Security Taxonomy - Lynn Wheeler

Concepts

access control, assurance, attack, audit, authentication, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, evaluation, evidence, internet, key management, privacy, protection profile, public-key infrastructure, requirements, risk, risk management, security, security software, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, user,

Terms

*-property: IncludedBy:Bell-LaPadula security model,; PreferredFor:star (*) property,; Related:model,; Synonym:confinement property,
2-factor authentication: IncludedBy:3-factor authentication,
3-factor authentication: IncludedBy:authentication,; Includes:2-factor authentication, authentication information,; Related:biometric authentication, challenge/response, passwords, personal identification number, tokens,
A1: IncludedBy:Orange book,; Related:evaluation, trust,
ABA Guidelines: Related:certificate, digital signature,
abend: Related:failure, test,
abort: Related:failure,
Abrams, Jojodia, Podell essays: Related:security,
Abstract Syntax Notation One: Includes:Basic Encoding Rules, Distinguished Encoding Rules, object identifier,; Related:certificate, public-key infrastructure,
abuse of privilege: IncludedBy:threat,
acceptable level of risk: IncludedBy:threat,; Related:counter measures, networks,
acceptable risk: IncludedBy:risk,
acceptable use policy: IncludedBy:policy,; Related:networks,
acceptance criteria: IncludedBy:acceptance procedure,
acceptance inspection: IncludedBy:acceptance procedure,; Related:software, test,
acceptance procedure: IncludedBy:software development, target of evaluation,; Includes:acceptance criteria, acceptance inspection, acceptance testing, object,
acceptance testing: IncludedBy:acceptance procedure, test,
access: Includes:access control, delete access, execute access, merge access, object, read access, remote access, subject, update access,; Related:security,
access category: IncludedBy:access control,
access control: IncludedBy:Automated Information System security, access, authorization, risk management, security, security-relevant event, trusted computing base, user,; Includes:Terminal Access Controller Access Control System, access category, access control center, access control list, access control mechanism, access control officer, access control service, access level, access mode, access period, access port, access profile, access type, centralized authorization, component reference monitor, context-dependent access control, controlled sharing, cookies, discretionary access control, failure access, fetch protection, file protection, file security, granularity, identity based access control, mandatory access control, need-to-know, network reference monitor, non-discretionary access control, partition rule base access control, role-based access control, sandboxed environment, secure state, security kernel, sensitivity label, system entry, technical policy,; PreferredFor:access mediation, controlled access, limited access,; Related:Bell-LaPadula security model, Clark Wilson integrity model, Identification Protocol, Internet Protocol security, Kerberos, POSIX, TCB subset, accreditation range, anonymous login, application proxy, authentication, availability, availability service, compartment, computer security, confidentiality, controlled access protection, covert channel, domain, domain name system, exploitation, firewall, formulary, identification and authentication, integrity, labeled security protections, logical access, logical completeness measure, login, minimum essential infrastructure, national security information, network component, networks, permissions, proxy server, reference monitor, reference monitor concept, rule set, salt, simple network management protocol, software, spoofing, technological attack, threat consequence, ticket, unauthorized access,
access control center: IncludedBy:access control,; Related:cryptography, key,
access control list: IncludedBy:access control, authorization,; Includes:ACL-based authorization,; PreferredFor:access list,; Related:communications security,
access control mechanism: IncludedBy:access control,; Related:software, unauthorized access,
access control officer: IncludedBy:access control,
access control service: IncludedBy:access control,; Related:unauthorized access,
access level: IncludedBy:access control, security level,
access list: HasPreferred:access control list,
access mediation: HasPreferred:access control,
access mode: IncludedBy:access control, automated information system,
access period: IncludedBy:access control,
access port: IncludedBy:access control,
access profile: IncludedBy:access control,
access type: IncludedBy:access control,
accessibility
account aggregation
account authority digital signature: IncludedBy:public-key infrastructure,; Related:authentication,
account management
accountability: IncludedBy:security,; Includes:automated information system, identification, object, user,; Related:audit, communications security, failure, minimum essential infrastructure, non-repudiation, quality, recovery, trust,
accounting legend code: Related:communications security,
accounting number: Related:communications security,
accredit: HasPreferred:accreditation,
accreditation: IncludedBy:certification,; Includes:DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation,; PreferredFor:accredit,; Related:Common Criteria Testing Laboratory, National Information Assurance partnership, accredited, approved technologies list, approved test methods list, cascading, certificate, certificate revocation list, certification phase, certifier, controlled security mode, dedicated security mode, evaluation, external security controls, multilevel security mode, networks, partitioned security mode, pre-certification phase, risk, security evaluation, site certification, system-high security mode, test, trust, trusted computer system,
accreditation authority: IncludedBy:accreditation,; Related:trust,
accreditation body: IncludedBy:National Information Assurance partnership, accreditation,
accreditation disapproval: IncludedBy:accreditation,; Related:risk, security,
accreditation multiplicity parameter: IncludedBy:accreditation,
accreditation package: IncludedBy:accreditation,
accreditation phase: IncludedBy:accreditation,; Related:risk, security,
accreditation range: IncludedBy:accreditation,; Related:access control, computer security, evaluation, networks, risk, security, trust, trusted computer system,
accredited: Related:accreditation, evaluation,
accuracy
ACL-based authorization: IncludedBy:access control list, authorization,; Includes:distributed computing environment,
acquirer: IncludedBy:Secure Electronic Transaction,
acquisition plan: Related:analysis,
acquisition strategy
active attack: IncludedBy:attack,
active content
active wiretapping: IncludedBy:wiretapping,; Related:communications,
activity analysis: IncludedBy:analysis, security software,
activity-based costing: IncludedBy:business process,
ad hoc
ad hoc testing: IncludedBy:test,
ad-lib test: IncludedBy:test,
adaptive predictive coding
add-on security: IncludedBy:security,; Related:software,
address
address indicator group
address spoofing: IncludedBy:masquerade, spoofing,; Includes:ip spoofing,; Related:networks,
adequate security: IncludedBy:security,; Related:risk, unauthorized access,
administration documentation: IncludedBy:target of evaluation,
administrative access
administrative security: HasPreferred:procedural security,; Related:unauthorized access,
administrator: IncludedBy:target of evaluation,
advanced development model: IncludedBy:software development,
Advanced Encryption Standard: IncludedBy:National Institute of Standards and Technology, symmetric cryptography,; Related:encryption,
advanced intelligence network: IncludedBy:networks,
advanced intelligent network: IncludedBy:networks,
Advanced Mobile Phone Service: IncludedBy:user,
advanced narrowband digital voice terminal
Advanced Research Projects Agency Network: IncludedBy:networks,
advanced self-protection jammer: IncludedBy:communications security,; Related:assurance,
adversary: IncludedBy:security,; Related:threat,
advisory: Related:threat,
agency
agent: Related:attack,
aggregation: Related:security,
alarm reporting: Related:fault, identification, networks, security software,
alarm surveillance: Related:analysis, fault, networks, security software,
alert: Related:attack, audit, communications security, networks, security,
algorithm: Includes:Digital Signature Algorithm, International Data Encryption Algorithm, Rivest-Shamir-Adelman algorithm, asymmetric algorithm, crypto-algorithm, message digest algorithm 5, secure hash algorithm, symmetric algorithm,; Related:Data Encryption Standard, cryptanalysis, cryptographic key, cryptographic module, cryptography, cyclic redundancy check, initialization vector, key-escrow system, metric,
alias: Related:anonymous, masquerade,
alignment
allowed traffic: Related:bit forwarding rate, rule set, test,
alternate COMSEC custodian: IncludedBy:communications security,
American institute of certified public accountants
American National Standards Institute: Related:automated information system,
American Standard Code for Information Interchange: Related:automated information system,
analog signal
analysis: Includes:SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit analysis, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, fault analysis, gap analysis, information sharing and analysis center, mutation analysis, requirements analysis, risk analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, static analysis, threat analysis, traffic analysis, value analysis, vulnerability analysis,; Related:Federal Standard 1027, HMAC, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, cryptology, cryptoperiod, electronic security, elliptic curve cryptography, emanations security, emissions security, error seeding, evaluation assurance, fault injection, flaw hypothesis methodology, flooding, functional test case design, global requirements, independent validation and verification, instrumentation, judgment sample, known-plaintext attack, local requirements, model, national computer security assessment program, one-time pad, reference monitor, reference validation mechanism, risk assessment, risk identification, risk management, security test and evaluation, symbolic execution, system development, system development methodologies, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, vulnerability,; Synonym:evaluation, test,
analysis of alternatives: IncludedBy:analysis,
ankle-biter: IncludedBy:threat,
anomaly: Related:bug, failure, fault, software,
anomaly detection: IncludedBy:security software,
anomaly detection model: IncludedBy:model, security policy model,
anonymity: IncludedBy:user,; Related:identification,
anonymous: Related:alias, attack, privacy, security,
anonymous and guest login: Related:authentication,
anonymous login: IncludedBy:internet,; Related:access control, passwords, threat,
anti-jam: IncludedBy:communications security,
anti-jamming: IncludedBy:communications security,
anti-spoof: Antonym:spoofing,; Related:security software,
antivirus software: IncludedBy:security software,; Related:virus,
appendix
applet: Related:world wide web,
applicant
application: IncludedBy:software,
application controls: Related:security controls,
application entity
application gateway firewall: IncludedBy:firewall,
application generator: Related:software,
application level gateway: Related:firewall,; Synonym:application proxy,
application program interface: IncludedBy:security, software,; Related:networks,
application programming interface: Related:software,
application proxy: IncludedBy:firewall, proxy,; Includes:forwarder, gateway,; Related:access control, audit,; Synonym:application level gateway,
application software: IncludedBy:software,
application system: Related:automated information system,
application-level firewall: IncludedBy:firewall, security,
approach
approval for service use
approval/accreditation: IncludedBy:accreditation,; Related:TEMPEST, communications security, evaluation, security, software,
approved technologies list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance partnership,; Related:accreditation, computer security, evaluation, test,
approved test methods list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance partnership, test,; Related:accreditation, computer security, evaluation,
architectural design: IncludedBy:software development, target of evaluation,
architecture
archive: IncludedBy:recovery,; Related:audit, backup, certificate, digital signature, key, public-key infrastructure,; Synonym:archiving,
archiving: Related:backup,; Synonym:archive,
area interswitch rekeying key: IncludedBy:key,
areas of control
areas of potential compromise: IncludedBy:vulnerability,; Related:minimum essential infrastructure,
ARPANET: IncludedBy:internet, networks,
as is process model: IncludedBy:model,; Related:baseline, business process,
assembly: Related:communications security,
assessment: Related:analysis,
asset: IncludedBy:target of evaluation,; Related:counter measures,
assignment: IncludedBy:protection profile,
association: Related:risk,
assurance: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, target of evaluation,; Includes:National Information Assurance partnership, assurance approach, assurance authority, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, automated information system, configuration management, correctness, defense-wide information assurance program, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, identification and authentication, information assurance, infrastructure assurance, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, software quality assurance, test,; Related:advanced self-protection jammer, augmentation, authentication, bebugging, closed security environment, communications deception, component dependencies, component extensibility, component hierarchy, computer security, computing security methods, confidence coefficient, confidentiality, controlled access protection, data privacy, demilitarized zone, electronic protection, environmental failure protection, error seeding, exploit, extension, fetch protection, file protection, functional protection requirements, hardening, information protection policy, infrastructure protection, level of protection, lock-and-key protection system, minimum level of protection, network security, non-repudiation, open security environment, package, physical protection, port protection device, privacy protection, product rationale, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, purge, quality of protection, security evaluation, security goals, security target, suspicious activity report, trusted computer system, trusted computing system, validation,
assurance approach: IncludedBy:assurance,
assurance authority: IncludedBy:assurance,
assurance component: IncludedBy:Common Criteria for Information Technology Security Evaluation, assurance, component,
assurance element: IncludedBy:assurance,
assurance level: IncludedBy:assurance,
assurance method: IncludedBy:assurance,
assurance profile: IncludedBy:assurance,
assurance results: IncludedBy:assurance,
assurance scheme: IncludedBy:assurance,
assurance stage: IncludedBy:assurance,
asymmetric algorithm: IncludedBy:algorithm, asymmetric cryptography,; Includes:Diffie-Hellman, Rivest-Shamir-Adleman, elliptic curve cryptosystem, private key, public key, public-key cryptography standards,
asymmetric cipher: IncludedBy:asymmetric cryptography,
asymmetric cryptographic algorithm: IncludedBy:encryption, key,
asymmetric cryptographic technique: IncludedBy:asymmetric cryptography,
asymmetric cryptography: Includes:asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public key derivation function, public key information, public key system,; Related:authentication, confidentiality, digital signature, encryption, key,
asymmetric encipherment system: IncludedBy:asymmetric cryptography, system,
asymmetric encryption algorithm: IncludedBy:asymmetric cryptography,
asymmetric key pair: IncludedBy:asymmetric cryptography,
asymmetric signature system: IncludedBy:asymmetric cryptography, system,
asynchronous attacks: IncludedBy:attack,
asynchronous communication: IncludedBy:communications,
asynchronous transfer mode: IncludedBy:security,; Related:networks,
attack: Antonym:security software,; IncludedBy:incident, risk, security, threat,; Includes:C2-attack, ICMP flood, IP splicing/hijacking, SYN flood, Star Trek attack, TTY watcher, active attack, asynchronous attacks, attack potential, attack signature, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial of service, dictionary attack, eavesdropping, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, keystroke monitoring, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle, masquerade attack, masquerading, mimicking, nak attack, outside attack, outsider attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attack, rootkit, scanning, scavenging, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping,; Related:Authentication Header, Diffie-Hellman, POP3 APOP, SOF-basic, SOF-high, SOF-medium, agent, alert, anonymous, attack signature recognition, availability, bastion host, checksum, computer emergency response team/ coordination center, cookies, counter measures, cryptanalysis, elliptic curve cryptography, exploit, flaw hypothesis methodology, handler, hash function, hijacking, honeypot, indicator, internet, key validation, mailbombing, manipulation detection code, nonce, precursor, privacy system, protected checksum, salt, security audit, security management infrastructure, signature, strength of a requirement, strength of function, strength of mechanisms, survivability, threat consequence, tiger team, traceability, trusted process, victim, vulnerability, vulnerability assessment,
attack potential: IncludedBy:attack,
attack signature: IncludedBy:attack, attack signature recognition,; Related:audit,
attack signature recognition: IncludedBy:security software,; Includes:attack signature, virus signature,; Related:attack,
attention character: Related:communications, trust, user,
attribute: Related:quality,
attribute authority: IncludedBy:public-key infrastructure,; Related:certificate, trust,
attribute certificate: IncludedBy:certificate,; Related:cryptography, digital signature, identification, key,
attribute sampling
audit: IncludedBy:security,; Includes:audit charter, audit plan, audit program, audit service, audit software, audit trail, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, multihost based auditing, security audit, test, vulnerability audit,; Related:Identification Protocol, accountability, alert, application proxy, archive, attack signature, distributed computing environment, functional component, gap analysis, host based, independence, intrusion detection, intrusion detection system, key management, key-escrow, keystroke monitoring, login, network based, network component, population, sas 70 report, secure single sign-on, security features, security software, sniffer, system security officer, threat monitoring, vulnerability analysis, work program,
audit charter: IncludedBy:audit,
audit plan: IncludedBy:audit,
audit program: IncludedBy:audit,
audit service: IncludedBy:audit,
audit software: IncludedBy:audit, software,
audit trail: IncludedBy:audit, threat monitoring,; Includes:automated information system, security audit trail,; Related:communications security, computer security, evidence,; Synonym:logging,
auditing tool: IncludedBy:audit,; Related:networks, passwords,
augmentation: Related:assurance,
authentic signature: Related:digital signature, trust,
authenticate: Related:certificate, digital signature, networks, public-key infrastructure, user,
authentication: IncludedBy:quality of protection, security,; Includes:3-factor authentication, Authentication Header, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, Simple Authentication and Security Layer, authentication code, authentication data, authentication exchange, authentication service, authentication system, authentication token, authentication tools, biometric authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification and authentication, implicit key authentication from A to B, key authentication, low-cost encryption/authentication device, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication,; Related:COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Protocol security, Internet Security Association and Key Management Protocol, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access control, account authority digital signature, anonymous and guest login, assurance, asymmetric cryptography, authorization, biometrics, call back, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge and reply, challenge/response, claimant, code, common data security architecture, communications security, computer cryptography, credentials, critical security parameters, crypto-algorithm, cryptographic key, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distributed computing environment, domain name system, dongle, encapsulating security payload, entity, exchange multiplicity parameter, fingerprint, handshaking procedures, hash function, impersonation, information assurance, information systems security, interleaving attack, keyed hash, keying material, man-in-the-middle, masquerading, message integrity code, network component, non-repudiation, non-repudiation service, one-time passwords, origin authenticity, password system, passwords, personal identification number, point-to-point protocol, pretty good privacy, privacy enhanced mail, proxy, proxy server, public-key forward secrecy, realm, registration, registration authority, replay attack, sandboxed environment, secret, secure shell, secure socket layer, security association identifier, security controls, security mechanism, simple network management protocol, single sign-on, software, spoofing, system entity, system entry, test, third party trusted host model, tokens, trust, trusted identification, trusted identification forwarding, trusted third party, user, user identifier, validate vs. verify, verifier, vulnerability,
authentication code: IncludedBy:authentication,; Related:cryptography, encryption, software,
authentication data: IncludedBy:authentication,
authentication exchange: IncludedBy:authentication,
Authentication Header: IncludedBy:Internet Protocol security, authentication, security protocol,; Related:attack, confidentiality,
authentication information: IncludedBy:3-factor authentication,
authentication service: IncludedBy:authentication,; Related:networks,
authentication system: IncludedBy:authentication, system,; Related:cryptography,
authentication token: IncludedBy:authentication, tokens,
authentication tools: IncludedBy:authentication, security software,
authenticator
authenticity: IncludedBy:integrity,; Related:trust,
authority: Related:certificate, certification, public-key infrastructure,
authority certificate: IncludedBy:certificate,; Related:certification,
authority revocation list: Related:certificate, key,
authorization: IncludedBy:user,; Includes:ACL-based authorization, access control, access control list, authorized, authorized user, centralized authorization, list-oriented, multilevel security, permissions, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented,; Related:authentication, authorized person, hacker, intruder, intrusion, intrusion detection, least privilege, trust, vulnerability,; Synonym:authorize,
authorize: IncludedBy:Secure Electronic Transaction,; Includes:delegation,; Synonym:authorization,
authorize processing: Related:risk,
authorized: IncludedBy:authorization,; Related:no-lone zone,
authorized person: Related:authorization,; Synonym:authorized user,
authorized user: IncludedBy:authorization,; Synonym:authorized person,
authorized vendor: Related:cryptography,
authorized vendor program
auto-manual system: IncludedBy:system,
automated clearing house
automated data processing: HasPreferred:automated information system,
automated data processing security: HasPreferred:Automated Information System security,
automated data processing system: IncludedBy:automated information system, system,; Related:software,
automated information system: IncludedBy:accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, modes of operation, security, system,; Includes:Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed data processing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, life cycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, networks, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation,; PreferredFor:IT system, automated data processing,; Related:American National Standards Institute, American Standard Code for Information Interchange, PCMCIA, application system, backus-naur form, computer, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, network protocol stack, nibble, object code, object-oriented programming, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload,
Automated Information System security: IncludedBy:automated information system, risk management, subcommittee on Automated Information System security, system,; Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards,; PreferredFor:automated data processing security,; Related:denial of service, security software, software,; Synonym:computer security,
automated key distribution: IncludedBy:key, key management,; Related:networks,
automated key management center: IncludedBy:key,
automated key management system: IncludedBy:key, system,
automated office support systems: IncludedBy:system,
automated security incident measurement: IncludedBy:incident, security software,; Related:networks,
automated security monitoring: IncludedBy:risk management, security software,; Related:software,
automatic digital network: IncludedBy:networks,
automatic key distribution center: IncludedBy:key,
automatic key distribution/rekeying control unit: IncludedBy:key,
automatic log-on
automatic remote rekeying: IncludedBy:key,
autonomous message switch
auxiliary power unit
auxiliary vector
availability: IncludedBy:risk management,; Includes:availability of data, availability service, business continuity plan, business impact analysis, contingency plan, contingency planning, object, privacy, authentication, integrity, non-repudiation, recovery, token backup,; Related:Common Criteria for Information Technology Security, IT security, National Computer Security Center, access control, attack, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial of service, entry-level certification, failure, hardening, information assurance, information security, intrusion, levels of concern, maintainability, mid-level certification, minimum essential infrastructure, mirroring, post-accreditation phase, reliability, remediation, requirements for procedures and standards, retro-virus, security, security controls, security event, security goals, security policy, software, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, user, vaulting, vulnerability,
availability of data: IncludedBy:availability,; Related:user,
availability service: IncludedBy:availability,; Related:access control,
back door: IncludedBy:threat,; Related:software,; Synonym:trap door,
back up vs. backup: IncludedBy:contingency plan,
backup: IncludedBy:recovery,; Related:archive, archiving, fallback procedures, mirroring, vaulting,
backup generations: IncludedBy:contingency plan,
backup operations: IncludedBy:contingency plan,; Related:business process,
backup plan: IncludedBy:contingency plan,
backup procedures: IncludedBy:recovery,; Related:failure,
backus-naur form: Related:automated information system,
baggage: IncludedBy:Secure Electronic Transaction,; Related:encryption,
bandwidth: PreferredFor:information rate,; Related:channel capacity, communications, networks,
bank identification number: IncludedBy:Secure Electronic Transaction, identification,
banking and finance: IncludedBy:critical infrastructure,
banner
barograph
barometer
baseline: IncludedBy:security,; Includes:baseline architecture, baseline controls, baseline management, baselining, security requirements baseline,; Related:as is process model, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version,
baseline architecture: IncludedBy:baseline,
baseline controls: IncludedBy:baseline,; Related:security controls,
baseline management: IncludedBy:baseline, configuration management,
baselining: IncludedBy:baseline,
basic component: IncludedBy:component,
Basic Encoding Rules: IncludedBy:Abstract Syntax Notation One,; Includes:Distinguished Encoding Rules,
bastion host: IncludedBy:automated information system, firewall,; Related:attack, networks, software,
batch mode: IncludedBy:automated information system,
batch processing: IncludedBy:automated information system,
bebugging: Related:assurance, test,; Synonym:error seeding,
Bell-LaPadula model: HasPreferred:Bell-LaPadula security model,
Bell-LaPadula security model: IncludedBy:formal security policy model, model, security model,; Includes:*-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject,; PreferredFor:Bell-LaPadula model, tranquility property,; Related:access control, classification level, computer security, confinement property,
benchmark: Related:business process, evaluation, software, test,
benchmarking: Related:quality,
benign: Related:counter measures, cryptography,
benign environment: Related:counter measures, security,
best practices: IncludedBy:risk management,; Related:business process, recommended practices,
between-the-lines-entry: IncludedBy:attack,; Includes:piggyback,; Related:unauthorized access,
beyond A1: IncludedBy:trusted computer system,; Related:evaluation, security,
bias
Biba Integrity model: IncludedBy:formal security policy model, model,; Synonym:Biba model,
Biba model: IncludedBy:model,; Related:trust,; Synonym:Biba Integrity model,
big-endian: IncludedBy:automated information system,
bilateral trust: IncludedBy:public-key infrastructure, trust,; Related:business process,
bill payment: Related:internet,
bill presentment: Related:internet,
bind: Related:certificate, digital signature, key, public-key infrastructure,
binding: Related:cryptography, key, security, trust,
binding of functionality: IncludedBy:target of evaluation,; Related:security,
binding of security functionality: IncludedBy:security,
biometric authentication: IncludedBy:authentication,; Includes:thumbprint,; Related:3-factor authentication,
biometrics: IncludedBy:security,; Related:authentication,
bit: IncludedBy:automated information system,
bit error rate: Related:communications,
bit forwarding rate: Related:allowed traffic, goodput, illegal traffic, rejected traffic, test, unit of transfer,
BLACK: Related:communications security, cryptography, security,
black-box testing: IncludedBy:test,; Related:analysis, functional test case design, functional testing, software, stress testing,
blended attack: IncludedBy:attack,
block
block chaining: Synonym:cipher block chaining,
block cipher: Related:encryption, key,
block cipher key: IncludedBy:key,
Blowfish: IncludedBy:symmetric cryptography,; Related:key,
blue box devices: IncludedBy:threat,
bomb: IncludedBy:threat,; Related:failure, software,
boot sector virus: IncludedBy:virus,
