Cyber Glossary - M
Malware – Malicious software, or code. Malware includes viruses, worms, Trojans and spyware. (UK 2016)
Machine Learning and Evolution - Definition: A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems. (Adapted from: DHS personnel) (NICCS)
Macro Virus - A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself. (Adapted from: CNSSI 4009) (NICCS)
Related Term(s): virus
A virus that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute and propagate. (CNSSI-4009) (NISTIR)
Magnetic Remanence – Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared. See Clearing. (CNSSI-4009) (NISTIR)
Maintenance Hook – Special instructions (trapdoors) in software allowing easy maintenance and additional feature development. Since maintenance hooks frequently allow entry into the code without the usual checks, they are a serious security risk if they are not removed prior to live implementation. (CNSSI-4009) (NISTIR)
Maintenance Key – Key intended only for in-shop use. (CNSSI-4009) (NISTIR)
Major Application – An application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All federal applications require some level of protection.
Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate. (OMB Circular A-130, App. III) (NISTIR)
Major Information System – An information system that requires special management attention because of its importance to an agency mission; its high development, operating, or maintenance costs; or its significant role in the administration of agency programs, finances, property, or other resources. (OMB Circular A-130, App. III) (NISTIR)
Malicious Applet - A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system. (From: CNSSI 4009) (NICCS)
Related Term(s): malicious code
Malicious Code – Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code. SOURCE: SP 800-53; CNSSI-4009
Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. (Adapted from: CNSSI 4009. NIST SP 800-53 Rev 4) (NICCS)
Extended Definition: Includes software, firmware, and scripts.
Related Term(s): malicious logic
Malicious Logic – Hardware, firmware, or software that is intentionally included or inserted in a system for a harmful purpose. SOURCE: CNSSI-4009 Malware – A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim. SOURCE: SP 800-83 See Malicious Code.
See also Malicious Applets and Malicious Logic. SOURCE: SP 800-53; CNSSI-4009 A virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host. (SP 800-61) (NISTIR)
Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. (Adapted from: CNSSI 4009) (NICCS)
Related Term(s): malicious code
Malware - Software that compromises the operation of a system by performing an unauthorized function or process. (Adapted from: CNSSI 4009, NIST SP 800-83) (NICCS)
Synonym(s): malicious code, malicious applet, malicious logic
Man-in-the-middle Attack – (MitM) An attack on the authentication protocol run in which the Attacker positions himself in between the Claimant and Verifier so that he can intercept and alter data traveling between them. (SP 800-63) (NISTIR)
A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association. (CNSSI-4009) (NISTIR)
Management Client (MGC) – A configuration of a client node that enables a KMI external operational manager to manage KMI products and services by either
- accessing a PRSN, or
- exercising locally provided capabilities. An MGC consists of a client platform and an advanced key processor (AKP). (CNSSI-4009) (NISTIR)
Management Controls – The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security. (SP 800-37; SP 800-53; SP 800-53A; FIPS 200) (NISTIR)
Actions taken to manage the development, maintenance, and use of the system, including system-specific policies, procedures and rules of behavior, individual roles and responsibilities, individual accountability, and personnel security decisions. (CNSSI-4009) (NISTIR)
Management Security Controls – The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information systems security. (CNSSI-4009) (NISTIR)
Mandatory Access Control (MAC) – A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity. (SP 800-44) (NISTIR)
Access controls (which) are driven by the results of a comparison between the user’s trust level or clearance and the sensitivity designation of the information. (FIPS 191) (NISTIR)
Mandatory Modification – Change to a COMSEC end-item that NSA requires to be completed and reported by a specified date. See Optional Modification. SOURCE: CNSSI-4009
