority Membrane – The Federal Bridge Certification Authority Membrane consists of a collection of Public Key Infrastructure components including a variety of Certification Authority PKI products, Databases, CA specific Directories, Border Directory, Firewalls, Routers, Randomizers, etc. (SP 800-32) (NISTIR)
Federal Bridge Certification Authority Operational Authority – The Federal Bridge Certification Authority Operational Authority is the organization selected by the Federal Public Key Infrastructure Policy Authority to be responsible for operating the Federal Bridge Certification Authority. (SP 800-32) (NISTIR)
Federal Enterprise Architecture – A business-based framework for governmentwide improvement developed by the Office of Management and Budget that is intended to facilitate efforts to transform the federal government to one that is citizen-centered, results-oriented, and market-based. (SP 800-53; SP 800-18; SP 800-60; CNSSI-4009) (NISTIR)
Federal Information Processing Standard (FIPS) – A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability. (FIPS 201) (NISTIR)
Federal Information Security Management Act (FISMA) – A statute (Title III, P.L. 107-347) that requires agencies to assess risk to information systems and provide information security protections commensurate with the risk. FISMA also requires that agencies integrate information security into their capital planning and enterprise architecture processes, conduct annual information systems security reviews of all programs and systems, and report the results of those reviews to OMB. (CNSSI-4009) (NISTIR)
Title III of the E-Government Act requiring each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. (SP 800-63) (NISTIR)
Federal Information System – An information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency. (SP 800-53; FIPS 200; FIPS 199; 40 U.S.C., Sec. 11331; CNSSI-4009) (NISTIR)
Federal Information Systems Security Educators’ Association – (FISSEA) An organization whose members come from federal agencies, industry, and academic institutions devoted to improving the IT security awareness and knowledge within the federal government and its related external workforce. (SP 800-16) (NISTIR)
Federal Public Key Infrastructure Policy Authority (FPKI PA) – The Federal PKI Policy Authority is a federal government body responsible for setting, implementing, and administering policy decisions regarding interagency PKI interoperability that uses the FBCA. (SP 800-32) (NISTIR)
Fifth-Generation Wireless Network (5G) - A set of wireless software and hardware technologies that will produce a significant improvement in data speed, volume, and latency (delay in data transfer) over fourth-generation (4G and 4G LTE) networks. SOURCE: Cyberspace Solarium Commission Final Report, 2020
File Encryption – The process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided. (SP 800-111) (NISTIR)
File Name Anomaly – 1. A mismatch between the internal file header and its external extension; or 2. A file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension. (SP 800-72) (NISTIR)
File Protection – Aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents. (CNSSI-4009) (NISTIR)
File Security – Means by which access to computer files is limited to authorized users only. (CNSSI-4009) (NISTIR)
Fill Device – COMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment. (CNSSI-4009) (NISTIR)
Final Goods Assembler - The entity that is most responsible for the placement of a product or service into the stream of commerce. SOURCE: Cyberspace Solarium Commission Final Report, 2020
FIPS – See Federal Information Processing Standard. (NISTIR)
FIPS-Approved Security Method – A security method (e.g., cryptographic algorithm, cryptographic key generation algorithm or key distribution technique, random number generator, authentication technique, or evaluation criteria) that is either a) specified in a FIPS, or b) adopted in a FIPS. (FIPS 196) (NISTIR)
FIPS-Validated Cryptography – A cryptographic module validated by the Cryptographic Module Validation Program (CMVP) to meet requirements specified in FIPS 140-2 (as amended).
As a prerequisite to CMVP validation, the cryptographic module is required to employ a cryptographic algorithm implementation that has successfully passed validation testing by the Cryptographic Algorithm Validation Program (CAVP). See NSA-Approved Cryptography. (SP 800-53) (NISTIR)
FIPS PUB – An acronym for Federal Information Processing Standards Publication. FIPS publications (PUB) are issued by NIST after approval by the Secretary of Commerce. (SP 800-64) (NISTIR)
FIREFLY – Key management protocol based on public key cryptography. (CNSSI-4009) (NISTIR)
Firewall – A gateway that limits access between networks in accordance with local security policy. (SP 800-32) (NISTIR)
A hardware/software capability that limits access between networks and/or systems in accordance with a specific security policy. (CNSSI-4009) (NISTIR)
A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures. (SP 800-41) (NISTIR)
Firewall Control Proxy – The component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination. (SP 800-58) (NISTIR)
Firmware – The programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution. (FIPS 140-2) (NISTIR)
Computer programs and data stored in hardware - typically in readonly memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs. (CNSSI-4009) (NISTIR)
FISMA – See Federal Information Security Management Act. Fixed COMSEC (NISTIR)
Flaw – Error of commission, omission, or oversight in an information system that may allow protection mechanisms to be bypassed. (CNSSI-4009) (NISTIR)
Flaw Hypothesis Methodology – System analysis and penetration technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system. (CNSSI-4009) (NISTIR)
Flooding – An attack that attempts to cause a failure in a system by providing more input than the system can process properly. (CNSSI-4009) (NISTIR)
Focused Testing – A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Also known as gray box testing. (SP 800-53A) (NISTIR)
Forensic Copy – An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm. (SP 800-72; CNSSI-4009) (NISTIR)
Forensic Specialist – A professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered. (SP 800-72) (NISTIR)
Forensics – The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data. (CNSSI-4009 See Also Computer Forensics.) (NISTIR)
Synonym(s): digital forensics
Forensically Clean – Digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use. (SP 800-86) (NISTIR)
Fork Bomb - A Fork Bomb works by using the fork() call to create a new process which is a copy of the original. By doing this repeatedly, all available processes on the machine can be taken up.
Formal Access Approval – A formalization of the security determination for authorizing access to a specific type of classified or sensitive information, based on specified access requirements, a determination of the individual’s security eligibility and a determination that the individual’s official duties require the individual be provided access to the information. (CNSSI-4009) (NISTIR)
Formal Development Methodology – Software development strategy that proves security design specifications. (CNSSI-4009) (NISTIR)
Formal Method – Mathematical argument which verifies that the system satisfies a mathematically-described security policy. (CNSSI-4009) (NISTIR)
Formal Proof – Complete and convincing mathematical argument presenting the full logical justification for each proof step and for the truth of a theorem or set of theorems. (CNSSI-4009) (NISTIR)
Formal Security Policy – Mathematically-precise statement of a security policy. (CNSSI-4009) (NISTIR)
Formatting Function – The function that transforms the payload, associated data, and nonce into a sequence of complete blocks. (SP 800-38C) (NISTIR)
Forward Cipher – One of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key. The term “forward cipher operation” is used for TDEA, while the term “forward transformation” is used for DEA. (SP 800-67) (NISTIR)
Frequency Hopping – Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications. (CNSSI-4009) (NISTIR)
Full Disk Encryption (FDE) – The process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product. (SP 800-111) (NISTIR)
Full Maintenance – Complete diagnostic repair, modification, and overhaul of COMSEC equipment, including repair of defective assemblies by piece part replacement. See Limited Maintenance. (CNSSI-4009) (NISTIR)
Functional Testing – Segment of security testing in which advertised security mechanisms of an information system are tested under operational conditions. (CNSSI-4009) (NISTIR)