bounce: Related:email,
boundary
boundary value: Related:stress testing,
boundary value analysis: IncludedBy:analysis,; Related:test,
boundary value coverage: Related:test,
boundary value testing: IncludedBy:test,
branch coverage: Related:test,
brand: IncludedBy:Secure Electronic Transaction,; Related:networks,
brand certification authority: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certification,
brand CRL identifier: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:digital signature,
breach: IncludedBy:threat,; Related:security,
break: Related:analysis, cryptography, encryption, key, networks,
brevity list
bridge: Related:router,
British Standard 7799: Related:certification, security,
broadband network: IncludedBy:networks,
brouters: Related:networks,
browser: IncludedBy:world wide web,
browsing: IncludedBy:attack,
brute force: IncludedBy:attack,; Related:analysis, cryptography, key,
brute force attack: IncludedBy:attack,; Related:analysis, cryptography,
buffer overflow: IncludedBy:threat,
bug: IncludedBy:threat,; Related:anomaly, defect, error, exception, fault,
bulk encryption: IncludedBy:encryption,
bulletin board services (systems): IncludedBy:system,
business case: IncludedBy:business process,; Related:analysis, risk,
business continuity plan: IncludedBy:availability, business process,; Related:risk,
business impact analysis: IncludedBy:analysis, availability, business process, risk analysis,
business process: Includes:activity-based costing, business case, business continuity plan, business impact analysis, business process improvement, business process reengineering, constructive cost model, cost reimbursement contract, cost-risk analysis, cost/benefit, cost/benefit analysis, rolling cost forecasting technique,; Related:as is process model, backup operations, benchmark, best practices, bilateral trust, change management, contingency plan, continuity of services and operations, core or key process, hardening, integrity, legacy systems, mission critical system, process management approach, recovery site, remediation, simulation modeling, to be process model, total quality management, workload, world class organizations,
business process improvement: IncludedBy:business process, quality,
business process reengineering: IncludedBy:business process,; Related:quality,
bypass label processing
byte: IncludedBy:automated information system,
C2-attack: IncludedBy:attack,; Related:C2-protect,
C2-protect: IncludedBy:Orange book, security,; Related:C2-attack, command and control,
CA certificate: IncludedBy:certificate,; Related:digital signature, key,
call back: IncludedBy:security,; Related:authentication,
call back security: IncludedBy:security,
Canadian Trusted Computer Product Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, trust,
candidate TCB subset: IncludedBy:trusted computing base,; Includes:object, subject,; Related:evaluation, identification, software,
canister
capability: Includes:object,; Related:certificate, critical infrastructure, public-key infrastructure, risk, tokens,
capacity
CAPSTONE chip: IncludedBy:National Security Agency,; Related:Fortezza, cryptography, key,
card backup: HasPreferred:token backup,
cardholder: IncludedBy:Secure Electronic Transaction,; Related:software,
cardholder certificate: IncludedBy:Secure Electronic Transaction, certificate,; Related:encryption, tokens,
cardholder certification authority: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certificate, certification, tokens,
cascading: Related:accreditation, networks,
CASE tools: Related:model, software, test,
CAST: IncludedBy:symmetric cryptography,; Related:encryption,
category: Includes:object,; Related:security,
cause and effect diagram: HasPreferred:fishbone diagram,
CCI assembly: Related:communications security, cryptography,
CCI component: Related:communications security, cryptography,
CCI equipment: Related:communications, communications security, cryptography,
CCITT: IncludedBy:ITU-T,
cell
cellular telephone
cellular transmission: Related:communications, networks,
center for information technology excellence
central office of record: Related:communications security,
central processing unit: IncludedBy:automated information system,
centralized authorization: IncludedBy:access control, authorization,
centralized data processing: IncludedBy:automated information system,
centrally-administered network: IncludedBy:networks,
certificate: IncludedBy:Multilevel Information System Security Initiative, Secure Electronic Transaction, certification authority, pretty good privacy, privacy enhanced mail, user, web of trust,; Includes:CA certificate, X.509 attribute certificate, X.509 certificate, X.509 public-key certificate, attribute certificate, authority certificate, cardholder certificate, cross-certificate, digital certificate, encryption certificate, merchant certificate, organizational certificate, public-key certificate, root certificate, self-signed certificate, signature certificate, trusted certificate, v1 certificate, v2 certificate, v3 certificate, valid certificate,; Related:ABA Guidelines, Abstract Syntax Notation One, Cryptographic Message Syntax, Distinguished Encoding Rules, Federal Public-key Infrastructure, MISSI user, Minimum Interoperability Specification for PKI Components, On-line Certificate Status Protocol, PKCS #10, PKIX, RA domains, SET private extension, SET qualifier, X.500 Directory, X.509, X.509 authority revocation list, X.509 certificate revocation list, accreditation, archive, attribute authority, authenticate, authority, authority revocation list, bind, capability, cardholder certification authority, certificate authority, certificate chain, certificate chain validation, certificate creation, certificate expiration, certificate extension, certificate holder, certificate management, certificate owner, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate revocation list, certificate revocation tree, certificate serial number, certificate status responder, certificate update, certificate user, certificate validation, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, certify, common name, compromised key list, critical, cross-certification, cryptoperiod, delta CRL, digital id, directory vs. Directory, distinguished name, distribution point, domain, end entity, evaluation, extension, geopolitical certificate authority, hierarchy management, indirect certificate revocation list, invalidity date, issue, issuer, key, key lifetime, key material identifier, merchant certification authority, mesh PKI, organizational registration authority, path discovery, path validation, payment gateway certification authority, personality label, policy, policy approving authority, policy creation authority, policy mapping, privilege management infrastructure, registration, registration authority, relying party, repository, revocation, revocation date, revocation list, root, secure hypertext transfer protocol, security event, slot, strong authentication, subject, subordinate certification authority, test, ticket, token management, trust-file PKI, trusted key, unforgeable, v1 CRL, v2 CRL, valid signature, validate vs. verify, validity period, world wide web,
certificate authority: HasPreferred:certification authority,; IncludedBy:public-key infrastructure,; Related:certificate, certification, test,
certificate authority workstation
certificate chain: Related:certificate, certification, public-key infrastructure,
certificate chain validation: Related:certificate, public-key infrastructure,
certificate creation: IncludedBy:public-key infrastructure,; Related:certificate,
certificate directory: IncludedBy:public-key infrastructure,
certificate domain: Related:security,
certificate domain parameters: Related:cryptography, public-key infrastructure,
certificate expiration: PreferredFor:expire,; Related:certificate, public-key infrastructure,
certificate extension: IncludedBy:extension,; Related:certificate,
certificate holder: Related:certificate,
certificate management: IncludedBy:public-key infrastructure,; Related:certificate, key,
certificate management services: Related:public-key infrastructure,
certificate owner: Related:certificate, world wide web,
certificate policy: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:authentication, certificate, key, trust,
certificate policy qualifier: IncludedBy:public-key infrastructure,; Related:certificate, key,
certificate reactivation: IncludedBy:public-key infrastructure,; Related:certificate,
certificate rekey: IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,; Related:certificate, key,
certificate renewal: IncludedBy:public-key infrastructure,; PreferredFor:renew,; Related:certificate, key,
certificate request: IncludedBy:public-key infrastructure,; Related:certificate, certification,
certificate revocation: IncludedBy:public-key infrastructure,; Includes:revocation,; PreferredFor:revoke,; Related:certificate,
certificate revocation list: IncludedBy:certification authority, user,; Includes:revocation list,; Related:accreditation, authentication, certificate, evaluation, key,
certificate revocation tree: Related:certificate, hash,
certificate serial number: PreferredFor:serial number,; Related:certificate,
certificate status responder: IncludedBy:public-key infrastructure,; Related:authentication, certificate, trust,
certificate update: IncludedBy:public-key infrastructure,; Related:certificate, key,
certificate user: IncludedBy:user,; Related:certificate, key,
certificate validation: IncludedBy:public-key infrastructure,; Related:certificate, certification, digital signature, key, trust,
certification: IncludedBy:Multilevel Information System Security Initiative, Secure Electronic Transaction,; Includes:IT security certification, accreditation, automated information system, certification agent or certifier, certification authority, certification body, certification phase, entry-level certification, evaluation, mid-level certification, pre-certification phase, requirements, security certification level, site certification, top-level certification,; Related:British Standard 7799, Internet Policy Registration Authority, MISSI user, RA domains, SET qualifier, SSO PIN, authority, authority certificate, brand certification authority, cardholder certification authority, certificate authority, certificate chain, certificate request, certificate validation, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, computer security, extension, external security controls, geopolitical certificate authority, hierarchical PKI, hierarchy management, hierarchy of trust, key, merchant certification authority, path discovery, path validation, payment gateway certification authority, penetration test, policy approving authority, policy certification authority, policy creation authority, pre-authorization, privacy enhanced mail, public-key certificate, public-key infrastructure, root, root certificate, security event, security program manager, security test & evaluation, subordinate certification authority, test, top CA, trust, trust chain, trust hierarchy, trust-file PKI, trusted certificate, trusted key, validate vs. verify,
certification agent or certifier: IncludedBy:certification,; Related:risk, security,
certification and accreditation: IncludedBy:accreditation, evaluation, requirements, risk,
certification authorities: IncludedBy:public-key infrastructure,
certification authority: IncludedBy:certification, public-key infrastructure, trust,; Includes:certificate, certificate revocation list, credentials, cross-certification, non-repudiation, root CA,; PreferredFor:certificate authority,; Related:key, user,
certification authority digital signature: IncludedBy:public-key infrastructure,; Related:authentication,
certification authority workstation: IncludedBy:public-key infrastructure,; Related:certificate, certification,
certification body: IncludedBy:certification,
certification hierarchy: IncludedBy:Multilevel Information System Security Initiative, Secure Electronic Transaction, public-key infrastructure,; Related:certificate, certification, internet, key,
certification package
certification path: IncludedBy:public-key infrastructure,; Related:certificate, certification, digital signature, key, trust,
certification phase: IncludedBy:certification,; Related:accreditation, security, verification,
certification policy: Related:certificate, certification, public-key infrastructure,
certification practice statement: IncludedBy:public-key infrastructure,; Related:certificate, certification, trust,
certification request: IncludedBy:public-key infrastructure,; Related:certificate, certification, key,
certification service: IncludedBy:public-key infrastructure,
certification test and evaluation: IncludedBy:evaluation, test,
certified information systems security professional: IncludedBy:computer security, system,
certified TEMPEST technical: IncludedBy:TEMPEST,
Certified TEMPEST Technical Authority: IncludedBy:TEMPEST,
certifier: Related:accreditation,
certify: Related:certificate, key, public-key infrastructure,
CGI scripts: IncludedBy:common gateway interface, software, threat, world wide web,
challenge: IncludedBy:challenge/response,
challenge and reply: Related:authentication,
Challenge Handshake Authentication Protocol: IncludedBy:authentication, challenge/response, security protocol,; Related:cryptography, hash, key,
Challenge-Response Authentication Mechanism: IncludedBy:authentication, challenge/response,; Related:hash, key, shared secret,
challenge/response: IncludedBy:user,; Includes:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, challenge,; Related:3-factor authentication, Extensible Authentication Protocol, IMAP4 AUTHENTICATE, POP3 AUTH, authentication, tokens,
change control and life cycle management: IncludedBy:software development,
change management: Related:business process, test,
channel: Includes:communication channel, covert channel, covert storage channel, covert timing channel, exploitable channel, internal communication channel, overt channel, security-compliant channel, trusted channel,
channel capacity: Related:bandwidth, communications,
check character: IncludedBy:error detection code, integrity,; Includes:check character system,
check character system: IncludedBy:check character, system,
check digits
check word: Related:cryptography, check_password
check_password: IncludedBy:attack,; Related:passwords,
checksum: IncludedBy:integrity,; Related:attack, counter measures, cryptography, hash, networks,
Chernobyl packet: IncludedBy:threat,; Related:networks,
chief information officer
chosen-ciphertext attack: IncludedBy:attack,; Related:analysis, key,
chosen-plaintext attack: IncludedBy:attack,; Related:analysis, cryptography, key,
cipher: Related:encryption,
cipher block chaining: Synonym:block chaining,
cipher feedback: IncludedBy:cryptography,
cipher text auto-key: IncludedBy:key,
ciphertext: Related:encryption,
ciphertext key: HasPreferred:encrypted key,
ciphertext-only attack: IncludedBy:attack,; Related:analysis, key,
ciphony
circuit control officer
circuit level gateway: Related:firewall,; Synonym:circuit proxy,
circuit proxy: IncludedBy:firewall, proxy,; Synonym:circuit level gateway,
circuit switching: Related:communications, networks,
civil liberties
claimant: Related:authentication,
Clark Wilson integrity model: IncludedBy:model,; Related:access control, software,
class 2, 3, 4, or 5: IncludedBy:public-key infrastructure,; Related:identification, key, tokens,
class
class hierarchy: Related:networks,
class object
classification: HasPreferred:classification level,
classification level: Includes:classified, default classification, secret, sensitive, sensitive but unclassified, trust level,; PreferredFor:classification,; Related:Bell-LaPadula security model, Internet Protocol Security Option, clearance level, compartment, confinement property, controlled security mode, dedicated security mode, dominated by, dominates, downgrade, lattice model, mode of operation, modes of operation, multilevel security, multilevel security mode, non-discretionary security, regrade, risk index, sanitize, security, security label, security level, security situation, sensitivity label, system-high security mode, user,
classified: Antonym:unclassified,; IncludedBy:classification level,; Related:confidentiality, security,
classified information
clean system: IncludedBy:system,; Related:risk, security, software, trust,
clearance: HasPreferred:security clearance,
clearance level: Related:classification level, security, security clearance,
clearing
cleartext: Antonym:encryption,; PreferredFor:plain text,
client
client server: IncludedBy:automated information system,; Related:communications, model,
Clipper chip: IncludedBy:National Institute of Standards and Technology, National Security Agency,; Includes:Law Enforcement Access Field,; Related:cryptography, encryption, key, tamper,
closed security environment: IncludedBy:security, software development,; Related:assurance,
closed user group: IncludedBy:user,
cluster sample
coaxial cable
code: Related:authentication, communications security, encryption, hash,
code amber: IncludedBy:critical infrastructure, threat,
code book: Related:encryption,
code coverage: Related:analysis, test,
code division multiple access: IncludedBy:security,; Related:cryptography,
code green: IncludedBy:critical infrastructure,
code group
code red: IncludedBy:critical infrastructure, threat,
code vocabulary
coded switch system: IncludedBy:system,
coding: Related:software,
coefficient of variation
cold site: IncludedBy:disaster recovery,; Related:hot site,
cold start: Related:cryptography, user,
collision-resistant hash function: IncludedBy:hash,
color change
command and control: Includes:command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, global command and control system, nuclear command and control document,; Related:C2-protect, Defense Information Infrastructure,
command and control warfare: IncludedBy:command and control, warfare,; Related:security,
command, control, and communications: IncludedBy:command and control, communications,
command, control, communications and computers: IncludedBy:command and control, communications,
command, control, communications and intelligence: IncludedBy:command and control, communications,
Commercial COMSEC: IncludedBy:communications security,; Related:evaluation,
Commercial COMSEC Endorsement Program: IncludedBy:communications security,
commercial off the shelf: Includes:COTS software,
commercial software: IncludedBy:software,
Committee of sponsoring organizations (of the Treadway Commission)
Common Criteria: Related:computer security,; Synonym:Common Criteria for Information Technology Security,
Common Criteria for Information Technology Security: IncludedBy:National Institute of Standards and Technology, computer security, security,; Includes:Common Criteria for Information Technology Security Evaluation, National Information Assurance partnership,; Related:National Security Agency, availability, confidentiality, cryptography, emanation, emanations security, evaluation, networks, software, threat, trust,; Synonym:Common Criteria,
Common Criteria for Information Technology Security Evaluation: IncludedBy:Common Criteria for Information Technology Security, computer security, criteria, evaluation,; Includes:Canadian Trusted Computer Product Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria, assurance component, common criteria version 1.0, common criteria version 2.0, component dependencies, component extensibility, component hierarchy, component operations, evaluation assurance level, functional component, protection profile, security target, trusted gateway,; Related:risk,
Common Criteria Testing Laboratory: IncludedBy:National Information Assurance partnership, test,; Includes:Evaluation Technical Report, Evaluation Work Plan, Monitoring of Evaluations, Scope of Accreditation, Validation Certificate, approved technologies list, approved test methods list, deliverables list, designated laboratories list, designating authority, designation policy, observation reports,; Related:accreditation, computer security, evaluation,
Common Criteria Testing Program: IncludedBy:National Information Assurance partnership, test,; Related:evaluation,
common criteria version 1.0: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Related:computer security,
common criteria version 2.0: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Related:computer security,
common data security: IncludedBy:common data security architecture,
common data security architecture: Includes:common data security, common security, common security services manager, cryptographic service, cryptographic service providers,; PreferredFor:communication and data security architecture,; Related:authentication,
Common Evaluation Methodology: IncludedBy:National Information Assurance partnership, evaluation,
common fill device
common gateway interface: IncludedBy:world wide web,; Includes:CGI scripts,
common interswitch rekeying key: IncludedBy:key,
Common IP Security Option: IncludedBy:security,
common name: IncludedBy:public-key infrastructure,; Related:certificate, key,
common security: IncludedBy:common data security architecture,; Related:public-key infrastructure, trust,
common security services manager: IncludedBy:common data security architecture,
common vulnerabilities and exposures: IncludedBy:exposure, vulnerability,
communication and data security architecture: HasPreferred:common data security architecture,
communication channel: IncludedBy:channel, communications,; Includes:internal communication channel,; Related:networks,
communication equipment room: IncludedBy:communications,
communication link: IncludedBy:communications,
communications: IncludedBy:communications security, networks,; Includes:asynchronous communication, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, communication channel, communication equipment room, communication link, communications cover, communications electronics operating instruction, communications profile, communications protocol, data communications, defense communications system, imitative communications, internal communication channel, private communication technology, protected communications, telecommunications,; Related:CCI equipment, Integrated services digital network, OSI architecture, active wiretapping, attention character, bandwidth, bit error rate, cellular transmission, channel capacity, circuit switching, client server, cross-talk, dial-up, dial-up line, digital telephony, distributed processing, electronic commerce, electronic data interchange, extraction resistance, frequency hopping, gateway, help desk, host, information processing standard, information superhighway, information technology, information technology system, interface, internet control message protocol, internet protocol, internetwork, line conditioning, line conduction, link, local loop, local-area netwokr, message indicator, multicast, network architecture, network configuration, network device, network management architecture, network management protocol, network weaving, open system interconnection model, operations code, outage, privacy system, protocol, protocol suite, remote access, remote terminal emulation, secure hypertext transfer protocol, secure socket layer, signaling, simple network management protocol, subnetwork, telecommuting, teleprocessing, trusted gateway, tunnel, user data protocol, virtual private network, wide-area network,
communications cover: IncludedBy:communications,
communications deception: IncludedBy:security,; Related:assurance,
communications electronics operating instruction: IncludedBy:communications,
communications profile: IncludedBy:communications,; Related:communications security,
communications protocol: IncludedBy:communications,
communications security: IncludedBy:Automated Information System security,; Includes:COMSEC Material Control System, COMSEC Parent Switch, COMSEC Resources Program, COMSEC Subordinate Switch, COMSEC Utility Program, COMSEC account, COMSEC account audit, COMSEC aid, COMSEC boundary, COMSEC chip set, COMSEC control program, COMSEC custodian, COMSEC end-item, COMSEC equipment, COMSEC facility, COMSEC incident, COMSEC insecurity, COMSEC manager, COMSEC material, COMSEC modification, COMSEC module, COMSEC monitoring, COMSEC profile, COMSEC survey, COMSEC system data, COMSEC training, Commercial COMSEC, Commercial COMSEC Endorsement Program, Internet Protocol security, National COMSEC Advisory Memorandum, National COMSEC Information Memorandum, National COMSEC Instruction, advanced self-protection jammer, alternate COMSEC custodian, anti-jam, anti-jamming, communications, communications security element, crypto-security, emissions security, meaconing, intrusion, jamming, and interference, network security, network security architecture, network security architecture and design, network security officer, subcommittee on telecommunications security, telecommunications security,; Related:BLACK, CCI assembly, CCI component, CCI equipment, CRYPTO, FIPS PUB 140-1, Federal Public-key Infrastructure, RED, RED/BLACK separation, Secure Data Exchange, TSEC nomenclature, access control list, accountability, accounting legend code, accounting number, alert, approval/accreditation, assembly, audit trail, authentication, central office of record, code, communications profile, computer emergency response team, confidentiality, cryptography, data transfer device, design controlled spare parts, direct shipment, drop accountability, electronic attack, electronic key management, electronic key management system, electronically generated key, element, encryption algorithm, fill device, fixed COMSEC facility, frequency hopping, incident, information security, key, key distribution center, limited maintenance, local management device/key processor, long title, mandatory modification, network sponsor, optional modification, procedural security, protective packaging, repair action, security architecture, security incident, security net control station, short title, supersession, systems security steering group, test key, time-compliance date, traditional, transmission security, trusted path, two-person integrity, updating, user representative,
communications security element: IncludedBy:communications security,
community string: Related:passwords,
compartment: Related:access control, classification level,
compartment key: IncludedBy:key,
compartmentalization
compartmented mode: Related:user,
compartmented security mode: IncludedBy:modes of operation, security,
competition
compiler: IncludedBy:software development,; Related:source code,
completeness: Related:software,
component: IncludedBy:component dependencies, component extensibility, component hierarchy, component operations, component reference monitor, construction of TOE requirements, target of evaluation,; Includes:assurance component, basic component, development assurance component, evaluation assurance component, functional component, functional unit, network component,; Related:networks, software, test,
component dependencies: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component,; Related:assurance,
component extensibility: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component, security target,; Related:assurance,
component hierarchy: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component,; Related:assurance,
component operations: IncludedBy:Common Criteria for Information Technology Security Evaluation,; Includes:component, security policy, threat,
component reference monitor: IncludedBy:access control,; Includes:component, object, subject,
compromise: IncludedBy:incident, threat,; Includes:data compromise, security compromise,; Related:cryptography, key, security,
compromised key list: IncludedBy:Multilevel Information System Security Initiative, key, public-key infrastructure, threat, user,; Related:certificate, identification,
compromising emanation performance requirement: IncludedBy:emanations security, risk,
compromising emanations: IncludedBy:TEMPEST, emanations security, threat,
computer: Related:automated information system,
computer abuse: IncludedBy:automated information system, threat,; Related:availability, confidentiality, denial of service,
computer architecture: IncludedBy:security architecture,; Includes:object,; Related:software,
computer cryptography: Related:authentication,
computer emergency response team: IncludedBy:security,; Includes:Forum of Incident Response and Security Teams, computer emergency response teams' coordination center,; Related:Computer Incident Advisory Capability, availability, communications security, computer security, computer security incident response team, incident, integrity, internet, networks, threat,
computer emergency response team/ coordination center: Related:attack, internet,
computer emergency response teams' coordination center: IncludedBy:computer emergency response team,
computer forensics: PreferredFor:Forensics,
computer fraud: IncludedBy:fraud, threat,; Related:software,
Computer Incident Advisory Capability: IncludedBy:incident,; Related:computer emergency response team,
computer incident assessment capability: IncludedBy:incident,
computer intrusion: IncludedBy:attack, incident, intrusion,; Related:unauthorized access,
computer network: IncludedBy:networks,; Related:internet,
computer network attack: IncludedBy:attack, networks,
computer network defense: IncludedBy:networks,
computer operations, audit, and security technology: IncludedBy:audit,; Related:computer security,
computer oracle and password system: IncludedBy:security software, system,; Related:networks, passwords, software,
computer related controls: Related:availability, confidentiality, security controls,
computer related crime: IncludedBy:threat,
computer security: IncludedBy:security,; Includes:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Computer Security Objects Register, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IS security architecture, IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security certification, IT security policy, IT security product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, Multilevel Information System Security Initiative, National Computer Security Center, National Computer Security Center glossary, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, certified information systems security professional, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computing security methods, emissions security, information system security officer, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, information systems security policy, multilevel information systems security initiative, national computer security assessment program, national telecommunications and information system security directives, program automated information system security incident support team, subcommittee on Automated Information System security,; Related:Bell-LaPadula security model, Common Criteria, Common Criteria Testing Laboratory, Evaluation Work Plan, Federal Criteria Vol. I, Federal Information Processing Standards, Forum of Incident Response and Security Teams, National Security Decision Directive 145, National Voluntary Laboratory Accreditation Program, Orange book, Scope of Accreditation, Trusted Computer System Evaluation Criteria, Yellow book, access control, accreditation range, approved technologies list, approved test methods list, assurance, audit trail, availability, certification, common criteria version 1.0, common criteria version 2.0, computer emergency response team, computer operations, audit, and security technology, confidentiality, conformant validation certificate, control, correctness, covert channel, criteria, dedicated mode, degausser, degausser products list, deliverables list, designated, designated laboratories list, dominates, endorsed tools list, evaluated products list, evaluation, observation reports, partitioned security mode, party, preferred products list, procedural security, protection profile, public law 100-235, residual risk, risk treatment, security architecture, security purpose, security requirements, security target, security-compliant channel, sensitive information, software, subcommittee on telecommunications security, suspicious event, system high mode, systems security steering group, tamper, technology area, trusted network interpretation,; Synonym:Automated Information System security, IT security, information systems security,