Manipulative Communications Deception – Alteration or simulation of friendly telecommunications for the purpose of deception. See Communications Deception and Imitative Communications Deception. (CNSSI-4009) (NISTIR)
Manual Cryptosystem – Cryptosystem in which the cryptographic processes are performed without the use of crypto-equipment or auto-manual devices. (CNSSI-4009) (NISTIR)
Manual Key Transport – A non-automated means of transporting cryptographic keys by physically moving a device, document, or person containing or possessing the key or key component. (SP 800-57 Part 1) (NISTIR)
A nonelectronic means of transporting cryptographic keys. (FIPS 140-2) (NISTIR)
Manual Remote Rekeying – Procedure by which a distant crypto-equipment is rekeyed electronically, with specific actions required by the receiving terminal operator. Synonymous with cooperative remote rekeying. See also Automatic Remote Keying. (CNSSI-4009) (NISTIR)
Marking – See Security Marking. Masquerading – When an unauthorized agent claims the identity of another agent, it is said to be masquerading. SOURCE: SP 800-19 A type of threat action whereby an unauthorized entity gains access to a system or performs a malicious act by illegitimately posing as an authorized entity. (CNSSI-4009) (NISTIR)
Master Cryptographic Ignition Key – Key device with electronic logic and circuits providing the capability for adding more operational CIKs to a keyset. (CNSSI-4009) (NISTIR)
Match/matching – The process of comparing biometric information against a previously stored template(s) and scoring the level of similarity. (FIPS 201; CNSSI-4009) (NISTIR)
Maximum Tolerable Downtime – The amount of time mission/business processes can be disrupted without causing significant harm to the organization’s mission. (SP 800-34) (NISTIR)
Mechanisms – An assessment object that includes specific protection-related items (e.g., hardware, software, or firmware) employed within or at the boundary of an information system. (SP 800-53A) (NISTIR)
Media – Physical devices or writing surfaces including but not limited to magnetic tapes, optical disks, magnetic disks, Large Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system. (FIPS 200; SP 800-53; CNSSI-4009) (NISTIR)
Media Sanitization – A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means. SOURCE: SP 800-88 The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means. (CNSSI-4009) (NISTIR)
Memorandum of Understanding/Agreement – (MOU/A) A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission. In this guide, an MOU/A defines the responsibilities of two or more organizations in establishing, operating, and securing a system interconnection. (SP 800-47) (NISTIR)
A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission, e.g., establishing, operating, and securing a system interconnection. (CNSSI-4009) (NISTIR)
Memory Scavenging – The collection of residual information from data storage. (CNSSI-4009) (NISTIR)
Message Authentication Code – (MAC) A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. MACs provide authenticity and integrity protection, but not nonrepudiation protection. (SP 800-63; FIPS 201) (NISTIR)
Message Authentication Code – (MAC) A cryptographic checksum that results from passing data through a message authentication algorithm. SOURCE: FIPS 198 1. See Checksum. 2. A specific ANSI standard for a checksum. (CNSSI-4009) (NISTIR)
Message Digest – The result of applying a hash function to a message. Also known as a “hash value” or “hash output”. SOURCE: SP 800-107 (NISTIR)
A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated. (SP 800-92) (NISTIR)
A cryptographic checksum, typically generated for a file that can be used to detect changes to the file. Synonymous with hash value/result. (CNSSI-4009) (NISTIR)
Message Externals – Information outside of the message text, such as the header, trailer, etc. (CNSSI-4009) (NISTIR)
Message Indicator – Sequence of bits transmitted over a communications system for synchronizing cryptographic equipment. SOURCE: CNSSI-4009
Metrics – Tools designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. (SP 800-55) (NISTIR)
Military Deception. Actions executed to deliberately mislead adversary military decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly forces mission. Also called MILDEC. See also deception. (This term and its definition are provided for information and are proposed for inclusion in the next edition of JP 1-02 by JP 3-58) (Jt Pub 3-13)
MIME – See Multipurpose Internet Mail Extensions. Mimicking – See Spoofing.