computer security emergency response team: IncludedBy:computer security,
computer security incident: IncludedBy:computer security, incident,
computer security incident response capability: IncludedBy:computer security, incident,
computer security incident response team: IncludedBy:computer security, incident,; Related:computer emergency response team,
computer security intrusion: IncludedBy:computer security, intrusion,; Related:unauthorized access,
computer security object: IncludedBy:computer security,; Related:security software,
Computer Security Objects Register: IncludedBy:National Institute of Standards and Technology, computer security,
computer security subsystem: IncludedBy:computer security, system,
computer security technical vulnerability reporting program: IncludedBy:computer security,; Related:software,
computer-aided software engineering: IncludedBy:software,
computer-assisted audit technique: IncludedBy:audit,; Related:software, test,
computing security methods: IncludedBy:computer security,; Related:assurance, networks, software,
COMSEC account: IncludedBy:communications security,
COMSEC account audit: IncludedBy:communications security,
COMSEC aid: IncludedBy:communications security,; Related:key,
COMSEC boundary: IncludedBy:communications security,; Related:key,
COMSEC chip set: IncludedBy:communications security,
COMSEC control program: IncludedBy:communications security,; Related:authentication, encryption, key,
COMSEC custodian: IncludedBy:communications security,
COMSEC end-item: IncludedBy:communications security,
COMSEC equipment: IncludedBy:communications security,; Related:authentication, cryptography,
COMSEC facility: IncludedBy:communications security,
COMSEC incident: IncludedBy:communications security, incident,
COMSEC insecurity: IncludedBy:communications security,; Related:incident,
COMSEC manager: IncludedBy:communications security,
COMSEC material: IncludedBy:communications security,; Related:cryptography, key,
COMSEC Material Control System: IncludedBy:communications security, system,
COMSEC modification: IncludedBy:communications security, information systems security equipment modification,
COMSEC module: IncludedBy:communications security,
COMSEC monitoring: IncludedBy:communications security,
COMSEC Parent Switch: IncludedBy:communications security,
COMSEC profile: IncludedBy:communications security,
COMSEC Resources Program: IncludedBy:communications security,
COMSEC Subordinate Switch: IncludedBy:communications security,
COMSEC survey: IncludedBy:communications security,
COMSEC system data: IncludedBy:communications security,; Related:key,
COMSEC training: IncludedBy:communications security,
COMSEC Utility Program: IncludedBy:communications security,
concealment system: IncludedBy:system,; Related:confidentiality, security,
concept of operations: IncludedBy:security,; Related:internet,
concurrency control
concurrent connections: IncludedBy:connection,; Related:test,
confidence: Related:security, trust,
confidence coefficient: Related:assurance,
confidence interval
confidence level
confidence limits
confidentiality: IncludedBy:privacy, security,; Includes:cryptographic algorithm for confidentiality, data confidentiality, data confidentiality service, traffic flow confidentiality,; Related:Authentication Header, Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, Internet Protocol security, NULL encryption algorithm, Secure Electronic Transaction, access control, assurance, asymmetric cryptography, classified, communications security, computer abuse, computer related controls, computer security, concealment system, data privacy, data security, defense-in-depth, defense-wide information assurance program, digital envelope, encapsulating security payload, encryption algorithm, entry-level certification, hybrid encryption, information assurance, information security, internet, intrusion, key recovery, levels of concern, mid-level certification, networks, passive, post-accreditation phase, privacy enhanced mail, privacy programs, privacy protection, public-key infrastructure, requirements for procedures and standards, secure shell, secure socket layer, security controls, security event, security goals, security policy, simple network management protocol, symmetric cryptography, top-level certification, transmission security, vulnerability, wrap,
configuration: IncludedBy:configuration management, target of evaluation,; Related:software,
configuration control: IncludedBy:configuration management, target of evaluation,; Includes:object,; Related:identification, software,
configuration identification: IncludedBy:configuration management, identification,
configuration item: IncludedBy:configuration management,; Related:software,
configuration management: IncludedBy:assurance, risk management, software development,; Includes:baseline management, configuration, configuration control, configuration identification, configuration item, secure configuration management,; Related:software, test,
confinement: Includes:confinement channel, confinement property,; Related:risk,
confinement channel: IncludedBy:confinement,; Related:covert channel, covert timing channel,
confinement property: IncludedBy:confinement,; Related:Bell-LaPadula security model, classification level,; Synonym:*-property,
conformant validation certificate: Related:computer security, security, validation,
congruence
connection: IncludedBy:firewall,; Includes:concurrent connections, connection establishment, connection establishment time, connection maintenance, connection overhead, connection teardown, connection teardown time,; Related:data source, networks,
connection establishment: IncludedBy:connection,; Related:security association, test,
connection establishment time: IncludedBy:connection,
connection maintenance: IncludedBy:connection,
connection overhead: IncludedBy:connection,
connection teardown: IncludedBy:connection,; Related:test,
connection teardown time: IncludedBy:connection,
connectionless data integrity service: Related:security,
connectivity: IncludedBy:target of evaluation,
consequence management: IncludedBy:risk management,
consistency: IncludedBy:database management system,
constant surveillance service
construction: IncludedBy:target of evaluation,
construction of TOE requirements: IncludedBy:requirements, target of evaluation,; Includes:component, security target,
constructive cost model: IncludedBy:business process,
consumers: IncludedBy:user,
contamination: IncludedBy:fetch protection, file protection, incident, risk,
context-dependent access control: IncludedBy:access control,
contingency key: IncludedBy:key,
contingency plan: IncludedBy:availability,; Includes:back up vs. backup, backup generations, backup operations, backup plan, disaster plan, disaster recovery, disaster recovery plan, emergency plan, recovery procedures, redundancy,; Related:business process, failure, recovery,
contingency planning: IncludedBy:availability,; Related:recovery, security,
continuity of services and operations: IncludedBy:risk management,; Related:business process, minimum essential infrastructure, recovery,
continuous process improvement: IncludedBy:quality,
continuous signature service
contract
contracting officer representative
contractor special security officer: IncludedBy:security,
control: Related:computer security, security,
control class: Related:security,
control family: Related:security,
control identification list: Related:security,
control information: IncludedBy:cryptographic module,
control objectives: IncludedBy:risk management,
control objectives for information and related technology
control zone: IncludedBy:security,
controlled access: HasPreferred:access control,
controlled access protection: Related:access control, assurance, evaluation, trust,
controlled cryptographic item: IncludedBy:cryptography,
controlled security mode: IncludedBy:multilevel security,; Related:accreditation, classification level, software,
controlled sharing: IncludedBy:access control,
controlled space
controlling authority: Related:cryptography,
conversion: Related:software,
cookies: IncludedBy:access control,; Related:attack, internet, privacy, world wide web,
cooperative key generation: IncludedBy:key,; Related:encryption,
coordinated universal time: Related:GeneralizedTime, UTCTime,
core or key process: Related:business process,
corporate security policy: IncludedBy:policy, security policy,
correctness: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, assurance, integrity,; Related:analysis, computer security, evidence, fault, security target, software,
correctness integrity: IncludedBy:integrity,
correctness proof: IncludedBy:security,
corruption: IncludedBy:threat consequence,
cost reimbursement contract: IncludedBy:business process,
cost-risk analysis: IncludedBy:analysis, business process, risk analysis,
cost/benefit: IncludedBy:business process,
cost/benefit analysis: IncludedBy:analysis, business process,
COTS software: IncludedBy:commercial off the shelf, software,; Related:mass-market software,
counter
counter measures: IncludedBy:risk management, threat,; Includes:electronic counter-countermeasures, electronic countermeasures, non-technical countermeasure, security counter measures, technical countermeasure, technical surveillance countermeasures,; Related:acceptable level of risk, asset, attack, benign, benign environment, checksum, information systems security engineering, internet, key, layered solution, level of protection, physical security, residual risk, risk analysis, risk assessment, security audit, security software, technology, vulnerability, work factor,
country code
coverage: Related:test,
covert channel: Antonym:overt channel, security-compliant channel,; IncludedBy:channel, exploitable channel,; Includes:covert storage channel, covert timing channel,; PreferredFor:storage channel, timing channel,; Related:access control, computer security, confinement channel, exploit,
covert channel analysis: IncludedBy:analysis,; Related:unauthorized access,
covert storage channel: IncludedBy:channel, covert channel,; Includes:subject,
covert timing channel: IncludedBy:channel, covert channel,; Related:confinement channel,
CPU time: IncludedBy:automated information system,
crack: IncludedBy:threat,; Includes:crack root, cracker, cracking,; Related:cryptography, passwords,
crack root: IncludedBy:crack,
cracker: IncludedBy:crack, hacker,
cracking: IncludedBy:crack,
crash: IncludedBy:threat,; Related:failure,
credentials: IncludedBy:certification authority,; Includes:digital certificate, ticket,; Related:authentication, model,
crisis management: IncludedBy:risk management,
criteria: Includes:Canadian Trusted Computer Product Evaluation Criteria, Common Criteria for Information Technology Security Evaluation, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria,; Related:computer security, evaluation, security, trust,
criteria of control
critical: IncludedBy:risk,; Related:availability, certificate, public-key infrastructure,
critical asset: Related:vulnerability,
critical elements: Related:security,
critical financial markets
critical infrastructure: IncludedBy:risk management,; Includes:banking and finance, code amber, code green, code red, electrical power systems, emergency services, gas and oil production, storage and transportation, information and communications, infrastructure protection, transportation, utility, water supply system,; Related:capability, destruction, government services, incapacitation, infrastructure assurance, natural disaster, partnership, risk assessment, sector coordinator, sector liaison,
critical mechanism: IncludedBy:target of evaluation,; Related:failure, security,
critical path method
critical security parameters: IncludedBy:security policy,; Related:authentication, cryptography, key, passwords,
criticality/sensitivity
cross-certificate: IncludedBy:certificate,; Related:cross-certification,
cross-certification: IncludedBy:certification authority,; Related:certificate, cross-certificate, key,
cross-talk: Related:communications,
cryptanalysis: IncludedBy:analysis, threat consequence,; Related:algorithm, attack, encryption, key,
CRYPTO: Related:communications security, key,
crypto-alarm: IncludedBy:cryptography,
crypto-algorithm: IncludedBy:algorithm,; Related:authentication, encryption,
crypto-ancillary equipment: IncludedBy:cryptography,
crypto-equipment: IncludedBy:cryptography,
crypto-ignition key: IncludedBy:key,
crypto-ignition plug: IncludedBy:cryptography,
crypto-security: IncludedBy:communications security,
cryptographic: IncludedBy:cryptography,
cryptographic algorithm: Related:digital signature, encryption, hash, key,
cryptographic algorithm for confidentiality: IncludedBy:confidentiality, cryptography,
Cryptographic Application Program Interface: IncludedBy:encryption, security,
cryptographic application programming interface: IncludedBy:software,
cryptographic boundary: IncludedBy:cryptographic module,; Includes:physical protection,
cryptographic card: IncludedBy:tokens,
cryptographic check function: IncludedBy:cryptography,
cryptographic check value: IncludedBy:cryptography,
cryptographic component: Related:hash,
cryptographic device services: IncludedBy:cryptography,
cryptographic equipment room: IncludedBy:cryptography,
cryptographic functions: IncludedBy:encryption, key,
cryptographic hash function: IncludedBy:hash,; Related:hash function,
cryptographic ignition key: IncludedBy:key,; Related:encryption, tokens,
cryptographic initialization: Related:encryption,
cryptographic key: IncludedBy:key,; Related:algorithm, authentication, encryption,
cryptographic key component: IncludedBy:cryptography,
cryptographic logic: IncludedBy:cryptography,
Cryptographic Message Syntax: Related:certificate, digital signature, encryption, hash, key, public-key infrastructure,
cryptographic module: Includes:control information, cryptographic boundary, cryptographic module security policy, data path, firmware, hardware, input data, microcode, operator, output data,; Related:algorithm, software,
cryptographic module security policy: IncludedBy:cryptographic module, policy, security policy,
cryptographic randomization: IncludedBy:cryptography,
cryptographic service: IncludedBy:common data security architecture,; Related:hash, software,
cryptographic service providers: IncludedBy:common data security architecture,
cryptographic synchronization: IncludedBy:cryptography,
cryptographic system: IncludedBy:system,; Related:digital signature, hash, key,
cryptographic token: IncludedBy:tokens,; Related:key,
cryptography: Includes:National Cryptologic School, Type III cryptography, cipher feedback, controlled cryptographic item, crypto-alarm, crypto-ancillary equipment, crypto-equipment, crypto-ignition plug, cryptographic, cryptographic algorithm for confidentiality, cryptographic check function, cryptographic check value, cryptographic device services, cryptographic equipment room, cryptographic key component, cryptographic logic, cryptographic randomization, cryptographic synchronization, cryptonet control station, cryptosynchronization, embedded cryptographic system, embedded cryptography, encipherment algorithm, encrypt, endorsed cryptographic products list, endorsed for unclassified cryptographic information, manual cryptosystem, rapid automatic cryptographic equipment, synchronous crypto-operation,; Related:BLACK, CAPSTONE chip, CCI assembly, CCI component, CCI equipment, COMSEC equipment, COMSEC material, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Distributed Authentication Security Service, FIPS PUB 140-1, HMAC, IEEE P1363, International Traffic in Arms Regulations, Internet Security Association and Key Management Protocol, MD2, MD4, MD5, MIME Object Security Services, PC card, QUADRANT, RED/BLACK separation, Secure Hash Standard, access control center, algorithm, attribute certificate, authentication code, authentication system, authorized vendor, benign, binding, break, brute force, brute force attack, certificate domain parameters, check word, checksum, chosen-plaintext attack, code division multiple access, cold start, communications security, compromise, controlling authority, crack, critical security parameters, cut-and-paste attack, cyclic redundancy check, data driven attack, data items' representation, domain of interpretation, emissions security, end entity, end-to-end security, endorsed for unclassified, environmental failure protection, environmental failure testing, extraction resistance, feedback buffer, fill device, hash, hash function, information, initialize, integrity check, intelligent threat, interface, internetwork private line, known-plaintext attack, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message indicator, national security system, non-repudiation, one-time pad, one-time passwords, one-time tape, one-way function, operations manager, out of band, permuter, personal security environment, personalization service, plain text, port, primary account number, privacy, random, rekey, scavenging, seal, security event, semantic security, shared secret, simple network management protocol, status information, steganography, strong authentication, system indicator, ticket, time-stamp token, traffic analysis, traffic padding, traffic-flow security, trap door, trusted path, two-person control, unforgeable, updating, user partnership program, validate vs. verify, work factor, wrap, zeroize,
cryptology: Related:analysis,
cryptonet: Related:key,
cryptonet control station: IncludedBy:cryptography,
cryptonet key: IncludedBy:key,
cryptoperiod: Related:analysis, certificate, key, public-key infrastructure,
cryptosynchronization: IncludedBy:cryptography,
cryptosystem: IncludedBy:system,; Related:encryption,
cryptosystem analysis: IncludedBy:analysis, system,
cryptosystem evaluation: IncludedBy:evaluation, system,
cryptosystem review: IncludedBy:system,
cryptosystem survey: IncludedBy:system,; Related:evaluation,
cultural assumptions
customer: HasPreferred:user,
cut-and-paste attack: IncludedBy:attack,; Related:cryptography,
cyberattack: IncludedBy:attack,
cyberspace: IncludedBy:internet,
cycle time
cyclic redundancy check: Related:algorithm, cryptography, hash,
dangling threat: IncludedBy:threat,
dangling vulnerability: IncludedBy:vulnerability,
dark-side hacker: IncludedBy:threat,
data: IncludedBy:automated information system,
data administration: IncludedBy:automated information system,
data aggregation: IncludedBy:automated information system,
data architecture: IncludedBy:automated information system,
Data Authentication Algorithm: IncludedBy:authentication,; Related:hash, key,
data authentication code: IncludedBy:National Institute of Standards and Technology, authentication, integrity,; Related:hash function, key,; Synonym:message authentication code,
data authentication code vs. Data Authentication Code: IncludedBy:authentication,; Related:hash, key,
data communications: IncludedBy:communications,
data compromise: IncludedBy:compromise, incident,; Related:unauthorized access,
data confidentiality: IncludedBy:confidentiality, data privacy,
data confidentiality service: IncludedBy:confidentiality,
data contamination: IncludedBy:automated information system,
data control language: IncludedBy:automated information system,
data definition language: IncludedBy:automated information system,
data dictionary: IncludedBy:automated information system,
data diddling: IncludedBy:attack,
data driven attack: IncludedBy:attack,; Related:cryptography, software,
Data Encryption Algorithm: IncludedBy:symmetric cryptography,; Related:encryption, key,
data encryption key: IncludedBy:encryption, key,; Includes:data key,
Data Encryption Standard: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, encryption, key, symmetric algorithm,; Includes:initialization vector,; Related:algorithm,
data flow diagram: IncludedBy:automated information system,
data input: IncludedBy:automated information system,
data integrity: IncludedBy:data security, integrity,; Related:quality, trust,
data integrity service: IncludedBy:integrity,; Related:authentication,
data items' representation: Related:cryptography, hash,
data key: IncludedBy:data encryption key, key, key recovery,; Related:authentication,
data management: IncludedBy:automated information system,
data manipulation language: IncludedBy:automated information system,
data origin authentication: IncludedBy:authentication,
data origin authentication service: IncludedBy:authentication,; Related:digital signature, key,
data path: IncludedBy:cryptographic module,
data privacy: IncludedBy:data security, privacy,; Includes:data confidentiality,; Related:assurance, confidentiality,
data processing: IncludedBy:automated information system,
data reengineering: IncludedBy:automated information system,
data security: IncludedBy:security,; Includes:data integrity, data privacy,; Related:confidentiality,
data source: Includes:user,; Related:connection, firewall, networks,
data storage: IncludedBy:automated information system,
data string: Related:hash,
data structure: IncludedBy:automated information system,
data synchronization: Related:automated information system,
data transfer device: Related:communications security,
data validation: IncludedBy:automated information system,
database administration: IncludedBy:automated information system,
database management system: IncludedBy:system,; Includes:consistency, metadata, transaction, view, view definition,; Related:Directory Access Protocol, security, software,
datagram: Related:networks,
deadlock: IncludedBy:threat,; Synonym:deadly embrace,
deadly embrace: IncludedBy:threat,; Synonym:deadlock,
debilitated: IncludedBy:risk,
debug: Related:fault, software,
debugger
debugging: IncludedBy:automated information system,
deception: IncludedBy:threat consequence,
decertification
decipher: Related:key,
decipherment
decision support systems: IncludedBy:system,
declassification of AIS storage media: Includes:automated information system, subject,; Related:security,
decode
decomposition: IncludedBy:protection profile,
decrypt: Related:encryption,
decryption: Antonym:encryption,
dedicated loop encryption device: IncludedBy:encryption,
dedicated mode: Related:computer security, user,
dedicated security mode: IncludedBy:modes of operation, security,; Related:accreditation, classification level,
default account: Related:passwords,
default classification: IncludedBy:classification level,; Includes:object,
defect: IncludedBy:risk,; Related:bug, failure, fault,
defense: Related:threat,
defense communications system: IncludedBy:communications, system,
defense courier service
Defense Information Infrastructure: Related:command and control, networks, security,
Defense Information System Network: IncludedBy:networks, system,
defense message system: IncludedBy:system,
defense switched network: IncludedBy:networks,
defense-in-depth: IncludedBy:security,; Related:availability, confidentiality,
defense-wide information assurance program: IncludedBy:assurance,; Related:authentication, availability, confidentiality, non-repudiation,
Defensive Information Operations: Related:exploit, security,
degauss: IncludedBy:erasure,
degausser: IncludedBy:National Security Agency, degausser products list,; Related:computer security,
degausser products list: IncludedBy:Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency,; Includes:degausser,; Related:computer security,
degaussing
degrees of freedom
delegated accrediting authority
delegated development program
delegation: IncludedBy:authorize,
delete access: IncludedBy:access,
deliberate exposure: IncludedBy:threat consequence,
deliverable: Related:security, security target,
deliverables list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance partnership, target of evaluation,; Related:computer security, security target,
delivery: IncludedBy:target of evaluation,
delivery authority: Related:evidence, trust,
delta CRL: IncludedBy:public-key infrastructure,; Related:certificate,
demand assigned multiple access
demilitarized zone: IncludedBy:firewall,; Includes:protected network, unprotected network,; Related:assurance, rule set,
demon dialer: IncludedBy:attack,; Related:denial of service,
denial of service: IncludedBy:attack, incident, user,; Includes:distributed denial of service,; PreferredFor:interdiction,; Related:Automated Information System security, ICMP flood, SYN flood, availability, computer abuse, demon dialer, information systems security, letterbomb, logic bomb, ping of death, smurf, spam, tamper,
denial time: Related:risk,
dependency: IncludedBy:trusted computing base,
depends: IncludedBy:trusted computing base,
depot maintenance: IncludedBy:full maintenance,
derf: IncludedBy:threat,; Related:exploit, terminal hijacking,
descriptive top-level specification: IncludedBy:top-level specification,; Related:evaluation, trust,
design controlled spare parts: Related:communications security,
design documentation: Related:evaluation, trust,
designated: Related:computer security, evaluation, security,
designated accrediting authority
designated approving authority: IncludedBy:accreditation, risk,; Includes:automated information system,; Related:networks,
designated laboratories list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance partnership,; Related:computer security, evaluation,
designating authority: IncludedBy:Common Criteria Testing Laboratory,; Related:evaluation,
designation policy: IncludedBy:Common Criteria Testing Laboratory, policy,; Related:evaluation, security,
destruction: IncludedBy:risk,; Related:critical infrastructure,
detailed design: IncludedBy:software development, target of evaluation,
deterministic
developer: IncludedBy:target of evaluation,
developer security: IncludedBy:security,
development assurance: IncludedBy:assurance, development process,; Includes:software development methodologies,; Related:evidence, test,
development assurance component: IncludedBy:assurance, component,
development assurance package: IncludedBy:assurance,
development assurance requirements: IncludedBy:assurance, requirements,; Related:evidence,
development environment: IncludedBy:development process, target of evaluation,
development process: IncludedBy:software development, target of evaluation,; Includes:development assurance, development environment, hierarchical decomposition, informal specification, security specifications, top-level specification, validation, verification,; Related:software,
deviation
dial back
dial-up: Includes:dial-up line, dial-up security,; Related:communications,
dial-up line: IncludedBy:dial-up,; Related:communications, internet,
dial-up security: IncludedBy:dial-up, security,
dictionary attack: IncludedBy:attack,; Related:authentication, encryption, key, password cracker, passwords,
Diffie-Hellman: IncludedBy:asymmetric algorithm,; Related:attack, authentication, encryption, key, privacy,
digest: HasPreferred:message digest,
digital certificate: IncludedBy:certificate, credentials, key,; Related:digital signature,
digital certification: Related:key,
digital document: Related:automated information system,
digital envelope: Related:confidentiality, encryption, key,
digital id: IncludedBy:public-key infrastructure,; Related:authentication, certificate, identification, key,
digital key: IncludedBy:key,
digital notary: Related:digital signature, trust,
digital signature: IncludedBy:key, public-key infrastructure, signature,; Includes:Digital Signature Algorithm, Digital Signature Standard,; Related:ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, archive, asymmetric cryptography, attribute certificate, authentic signature, authenticate, authentication, bind, brand CRL identifier, certificate validation, certification path, cryptographic algorithm, cryptographic system, data origin authentication service, digital certificate, digital notary, digitized signature, dual signature, electronic signature, elliptic curve cryptography, encryption, encryption certificate, end entity, hash, integrity, invalidity date, key pair, merchant certificate, networks, no prior relationship, non-repudiation, personality label, pre-signature, pretty good privacy, private signature key, public-key certificate, revocation date, seal, security mechanism, sign, signature certificate, signature equation, signature function, signature key, signature process, signature system, signer, symmetric cryptography, triple DES, unforgeable, valid signature, validate vs. verify,
Digital Signature Algorithm: IncludedBy:Digital Signature Standard, algorithm, digital signature,; Related:hash, secure hash algorithm,
Digital Signature Standard: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, digital signature,; Includes:Digital Signature Algorithm, Elliptic Curve Digital Signature Algorithm,
digital subscriber voice terminal
digital telephony: Related:communications,
digital watermarking: PreferredFor:watermarking,
digitized signature: Related:digital signature,
diplomatic telecommunications service: Related:networks,
direct access storage device: Related:automated information system,
direct data feed
direct memory access: IncludedBy:automated information system,
direct shipment: Related:communications security, user,
directly trusted CA: IncludedBy:public-key infrastructure, trust,
directly trusted CA key: IncludedBy:key, public-key infrastructure, trust,
Director Central Intelligence Directive
directory: HasPreferred:directory vs. Directory,
Directory Access Protocol: Related:database management system,
directory information base
directory service: Related:public-key infrastructure,
directory user agent
directory vs. Directory: PreferredFor:directory,; Related:certificate, public-key infrastructure,
disaster plan: IncludedBy:contingency plan,; Related:threat,
disaster recovery: IncludedBy:contingency plan, recovery, risk management,; Includes:cold site, hot site,; Related:reconstitution,
disaster recovery plan: IncludedBy:contingency plan, recovery,
disclosure of information
discrete event simulation: Related:model,
discretionary access control: Antonym:non-discretionary access control,; IncludedBy:access control,; Includes:surrogate access,
dispersion
disruption: IncludedBy:threat consequence,
Distinguished Encoding Rules: IncludedBy:Abstract Syntax Notation One, Basic Encoding Rules,; Related:certificate, digital signature,
distinguished name: IncludedBy:public-key infrastructure,; Includes:subordinate distinguished name,; Related:certificate, key,
distinguishing identifier: Related:non-repudiation,
Distributed Authentication Security Service: IncludedBy:authentication, internet, security protocol,; Related:cryptography,
distributed computing environment: IncludedBy:ACL-based authorization, Generic Security Service Application Program Interface,; Includes:Kerberos,; Related:audit, authentication,
distributed data: Related:networks,
distributed data processing: IncludedBy:automated information system,
distributed database: Related:networks,
distributed denial of service: IncludedBy:denial of service,
distributed processing: IncludedBy:automated information system,; Related:communications, networks,
distribution point: IncludedBy:public-key infrastructure,; Related:certificate, key,
DNS spoofing: IncludedBy:domain name system, masquerade, spoofing,
documentation: IncludedBy:target of evaluation,
DoD Information Technology Security Certification and Accreditation Process: IncludedBy:accreditation, computer security, requirements,
DoD Trusted Computer System: IncludedBy:system, trust,; Related:evaluation,
DoD Trusted Computer System Evaluation Criteria: IncludedBy:evaluation, system, trust,
domain: IncludedBy:Multilevel Information System Security Initiative, object, subject,; Related:access control, certificate, internet, model, public-key infrastructure, security domain,
domain modulus: Related:trust,
domain name: IncludedBy:domain name system,
domain name service server: IncludedBy:internet,
domain name system: IncludedBy:internet, system,; Includes:DNS spoofing, domain name,; Related:access control, authentication, key, software,
domain of interpretation: Related:cryptography, security,
domain parameter: Related:hash, security, tokens,
domain verification exponent: Related:verification,
dominated by: Antonym:dominates,; Includes:object,; Related:classification level, security, trust,
dominates: Antonym:dominated by,; Related:classification level, computer security, security,
dongle: Related:authentication, key, software,
downgrade: IncludedBy:requirements, security,; Related:classification level, networks,
download
draft RFC: IncludedBy:Request for Comment,
drop accountability: Related:communications security,
dual control: IncludedBy:security,
dual driver service
dual signature: IncludedBy:Secure Electronic Transaction,; Related:digital signature, encryption, hash, key,
dual-homed gateway firewall: IncludedBy:firewall,; Related:networks,
dump: Related:failure,
dumpster diving: IncludedBy:threat,
dynamic analysis: IncludedBy:analysis,; Related:testing,
dynamic binding
e-banking: IncludedBy:internet,
e-mail server: IncludedBy:internet,
ease of use: IncludedBy:target of evaluation,
eavesdropping: IncludedBy:attack,; Related:emanation, emanations security, shoulder surfing,
economy of mechanism: IncludedBy:security,
EE
effective key length: IncludedBy:encryption, key,
effectiveness: IncludedBy:assurance,; Related:risk, security target, threat,
egress filtering: Related:internet,
El Gamal algorithm: Related:digital signature, encryption,
elapsed time
electrical power systems: IncludedBy:critical infrastructure,
electromagnetic compatibility
electromagnetic emanations: IncludedBy:emanation, emanations security,
electromagnetic interference: IncludedBy:risk,
electronic attack: IncludedBy:attack,; Related:communications security,
electronic benefit transfer: Related:networks,
electronic codebook
electronic commerce: IncludedBy:Secure Electronic Transaction,; Related:communications, electronic data interchange, email, internet,
electronic counter-countermeasures: IncludedBy:counter measures,
electronic countermeasures: IncludedBy:counter measures,
electronic data interchange: Related:communications, electronic commerce, value-added network,
electronic document management system: IncludedBy:system,
electronic fill device
electronic funds transfer system: IncludedBy:system,
electronic generation, accounting, and distribution system: IncludedBy:system,
electronic intelligence
electronic key entry: IncludedBy:key management,
electronic key management: IncludedBy:key,; Related:communications security,
electronic key management system: IncludedBy:key, system,; Related:communications security,
electronic messaging services: Related:internet,
electronic protection: Related:assurance,
electronic security: IncludedBy:security,; Related:analysis,
electronic signature: IncludedBy:signature,; Related:digital signature,
electronic warfare: IncludedBy:warfare,
electronic warfare support: IncludedBy:warfare,; Related:threat,
electronically generated key: IncludedBy:key,; Related:communications security,
element: Related:communications security, security,
elliptic curve cryptography: Related:analysis, attack, digital signature, key,
elliptic curve cryptosystem: IncludedBy:asymmetric algorithm, system,
Elliptic Curve Digital Signature Algorithm: IncludedBy:Digital Signature Standard,; Related:digital signature,
email: IncludedBy:internet,; Includes:email packages, email security software, letterbomb, mailbomb, multipurpose internet mail extensions, privacy enhanced mail, secure multipurpose internet mail extensions, spam,; Related:SET qualifier, Secure Data Network System, X.400, bounce, electronic commerce, message authentication code vs. Message Authentication Code, message handling system, message integrity code, pretty good privacy, simple mail transfer protocol,
email packages: IncludedBy:email,; Includes:email security software,
email security software: IncludedBy:email, email packages, security software, software,; Includes:pretty good privacy,; Related:networks,
emanation: IncludedBy:TEMPEST, emanations security, threat,; Includes:electromagnetic emanations, emanations analysis,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, eavesdropping, implant, procedural security, security architecture, suppression measure,; Synonym:RED signal,
emanations analysis: IncludedBy:analysis, emanation, threat consequence,
emanations security: IncludedBy:TEMPEST,; Includes:compromising emanation performance requirement, compromising emanations, electromagnetic emanations, emanation, undesired signal data emanations,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, analysis, eavesdropping, implant, procedural security, security architecture, suppression measure,; Synonym:emissions security,
embedded computer
embedded cryptographic system: IncludedBy:cryptography,
embedded cryptography: IncludedBy:cryptography,
embedded system: IncludedBy:system,
emergency action message
emergency plan: IncludedBy:contingency plan,; Related:threat,
emergency response: Related:threat,
emergency response time
emergency services: IncludedBy:critical infrastructure,; Related:recovery,
emissions security: IncludedBy:Automated Information System security, TEMPEST, communications security, computer security,; Related:RED signal, analysis, cryptography, telecommunications,; Synonym:emanations security,
empty position
encapsulating security payload: IncludedBy:Internet Protocol security, security protocol,; Related:authentication, confidentiality,
encapsulation
encipher: IncludedBy:encryption,
encipherment: IncludedBy:encryption,
encipherment algorithm: IncludedBy:cryptography,
encode: IncludedBy:encryption,
encrypt: IncludedBy:cryptography,
encrypt: IncludedBy:encryption,
encrypt for transmission only: Related:encryption, networks,
encrypted key: IncludedBy:key, key recovery,; PreferredFor:ciphertext key,; Related:passwords,
encryption: Antonym:cleartext, decryption,; IncludedBy:Secure Electronic Transaction, privacy enhanced mail,; Includes:Cryptographic Application Program Interface, Data Encryption Standard, asymmetric cryptographic algorithm, bulk encryption, cryptographic functions, data encryption key, dedicated loop encryption device, effective key length, encipher, encipherment, encode, encrypt, encryption algorithm, encryption software, end-to-end encryption, key-encryption-key, link encryption, one-way encryption, pretty good privacy, secure multipurpose internet mail extensions, superencryption, symmetric algorithm, tamper,; Related:Advanced Encryption Standard, CAST, COMSEC control program, Clipper chip, Cryptographic Message Syntax, Data Encryption Algorithm, Diffie-Hellman, El Gamal algorithm, Escrowed Encryption Standard, Federal Standard 1027, Fortezza, IEEE P1363, Internet Protocol security, Internet Security Association and Key Management Protocol, Law Enforcement Access Field, MIME Object Security Services, NULL encryption algorithm, Rivest-Shamir-Adelman algorithm, Rivest-Shamir-Adleman, SET private extension, Secure/MIME, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, The Exponential Encryption System, Transport Layer Security Protocol, asymmetric cryptography, authentication code, baggage, block cipher, break, cardholder certificate, cipher, ciphertext, code, code book, cooperative key generation, cryptanalysis, crypto-algorithm, cryptographic algorithm, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptosystem, decrypt, dictionary attack, digital envelope, digital signature, dual signature, encrypt for transmission only, encryption certificate, endorsed data encryption standard products list, hybrid encryption, in the clear, indistinguishability, information systems security, initialization vector, initialize, intelligent threat, key, key agreement, key center, key distribution center, key generator, key pair, key recovery, key translation center, key transport, key-encrypting key, key-escrow system, keyed hash, low-cost encryption/authentication device, merchant certificate, message authentication code vs. Message Authentication Code, message integrity code, mode of operation, off-line cryptosystem, on-line cryptosystem, one-time pad, over-the-air key transfer, over-the-air rekeying, password system, per-call key, personality label, privacy system, protected communications, protected distribution systems, public cryptography, public-key cryptography, public-key forward secrecy, salt, secret-key cryptography, secure shell, secure socket layer, security management infrastructure, security mechanism, semantic security, session key, signature certificate, start-up KEK, stream cipher, symmetric cryptography, symmetric key, system indicator, tactical trunk encryption device, threat consequence, traffic analysis, triple DES, trunk encryption device, tunnel, unencrypted, virtual private network, wrap,
encryption algorithm: IncludedBy:encryption,; Related:communications security, confidentiality,
encryption certificate: IncludedBy:certificate,; Related:digital signature, encryption, key,
encryption software: IncludedBy:encryption, software,
encryption strength: IncludedBy:quality of protection,; PreferredFor:strength of encryption,
encryption tools: IncludedBy:security software,
end entity: Related:certificate, cryptography, digital signature, key, public-key infrastructure,
end system: IncludedBy:system,; Related:internet, networks,
end-to-end encryption: IncludedBy:encryption,; Related:networks,
end-to-end security: IncludedBy:security,; Related:cryptography,
end-user: IncludedBy:target of evaluation, user,; Related:networks, public-key infrastructure,
end-user computing: IncludedBy:user,
endorsed cryptographic products list: IncludedBy:cryptography,
endorsed data encryption standard products list: Related:encryption,
endorsed for unclassified: Related:cryptography,
endorsed for unclassified cryptographic information: IncludedBy:cryptography,
Endorsed TEMPEST Products List: IncludedBy:TEMPEST,
endorsed tools list: IncludedBy:Information Systems Security products and services catalogue, National Information Assurance partnership, formal verification,; Related:computer security, trust,
endorsement
energy-efficient computer equipment: Related:model,
enforcement vector
engineering development model
enhanced hierarchical development methodology: IncludedBy:software development methodologies,; Related:security,
enterprise resource planning
entity: HasPreferred:system entity,; Related:authentication,
entity authentication: IncludedBy:authentication,
entity authentication of A to B: IncludedBy:authentication,
entity-wide security: IncludedBy:security,
entrapment: IncludedBy:risk management,; Related:exploit,
entry label
entry-level certification: IncludedBy:certification,; Related:availability, confidentiality, integrity,
environment: Includes:object,
environmental failure protection: IncludedBy:failure, risk management,; Related:assurance, cryptography,
environmental failure testing: IncludedBy:failure, test,; Related:cryptography,
ephemeral key: IncludedBy:key,
equipment radiation TEMPEST zone: IncludedBy:TEMPEST,
erasure: Includes:degauss, overwrite procedure,
error: Related:bug, fault,
error analysis: IncludedBy:analysis,
error detection and correction
error detection code: IncludedBy:integrity,; Includes:check character,
error guessing: Related:test,
error seeding: Related:analysis, assurance, mutation analysis,; Synonym:bebugging,
Escrowed Encryption Standard: Related:encryption, key,
Estelle: Related:networks,
ethernet meltdown: IncludedBy:threat,; Related:networks,
ethernet sniffing: IncludedBy:sniffing,; Related:packet sniffer, passwords, promiscuous mode, software,
Europay, MasterCard, Visa: Related:tokens,
European Information Technology Security Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, target of evaluation,; Includes:assurance, correctness,
European quality award: IncludedBy:quality,
evaluated products list: IncludedBy:Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency,; Related:computer security, evaluation, software, trust, trusted computer system,
evaluated system: IncludedBy:evaluation, system,; Related:security,
evaluation: IncludedBy:certification,; Includes:Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology, DoD Trusted Computer System Evaluation Criteria, Evaluation Technical Report, Evaluation Work Plan, IT Security Evaluation Criteria, IT Security Evaluation Methodology, Information Technology Security Evaluation Criteria, Monitoring of Evaluations, NIAP Common Criteria Evaluation and Validation Scheme, Trusted Computer System Evaluation Criteria, Trusted Products Evaluation Program, assurance, certification and accreditation, certification test and evaluation, cryptosystem evaluation, evaluated system, evaluation and validation scheme, evaluation authority, evaluation facility, evaluation pass statement, evaluation scheme, program evaluation and review technique, quality of protection, risk evaluation, security evaluation, software system test and evaluation process, strength of a requirement, system security evaluation, target of evaluation, validation, verification,; Related:A1, Commercial COMSEC, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, DoD Trusted Computer System, FIPS approved security method, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Red book, Scope of Accreditation, Validation Certificate, Yellow book, accreditation, accreditation range, accredited, approval/accreditation, approved technologies list, approved test methods list, benchmark, beyond A1, candidate TCB subset, certificate, certificate revocation list, computer security, controlled access protection, criteria, cryptosystem survey, descriptive top-level specification, design documentation, designated, designated laboratories list, designating authority, designation policy, evaluated products list, flaw hypothesis methodology, interface control document, network component, observation reports, penetration test, preproduction model, protection philosophy, quality, requirements for content and presentation, requirements for evidence, risk analysis, risk management, risk treatment, security, security policy model, security-compliant channel, source selection, sponsor, subset-domain, technology area, test method, test procedure, testing, threat assessment, trusted network interpretation,; Synonym:analysis,
evaluation and validation scheme: IncludedBy:evaluation,
evaluation assurance: IncludedBy:assurance,; Includes:evaluation assurance level,; Related:analysis, threat,
evaluation assurance component: IncludedBy:assurance, component,
evaluation assurance level: IncludedBy:Common Criteria for Information Technology Security Evaluation, evaluation assurance, requirements,; Includes:evaluation criteria, evaluator, evaluator actions,; Related:networks,
evaluation assurance package: IncludedBy:assurance,
evaluation assurance requirements: IncludedBy:assurance,
evaluation authority: IncludedBy:evaluation,; Related:quality,
evaluation criteria: IncludedBy:evaluation assurance level,
evaluation facility: IncludedBy:evaluation,
evaluation pass statement: IncludedBy:evaluation,
evaluation scheme: IncludedBy:evaluation,
Evaluation Technical Report: IncludedBy:Common Criteria Testing Laboratory, evaluation,
Evaluation Work Plan: IncludedBy:Common Criteria Testing Laboratory, evaluation,; Related:computer security, security,
evaluator: IncludedBy:evaluation assurance level,
evaluator actions: IncludedBy:evaluation assurance level,
event: Related:incident,
evidence: Includes:evidence requester, evidence subject, requirements for evidence,; Related:audit trail, correctness, delivery authority, development assurance, development assurance requirements, failure, logging, monitor, non-repudiation, non-repudiation information, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, notarization, notary, operations security, proof, secure envelope, security audit trail, security target, statistical estimate, time-stamping authority, time-stamping service, trusted time stamping authority, validate vs. verify, validation, validation report, verifier, witness,
evidence requester: IncludedBy:evidence,; Related:trust,
evidence subject: IncludedBy:evidence,
exception: Related:bug, fault,
exchange multiplicity parameter: Related:authentication,
executable code
execute access: IncludedBy:access,
executive information systems: IncludedBy:system,
executive state: Includes:privileged instructions,; PreferredFor:supervisor state,; Related:software,
executive steering committee
exercise key: IncludedBy:key,
exercised: Related:test,
exhaustive testing: IncludedBy:test,
expansibility
expert review team
expire: HasPreferred:certificate expiration,
explain
explicit key authentication from A to B: IncludedBy:authentication,; Related:key,
exploit: IncludedBy:threat,; Related:Defensive Information Operations, assurance, attack, covert channel, derf, entrapment, exploitable channel, firewall, flaw hypothesis methodology, information superiority, information warfare, intelligent threat, non-technical countermeasure, operations security, penetration testing, port scan, security threat, smurf, technical vulnerability, threat agent, trojan horse, vulnerability,
exploitable channel: IncludedBy:channel, threat, trusted computing base,; Includes:covert channel, subject,; Related:exploit,
exploitation: PreferredFor:exploitation of vulnerability,; Related:access control, security, vulnerability,
exploitation of vulnerability: HasPreferred:exploitation,
exposure: IncludedBy:threat consequence,; Includes:common vulnerabilities and exposures, external system exposure, internal system exposure,; Related:inadvertent disclosure, levels of concern, media protection, risk assessment, unauthorized disclosure,
extended industry standard architecture: Related:automated information system,
extensibility
extensible
Extensible Authentication Protocol: IncludedBy:authentication, security protocol,; Related:challenge/response, networks, passwords,
extension: IncludedBy:public-key infrastructure,; Includes:certificate extension,; PreferredFor:private extension,; Related:assurance, certificate, certification, key,
external it entity: IncludedBy:target of evaluation,; Related:trust,
external security controls: IncludedBy:protection profile, risk management, security controls,; Related:accreditation, certification,
external system exposure: IncludedBy:exposure,; Related:internet,
external throughput rate
extraction resistance: Related:communications, cryptography,
extranet: IncludedBy:internet,; Related:networks, virtual private network,
facilities
facility manager: Related:security,
facsimile
fail safe: IncludedBy:failure control,; Related:failure, software,
fail soft: IncludedBy:automated information system, failure control,; Related:failure, software,
failure: IncludedBy:risk,; Includes:environmental failure protection, environmental failure testing, failure access, failure control, mean-time-between-failure, mean-time-between-outages, mean-time-to-fail,; Related:IS related risk, abend, abort, accountability, anomaly, availability, backup procedures, bomb, contingency plan, crash, critical mechanism, defect, dump, evidence, fail safe, fail soft, fallback procedures, flooding, mean-time-to-repair, mean-time-to-service-restoral, outage, problem, recovery procedures, software, software reliability, strength of a requirement, uninterruptible power supply, vulnerability,; Synonym:fault,
failure access: IncludedBy:access control, failure, threat,; Related:incident, software, unauthorized access,
failure control: IncludedBy:failure, risk management,; Includes:fail safe, fail soft,; Related:recovery, software,
fallback procedures: Related:backup, failure,
false denial of origin: IncludedBy:threat consequence,
false denial of receipt: IncludedBy:threat consequence,
false negative: IncludedBy:risk,
false positive: IncludedBy:risk,
falsification: IncludedBy:threat consequence,
family: Related:security,
fault: IncludedBy:threat,; Includes:fault analysis, fault management, fault tolerance, security fault analysis,; Related:Federal Standard 1027, alarm reporting, alarm surveillance, anomaly, bug, correctness, debug, defect, error, exception, maintenance, network management, networks, problem, software reliability, trap,; Synonym:failure,
fault analysis: IncludedBy:analysis, fault,; Related:risk analysis,
fault injection: Related:analysis,
fault management: IncludedBy:fault,
fault tolerance: IncludedBy:fault,; Related:risk, software,
Federal Criteria for Information Technology Security: IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria,; Includes:Federal Criteria Vol. I, assurance, correctness,; Related:trust,
Federal Criteria Vol. I: IncludedBy:Federal Criteria for Information Technology Security, National Institute of Standards and Technology,; Includes:protection profile,; Related:computer security,
Federal Information Processing Standards: IncludedBy:National Institute of Standards and Technology,; Includes:Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Information Processing Standards Publication 140,; Related:computer security, security,
Federal Information Processing Standards Publication 140: IncludedBy:Federal Information Processing Standards,; Synonym:FIPS PUB 140-1,
Federal Public-key Infrastructure: IncludedBy:public-key infrastructure,; Related:certificate, communications security, key,
Federal Reserve Banks
federal secure telephone service
Federal Standard 1027: IncludedBy:National Institute of Standards and Technology,; Related:FIPS PUB 140-1, National Security Agency, analysis, emanation, emanations security, encryption, fault, key, security, tamper,
federal telecommunications system: IncludedBy:system,
fedline
fedwire
feedback buffer: Related:cryptography,
fetch protection: IncludedBy:access control,; Includes:contamination,; Related:assurance, unauthorized access,
fiber distributed data interface: Related:automated information system,
fiber-optics
field
file
file infector virus: IncludedBy:virus,
file integrity checker
file protection: IncludedBy:access control,; Includes:contamination,; Related:assurance, unauthorized access,
file security: IncludedBy:access control,
file transfer: Related:networks,
file transfer access management: Related:networks,
file transfer protocol: IncludedBy:internet,; Related:networks,
fill device: Related:communications security, cryptography,
fill device interface unit
filtering router: IncludedBy:router,; Related:networks, packet filter, security,; Synonym:screening router,
finality
fingerprint: Related:authentication, hash, key,
finite population correction factor
finite state machine: Related:model,
FIPS approved security method: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, security policy,; Related:authentication, evaluation,
FIPS PUB 140-1: IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology,; Includes:random number generator,; Related:Federal Standard 1027, communications security, cryptography, key, security, software, test, zeroization, zeroize,; Synonym:Federal Information Processing Standards Publication 140,
FIREFLY: Related:key,
firewall: IncludedBy:front-end security filter, gateway, guard, internet, security filter, security software,; Includes:application gateway firewall, application proxy, application-level firewall, bastion host, circuit proxy, connection, demilitarized zone, dual-homed gateway firewall, goodput, homed, host-based firewall, illegal traffic, logging, network address translation, network level firewall, packet filter, packet filtering, packet filtering firewall, protected network, proxy, rejected traffic, router-based firewall, rule set, screened host firewall, screened subnet firewall, stateful packet filtering, trusted gateway, unprotected network,; PreferredFor:firewall machine,; Related:access control, application level gateway, circuit level gateway, data source, exploit, networks, policy, screening router, threat, unauthorized access, unit of transfer,
firewall machine: HasPreferred:firewall,
firmware: IncludedBy:cryptographic module,; Related:software,
fishbone diagram: PreferredFor:cause and effect diagram,
fishbowl
fixed COMSEC facility: Related:communications security,
fixed price contract
flaw: IncludedBy:threat,
flaw hypothesis methodology: IncludedBy:risk management,; Related:analysis, attack, evaluation, exploit, test,
flexibility
flooding: IncludedBy:attack, incident,; Related:analysis, failure,
flow control: HasPreferred:information flow control,
for official use only
foreign owned, controlled or influenced
Forensics: HasPreferred:computer forensics,
fork bomb: IncludedBy:threat,
formal: Antonym:informal,; Includes:formal access approval, formal development methodology, formal model of security policy, formal proof, formal security policy model, formal specification, formal top-level specification, formal verification,
formal access approval: IncludedBy:formal,
formal development
formal development methodology: IncludedBy:formal, software development methodologies,; Related:identification, model,
formal model of security policy: IncludedBy:formal, model, policy, security, target of evaluation,; Synonym:formal security policy model,
formal proof: IncludedBy:formal, formal verification,
formal security policy model: IncludedBy:formal, formal verification, model, security policy, trusted computing base,; Includes:Bell-LaPadula security model, Biba Integrity model,; Related:policy,; Synonym:formal model of security policy,
formal specification: Antonym:informal specification,; IncludedBy:formal, formal verification,; Includes:formal top-level specification,; Related:software,
formal top-level specification: IncludedBy:formal, formal specification, top-level specification,; Related:model, security,
formal verification: IncludedBy:formal, verification,; Includes:endorsed tools list, formal proof, formal security policy model, formal specification,; Related:model, security,
format
formulary: Related:access control,
Fortezza: IncludedBy:National Institute of Standards and Technology, National Security Agency,; Related:CAPSTONE chip, MISSI user, SSO PIN, SSO-PIN ORA, digital signature, encryption, hash, key, no-PIN ORA, personal identification number, personality label, slot, software, tokens, user PIN, user-PIN ORA,
Forum of Incident Response and Security Teams: IncludedBy:computer emergency response team, incident,; Related:computer security, quality,
forward engineering
forward secrecy: Includes:forward secrecy with respect to A, forward secrecy with respect to both A and B individually, mutual forward secrecy, public-key forward secrecy,; PreferredFor:perfect forward secrecy,
forward secrecy with respect to A: IncludedBy:forward secrecy,
forward secrecy with respect to both A and B individually: IncludedBy:forward secrecy,
forwarder: IncludedBy:application proxy,
frame relay: Related:automated information system,
framing
fraud: Includes:computer fraud,
frequency division multiple access: IncludedBy:user,
frequency hopping: Related:communications, communications security,
front-end processor: IncludedBy:automated information system,
front-end security filter: IncludedBy:security,; Includes:firewall,; Related:software,
full accreditation: IncludedBy:accreditation,; Related:security,
full maintenance: Includes:depot maintenance,
full-duplex
function
functional component: IncludedBy:Common Criteria for Information Technology Security Evaluation, component, security target,; Includes:object,; Related:audit,
functional package: Includes:security target,
functional proponent: IncludedBy:network sponsor,
functional protection requirements: IncludedBy:protection profile,; Related:assurance,
functional security requirements specification: IncludedBy:security,
functional test case desgin: IncludedBy:test,
functional test case design: Related:analysis, black-box testing,
functional testing: IncludedBy:security testing, test,; Related:black-box testing,
functional unit: IncludedBy:component,
functionality: IncludedBy:target of evaluation,; Related:security,
functionality class: IncludedBy:target of evaluation,; Related:security,
future narrow band digital terminal: IncludedBy:security,; Related:networks,
gap analysis: IncludedBy:analysis, risk analysis,; Related:audit, vulnerability analysis,
gas and oil production, storage and transportation: IncludedBy:critical infrastructure,
gateway: IncludedBy:application proxy,; Includes:firewall, trusted gateway,; Related:communications, networks,
gateway server: IncludedBy:internet,
general accounting office
general controls: Related:recovery,
general support system
general-purpose system: IncludedBy:system,
GeneralizedTime: Related:UTCTime, coordinated universal time,
generally accepted system security principles: IncludedBy:security, system,
Generic Security Service Application Program Interface: IncludedBy:internet, security protocol,; Includes:distributed computing environment, security support programming interface,; Related:authentication, confidentiality, non-repudiation, privacy, tokens,
generic SIO class
generic threat: IncludedBy:threat,
Generic Upper Layer Security: IncludedBy:security,; Related:confidentiality,
geopolitical certificate authority: IncludedBy:Secure Electronic Transaction,; Related:certificate, certification, public-key infrastructure,
geosynchronous orbit
global command and control system: IncludedBy:command and control, security, system,; Related:networks,