Min-Entropy – A measure of the difficulty that an Attacker has to guess the most commonly chosen password used in a system. (SP 800-63) (NISTIR)
Minimalist Cryptography – Cryptography that can be implemented on devices with very limited memory and computing capabilities, such as RFID tags. (SP 800-98) (NISTIR)
Minor Application – An application, other than a major application, that requires attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Minor applications are typically included as part of a general support system. (SP 800-18) (NISTIR)
Misnamed Files – A technique used to disguise a file’s content by changing the file’s name to something innocuous or altering its extension to a different type of file, forcing the examiner to identify the files by file signature versus file extension. (SP 800-72; CNSSI-4009) (NISTIR)
Mission Assurance Category – (MAC) A Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) term primarily used to determine the requirements for availability and integrity. (CNSSI-4009) (NISTIR)
Mission Critical – Any telecommunications or information system that is defined as a national security system (Federal Information Security Management Act of 2002 - FISMA) or processes any information the loss, misuse, disclosure, or unauthorized access to or modification of, would have a debilitating impact on the mission of an agency. (SP 800-60) (NISTIR)
Mission/Business Segment – Elements of organizations describing mission areas, common/shared business services, and organization-wide services. Mission/business segments can be identified with one or more information systems which collectively support a mission/business process. (SP 800-30) (NISTIR)
Mitigation - The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences. (Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4) (NICCS)
Extended Definition: Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.
Mobile Code – Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient. (SP 800-53; SP 800-18) (NISTIR)
A program (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics. (SP 800-28) (NISTIR)
Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient. Note: Some examples of software technologies that provide the mechanisms for the production and use of mobile code include Java, JavaScript, ActiveX, VBScript, etc. (CNSSI-4009) (NISTIR)
Mobile Code Technologies – Software technologies that provide the mechanisms for the production and use of mobile code (e.g., Java, JavaScript, ActiveX, VBScript). (SP 800-53; SP 800-18) (NISTIR)
Mobile Device – Portable cartridge/disk-based, removable storage media (e.g., floppy disks, compact disks, USB flash drives, external hard drives, and other flash memory cards/drives that contain nonvolatile memory).
Portable computing and communications device with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices). (SP 800-53) (NISTIR)
Mobile Software Agent – Programs that are goal-directed and capable of suspending their execution on one platform and moving to another platform where they resume execution. (SP 800-19) (NISTIR)
Mode of Operation – An algorithm for the cryptographic transformation of data that features a symmetric key block cipher algorithm. (SP 800-38C) (NISTIR)
Description of the conditions under which an information system operates based on the sensitivity of information processed and the clearance levels, formal access approvals, and need-to-know of its users. Four modes of operation are authorized for processing or transmitting information: dedicated mode, system high mode, compartmented/partitioned mode, and multilevel mode. (CNSSI-4009) (NISTIR)
Moderate Impact – The loss of confidentiality, integrity, or availability that could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e.,
- causes a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced;
- results in significant damage to organizational assets
- results in significant financial loss; or
- results in significant harm to individuals that does not involve loss of life or serious life threatening injuries). (CNSSI-4009) (NISTIR)
Moderate-Impact System – An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high. SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 200 An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of moderate and no security objective is assigned a potential impact value of high. (CNSSI-4009) (NISTIR)
Moving Target Defense - The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target. (From: DHS personnel) (NICCS)
Multi-Hop Problem – The security risks resulting from a mobile software agent visiting several platforms. (SP 800-19) (NISTIR)
Multifactor Authentication – Authentication using two or more factors to achieve authentication. Factors include:
- something you know (e.g. password/PIN);
- something you have (e.g., cryptographic identification device, token); or
- something you are (e.g., biometric). See Authenticator. (SP 800-53) (NISTIR)
Multilevel Device – Equipment trusted to properly maintain and separate data of different security domains. (CNSSI-4009) (NISTIR)
Multilevel Mode – Mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts:
- some users do not have a valid security clearance for all the information processed in the information system;
- all users have the proper security clearance and appropriate formal access approval for that information to which they have access; and
- all users have a valid need-to-know only for information to which they have access. (CNSSI-4009) (NISTIR)
Multilevel Security (MLS) – Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization. (CNSSI-4009) (NISTIR)
Multiple Security Levels (MSL) – Capability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains. (CNSSI-4009) (NISTIR)
Multi-Releasable – A characteristic of an information domain where access control mechanisms enforce policy-based release of information to authorized users within the information domain. (CNSSI-4009) (NISTIR)
Mutual Authentication – Occurs when parties at both ends of a communication activity authenticate each other. SOURCE: SP 800-32 The process of both entities involved in a transaction verifying each other. (CNSSI-4009) (NISTIR)
Mutual Suspicion – Condition in which two information systems need to rely upon each other to perform a service, yet neither trusts the other to properly protect shared data. (CNSSI-4009) (NISTIR)