global information grid: IncludedBy:security,
global network information environment: IncludedBy:networks, security,
global positioning system: IncludedBy:system,
global requirements: Antonym:local requirements,; IncludedBy:requirements, trusted computing base,; Related:analysis,
global telecommunications service: Related:networks,
goodput: IncludedBy:firewall,; Related:bit forwarding rate, networks, test,
gopher: Related:networks,
government emergency telecommunications service: Related:networks,
government services: Related:critical infrastructure,
granularity: IncludedBy:access control,; Includes:object,
granularity of a requirement: IncludedBy:requirements, trusted computing base,; Includes:object, subject,
graphical-user interface: IncludedBy:user,
Green book: IncludedBy:rainbow series,; Related:internet, passwords,
ground wave emergency network: IncludedBy:networks,
group
group of users: IncludedBy:user,; Related:software,
guard: IncludedBy:security,; Includes:firewall,; Related:networks, trust,
Guidelines and Recommendations for Security Incident Processing: IncludedBy:incident, security,; Related:internet, networks,
Gypsy verification environment: IncludedBy:software development methodologies,
hacker: IncludedBy:user,; Includes:cracker, hacking,; Related:Samurai, authorization, hacking run, networks,
hacking: IncludedBy:hacker, threat,; Related:networks,
hacking run: Related:hacker,
half-block
handle
handler: Related:attack, incident,
handshaking procedures: Related:authentication,
hard copy key: IncludedBy:key,
hardened unique storage
hardened unique storage Key: IncludedBy:key,
hardening: Related:assurance, availability, business process,
hardware: IncludedBy:cryptographic module,
hardware and system software maintenance: Related:security,
hardware error: Related:threat consequence,
hardware or software error: IncludedBy:threat consequence,
hardware token: HasPreferred:tokens,
hardwired key: IncludedBy:key,
hash: IncludedBy:security,; Includes:Secure Hash Standard, collision-resistant hash function, cryptographic hash function, hash code, hash function, hash function identifier, hash result, hash token, hash value, keyed hash, secure hash algorithm,; Related:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Cryptographic Message Syntax, Data Authentication Algorithm, Digital Signature Algorithm, Fortezza, HMAC, MD2, MD4, MD5, POP3 APOP, Rivest-Shamir-Adleman, S/Key, SET private extension, SET qualifier, certificate revocation tree, checksum, code, cryptographic algorithm, cryptographic component, cryptographic service, cryptographic system, cryptography, cyclic redundancy check, data authentication code vs. Data Authentication Code, data items' representation, data string, digital signature, domain parameter, dual signature, fingerprint, initializing value, integrity, integrity check, matrix, message authentication code vs. Message Authentication Code, message digest, message integrity code, one-time passwords, one-way function, output transformation, public-key forward secrecy, reduction-function, round-function, secure socket layer, thumbprint, witness, word,
hash code: IncludedBy:hash,; Related:hash function,
hash function: IncludedBy:hash,; Related:attack, authentication, cryptographic hash function, cryptography, data authentication code, hash code, hash result, hash value, message authentication code,
hash function identifier: IncludedBy:hash,
hash result: IncludedBy:hash,; Related:hash function,
hash token: IncludedBy:hash, tokens,
hash totals
hash value: IncludedBy:hash,; Related:hash function,
hashing
hashword
help desk: Related:communications,
hierarchical decomposition: IncludedBy:development process,
hierarchical development methodology: IncludedBy:software development methodologies,
hierarchical input process output
hierarchical PKI: IncludedBy:public-key infrastructure,; Related:certification,
hierarchy management: IncludedBy:public-key infrastructure,; Related:certificate, certification, key,
hierarchy of trust: IncludedBy:public-key infrastructure, trust,; Related:certification,
hijack attack: IncludedBy:attack,; Related:IP splicing/hijacking, hijacking, pagejacking, session hijacking, spoofing, terminal hijacking,
hijacking: Related:attack, hijack attack,
HMAC: Related:analysis, cryptography, hash, key, software,
homed: IncludedBy:firewall,; Includes:tri-homed,; Related:networks, test,
honeypot: Related:attack,
host: IncludedBy:automated information system,; Related:communications, internet, networks, software,
host based: IncludedBy:automated information system,; Related:audit,
host to front-end protocol: IncludedBy:automated information system,
host-based firewall: IncludedBy:automated information system, firewall,; Related:networks, software,
host-based security: IncludedBy:security,
hot site: IncludedBy:disaster recovery,; Related:cold site,
https: Related:internet, security,
human error: IncludedBy:threat consequence,
human user: IncludedBy:target of evaluation, user,
hybrid encryption: Related:confidentiality, encryption, key,
hydrometer
hydrophone
hydroscope
hygrograph
hygrometer
hygroscope
hyperlink: IncludedBy:world wide web,; Related:link,
hypermedia: Related:internet,
hypertext: Related:internet, standard generalized markup language, world wide web,
hypertext markup language: IncludedBy:standard generalized markup language, world wide web,
hypertext transfer protocol: IncludedBy:world wide web,; Related:networks, secure socket layer,
ICMP flood: IncludedBy:attack,; Related:denial of service,
identification: IncludedBy:accountability,; Includes:Identification Protocol, bank identification number, configuration identification, identification and accreditation, identification and authentication, identification data, identification, friend or foe, identification, friend, foe, or neutral, identity, identity based access control, identity-based security policy, personal identification number, privacy, authentication, integrity, identification, non-repudiation, risk identification, terminal identification, trusted identification, trusted identification forwarding,; Related:SSO PIN, alarm reporting, anonymity, attribute certificate, candidate TCB subset, class 2, 3, 4, or 5, compromised key list, configuration control, digital id, formal development methodology, information systems security, key tag, network component, primary account number, public key derivation function, redundant identity, registration authority, repair action, risk analysis, token device, uniform resource identifier, user PIN, validate vs. verify, verification,
identification and accreditation: IncludedBy:identification,
identification and authentication: IncludedBy:assurance, authentication, identification,; Related:access control,
identification data: IncludedBy:identification,
Identification Protocol: IncludedBy:identification, internet, security protocol,; Related:access control, audit,
identification, friend or foe: IncludedBy:identification,
identification, friend, foe, or neutral: IncludedBy:identification,
identity: IncludedBy:identification, user,
identity based access control: IncludedBy:access control, identification,
identity token: IncludedBy:tokens,
identity validation: Related:test, user,
identity-based security policy: IncludedBy:identification, policy,
IEEE 802.10: Related:networks, security,
IEEE P1363: Related:cryptography, digital signature, encryption, key,
illegal traffic: IncludedBy:firewall,; Related:bit forwarding rate, rule set,; Synonym:rejected traffic,
imaging system: IncludedBy:system,
IMAP4 AUTHENTICATE: Related:authentication, challenge/response, key,
imitative communications: IncludedBy:communications,
impact: Related:incident,
impersonating
impersonation: IncludedBy:attack,; Related:authentication,; Synonym:masquerade,
implant: Related:emanation, emanations security,
implementation: IncludedBy:target of evaluation,; Related:software,
implementation under test: IncludedBy:test,
implementation vulnerability: IncludedBy:vulnerability,
implicit key authentication from A to B: IncludedBy:authentication,; Related:key,
imprint
improved emergency message automatic transmission system: IncludedBy:system,
in the clear: Related:encryption,
inadvertent disclosure: IncludedBy:incident,; Related:exposure, risk,
inappropriate usage
incapacitation: IncludedBy:risk, threat consequence,; Related:critical infrastructure,
incident: IncludedBy:threat,; Includes:COMSEC incident, Computer Incident Advisory Capability, Forum of Incident Response and Security Teams, Guidelines and Recommendations for Security Incident Processing, attack, automated security incident measurement, compromise, computer incident assessment capability, computer intrusion, computer security incident, computer security incident response capability, computer security incident response team, contamination, data compromise, denial of service, flooding, inadvertent disclosure, incident handling, incident response capability, multiple component incident, probe, program automated information system security incident support team, security incident, security intrusion, suspicious event,; Related:COMSEC insecurity, communications security, computer emergency response team, event, failure access, handler, impact, indication, infrastructure assurance, joint task force-computer network defense, mitigation, precursor, protective technologies, response, security controls, security event, security policy, vulnerability,
incident handling: IncludedBy:incident,; PreferredFor:incident response,
incident response: HasPreferred:incident handling,
incident response capability: IncludedBy:incident,; Related:security,
incomplete parameter checking: IncludedBy:threat,
independence: Related:audit,
independent assessment: Related:security,
independent validation and verification: Related:analysis, software, test,
indication: Related:incident,
indicator: Related:attack,
indirect certificate revocation list: IncludedBy:public-key infrastructure,; Related:certificate,
indistinguishability: Related:encryption, security,
individual accountability: Related:user,
industry standard architecture: Related:automated information system,
infection: IncludedBy:threat,; Related:worm,
inference: IncludedBy:threat consequence,
informal: Antonym:formal,; Includes:informal specification,
informal specification: Antonym:formal specification,; IncludedBy:development process, informal,
information: Related:cryptography,
information and communications: IncludedBy:critical infrastructure,
information architecture: IncludedBy:automated information system,
information assurance: IncludedBy:assurance,; Related:authentication, availability, confidentiality, integrity, non-repudiation,
information center: IncludedBy:automated information system,
information engineering: IncludedBy:automated information system,
information environment: IncludedBy:automated information system,
information flow: IncludedBy:automated information system,
information flow control: Includes:object,; PreferredFor:flow control,; Related:security,
information operations: IncludedBy:automated information system,
information processing standard: Related:communications, software, test,
information protection policy: Related:assurance, security policy, threat,
information rate: HasPreferred:bandwidth,
information ratio: IncludedBy:automated information system,
information security: IncludedBy:security,; Includes:information systems security,; Related:National Institute of Standards and Technology, National Security Agency, availability, communications security, confidentiality,
information sharing and analysis center: IncludedBy:analysis,; Related:threat,
information superhighway: Related:communications,
information superiority: Related:exploit,
information system: IncludedBy:system,
information system security officer: IncludedBy:computer security, system security officer,; Related:system,
information systems audit and control association: IncludedBy:audit,
information systems audit and control foundation: IncludedBy:audit,
information systems security: IncludedBy:information security, threat, user,; Includes:network security, system security, system security engineering, telecommunications security,; Related:authentication, denial of service, encryption, identification, system, unauthorized access,; Synonym:computer security,
information systems security association: IncludedBy:computer security, system,
information systems security engineering: IncludedBy:computer security, requirements, system, threat,; Related:counter measures,
information systems security equipment modification: IncludedBy:computer security,; Includes:COMSEC modification,
information systems security manager: IncludedBy:computer security, system,
information systems security officer: IncludedBy:computer security,; Includes:network security officer,
information systems security policy: IncludedBy:computer security,; Includes:security policy,
Information Systems Security products and services catalogue: IncludedBy:computer security, system,; Includes:degausser products list, endorsed tools list, evaluated products list, preferred products list,
information systems/technology: IncludedBy:system,
information technology: IncludedBy:automated information system,; Related:communications, software,
Information Technology Security Evaluation Criteria: IncludedBy:computer security, evaluation,
information technology system: IncludedBy:automated information system, system,; Related:communications,
information warfare: IncludedBy:threat, warfare,; Related:exploit,
infrastructure
infrastructure assurance: IncludedBy:assurance,; Related:critical infrastructure, incident, risk, threat,
infrastructure protection: IncludedBy:critical infrastructure,; Related:assurance, risk, threat, vulnerability,
ingress filtering: Related:internet,
inheritance
initial transformation: Related:networks,
initialization value: Related:key,; Synonym:initialization vector,
initialization vector: IncludedBy:Data Encryption Standard,; Related:algorithm, encryption,; Synonym:initialization value,
initialize: Related:cryptography, encryption,
initializing value: Related:hash,
input
input data: IncludedBy:cryptographic module,
input/output: Related:automated information system,
insertion: IncludedBy:threat consequence,
insider attack: IncludedBy:attack,; Related:networks,
inspectable space: Related:TEMPEST,
instance
instantiate
Institute of Electrical and Electronics Engineers, Inc
institute of internal auditors
instrument: Related:test,
instrumentation: Related:analysis,
Integrated CASE tools: Related:analysis, software,
integrated logistics support
Integrated services digital network: IncludedBy:networks,; Related:communications,
integrated test facility: IncludedBy:test,; Related:software development,
integration test: IncludedBy:test,; Related:software development,
integrity: IncludedBy:quality of protection, security,; Includes:authenticity, check character, checksum, correctness, correctness integrity, data authentication code, data integrity, data integrity service, error detection code, integrity policy, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, secure hash algorithm, source integrity, system and data integrity, system integrity,; Related:access control, business process, computer emergency response team, digital signature, entry-level certification, hash, information assurance, levels of concern, mid-level certification, post-accreditation phase, security controls, software, top-level certification,
integrity check: Related:cryptography, hash,
integrity check value
integrity policy: IncludedBy:integrity, policy,; Related:security policy,
integrity-checking tools: IncludedBy:security software,
intelligent threat: IncludedBy:threat,; Related:cryptography, encryption, exploit, key,
intent
inter-TSF transfers: IncludedBy:TOE security functions, target of evaluation,; Related:trust,
interactive mode
interarea interswitch rekeying key: IncludedBy:key,
interception: IncludedBy:threat consequence,
interconnection security agreements: IncludedBy:security,
interdependence: Related:risk,
interdiction: HasPreferred:denial of service,
interface: Related:communications, cryptography,
interface control document: Related:baseline, evaluation,
interface control unit: IncludedBy:automated information system,
interface testing: IncludedBy:test,
interference: IncludedBy:threat consequence,
interim accreditation: IncludedBy:accreditation,; Related:security,
interim accreditation action plan: IncludedBy:accreditation,; Related:risk, security,
interleaving attack: IncludedBy:attack,; Related:authentication,
internal communication channel: IncludedBy:channel, communication channel, communications, target of evaluation,
internal control questionnaire
internal rate of return
internal security controls: IncludedBy:risk management, security controls,; Includes:subject,; Related:software,
internal subject: IncludedBy:subject,
internal system exposure: IncludedBy:exposure,; Related:security,
internal throughput time
internal TOE transfer: IncludedBy:target of evaluation,
International Data Encryption Algorithm: IncludedBy:algorithm, symmetric algorithm,
International organization for standardization: IncludedBy:automated information system,; Includes:Open Systems Interconnection Reference model,; Related:ITU-T,
international standards organization
international telecommunication union: Related:networks,
International Traffic in Arms Regulations: Related:TEMPEST, cryptography, security,
internet: Includes:ARPANET, Distributed Authentication Security Service, Generic Security Service Application Program Interface, IP address, IPsec Key Exchange, Identification Protocol, Internet Corporation for Assigned Names and Numbers, Internet Draft, Internet Message Access Protocol, version 4, Internet Protocol Security Option, Internet Protocol security, Internet Security Association and Key Management Protocol, Internet Society, Internet Standard, MIME Object Security Services, PKIX, POP3 AUTH, Post Office Protocol, version 3, Rexd, SOCKS, Secure/MIME, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, USENET, anonymous login, cyberspace, domain name service server, domain name system, e-banking, e-mail server, email, extranet, file transfer protocol, firewall, gateway server, internet control message protocol, internet protocol, internet service provider, internet vs. Internet, internetwork, internetwork private line, intranet, listserv, mailing list, management information base, markup language, point-to-point protocol, port, pretty good privacy, proxy server, router, secure hypertext transfer protocol, secure shell, simple mail transfer protocol, simple network management protocol, sniffer, telnet, traceroute, transmission control protocol, transmission control protocol/internet protocol, transport layer security, tunnel, uniform resource identifier, uniform resource locator, uniform resource name, user data protocol, user datagram protocol, virtual private network, virus, wide area information service, world wide web, worm,; Related:Green book, Guidelines and Recommendations for Security Incident Processing, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Message Security Protocol, On-line Certificate Status Protocol, Open Systems Interconnection Reference model, Secure Electronic Transaction, attack, bill payment, bill presentment, certification hierarchy, computer emergency response team, computer emergency response team/ coordination center, computer network, concept of operations, confidentiality, cookies, counter measures, dial-up line, domain, egress filtering, electronic commerce, electronic messaging services, end system, external system exposure, host, https, hypermedia, hypertext, ingress filtering, interoperability standards/protocols, lurking, network connection, network worm, networks, object identifier, one-time passwords, open systems security, packet assembly and disassembly, password sniffing, peer-to-peer communication, personal communications network, policy certification authority, pop-up box, port scanning, protocol, public-key forward secrecy, repudiation, rules of behavior, trojan horse, validate vs. verify, vendor,
Internet Architecture Board: IncludedBy:Internet Society,; Related:trust,
Internet Assigned Numbers Authority: IncludedBy:Internet Society,; Related:networks,
internet control message protocol: IncludedBy:internet, security,; Related:communications, networks,
Internet Corporation for Assigned Names and Numbers: IncludedBy:internet,; Related:key,
Internet Draft: IncludedBy:internet,
Internet Engineering Steering Group: IncludedBy:Internet Society,; Related:trust,
Internet Engineering Task Force: IncludedBy:Internet Society,; Related:authentication, security,
Internet Message Access Protocol, version 4: IncludedBy:internet,
Internet Policy Registration Authority: IncludedBy:Internet Society,; Related:certification, public-key infrastructure,
internet protocol: IncludedBy:internet,; Related:communications, networks,
Internet Protocol security: IncludedBy:communications security, internet, security protocol,; Includes:Authentication Header, encapsulating security payload, transport mode vs. tunnel mode, tunnel mode,; Related:access control, authentication, confidentiality, encryption, key,
Internet Protocol Security Option: IncludedBy:internet, security protocol,; Related:National Security Agency, classification level, networks,
Internet Security Association and Key Management Protocol: IncludedBy:internet, security protocol,; Related:authentication, cryptography, digital signature, encryption, key,
internet service provider: IncludedBy:internet,
Internet Society: IncludedBy:internet,; Includes:Internet Architecture Board, Internet Assigned Numbers Authority, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Policy Registration Authority, Internet Society Copyright, Request for Comment,; Related:trust,
Internet Society Copyright: IncludedBy:Internet Society,
Internet Standard: IncludedBy:internet,; Related:Request for Comment,
Internet Standards document: IncludedBy:Request for Comment,
internet vs. Internet: IncludedBy:internet,; Related:model, networks,
Internet worm: IncludedBy:worm,; Related:networks,
internetwork: IncludedBy:internet, networks,; Related:communications,
internetwork private line: IncludedBy:internet, networks,; Related:cryptography,
interoperability: Synonym:interoperable,
interoperability standards/protocols: Related:internet,
interoperable: Related:software,; Synonym:interoperability,
interoperate
interpersonal messaging
interpretation
interswitch rekeying key: IncludedBy:key,
interval estimate
interval variable
intranet: IncludedBy:internet,; Related:networks,
intruder: IncludedBy:threat,; Related:authorization,
intrusion: IncludedBy:threat, threat consequence,; Includes:computer intrusion, computer security intrusion, penetration,; Related:authorization, availability, confidentiality, intrusion detection, security intrusion, unauthorized access,
intrusion detection: IncludedBy:risk management,; Includes:Intrusion Detection In Our Time, intrusion detection system, intrusion detection tools,; Related:audit, authorization, intrusion, networks, software,
Intrusion Detection In Our Time: IncludedBy:intrusion detection, security software,
intrusion detection system: IncludedBy:intrusion detection, security software, system,; Related:audit, networks,
intrusion detection tools: IncludedBy:intrusion detection, security software,; Related:unauthorized access,
invalidity date: IncludedBy:public-key infrastructure,; Related:certificate, digital signature, key, non-repudiation,
IP address: IncludedBy:internet,; Related:networks,
IP splicing/hijacking: IncludedBy:attack,; Related:authentication, hijack attack, networks, session hijacking,
ip spoofing: IncludedBy:address spoofing, masquerade, spoofing,; Related:networks,
IPsec Key Exchange: IncludedBy:internet,; Related:authentication, key, security,
IS related risk: IncludedBy:risk,; Related:failure, threat, vulnerability,
IS security architecture: IncludedBy:computer security,
isolation: Includes:object, subject,
issue: Related:certificate, public-key infrastructure,
issuer: IncludedBy:Secure Electronic Transaction,; Related:certificate, public-key infrastructure,
IT security: IncludedBy:Automated Information System security,; Related:authentication, availability, confidentiality, non-repudiation,; Synonym:computer security,
IT security certification: IncludedBy:Automated Information System security, certification, computer security, target of evaluation,
IT Security Evaluation Criteria: IncludedBy:Automated Information System security, computer security, evaluation,
IT Security Evaluation Methodology: IncludedBy:Automated Information System security, computer security, evaluation,
IT security policy: IncludedBy:computer security, policy,
IT security product: IncludedBy:computer security,; Related:software,
IT system: HasPreferred:automated information system,
iteration
ITU-T: Includes:CCITT, Open Systems Interconnection Reference model,; Related:International organization for standardization,
Java: IncludedBy:software,; Related:networks,
joint task force-computer network defense: Related:incident, threat,
JTC1 Registration Authority
judgment sample: Related:analysis,
Kerberos: IncludedBy:Simple Authentication and Security Layer, distributed computing environment, security software,; Includes:key distribution center, session key, third party trusted host model,; Related:access control, networks, passwords, privacy, trust,
kernelized secure operating system: IncludedBy:system,
key: IncludedBy:Multilevel Information System Security Initiative, Secure Electronic Transaction, security,; Includes:Data Encryption Standard, MAC algorithm key, Programmable key storage device, S/Key, SAVILLE Advanced Remote Keying, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, area interswitch rekeying key, asymmetric cryptographic algorithm, automated key distribution, automated key management center, automated key management system, automatic key distribution center, automatic key distribution/rekeying control unit, automatic remote rekeying, block cipher key, cipher text auto-key, common interswitch rekeying key, compartment key, compromised key list, contingency key, cooperative key generation, crypto-ignition key, cryptographic functions, cryptographic ignition key, cryptographic key, cryptonet key, data encryption key, data key, digital certificate, digital key, digital signature, directly trusted CA key, effective key length, electronic key management, electronic key management system, electronically generated key, encrypted key, ephemeral key, exercise key, hard copy key, hardened unique storage Key, hardwired key, interarea interswitch rekeying key, interswitch rekeying key, key card, key distribution center, key list, key management, key management application service element, key management center, key management identification number, key management infrastructure, key management ordering and distribution center, key management protocol data unit, key management system, key management system Agent, key management user agent, key pair, key processor, key production key, key recovery, key storage device, key stream, key tag, key tape, key updating, key variable generator, key-auto-key, key-encrypting key, key-encryption-key, key-escrow, key-escrow system, keying material, keys used to encrypt and decrypt files, local management device/key processor, lock-and-key protection system, loop key generator, maintenance key, manual remote rekeying, master crypto-ignition key, operational key, over-the-air key distribution, over-the-air key transfer, over-the-air rekeying, per-call key, plaintext key, point-to-point key establishment, post-nuclear event key, pretty good privacy, private decipherment key, private key, private signature key, public encipherment key, public key, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key infrastructure, remote rekeying, reserve keying material, root key, secret key, secret-key cryptography, secure multipurpose internet mail extensions, security management infrastructure, seed key, session key, signature key, single point keying, split key, symmetric algorithm, symmetric key, test key, token storage key, tokens, traffic encryption key, training key, transmission security key, trusted key, unique interswitch rekeying key, verification key, virtual private network,; Related:Blowfish, CA certificate, CAPSTONE chip, COMSEC aid, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC system data, CRYPTO, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Clipper chip, Cryptographic Message Syntax, Data Authentication Algorithm, Data Encryption Algorithm, Diffie-Hellman, Escrowed Encryption Standard, FIPS PUB 140-1, FIREFLY, Federal Public-key Infrastructure, Federal Standard 1027, Fortezza, HMAC, IEEE P1363, IMAP4 AUTHENTICATE, IPsec Key Exchange, Internet Corporation for Assigned Names and Numbers, Internet Protocol security, Internet Security Association and Key Management Protocol, Key Exchange Algorithm, Key Management Protocol, MIME Object Security Services, MISSI user, OAKLEY, PKCS #10, PKCS #11, PKIX, POP3 APOP, Photuris, Rivest Cipher 2, Rivest Cipher 4, Rivest, Shamir, and Adleman, Rivest-Shamir-Adelman algorithm, Rivest-Shamir-Adleman, SET private extension, Secure Data Network System, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Skipjack, Standards for Interoperable LAN/MAN Security, The Exponential Encryption System, U.S.-controlled space, Wassenaar Arrangement, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate, access control center, archive, asymmetric cryptography, attribute certificate, authority revocation list, bind, binding, block cipher, break, brute force, certificate, certificate management, certificate policy, certificate policy qualifier, certificate rekey, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification hierarchy, certification path, certification request, certify, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, class 2, 3, 4, or 5, common name, communications security, compromise, counter measures, critical security parameters, cross-certification, cryptanalysis, cryptographic algorithm, cryptographic system, cryptographic token, cryptonet, cryptoperiod, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication service, decipher, dictionary attack, digital certification, digital envelope, digital id, distinguished name, distribution point, domain name system, dongle, dual signature, elliptic curve cryptography, encryption, encryption certificate, end entity, explicit key authentication from A to B, extension, fingerprint, hierarchy management, hybrid encryption, implicit key authentication from A to B, initialization value, intelligent threat, invalidity date, key agreement, key authentication, key center, key confirmation, key confirmation from A to B, key control, key derivation function, key distribution, key distribution centre, key distribution service, key establishment, key generating function, key generation, key generation exponent, key generator, key length, key lifetime, key material identifier, key space, key token, key translation center, key translation centre, key transport, key update, key validation, keyed hash, known-plaintext attack, link encryption, man-in-the-middle, merchant certificate, mesh PKI, message authentication code vs. Message Authentication Code, message integrity code, modulus, object, ohnosecond, one-time pad, one-time passwords, one-way encryption, organizational certificate, out of band, path discovery, personality label, policy approving authority, policy creation authority, privacy enhanced mail, private component, public component, public-key forward secrecy, random, registration, registration authority, rekey, repository, revocation date, root, root certificate, secret, secure hypertext transfer protocol, secure socket layer, security association identifier, security event, self-signed certificate, shared secret, signature certificate, signer, slot, smartcards, split knowledge, start-up KEK, stream cipher, strong authentication, subject, subordinate certification authority, symmetric cryptography, token copy, token management, triple DES, trust, trust-file PKI, trusted certificate, unforgeable, v1 certificate, v2 certificate, v3 certificate, validate vs. verify, validity period, web of trust, zeroize,
key agreement: Related:encryption, key, shared secret,
key authentication: IncludedBy:authentication,; Related:key,
key card: IncludedBy:key,
key center: Related:encryption, key,
key confirmation: Related:key,
key confirmation from A to B: Related:key,
key control: Related:key,
key derivation function: Related:key,
key distribution: Related:key,
key distribution center: IncludedBy:Kerberos, key, key management,; Related:communications security, encryption,
key distribution centre: Related:key, trust,
key distribution service: Related:key,
key establishment: Related:key,
Key Exchange Algorithm: Related:National Security Agency, key,
key generating function: Related:key,
key generation: Related:key,
key generation exponent: Related:key, trust,
key generator: Related:encryption, key,
key length: Related:key,
key lifetime: IncludedBy:Multilevel Information System Security Initiative,; Related:certificate, key, public-key infrastructure,
key list: IncludedBy:key,
key loader: IncludedBy:key management,
key management: IncludedBy:key, security,; Includes:Key Management Protocol, automated key distribution, electronic key entry, key distribution center, key loader, key management/exchange, key recovery, key-escrow, manual key distribution, manual key entry,; Related:audit, public-key infrastructure,
key management application service element: IncludedBy:key,
key management center: IncludedBy:key,
key management identification number: IncludedBy:key,
key management infrastructure: IncludedBy:key,; Related:software,
key management ordering and distribution center: IncludedBy:key,
Key Management Protocol: IncludedBy:key management, security protocol,; Related:key,
key management protocol data unit: IncludedBy:key,
key management system: IncludedBy:key, system,
key management system Agent: IncludedBy:key, system,
key management user agent: IncludedBy:key,
key management/exchange: IncludedBy:key management,; Related:privacy,
key material identifier: IncludedBy:Multilevel Information System Security Initiative,; Related:certificate, key, public-key infrastructure,
key pair: IncludedBy:key,; Related:digital signature, encryption,
key processor: IncludedBy:key,
key production key: IncludedBy:key,
key recovery: IncludedBy:key, key management, recovery,; Includes:data key, encrypted key, key-encrypting key, key-escrow system, plaintext key, session key, split knowledge,; Related:confidentiality, encryption, key-escrow, trust,
key space: Related:key,
key storage device: IncludedBy:key,
key stream: IncludedBy:key,
key tag: IncludedBy:key,; Related:identification,
key tape: IncludedBy:key,
key token: IncludedBy:tokens,; Related:key,
key translation center: Related:encryption, key,
key translation centre: Related:key, trust,
key transport: Related:encryption, key,
key update: Related:key,
key updating: IncludedBy:key,
key validation: Related:attack, key,
key variable generator: IncludedBy:key,
key-auto-key: IncludedBy:key,
key-encrypting key: IncludedBy:key, key recovery,; Related:encryption,
key-encryption-key: IncludedBy:encryption, key,
key-escrow: IncludedBy:key, key management, key-escrow system,; Related:audit, key recovery, trust,
key-escrow system: IncludedBy:key, key recovery, system,; Includes:key-escrow,; Related:algorithm, encryption,
keyed hash: IncludedBy:hash,; Related:authentication, encryption, key, threat,
keying material: IncludedBy:key,; Related:authentication,
keys used to encrypt and decrypt files: IncludedBy:key,
keystroke monitoring: IncludedBy:attack,; Related:audit, software,
killer packets: Related:networks,
kiosk
known-plaintext attack: IncludedBy:attack,; Related:analysis, cryptography, key,
label: IncludedBy:security label,
labeled security protections: IncludedBy:security,; Related:access control, trust,
laboratory attack: IncludedBy:attack,; Related:recovery,
language: Related:automated information system,
language of temporal ordering specification: Related:networks,
laptop computer: Related:automated information system,
large scale integration: Related:automated information system,
lattice: IncludedBy:Bell-LaPadula security model,; Related:test,
lattice model: IncludedBy:Bell-LaPadula security model, model,; Related:classification level, test,
Law Enforcement Access Field: IncludedBy:Clipper chip,; Related:encryption,
Layer 2 Forwarding Protocol: IncludedBy:security protocol,; Related:internet, networks,
Layer 2 Tunneling Protocol: IncludedBy:security protocol,; Related:internet, networks,
layer management entry
layer management interface
layered solution: IncludedBy:security,; Related:counter measures,
leakage: IncludedBy:threat,
leapfrog attack: IncludedBy:attack,; Related:passwords,
least privilege: IncludedBy:privilege,; Includes:need-to-know, subject,; Related:authorization, security,
legacy data: Related:automated information system,
legacy systems: IncludedBy:system,; Related:business process,
letterbomb: IncludedBy:email, threat,; Related:denial of service,
level of protection: Related:assurance, counter measures, networks, threat, vulnerability,
levels of concern: Related:availability, confidentiality, exposure, integrity, risk, security, threat,
liability
license: Related:software,
life cycle management: IncludedBy:automated information system,
life cycle stage
Lightweight Directory Access Protocol: IncludedBy:security protocol,; Related:authentication,
limited access: HasPreferred:access control,
limited maintenance: Related:communications security,
limited rate initial preproduction
line conditioning: Related:communications,
line conduction: Related:communications,
linear predictive coding
link: Related:communications, hyperlink, networks, world wide web,
link encryption: IncludedBy:encryption,; Related:key, networks,
list-oriented: Antonym:ticket-oriented,; IncludedBy:authorization,; Includes:object, subject,
listserv: IncludedBy:internet,
local authority: Related:user,
local loop: Related:communications,
local management device
local management device/key processor: IncludedBy:key,; Related:communications security, user,
local requirements: Antonym:global requirements,; IncludedBy:requirements, trusted computing base,; Related:analysis,
local-area netwokr: Related:communications, networks,
local-area network: IncludedBy:user,
lock-and-key protection system: IncludedBy:key, system,; Related:assurance, passwords,
lockout
logged in: Related:automated information system,
logging: IncludedBy:firewall,; Related:evidence, test,; Synonym:audit trail,
logic bomb: IncludedBy:threat,; Related:denial of service, time bomb,
logical access: Related:access control, security,
logical co-processing kernel
logical completeness measure: Related:access control,
logical system definition: IncludedBy:automated information system, system,; Related:networks,
login: Related:access control, audit, passwords,
login prompt: Related:passwords,
long title: Related:communications security,
loop: IncludedBy:risk,
loop key generator: IncludedBy:key,
loophole: IncludedBy:threat,; Related:software,
low probability of detection: Related:risk,
low probability of intercept: Related:risk,
low-cost encryption/authentication device: IncludedBy:authentication,; Related:encryption,
lurking: IncludedBy:threat,; Related:internet,
MAC algorithm key: IncludedBy:key,
macro virus: IncludedBy:virus,
magnetic remanence: IncludedBy:overwrite procedure,; Synonym:remanence,
mailbomb: IncludedBy:email, threat,
mailbombing: Related:attack,
mailing list: IncludedBy:internet,
maintainability: Related:availability,
maintenance: Related:fault, software,
maintenance hook: IncludedBy:risk,; Related:software,
maintenance key: IncludedBy:key,
major application: Related:risk, unauthorized access,
malicious applets: IncludedBy:threat,
malicious code: IncludedBy:threat,; Includes:worm,; Related:malicious logic, malware, software, virus,
malicious logic: IncludedBy:threat, threat consequence,; Related:malicious code, software, unauthorized access,
malicious program: IncludedBy:threat,
malware: IncludedBy:threat,; Related:malicious code, software,
man-in-the-middle: IncludedBy:attack,; Related:authentication, key,
management controls: Related:risk, security, security controls,
management engineering plan
management information base: IncludedBy:internet,
manager information systems: IncludedBy:system,
mandatory access control: IncludedBy:access control,; Synonym:non-discretionary access control,
mandatory modification: Related:communications security,
manipulation detection code: Related:attack,
manipulative communications
manual cryptosystem: IncludedBy:cryptography,
manual key distribution: IncludedBy:key management,
manual key entry: IncludedBy:key management,
manual remote rekeying: IncludedBy:key,
markup language: IncludedBy:internet, standard generalized markup language,
mask generation function
masquerade: IncludedBy:threat consequence,; Includes:DNS spoofing, address spoofing, ip spoofing, masquerade attack, masquerading, mimicking, spoofing, spoofing attack,; Related:alias, threat,; Synonym:impersonation,
masquerade attack: IncludedBy:attack, masquerade,
masquerading: IncludedBy:attack, masquerade,; Related:authentication,
mass-market software: IncludedBy:software, software product,; Related:COTS software,
master crypto-ignition key: IncludedBy:key,
master file: IncludedBy:automated information system,
material symbol
matrix: Related:hash,
MD2: Related:cryptography, hash,
MD4: Related:cryptography, hash,
MD5: Related:cryptography, hash,
meaconing, intrusion, jamming, and interference: IncludedBy:communications security,
mean
mean absolute deviation
mean-time-between-failure: IncludedBy:failure,
mean-time-between-outages: IncludedBy:failure,
mean-time-to-fail: IncludedBy:failure,
mean-time-to-repair: Related:failure,
mean-time-to-service-restoral: Related:failure,
measure
mechanism
media
media protection: Related:exposure, security,
median
MEI resource elements: IncludedBy:minimum essential infrastructure,; Related:vulnerability,
memorandum of agreement: HasPreferred:memorandum of understanding,
memorandum of understanding: PreferredFor:memorandum of agreement,
memory
memory scavenging: IncludedBy:automated information system,
memory space-time
merchant: IncludedBy:Secure Electronic Transaction,
merchant certificate: IncludedBy:Secure Electronic Transaction, certificate,; Related:digital signature, encryption, key,
merchant certification authority: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certificate, certification,
merge access: IncludedBy:access,
mesh PKI: IncludedBy:public-key infrastructure,; Related:certificate, key, trust,
message
message authentication code: IncludedBy:authentication,; Related:cryptography, hash function,; Synonym:data authentication code,
message authentication code algorithm: IncludedBy:authentication,; Related:cryptography,
message authentication code vs. Message Authentication Code: IncludedBy:authentication,; Related:cryptography, email, encryption, hash, key, software,
message digest: Includes:message digest algorithm 5,; PreferredFor:digest,; Related:hash, test,
message digest algorithm 5: IncludedBy:algorithm, message digest,
message externals
message handling system: IncludedBy:system,; Related:email,
message identifier
message indicator: Related:communications, cryptography,
message integrity check: HasPreferred:message integrity code,
message integrity code: PreferredFor:message integrity check,; Related:authentication, email, encryption, hash, key, software,
message passing
message representative
Message Security Protocol: IncludedBy:security protocol,; Related:National Security Agency, internet,
metadata: IncludedBy:database management system,
metric: Related:algorithm, software,
metropolitan area networks: IncludedBy:networks,
microcode: IncludedBy:cryptographic module,
mid-level certification: IncludedBy:certification,; Related:availability, confidentiality, integrity,
million instruction per second: IncludedBy:automated information system,
MIME Object Security Services: IncludedBy:internet, security protocol,; Related:cryptography, digital signature, encryption, key,
mimicking: IncludedBy:attack, masquerade,; Synonym:spoofing,
miniature receiver terminal
miniature terminal
minimum essential emergency communications network: IncludedBy:minimum essential infrastructure, networks,
minimum essential infrastructure: Includes:MEI resource elements, minimum essential emergency communications network,; Related:access control, accountability, areas of potential compromise, availability, continuity of services and operations, segregation of duties,
minimum essential requirements
Minimum Interoperability Specification for PKI Components: IncludedBy:public-key infrastructure,; Related:certificate,
minimum level of protection: Related:assurance, risk,
mirroring: Related:availability, backup,
misappropriation: IncludedBy:threat consequence,
MISSI user: IncludedBy:Multilevel Information System Security Initiative, user,; Related:Fortezza, certificate, certification, key, public-key infrastructure,
mission critical: Related:vulnerability,
mission critical system: IncludedBy:system,; Related:business process,
mission needs statement: IncludedBy:threat,
misuse: IncludedBy:threat consequence,
misuse detection model: IncludedBy:model, security policy model,; Related:rules based detection,
mitigation: IncludedBy:risk management,; Related:incident,
mnemonic
mobile code
mobile subscriber equipment
mockingbird: IncludedBy:threat,
mode: HasPreferred:mode of operation,
mode of operation: PreferredFor:mode,; Related:classification level, encryption, security, user,
model: Includes:Bell-LaPadula security model, Biba Integrity model, Biba model, Clark Wilson integrity model, Open Systems Interconnection Reference model, TOE security policy model, anomaly detection model, as is process model, formal model of security policy, formal security policy model, lattice model, misuse detection model, modeling or flowcharting, open system interconnection model, security model, security policy model, simulation modeling, third party trusted host model, to be process model,; Related:*-property, CASE tools, OSI architecture, Standards for Interoperable LAN/MAN Security, analysis, client server, credentials, discrete event simulation, domain, energy-efficient computer equipment, finite state machine, formal development methodology, formal top-level specification, formal verification, internet vs. Internet, object, prototyping, secure hypertext transfer protocol, security, security policy, simple security condition, simple security property, ticket, top-level specification, tranquility, trusted subject, verification, world class organizations,
model experimental development model/exploratory development model
modeling or flowcharting: IncludedBy:model,
modem
modes of operation: Includes:automated information system, compartmented security mode, dedicated security mode, multilevel device, multilevel secure, multilevel security mode, multiuser mode of operation, partitioned security mode, protection ring, single-level device, stand-alone, shared system, stand-alone, single-user system, system high, system low, system-high security mode,; Related:classification level, security, software, trust,
modification/configuration control board
modular software: IncludedBy:software,
modularity: Related:software,
modulus: Related:key,
monitor: Related:evidence, trust,; Synonym:monitoring authority,
monitoring authority: Synonym:monitor,
Monitoring of Evaluations: IncludedBy:Common Criteria Testing Laboratory, evaluation,; Related:security,
monolithic TCB: IncludedBy:trusted computing base,
morris worm: IncludedBy:worm,
motivation: IncludedBy:security,; Related:unauthorized access,
multicast: Related:communications,
multihost based auditing: IncludedBy:audit, automated information system,
multilevel device: IncludedBy:modes of operation,; Related:risk, security, trust,
Multilevel Information System Security Initiative: IncludedBy:National Security Agency, computer security, system,; Includes:MISSI user, SSO PIN, SSO-PIN ORA, certificate, certificate rekey, certification, certification hierarchy, compromised key list, domain, key, key lifetime, key material identifier, no-PIN ORA, organizational certificate, organizational registration authority, personality label, policy approving authority, policy creation authority, root, root registry, slot, subordinate certification authority, user PIN, user-PIN ORA,; Related:networks,
multilevel information systems security initiative: IncludedBy:computer security, system,
multilevel mode: Related:user,
multilevel secure: IncludedBy:modes of operation,; Related:security,
multilevel security: IncludedBy:authorization, security,; Includes:controlled security mode,; Related:classification level,
multilevel security mode: IncludedBy:modes of operation, security,; Includes:system-high security mode,; Related:accreditation, classification level,
multimedia
multiple access rights terminal
multiple component incident: IncludedBy:incident,
multipurpose internet mail extensions: IncludedBy:email, security protocol,; Includes:secure multipurpose internet mail extensions,
multiuser mode of operation: IncludedBy:modes of operation, user,
mutation analysis: IncludedBy:analysis,; Related:error seeding, test,
mutation testing: IncludedBy:test,
mutual authentication: IncludedBy:authentication,; Related:unilateral authentication,; Synonym:mutual entity authentication,
mutual entity authentication: IncludedBy:authentication,; Synonym:mutual authentication,
mutual forward secrecy: IncludedBy:forward secrecy,
mutual recognition of certificates
mutual suspicion: IncludedBy:security,; Related:trust,
mutually suspicious: IncludedBy:security,
n-bit block cipher
nak attack: IncludedBy:attack,
narrowband network: IncludedBy:networks,
National Communications System: IncludedBy:system,
national computer security assessment program: IncludedBy:computer security,; Related:analysis, threat,
National Computer Security Center: IncludedBy:computer security,; Includes:trusted computer system,; Related:National Security Agency, availability, evaluation, networks, trust,
National Computer Security Center glossary: IncludedBy:computer security,; Related:networks, trust,
National COMSEC Advisory Memorandum: IncludedBy:communications security,
National COMSEC Information Memorandum: IncludedBy:communications security,
National COMSEC Instruction: IncludedBy:communications security,
National Cryptologic School: IncludedBy:cryptography,
National Industrial Security Advisory Committee: IncludedBy:security,
National Information Assurance partnership: IncludedBy:Common Criteria for Information Technology Security, National Institute of Standards and Technology, assurance,; Includes:Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Evaluation Methodology, NIAP Common Criteria Evaluation and Validation Scheme, NIAP Oversight Body, National Voluntary Laboratory Accreditation Program, accreditation body, approved technologies list, approved test methods list, degausser products list, deliverables list, designated laboratories list, endorsed tools list, evaluated products list, preferred products list, validated products list,; Related:National Security Agency, accreditation, quality, test,
National Information Infrastructure: Related:networks,
National Institute of Standards and Technology: Includes:Advanced Encryption Standard, Clipper chip, Common Criteria for Information Technology Security, Computer Security Objects Register, Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Criteria Vol. I, Federal Information Processing Standards, Federal Standard 1027, Fortezza, NIAP Common Criteria Evaluation and Validation Scheme, National Information Assurance partnership, data authentication code, object identifier, party, validate vs. verify,; Related:information security,
national quality award: IncludedBy:quality,
National Security Agency: IncludedBy:security,; Includes:CAPSTONE chip, Clipper chip, Fortezza, Multilevel Information System Security Initiative, Skipjack, degausser, degausser products list, evaluated products list, preferred products list, rainbow series,; Related:Common Criteria for Information Technology Security, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, Message Security Protocol, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, National Information Assurance partnership, Secure Data Network System, Type I cryptography, Type II cryptography, information security, party,
National Security Decision Directive 145: IncludedBy:security,; Includes:object, subcommittee on Automated Information System security, subcommittee on telecommunications security,; Related:computer security,
National Security Decision Directive: IncludedBy:security,
National Security Directive: IncludedBy:security,
National Security Emergency Preparedness: IncludedBy:security,
national security information: IncludedBy:security,; Related:access control,
national security system: IncludedBy:security, system,; Related:cryptography,
National Security Telecommunications Advisory Committee: IncludedBy:security,
National Security Telecommunications and Information Systems Security Advisory/Information Memorandum: IncludedBy:computer security, system,
National Security Telecommunications and Information Systems Security Committee: IncludedBy:computer security, system,
National Security Telecommunications and Information Systems Security Directive: IncludedBy:computer security, system,
National Security Telecommunications and Information Systems Security Instruction: IncludedBy:computer security, system,
National Security Telecommunications and Information Systems Security Policy: IncludedBy:computer security, system,
National Telecommunications and Information Administration: Related:networks,
national telecommunications and information system security directives: IncludedBy:computer security, system,
National Telecommunications and Information Systems Security Advisory Memoranda/Instructions: IncludedBy:computer security, system,
National Telecommunications and Information Systems Security Directive: IncludedBy:computer security, system,
National Telecommunications and Information Systems Security Instruction: IncludedBy:computer security, system,
National Telecommunications and Information Systems Security Policy: IncludedBy:computer security, system,
National Voluntary Laboratory Accreditation Program: IncludedBy:National Information Assurance partnership, accreditation,; Related:computer security, evaluation,
natural benchmark
natural disaster: IncludedBy:threat, threat consequence,; Related:critical infrastructure,
need-to-know: IncludedBy:access control, least privilege,
negative acknowledgment
negative tests: IncludedBy:test,
negotiated acquisition
net control station
net present value
network address translation: IncludedBy:firewall, networks,
network administrator
network architecture: IncludedBy:networks, security architecture,; Includes:network component, object,; Related:communications, software,
network based: IncludedBy:networks,; Related:audit,
network component: IncludedBy:component, network architecture, networks,; Includes:network front-end, network reference monitor,; Related:access control, audit, authentication, evaluation, identification, trust, trusted computer system,
network configuration: IncludedBy:networks,; Related:communications,
network connection: IncludedBy:networks,; Related:internet,
network device: IncludedBy:networks,; Related:communications,
Network File System: IncludedBy:networks, system,
network front-end: IncludedBy:network component, networks,; Related:security,
network interface card: IncludedBy:networks,
Network Layer Security Protocol: IncludedBy:networks, security protocol,
network level firewall: IncludedBy:firewall, networks,
network management: IncludedBy:networks,; Related:fault, security,
network management architecture: IncludedBy:networks,; Related:communications, software,
network management protocol: IncludedBy:networks,; Related:communications,
network management software: IncludedBy:networks, software,; Related:security,
network monitoring tools: IncludedBy:networks, security software,
network protocol stack: Related:automated information system,
network reference monitor: IncludedBy:access control, network component, networks, reference monitor,; Includes:object, subject,
network security: IncludedBy:communications security, information systems security, networks,; Related:assurance, unauthorized access,
network security architecture: IncludedBy:communications security, networks,
network security architecture and design: IncludedBy:communications security,
network security officer: IncludedBy:communications security, information systems security officer, networks,
network services: IncludedBy:networks,
network size: IncludedBy:networks,
network sponsor: IncludedBy:networks,; Includes:functional proponent,; Related:communications security, security,
network system: IncludedBy:networks, system,; Related:security,
network topology: IncludedBy:networks,
network trusted computing base: IncludedBy:networks, trusted computing base,; Includes:NTCB partition,; Related:software,
network weaving: IncludedBy:networks,; Related:communications,
network worm: IncludedBy:networks,; Related:internet,
networking features of software: IncludedBy:networks, software,
networks: IncludedBy:automated information system,; Includes:ARPANET, Advanced Research Projects Agency Network, Defense Information System Network, Integrated services digital network, Network File System, Network Layer Security Protocol, Secure Data Network System, Trusted Network Interpretation Environment Guideline, advanced intelligence network, advanced intelligent network, automatic digital network, broadband network, centrally-administered network, communications, computer network, computer network attack, computer network defense, defense switched network, global network information environment, ground wave emergency network, internetwork, internetwork private line, metropolitan area networks, minimum essential emergency communications network, narrowband network, network address translation, network architecture, network based, network component, network configuration, network connection, network device, network front-end, network interface card, network level firewall, network management, network management architecture, network management protocol, network management software, network monitoring tools, network reference monitor, network security, network security architecture, network security officer, network services, network size, network sponsor, network system, network topology, network trusted computing base, network weaving, network worm, networking features of software, personal communications network, protected network, secure network server, simple network management protocol, subnetwork, trusted network interpretation, unprotected network, value-added network, virtual network perimeter, virtual private network, wide-area network,; Related:Chernobyl packet, Common Criteria for Information Technology Security, Defense Information Infrastructure, Estelle, Extensible Authentication Protocol, Guidelines and Recommendations for Security Incident Processing, IEEE 802.10, IP address, IP splicing/hijacking, Internet Assigned Numbers Authority, Internet Protocol Security Option, Internet worm, Java, Kerberos, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Multilevel Information System Security Initiative, NTCB partition, National Computer Security Center, National Computer Security Center glossary, National Information Infrastructure, National Telecommunications and Information Administration, OSI architecture, Open Systems Interconnection Reference model, Red book, Remote Authentication Dial-In User Service, SATAN, SOCKS, Secure Data Exchange, Secure Electronic Transaction, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, acceptable level of risk, acceptable use policy, access control, accreditation, accreditation range, address spoofing, alarm reporting, alarm surveillance, alert, application program interface, asynchronous transfer mode, auditing tool, authenticate, authentication service, automated key distribution, automated security incident measurement, bandwidth, bastion host, brand, break, brouters, cascading, cellular transmission, checksum, circuit switching, class hierarchy, communication channel, component, computer emergency response team, computer oracle and password system, computing security methods, confidentiality, connection, data source, datagram, designated approving authority, digital signature, diplomatic telecommunications service, distributed data, distributed database, distributed processing, downgrade, dual-homed gateway firewall, electronic benefit transfer, email security software, encrypt for transmission only, end system, end-to-end encryption, end-user, ethernet meltdown, evaluation assurance level, extranet, fault, file transfer, file transfer access management, file transfer protocol, filtering router, firewall, future narrow band digital terminal, gateway, global command and control system, global telecommunications service, goodput, gopher, government emergency telecommunications service, guard, hacker, hacking, homed, host, host-based firewall, hypertext transfer protocol, initial transformation, insider attack, international telecommunication union, internet, internet control message protocol, internet protocol, internet vs. Internet, intranet, intrusion detection, intrusion detection system, ip spoofing, killer packets, language of temporal ordering specification, level of protection, link, link encryption, local-area netwokr, logical system definition, non-technical countermeasure, object, octet, on-line transaction processing, open system environment, open system interconnection model, open systems interconnection, open systems security, overt channel, packet, packet filtering, packet sniffer, packet switching, packet transfer mode, passive, password sniffing, passwords, perimeter-based security, phreaking, point-to-point tunneling protocol, pretty good privacy, private branch exchange, private decipherment transformation, proprietary protocol, protocol, protocol suite, proxy, purge, queuing theory, remote access software, remote login, residual risk, rootkit, router, router-based firewall, routing control, rule set, sanitization, screened subnet firewall, screening router, secure profile inspector, secure shell, secure socket layer, security architecture, security gateway, security incident, security kernel, security management, security net control station, security range, security situation, security-compliant channel, server, signaling, signaling system 7, single sign-on, smurf, smurfing, sniffer, start-up KEK, state transition diagram, stealth probe, superuser, synchronous flood, synchronous transmission, tcpwrapper, technical countermeasure, technology area, telecommunications, telnet, threat, tinkerbell program, topology, trace packet, traffic load, transaction file, transfer device, transfer time, transmission, transmission control protocol, transmission medium, transmission security, trusted identification, trusted identification forwarding, trusted process, tunnel, tunneled VPN, tunneling, tunneling router, user, user data protocol, vulnerability, web browser cache, web of trust, web vs. Web, wiretapping, worm,
NIAP Common Criteria Evaluation and Validation Scheme: IncludedBy:National Information Assurance partnership, National Institute of Standards and Technology, evaluation,; Related:National Security Agency, trust,
NIAP Oversight Body: IncludedBy:National Information Assurance partnership,; Related:evaluation,
nibble: Related:automated information system,
no prior relationship: Related:digital signature,
no-lone zone: Related:authorized, security,
no-PIN ORA: IncludedBy:Multilevel Information System Security Initiative,; Related:Fortezza,
nominal variable
non-discretionary access control: Antonym:discretionary access control,; IncludedBy:access control,; Related:non-discretionary security,; Synonym:mandatory access control,
non-discretionary security: IncludedBy:security,; Related:classification level, non-discretionary access control,
non-recoverable part: Related:recovery,
non-repudiation: Antonym:repudiation,; IncludedBy:certification authority, quality of protection,; Includes:non-repudiation exchange, non-repudiation information, non-repudiation of creation, non-repudiation of delivery, non-repudiation of knowledge, non-repudiation of origin, non-repudiation of receipt, non-repudiation of sending, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation,; Related:Generic Security Service Application Program Interface, IT security, NRD token, NRO token, NRS token, NRT token, accountability, assurance, authentication, cryptography, defense-wide information assurance program, digital signature, distinguishing identifier, evidence, information assurance, invalidity date, notarization token, originator, proof, recipient, sandboxed environment, secure single sign-on,
non-repudiation exchange: IncludedBy:non-repudiation,
non-repudiation information: IncludedBy:non-repudiation,; Related:evidence,
non-repudiation of creation: IncludedBy:non-repudiation,
non-repudiation of delivery: IncludedBy:non-repudiation,; Includes:NRD token,
non-repudiation of knowledge: IncludedBy:non-repudiation,
non-repudiation of origin: IncludedBy:non-repudiation,; Includes:NRO token,
non-repudiation of receipt: IncludedBy:non-repudiation,
non-repudiation of sending: IncludedBy:non-repudiation,
non-repudiation of submission: IncludedBy:non-repudiation,; Includes:NRS token,; Related:evidence,
non-repudiation of transport: IncludedBy:non-repudiation,; Includes:NRT token,; Related:evidence,
non-repudiation policy: IncludedBy:non-repudiation,; Related:evidence, verification,
non-repudiation service: IncludedBy:non-repudiation,; Related:authentication, evidence, security, test, trust,
non-repudiation token: IncludedBy:non-repudiation, tokens,; Includes:NRD token, NRO token, NRS token, NRT token,; Related:evidence,
non-technical countermeasure: IncludedBy:counter measures, security,; Related:exploit, networks,
nonce: Related:attack,
noncomputing security methods: IncludedBy:security,; Related:software,
nonkernel security related: IncludedBy:security,
normal operation
notarization: Related:evidence, trust,
notarization token: IncludedBy:tokens,; Related:non-repudiation,
notary: Related:evidence, tokens, trust,
NRD token: IncludedBy:non-repudiation of delivery, non-repudiation token, tokens,; Related:non-repudiation,
NRO token: IncludedBy:non-repudiation of origin, non-repudiation token, tokens,; Related:non-repudiation,
NRS token: IncludedBy:non-repudiation of submission, non-repudiation token, tokens,; Related:non-repudiation,
NRT token: IncludedBy:non-repudiation of transport, non-repudiation token, tokens,; Related:non-repudiation,
NTCB partition: IncludedBy:network trusted computing base, trusted computing base,; Related:networks,
nuclear command and control document: IncludedBy:command and control,
null
NULL encryption algorithm: Related:confidentiality, encryption,
OAKLEY: Related:authentication, key, threat,
object: IncludedBy:Bell-LaPadula security model, National Security Decision Directive 145, TCB subset, TOE security policy, acceptance procedure, access, accountability, availability, candidate TCB subset, capability, category, component reference monitor, computer architecture, configuration control, default classification, dominated by, environment, functional component, granularity, granularity of a requirement, information flow control, isolation, list-oriented, network architecture, network reference monitor, object reuse, owner, package, passive, permissions, product rationale, protection philosophy, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource, scavenging, scope of a requirement, secure state, secure subsystem, security attribute, security enforcing, security function, security function policy, security label, security policy, sensitivity label, shall, should, simple security condition, simple security property, software requirement, storage object, subject security level, technical policy, technical security policy, ticket-oriented, tranquility, trusted subject, verification, write, write access,; Includes:TOE security functions, domain,; Related:key, model, networks,; UsedBy:subject,
object code: Related:automated information system,
object identifier: IncludedBy:Abstract Syntax Notation One, National Institute of Standards and Technology,; Related:internet, public-key infrastructure, security,
object reuse: Includes:object, subject,
object-oriented programming: Related:automated information system,
observation reports: IncludedBy:Common Criteria Testing Laboratory,; Related:computer security, evaluation, security,
obstruction: IncludedBy:threat consequence,
octet: Related:networks,
off-line cryptosystem: Related:encryption,
Office of Foreign Assets Control
ohnosecond: Related:key,
on ramp
On-line Certificate Status Protocol: IncludedBy:security protocol,; Related:certificate, internet,
on-line cryptosystem: Related:encryption,
on-line system: IncludedBy:system,
on-line transaction processing: Related:networks,
one-part code
one-time cryptosystem: IncludedBy:system,
one-time pad: Related:analysis, cryptography, encryption, key,
one-time passwords: IncludedBy:passwords,; Related:authentication, cryptography, hash, internet, key, threat,
one-time tape: Related:cryptography,
one-way encryption: IncludedBy:encryption,; Related:key,
one-way function: Related:cryptography, hash,
open security: IncludedBy:security,
open security environment: IncludedBy:security,; Related:assurance,
open storage
open system environment: IncludedBy:system,; Related:networks,
open system interconnection: IncludedBy:system,
open system interconnection model: IncludedBy:Open Systems Interconnection Reference model, model, security, system,; Related:communications, networks,
open systems: IncludedBy:system,
open systems interconnection: IncludedBy:Open Systems Interconnection Reference model, system,; Related:networks,
Open Systems Interconnection Reference model: IncludedBy:ITU-T, International organization for standardization, model,; Includes:OSI architecture, open system interconnection model, open systems interconnection,; Related:internet, networks, public-key infrastructure, security, system,
open systems security: IncludedBy:security, system,; Related:internet, networks,
operating procedure: IncludedBy:target of evaluation,
operating system: IncludedBy:system,; Related:software,
operation: IncludedBy:target of evaluation,
operational controls: Related:security, security controls,
operational data security: IncludedBy:security,
operational documentation: IncludedBy:target of evaluation,
operational environment: IncludedBy:target of evaluation,
operational integrity: IncludedBy:security,
operational key: IncludedBy:key,
operational testing: IncludedBy:test,
operational waiver
operations code: Related:communications,
operations manager: Related:cryptography, security,
operations security: IncludedBy:security,; Related:evidence, exploit,
operator: IncludedBy:cryptographic module,
optical character recognition
optical fiber
optical scanner
optional modification: Related:TEMPEST, communications security,
oracle: Related:test,
Orange book: IncludedBy:rainbow series,; Includes:A1, C2-protect,; Related:computer security, security,
order of an element in a finite commutative group
ordinal variable
organisational security policies: HasPreferred:organisational security policy,
organisational security policy: IncludedBy:policy, security policy,; PreferredFor:organisational security policies,
organizational certificate: IncludedBy:Multilevel Information System Security Initiative, certificate,; Related:key,
organizational maintenance: Related:user,
organizational registration: Related:user,
organizational registration authority: IncludedBy:Multilevel Information System Security Initiative,; Related:certificate,
origin authenticity: Related:authentication,
originating agency's determination required
originator: Related:non-repudiation,
OSI architecture: IncludedBy:Open Systems Interconnection Reference model,; Related:communications, model, networks,
out of band: Related:cryptography, key, security, shared secret,
outage: Related:communications, failure,
outcome
outlier
output: IncludedBy:trusted computing base,
output data: IncludedBy:cryptographic module,
output feedback
output transformation: Related:hash,
outside attack: IncludedBy:attack,
outsider attack: IncludedBy:attack,
outsourcing
over-the-air key distribution: IncludedBy:key,
over-the-air key transfer: IncludedBy:key,; Related:encryption,
over-the-air rekeying: IncludedBy:key,; Related:encryption,
overload: IncludedBy:threat consequence,
overt channel: Antonym:covert channel,; IncludedBy:channel,; Related:networks,
overwrite procedure: IncludedBy:erasure,; Includes:magnetic remanence, remanence,; Related:security,
overwriting
owner: IncludedBy:user,; Includes:object, subject,
package: Includes:object,; Related:assurance, security,
packet: Related:networks,
packet assembly and disassembly: Related:internet,
packet filter: IncludedBy:firewall,; Related:filtering router, packet filtering, security,
packet filtering: IncludedBy:firewall,; Includes:stateful packet filtering,; Related:networks, packet filter, proxy,
packet filtering firewall: IncludedBy:firewall,
packet sniffer: IncludedBy:sniffer,; Related:ethernet sniffing, networks, promiscuous mode,
packet switching: Related:networks, software,
packet transfer mode: Related:networks,
padding
pagejacking: IncludedBy:attack,; Related:hijack attack, world wide web,
parameter
pareto diagram
parity: IncludedBy:security,
partial order
partition rule base access control: IncludedBy:access control,
partitioned security mode: IncludedBy:modes of operation, security,; Related:accreditation, computer security,
partnership: Related:critical infrastructure,
party: IncludedBy:National Institute of Standards and Technology,; Related:National Security Agency, computer security, security,
passive: Includes:object,; Related:confidentiality, networks, threat,
passive attack: IncludedBy:attack,
passive threat: IncludedBy:threat,
passive wiretapping: IncludedBy:wiretapping,
passphrase: IncludedBy:passwords,
Password Authentication Protocol: IncludedBy:authentication, security protocol,; Related:passwords,
password cracker: IncludedBy:threat,; Related:dictionary attack, test,
password sniffing: IncludedBy:sniffing,; Related:internet, networks, passwords,
password system: IncludedBy:system,; Related:authentication, encryption,
password-locked screensaver: Related:passwords,
passwords: Includes:one-time passwords, passphrase, secure single sign-on, time-dependent password, virtual password,; Related:3-factor authentication, Extensible Authentication Protocol, Green book, Kerberos, Password Authentication Protocol, Terminal Access Controller Access Control System, anonymous login, auditing tool, authentication, check_password, community string, computer oracle and password system, crack, critical security parameters, default account, dictionary attack, encrypted key, ethernet sniffing, leapfrog attack, lock-and-key protection system, login, login prompt, networks, password sniffing, password-locked screensaver, personal identification number, print suppression, public-key forward secrecy, rootkit, salt, secret, security-relevant event, shared secret, simple authentication, simple network management protocol, smartcards, sniffer, third party trusted host model, ticket, tokens, user identifier,
patch
patch management
path coverage: Related:test,
path discovery: IncludedBy:public-key infrastructure,; Related:certificate, certification, key, trust,
path validation: IncludedBy:public-key infrastructure,; Related:certificate, certification,
payment
payment card: IncludedBy:Secure Electronic Transaction,
payment gateway: IncludedBy:Secure Electronic Transaction,
payment gateway certification authority: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certificate, certification,
PC card: Related:cryptography,
PCA
PCMCIA: Related:automated information system,
peer access approval
peer access enforcement
peer entity authentication: IncludedBy:authentication,
peer entity authentication service: IncludedBy:authentication,
peer-to-peer communication: Related:internet,
penetration: IncludedBy:attack, intrusion, threat consequence,; Includes:penetration signature, penetration study, penetration test, penetration testing,; Related:unauthorized access, violation,
penetration signature: IncludedBy:penetration,
penetration study: IncludedBy:penetration, risk management,
penetration test: IncludedBy:penetration, test,; Related:certification, evaluation,
penetration testing: IncludedBy:penetration, security testing, target of evaluation, test,; Related:exploit, trust, user,
people
per-call key: IncludedBy:key,; Related:encryption,
perfect forward secrecy: HasPreferred:forward secrecy,
performance gap: Related:quality,
performance measurement
perimeter: HasPreferred:security perimeter,
perimeter-based security: IncludedBy:security perimeter,; Related:networks,
periods processing
peripheral equipment
permissions: IncludedBy:authorization,; Includes:object, subject,; Related:access control, public-key infrastructure,
permissive action link
permuter: Related:cryptography,
perpetrator: IncludedBy:attack,
personal communications network: IncludedBy:networks,; Related:internet,
personal computer: Related:automated information system,
personal computer memory card international association: Related:automated information system,
personal digital assistant: Related:automated information system,
personal identification number: IncludedBy:identification,; Related:3-factor authentication, Fortezza, authentication, passwords, shared secret,
personal security environment: IncludedBy:security,; Related:cryptography, personalization service, public-key infrastructure, tamper, tokens, trust,
personality: HasPreferred:personality label,
personality label: IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,; PreferredFor:personality,; Related:Fortezza, certificate, digital signature, encryption, key,
personalization service: Related:cryptography, personal security environment, security, trust,
personnel security: IncludedBy:security,
phage: IncludedBy:threat,
PHF: IncludedBy:threat,
PHF hack: IncludedBy:threat,
Photuris: Related:key,
phracker: IncludedBy:threat,
phreaker: IncludedBy:threat,
phreaking: IncludedBy:attack,; Related:networks,
physical and environmental protection: Related:security, threat, unauthorized access,
physical destruction: IncludedBy:threat consequence,
physical protection: IncludedBy:cryptographic boundary,; Related:assurance, security,
physical security: IncludedBy:Automated Information System security,; Related:counter measures, threat, unauthorized access,
piggyback: IncludedBy:between-the-lines-entry,; Related:unauthorized access,
piggyback attack: IncludedBy:attack,
piggyback entry: IncludedBy:threat,; Related:unauthorized access,
pilot testing: IncludedBy:test,; Related:software,
ping of death: IncludedBy:attack,; Related:denial of service,
ping sweep: IncludedBy:attack,
PKCS #10: IncludedBy:public-key cryptography standards, public-key infrastructure,; Related:certificate, key,
PKCS #11: IncludedBy:public-key cryptography standards,; Related:key, software, tokens,
PKCS #7: IncludedBy:public-key cryptography standards,; Related:digital signature,
PKIX: IncludedBy:internet, public-key infrastructure,; Related:certificate, key, trust,
PKIX private extension: IncludedBy:public-key infrastructure,
plain text: HasPreferred:cleartext,; Related:cryptography,
plaintext key: IncludedBy:key, key recovery,
plan, do, check, act
platform: Related:software,
plug-in
plug-in modules: Related:software, world wide web,
point estimate
point of control and observation: Related:test,
point-of-sale
point-to-point key establishment: IncludedBy:key,
point-to-point protocol: IncludedBy:internet,; Includes:point-to-point tunneling protocol,; Related:authentication,
point-to-point tunneling protocol: IncludedBy:point-to-point protocol, security protocol, virtual private network,; Includes:private communication technology,; Related:networks,
policy: Includes:IT security policy, TOE security policy, acceptable use policy, corporate security policy, cryptographic module security policy, designation policy, formal model of security policy, identity-based security policy, integrity policy, organisational security policy, policy management authority, public-key infrastructure, rule-based security policy, secrecy policy, security function policy, security policy, system security policy, technical policy, technical security policy, term rule-based security policy, usage security policy,; Related:TOE security policy model, certificate, firewall, formal security policy model, rule set, secure configuration management, security, security association, security audit, security domain, security policy information file, security policy model, security requirements, source selection, verification,
policy approving authority: IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,; Related:certificate, certification, key,
policy certification authority: IncludedBy:public-key infrastructure,; Related:certification, internet,
policy creation authority: IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,; Related:certificate, certification, key,
policy management authority: IncludedBy:policy, public-key infrastructure,
policy mapping: Related:certificate, public-key infrastructure,
polling
polymorphism
pop-up box: Related:internet, world wide web,
POP3 APOP: Related:attack, authentication, hash, key, shared secret,
POP3 AUTH: IncludedBy:internet,; Related:authentication, challenge/response,
population: Related:audit,
port: IncludedBy:internet,; Related:cryptography,
port protection device: Related:assurance,
port scan: IncludedBy:attack,; Related:exploit,
port scanning: Related:internet,
portability: Related:software,
portfolio management
positive control material
positive enable system: IncludedBy:system,
POSIX: Related:access control, security,
Post Office Protocol, version 3: IncludedBy:internet,; Related:authentication, security,
post-accreditation phase: IncludedBy:accreditation,; Related:availability, confidentiality, integrity, risk, security, threat,
post-nuclear event key: IncludedBy:key,
practices dangerous to security: IncludedBy:security,
pre-authorization: Related:certification, public-key infrastructure,
pre-certification phase: IncludedBy:certification,; Related:accreditation, risk, security, verification,
pre-signature: Related:digital signature,
precision: Related:sampling error,
precondition
precursor: Related:attack, incident,
preferred products list: IncludedBy:Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency,; Includes:TEMPEST,; Related:computer security,
prefix free representation
preliminary design review
preproduction model: Related:evaluation,
pretty good privacy: IncludedBy:email security software, encryption, internet, key, privacy, security protocol, web of trust,; Includes:certificate,; Related:authentication, digital signature, email, networks, software,
primary account number: IncludedBy:Secure Electronic Transaction,; Related:cryptography, identification,
primitive: IncludedBy:trusted computing base,
principal
print suppression: Related:passwords, security,
privacy: IncludedBy:quality of protection,; Includes:confidentiality, data privacy, pretty good privacy, privacy enhanced mail, privacy programs, privacy protection, privacy system, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, speech privacy, virtual private network,; Related:Diffie-Hellman, Generic Security Service Application Program Interface, Kerberos, Samurai, anonymous, cookies, cryptography, key management/exchange, private communication technology, private key, public law 100-235, sandboxed environment, secure hypertext transfer protocol, secure single sign-on, secure socket layer, security, sensitive information, simple key management for IP,
privacy enhanced mail: IncludedBy:email, privacy, security protocol,; Includes:certificate, encryption,; Related:authentication, certification, confidentiality, key, public-key infrastructure,
privacy programs: IncludedBy:privacy,; Related:confidentiality, software,
privacy protection: IncludedBy:privacy,; Related:assurance, confidentiality, security, threat,
privacy system: IncludedBy:privacy,; Related:attack, communications, encryption,
privacy, authentication, integrity, identification, non-repudiation: IncludedBy:authentication, identification, integrity, non-repudiation, privacy,
privacy, authentication, integrity, non-repudiation: IncludedBy:authentication, availability, integrity, non-repudiation, privacy,
private accreditation exponent: IncludedBy:accreditation,
private accreditation information: IncludedBy:accreditation,
private branch exchange: Related:networks,
private communication technology: IncludedBy:communications, point-to-point tunneling protocol,; Related:privacy,
private component: Related:key,
private decipherment key: IncludedBy:key,
private decipherment transformation: Related:networks,
private extension: HasPreferred:extension,
private key: IncludedBy:asymmetric algorithm, key, public-key infrastructure,; Related:privacy, secret,
private signature key: IncludedBy:key,; Related:digital signature,
private-key cryptography: HasPreferred:secret-key cryptography,
privilege: IncludedBy:authorization,; Includes:least privilege,
privilege management infrastructure: Related:certificate,
privileged access: Related:user,
privileged instructions: IncludedBy:executive state,
privileged process: Related:security, trust,
probability-proportional-to-size
probe: IncludedBy:incident,; Related:unauthorized access,
problem: Related:failure, fault,
procedural security: IncludedBy:security,; PreferredFor:administrative security,; Related:communications security, computer security, emanation, emanations security,
procedure
process: IncludedBy:subject,; Related:software,
process assurance: IncludedBy:assurance,
process management approach: Related:business process, quality,
process owner
producers: Related:security,
product: Includes:software product,; Related:software,
product rationale: IncludedBy:protection profile,; Includes:object,; Related:assurance, threat,
production: IncludedBy:target of evaluation,
production model
profile: Includes:protection profile, protection profile family,; Related:security,
profile assurance: IncludedBy:assurance,
profiling
program
program automated information system security incident support team: IncludedBy:computer security, incident, system,
program evaluation and review technique: IncludedBy:evaluation,
program manager: Related:security,
Programmable key storage device: IncludedBy:key,
programmable read only memory
programming languages and compilers: IncludedBy:software, target of evaluation,
promiscuous mode: IncludedBy:threat,; Related:ethernet sniffing, packet sniffer,
proof: Related:evidence, non-repudiation,
proprietary
proprietary information
proprietary protocol: Related:networks,
protected checksum: Related:attack,
protected communications: IncludedBy:communications,; Related:encryption,
protected communications zone
protected distribution systems: IncludedBy:system,; Related:encryption,
protected network: Antonym:unprotected network,; IncludedBy:demilitarized zone, firewall, networks,; Related:rule set, unauthorized access,
protected services list
protected wireline distribution system: IncludedBy:system,
protection needs elicitation: IncludedBy:requirements, security,; Related:assurance,
protection philosophy: Includes:object,; Related:assurance, evaluation, security,
protection profile: IncludedBy:Common Criteria for Information Technology Security Evaluation, Federal Criteria Vol. I, profile, requirements, security,; Includes:assignment, decomposition, external security controls, functional protection requirements, product rationale, protection profile family, refinement, trusted computing base,; Related:assurance, computer security, test,
protection profile family: IncludedBy:profile, protection profile,; Related:assurance,
protection ring: IncludedBy:modes of operation,; Related:assurance, user,
protection-critical portions of the TCB: IncludedBy:trusted computing base,; Includes:object, subject,; Related:assurance,
protective packaging: Related:communications security,
protective technologies: Related:incident, tamper,
protocol: Includes:security protocol,; Related:communications, internet, networks,
protocol data unit
protocol suite: Related:communications, networks,
prototyping: Related:model,
prove a correspondence
prowler: IncludedBy:threat,
proxy: IncludedBy:firewall, user,; Includes:application proxy, circuit proxy, proxy server,; Related:authentication, networks, packet filtering, software, stateful packet filtering,
proxy server: IncludedBy:internet, proxy,; Related:access control, authentication, world wide web,
pseudo-flaw: IncludedBy:risk management, threat,
pseudo-random: IncludedBy:random,
pseudo-random number generator: IncludedBy:random,; Related:software, test,
psychological operations: IncludedBy:threat,
public accreditation verification exponent: IncludedBy:accreditation,; Related:verification,
public component: Related:key,
public confidence: Related:trust,
public cryptography: Related:encryption,
public encipherment key: IncludedBy:key, public-key infrastructure,
public encipherment transformation: IncludedBy:public-key infrastructure,
public key: IncludedBy:asymmetric algorithm, key, public-key infrastructure,
public key derivation function: IncludedBy:asymmetric cryptography, public-key infrastructure,; Related:identification,
public key information: IncludedBy:asymmetric cryptography, public-key infrastructure,
public key system: IncludedBy:asymmetric cryptography, public-key infrastructure, system,
public law 100-235: Related:computer security, privacy, security,
public verification key: IncludedBy:public-key infrastructure,
public-key algorithm: IncludedBy:key,
public-key certificate: IncludedBy:certificate, key,; Related:certification, digital signature, test,
public-key cryptography: IncludedBy:key,; Includes:Rivest-Shamir-Adleman,; Related:encryption, public-key infrastructure,
public-key cryptography standards: IncludedBy:Rivest-Shamir-Adleman, asymmetric algorithm, key,; Includes:PKCS #10, PKCS #11, PKCS #7,; Related:public-key infrastructure,
public-key forward secrecy: IncludedBy:forward secrecy,; Related:authentication, encryption, hash, internet, key, passwords, security,
public-key infrastructure: IncludedBy:key, policy, security,; Includes:Federal Public-key Infrastructure, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, PKIX private extension, RA domains, SET private extension, SET qualifier, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, X.509, X.509 authority revocation list, X.509 certificate revocation list, account authority digital signature, attribute authority, bilateral trust, brand CRL identifier, brand certification authority, cardholder certification authority, certificate authority, certificate creation, certificate directory, certificate management, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate status responder, certificate update, certificate validation, certification authorities, certification authority, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification practice statement, certification request, certification service, class 2, 3, 4, or 5, common name, compromised key list, delta CRL, digital id, digital signature, directly trusted CA, directly trusted CA key, distinguished name, distribution point, extension, hierarchical PKI, hierarchy management, hierarchy of trust, indirect certificate revocation list, invalidity date, merchant certification authority, mesh PKI, path discovery, path validation, payment gateway certification authority, personality label, policy approving authority, policy certification authority, policy creation authority, policy management authority, private key, public encipherment key, public encipherment transformation, public key, public key derivation function, public key information, public key system, public verification key, registration authority, revocation date, root, subordinate certification authority, top CA, trust-file PKI, v1 CRL, v2 CRL, validity period,; Related:Abstract Syntax Notation One, Cryptographic Message Syntax, Internet Policy Registration Authority, MISSI user, Open Systems Interconnection Reference model, X.500 Directory, archive, authenticate, authority, bind, capability, certificate chain, certificate chain validation, certificate domain parameters, certificate expiration, certificate management services, certification, certification policy, certify, common security, confidentiality, critical, cryptoperiod, directory service, directory vs. Directory, domain, end entity, end-user, geopolitical certificate authority, issue, issuer, key lifetime, key management, key material identifier, object identifier, permissions, personal security environment, policy mapping, pre-authorization, privacy enhanced mail, public-key cryptography, public-key cryptography standards, registration, registration service, relying party, repository, secure hypertext transfer protocol, security event, slot, software, strong authentication, subject, tokens, trust, trust chain, trust hierarchy, trusted key, trusted third party, tunnel, unforgeable, valid signature, validate vs. verify, web of trust,
purge: Related:assurance, networks, risk,
purging
push technology: Related:world wide web,
QUADRANT: Related:cryptography, tamper,
quality: Includes:European quality award, business process improvement, continuous process improvement, national quality award, quality assurance, quality attributes, quality control, quality function deployment, quality of protection, software quality assurance, total quality management,; Related:Forum of Incident Response and Security Teams, National Information Assurance partnership, accountability, attribute, benchmarking, business process reengineering, data integrity, evaluation, evaluation authority, performance gap, process management approach, security, standard, stretch goal, system integrity, value analysis,
quality assurance: IncludedBy:assurance, quality,
quality assurance/control: IncludedBy:assurance,
quality attributes: IncludedBy:quality,; Related:software,
quality control: IncludedBy:quality,
quality function deployment: IncludedBy:quality,
quality of protection: IncludedBy:evaluation, quality,; Includes:authentication, encryption strength, integrity, non-repudiation, privacy,; Related:assurance, security,
questions on controls: Related:security controls,
queuing theory: Related:networks,
RA domains: IncludedBy:public-key infrastructure,; Related:certificate, certification,
radix
rainbow series: IncludedBy:National Security Agency, Trusted Computer System Evaluation Criteria,; Includes:Green book, Orange book, Red book, Yellow book,
random: Includes:pseudo-random, pseudo-random number generator, random number, random number generator, randomized, randomizer,; Related:cryptography, key, security, test,
random access memory: IncludedBy:automated information system,
random number: IncludedBy:random,
random number generator: IncludedBy:FIPS PUB 140-1, random,
random number sampling
random selection
randomized: IncludedBy:random,
randomizer: IncludedBy:random,
range
rapid application development: Related:software,
rapid automatic cryptographic equipment: IncludedBy:cryptography,
rating: IncludedBy:assurance,; Related:security target,
rating maintenance program
ratio estimate
ratio variable
read: Includes:object, subject,
read access: IncludedBy:access,; Includes:object, subject,
read-only memory: Related:automated information system,
real time
real-time processing
real-time reaction
real-time system: IncludedBy:system,
realm: Related:authentication,
recipient: Related:non-repudiation,
reciprocal agreement
recommended practices: IncludedBy:risk management,; Related:best practices,
reconstitution: Related:disaster recovery,
record
recoverable part
recovery: IncludedBy:availability,; Includes:archive, backup, backup procedures, disaster recovery, disaster recovery plan, key recovery, recovery point objectives, recovery procedures, recovery site, recovery time objectives, recovery vendors, trusted recovery,; Related:accountability, contingency plan, contingency planning, continuity of services and operations, emergency services, failure control, general controls, laboratory attack, non-recoverable part, run manual, sanitize, security management infrastructure, system testing, vaulting, zeroization, zeroize,
recovery point objectives: IncludedBy:recovery,
recovery procedures: IncludedBy:contingency plan, recovery,; Related:failure,
recovery site: IncludedBy:recovery,; Related:business process,
recovery time objectives: IncludedBy:recovery,
recovery vendors: IncludedBy:recovery,
RED: Related:communications security, security,
Red book: IncludedBy:rainbow series,; Related:evaluation, networks, trust,
RED signal: IncludedBy:threat,; Related:emissions security,; Synonym:emanation,
RED team: Related:threat,
RED/BLACK concept: Related:RED/BLACK separation,
RED/BLACK separation: Related:RED/BLACK concept, communications security, cryptography,
reduction-function: Related:hash,
redundancy: IncludedBy:contingency plan,; Related:risk,
redundant array of inexpensive disks
redundant identity: Related:identification,
reference monitor: IncludedBy:reference monitor concept, target of evaluation,; Includes:network reference monitor, object, subject,; Related:access control, analysis, security, test,
reference monitor concept: Includes:object, reference monitor, security kernel, subject,; Related:access control,
reference validation mechanism: IncludedBy:trusted computing base, validation,; Includes:object, subject,; Related:analysis, tamper, test,
refinement: IncludedBy:protection profile,
reflection attack: IncludedBy:attack,
register: Related:registration,
register entry
registration: Related:authentication, certificate, key, public-key infrastructure, register,
registration authority: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:authentication, certificate, identification, key, tokens, trust,
registration service: Related:public-key infrastructure,
regrade: IncludedBy:authorization,; Related:classification level,
regression testing: IncludedBy:test,; Related:software,
rejected traffic: IncludedBy:firewall,; Related:bit forwarding rate, rule set,; Synonym:illegal traffic,
rekey: Related:cryptography, key,
release: Related:baseline, software,
release prefix
reliability: IncludedBy:risk management,; Includes:software reliability,; Related:availability,
reliability qualification tests: IncludedBy:test,
relying party: Related:certificate, public-key infrastructure,
remanence: IncludedBy:overwrite procedure,; Synonym:magnetic remanence,
remediation: IncludedBy:risk management,; Related:availability, business process,
remote access: IncludedBy:access,; Related:communications,
remote access software: IncludedBy:software,; Related:networks, remote login, secure socket layer, telnet,
Remote Authentication Dial-In User Service: IncludedBy:Simple Authentication and Security Layer, security protocol, security software, user,; Related:networks, shared secret,
remote job entry: IncludedBy:automated information system,
remote login: Related:networks, remote access software,
remote procedure call: Related:automated information system,
remote rekeying: IncludedBy:key,
remote terminal emulation: IncludedBy:automated information system,; Related:communications, test,
renew: HasPreferred:certificate renewal,
repair action: Related:communications security, identification,
replay attack: IncludedBy:attack,; Related:authentication,
replicator: Related:worm,
repository: Related:certificate, key, public-key infrastructure, trust,
repudiation: Antonym:non-repudiation,; IncludedBy:threat consequence,; Related:internet,
Request for Comment: IncludedBy:Internet Society,; Includes:Internet Standards document, draft RFC,; Related:Internet Standard,
request for information
request for proposal
requirements: IncludedBy:certification, software development, target of evaluation,; Includes:DoD Information Technology Security Certification and Accreditation Process, certification and accreditation, construction of TOE requirements, development assurance requirements, downgrade, evaluation assurance level, global requirements, granularity of a requirement, information systems security engineering, local requirements, protection needs elicitation, protection profile, requirements for content and presentation, requirements for evidence, requirements for procedures and standards, sanitization, scope of a requirement, software requirement, strength of a requirement, system requirement, system security authorization agreement,; Related:security,
requirements analysis: IncludedBy:analysis,
requirements for content and presentation: IncludedBy:requirements,; Related:evaluation,
requirements for evidence: IncludedBy:evidence, requirements,; Related:evaluation,
requirements for procedures and standards: IncludedBy:requirements, target of evaluation,; Related:availability, confidentiality, security,
requirements traceability matrix
reserve account
reserve keying material: IncludedBy:key,
reserve requirements
residual risk: IncludedBy:threat,; Related:computer security, counter measures, networks,
residue: IncludedBy:risk,
resource: IncludedBy:target of evaluation,; Includes:TOE security functions, object,
resource encapsulation: Includes:subject,
response: Related:incident,
response time
restart
restricted area: Includes:subject,; Related:security,
restructuring
retro-virus: IncludedBy:threat,; Related:availability,
reusability: Related:automated information system,
reusable software asset: IncludedBy:software,
reverse engineering: IncludedBy:threat, threat consequence,; Includes:reverse software engineering,
reverse software engineering: IncludedBy:reverse engineering, software,
review board
revision: Related:baseline,
revocation: IncludedBy:certificate revocation,; Related:certificate,
revocation date: IncludedBy:public-key infrastructure,; Related:certificate, digital signature, key,
revocation list: IncludedBy:certificate revocation list,; Related:certificate,
revoke: HasPreferred:certificate revocation,
Rexd: IncludedBy:internet,
risk: Antonym:security software,; IncludedBy:Secure Electronic Transaction, security,; Includes:IS related risk, acceptable risk, attack, certification and accreditation, compromising emanation performance requirement, contamination, critical, debilitated, defect, designated approving authority, destruction, electromagnetic interference, failure, false negative, false positive, incapacitation, loop, maintenance hook, residue, risk assessment, risk management, risk plane, security-relevant event, shared account, threat, total risk, unauthorized disclosure, undesired signal data emanations, untrusted process,; Related:Common Criteria for Information Technology Security Evaluation, accreditation, accreditation disapproval, accreditation phase, accreditation range, adequate security, association, authorize processing, business case, business continuity plan, capability, certification agent or certifier, clean system, confinement, denial time, effectiveness, fault tolerance, inadvertent disclosure, infrastructure assurance, infrastructure protection, interdependence, interim accreditation action plan, levels of concern, low probability of detection, low probability of intercept, major application, management controls, minimum level of protection, multilevel device, post-accreditation phase, pre-certification phase, purge, redundancy, risk evaluation, risk identification, risk treatment, rules of behavior, safety, security controls, security purpose, separation of duties, simulation modeling, strengths, weaknesses, opportunities, threats, technical vulnerability, test plan, trusted gateway, trusted process, vaulting, virus scanner, virus-detection tool, work factor,
risk analysis: IncludedBy:analysis, risk management,; Includes:business impact analysis, cost-risk analysis, gap analysis, security fault analysis, security objective, security requirements, security specifications, security testing, threat analysis, vulnerability analysis,; Related:counter measures, evaluation, fault analysis, identification, risk assessment, threat,
risk assessment: IncludedBy:risk,; Related:analysis, counter measures, critical infrastructure, exposure, risk analysis, threat,
risk evaluation: IncludedBy:evaluation,; Related:risk,
risk identification: IncludedBy:identification,; Related:analysis, risk, threat,
risk index: IncludedBy:risk management,; Includes:security range,; Related:classification level, user,
risk management: IncludedBy:risk, security,; Includes:Automated Information System security, access control, automated security monitoring, availability, best practices, configuration management, consequence management, continuity of services and operations, control objectives, counter measures, crisis management, critical infrastructure, disaster recovery, entrapment, environmental failure protection, external security controls, failure control, flaw hypothesis methodology, internal security controls, intrusion detection, mitigation, penetration study, pseudo-flaw, recommended practices, reliability, remediation, risk analysis, risk index, risk-based management, security enforcing, security evaluation, security measures, security mechanism, security policy, security-critical mechanisms, segregation of duties, test, threat consequence, threat monitoring, user profile,; Related:analysis, evaluation, security software, strengths, weaknesses, opportunities, threats,
risk plane: IncludedBy:risk,
risk treatment: Related:computer security, evaluation, risk, security,
risk-based management: IncludedBy:risk management,
Rivest Cipher 2: IncludedBy:symmetric algorithm,; Related:key,
Rivest Cipher 4: IncludedBy:symmetric algorithm,; Related:key,
Rivest, Shamir, and Adleman: Related:key,
Rivest-Shamir-Adelman algorithm: IncludedBy:algorithm,; Related:encryption, key,
Rivest-Shamir-Adleman: IncludedBy:asymmetric algorithm, public-key cryptography,; Includes:RSA algorithm, public-key cryptography standards,; Related:authentication, digital signature, encryption, hash, key, security, test,
robustness: IncludedBy:assurance,; Related:software reliability,
role: IncludedBy:target of evaluation, user,
role-based access control: IncludedBy:access control,
rolling cost forecasting technique: IncludedBy:business process,
root: IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,; Related:certificate, certification, key, trust,
root CA: IncludedBy:certification authority,
root cause analysis: IncludedBy:analysis,
root certificate: IncludedBy:certificate,; Related:certification, key,
root key: IncludedBy:key,
root registry: IncludedBy:Multilevel Information System Security Initiative,
rootkit: IncludedBy:attack,; Related:networks, passwords, software,
rotational delay: Related:automated information system,
round-function: Related:hash,
router: IncludedBy:internet,; Includes:filtering router, screening router,; Related:bridge, networks,
router-based firewall: IncludedBy:firewall,; Related:networks, security,
routing
routing control: Related:networks,
RSA algorithm: IncludedBy:Rivest-Shamir-Adleman,
rule set: IncludedBy:firewall,; Related:access control, allowed traffic, demilitarized zone, illegal traffic, networks, policy, protected network, rejected traffic, security association, test, unprotected network,
rule-based security policy: IncludedBy:policy, security,
rules based detection: Related:misuse detection model, security software,
rules of behavior: Related:internet, risk, security,
run
run manual: Related:recovery,
S/Key: IncludedBy:key,; Related:authentication, hash,
safeguarding statement
safeguards: HasPreferred:security safeguards,
safety: Related:risk, software,
safety-critical software: Related:automated information system,
salami technique: IncludedBy:threat,
salt: Related:access control, attack, encryption, passwords,
sample: Related:test,
sampling distribution
sampling error: Related:precision,
sampling frame
Samurai: Related:hacker, privacy,
sandboxed environment: IncludedBy:access control,; Related:authentication, non-repudiation, privacy,
sanitization: IncludedBy:requirements, security,; Related:networks,
sanitize: Related:classification level, recovery, security,
sanitizing
sas 70 report: Related:audit,
SATAN: IncludedBy:security software,; Related:networks,
SAVILLE Advanced Remote Keying: IncludedBy:key,
scalability: Related:software,
scaling
scanning: IncludedBy:attack,
scavenging: IncludedBy:attack, threat consequence,; Includes:object,; Related:cryptography,
scheme
scope of a requirement: IncludedBy:requirements, trusted computing base,; Includes:object, subject,
Scope of Accreditation: IncludedBy:Common Criteria Testing Laboratory, accreditation,; Related:computer security, evaluation, security, test,
scratch pad store
screen scraping: Related:automated information system,
screened host firewall: IncludedBy:automated information system, firewall,
screened subnet firewall: IncludedBy:firewall,; Related:networks,
screening router: IncludedBy:router,; Related:firewall, networks, security,; Synonym:filtering router,
script
seal: Related:cryptography, digital signature,
secrecy policy: IncludedBy:policy,; Related:security, security policy,
secret: IncludedBy:TOE security functions, classification level,; Related:authentication, key, passwords, private key, shared secret, tokens,
secret and below interoperability
secret key: IncludedBy:key, secret-key cryptography, symmetric algorithm,
secret-key cryptography: IncludedBy:key,; Includes:secret key,; PreferredFor:private-key cryptography,; Related:encryption,
sector
sector coordinator: Related:critical infrastructure,
sector liaison: Related:critical infrastructure,
secure channel: Related:security,
secure communications: Related:security,
secure configuration management: IncludedBy:configuration management,; Related:policy, software,
Secure Data Exchange: IncludedBy:security protocol,; Related:communications security, networks,
Secure Data Network System: IncludedBy:networks, security protocol, system,; Related:National Security Agency, email, key,
secure digital net radio interface unit: Related:security,
Secure Electronic Transaction: Includes:SET private extension, SET qualifier, acquirer, authorize, baggage, bank identification number, brand, brand CRL identifier, brand certification authority, cardholder, cardholder certificate, cardholder certification authority, certificate, certificate policy, certification, certification hierarchy, dual signature, electronic commerce, encryption, geopolitical certificate authority, issuer, key, merchant, merchant certificate, merchant certification authority, payment card, payment gateway, payment gateway certification authority, primary account number, registration authority, risk, tokens, tunnel,; Related:authentication, confidentiality, internet, networks,
secure envelope: Related:evidence, security,
secure hash algorithm: IncludedBy:algorithm, hash, integrity,; Related:Digital Signature Algorithm,
Secure Hash Standard: IncludedBy:hash,; Related:cryptography,
secure hypertext transfer protocol: IncludedBy:internet, security protocol,; Related:certificate, communications, key, model, privacy, public-key infrastructure, trust,
secure hyptertext transfer protocol: IncludedBy:world wide web,
secure mobile unit: Related:security,
secure multipurpose internet mail extensions: IncludedBy:email, encryption, key, multipurpose internet mail extensions, security protocol,; Synonym:Secure/MIME,
secure network server: IncludedBy:networks, security,
secure operating system: IncludedBy:system,; Related:software,
secure profile inspector: IncludedBy:security,; Related:networks,
secure shell: IncludedBy:internet,; Related:authentication, confidentiality, encryption, networks,
secure single sign-on: IncludedBy:authorization, passwords,; Related:audit, non-repudiation, privacy, single sign-on,
secure socket layer: IncludedBy:security protocol, world wide web,; Related:authentication, communications, confidentiality, encryption, hash, hypertext transfer protocol, key, networks, privacy, remote access software, transport layer security,
secure state: IncludedBy:access control,; Includes:object, subject,
secure subsystem: IncludedBy:system,; Includes:object, subject,; Related:security,
secure telephone unit: Related:security,
secure terminal equipment: Related:security,
Secure/MIME: IncludedBy:internet,; Related:digital signature, encryption,; Synonym:secure multipurpose internet mail extensions,
security: IncludedBy:accreditation,; Includes:C2-protect, Common Criteria for Information Technology Security, Common IP Security Option, Cryptographic Application Program Interface, Generic Upper Layer Security, Guidelines and Recommendations for Security Incident Processing, National Industrial Security Advisory Committee, National Security Agency, National Security Decision Directive, National Security Decision Directive 145, National Security Directive, National Security Emergency Preparedness, National Security Telecommunications Advisory Committee, Simple Distributed Security Infrastructure, Standard Security Label, Standards for Interoperable LAN/MAN Security, TEMPEST, access control, accountability, add-on security, adequate security, adversary, application program interface, application-level firewall, assurance, asynchronous transfer mode, attack, audit, authentication, automated information system, baseline, binding of security functionality, biometrics, call back, call back security, closed security environment, code division multiple access, communications deception, compartmented security mode, computer emergency response team, computer security, concept of operations, confidentiality, contractor special security officer, control zone, correctness proof, data security, dedicated security mode, defense-in-depth, developer security, dial-up security, downgrade, dual control, economy of mechanism, electronic security, end-to-end security, entity-wide security, formal model of security policy, front-end security filter, functional security requirements specification, future narrow band digital terminal, generally accepted system security principles, global command and control system, global information grid, global network information environment, guard, hash, host-based security, information security, integrity, interconnection security agreements, internet control message protocol, key, key management, labeled security protections, layered solution, motivation, multilevel security, multilevel security mode, mutual suspicion, mutually suspicious, national security information, national security system, non-discretionary security, non-technical countermeasure, noncomputing security methods, nonkernel security related, open security, open security environment, open system interconnection model, open systems security, operational data security, operational integrity, operations security, parity, partitioned security mode, personal security environment, personnel security, practices dangerous to security, procedural security, protection needs elicitation, protection profile, public-key infrastructure, risk, risk management, rule-based security policy, sanitization, secure network server, secure profile inspector, security architecture, security attribute, security authority, security awareness, training, and education, security certificate, security certification level, security class, security clearance, security compromise, security controls, security domain, security element, security environment, security event, security fault analysis, security filter, security flaw, security flow analysis, security function, security gateway, security goals, security information object, security information object class, security inspection, security intrusion, security label, security level, security management, security model, security net control station, security objective, security officer, security parameters index, security perimeter, security plan, security policy information file, security program manager, security protocol, security purpose, security range, security relevant, security requirements review, security service, security situation, security software, security specifications, security tag, security target, security test & evaluation, security testing, security-compliant channel, semantic security, separation of duties, signals security, signature, software security, special security officer, strength of mechanisms, subject security level, system integrity service, system security management, system security officer, system security plan, systems security steering group, tamper, technical countermeasure, term rule-based security policy, time division multiple access, top-level security objectives, traffic-flow security, transmission security, transport layer security, trusted computing system, tunneling router, virtual network perimeter,; Related:Abrams, Jojodia, Podell essays, BLACK, British Standard 7799, Defense Information Infrastructure, Defensive Information Operations, Evaluation Work Plan, FIPS PUB 140-1, Federal Information Processing Standards, Federal Standard 1027, IEEE 802.10, IPsec Key Exchange, International Traffic in Arms Regulations, Internet Engineering Task Force, Monitoring of Evaluations, Open Systems Interconnection Reference model, Orange book, POSIX, Post Office Protocol, version 3, RED, Rivest-Shamir-Adleman, Scope of Accreditation, Wassenaar Arrangement, Yellow book, access, accreditation disapproval, accreditation phase, accreditation range, aggregation, alert, anonymous, approval/accreditation, availability, benign environment, beyond A1, binding, binding of functionality, breach, category, certificate domain, certification agent or certifier, certification phase, classification level, classified, clean system, clearance level, command and control warfare, compromise, concealment system, confidence, conformant validation certificate, connectionless data integrity service, contingency planning, control, control class, control family, control identification list, criteria, critical elements, critical mechanism, database management system, declassification of AIS storage media, deliverable, designated, designation policy, domain of interpretation, domain parameter, dominated by, dominates, element, enhanced hierarchical development methodology, evaluated system, evaluation, exploitation, facility manager, family, filtering router, formal top-level specification, formal verification, full accreditation, functionality, functionality class, hardware and system software maintenance, https, incident response capability, independent assessment, indistinguishability, information flow control, interim accreditation, interim accreditation action plan, internal system exposure, least privilege, levels of concern, logical access, management controls, media protection, mode of operation, model, modes of operation, multilevel device, multilevel secure, network front-end, network management, network management software, network sponsor, network system, no-lone zone, non-repudiation service, object identifier, observation reports, operational controls, operations manager, out of band, overwrite procedure, package, packet filter, party, personalization service, physical and environmental protection, physical protection, policy, post-accreditation phase, pre-certification phase, print suppression, privacy, privacy protection, privileged process, producers, profile, program manager, protection philosophy, public law 100-235, public-key forward secrecy, quality, quality of protection, random, reference monitor, requirements, requirements for procedures and standards, restricted area, risk treatment, router-based firewall, rules of behavior, sanitize, screening router, secrecy policy, secure channel, secure communications, secure digital net radio interface unit, secure envelope, secure mobile unit, secure subsystem, secure telephone unit, secure terminal equipment, sensitive label, signed applet, simple network management protocol, single-level device, site certification, sneaker, special information operations, suitability of functionality, system development and acquisition, system files, system interconnection, system low, system testing, technology area, tiger team, top-level specification, trusted network interpretation, trusted third party, trustworthy system, two-person control, unauthorized access, validate vs. verify, verification techniques, vulnerability, vulnerability analysis, work factor,
security architecture: IncludedBy:security,; Includes:computer architecture, network architecture,; Related:communications security, computer security, emanation, emanations security, networks, threat,
security association: IncludedBy:security protocol,; Related:connection establishment, policy, rule set,
security association identifier: IncludedBy:security protocol,; Related:authentication, key,
security attribute: IncludedBy:security,; Includes:TOE security functions, object, subject,
security audit: IncludedBy:audit,; Related:attack, counter measures, policy,
security audit trail: IncludedBy:audit trail,; Related:evidence,
security authority: IncludedBy:security,
security awareness, training, and education: IncludedBy:security,
security breach: IncludedBy:threat,
security certificate: IncludedBy:security,
security certification level: IncludedBy:certification, security,; Related:test, verification,
security class: IncludedBy:security,
security clearance: IncludedBy:security,; PreferredFor:clearance,; Related:clearance level,
security compromise: IncludedBy:compromise, security,; Related:unauthorized access,
security controls: IncludedBy:security,; Includes:external security controls, internal security controls,; Related:application controls, authentication, availability, baseline controls, computer related controls, confidentiality, incident, integrity, management controls, operational controls, questions on controls, risk, technical controls,
security counter measures: IncludedBy:counter measures,
security domain: IncludedBy:security,; Related:domain, policy,
security element: IncludedBy:security,
security enforcing: IncludedBy:risk management, target of evaluation,; Includes:object,
security environment: IncludedBy:security,
security evaluation: IncludedBy:evaluation, risk management,; Related:accreditation, assurance, software, trust,
security event: IncludedBy:security,; Related:availability, certificate, certification, confidentiality, cryptography, incident, key, public-key infrastructure, security-relevant event, software, test,
security fault analysis: IncludedBy:analysis, fault, risk analysis, security,
security features: IncludedBy:security safeguards,; Related:audit, software,
security features users guide: IncludedBy:user,
security filter: IncludedBy:security,; Includes:firewall,; Related:trust,
security flaw: IncludedBy:security, threat,
security flow analysis: IncludedBy:analysis, security,
security function: IncludedBy:security, target of evaluation,; Includes:object,; Related:test,
security function policy: IncludedBy:policy, security policy,; Includes:object,
security gateway: IncludedBy:security,; Related:networks, trust,
security goals: IncludedBy:security,; Related:assurance, availability, confidentiality,
security incident: IncludedBy:incident,; Related:communications security, networks, unauthorized access,
security information object: IncludedBy:security,
security information object class: IncludedBy:security,
security inspection: IncludedBy:security,
security intrusion: IncludedBy:incident, security,; Related:intrusion,
security kernel: IncludedBy:access control, reference monitor concept,; Related:networks, software, trust,
security label: IncludedBy:security,; Includes:label, object, sensitivity label,; Related:classification level,
security level: IncludedBy:security,; Includes:access level,; Related:classification level,
security management: IncludedBy:security,; Related:networks,
security management infrastructure: IncludedBy:key,; Related:attack, encryption, recovery,
security measures: IncludedBy:risk management,; Related:software,
security mechanism: IncludedBy:risk management,; Related:authentication, digital signature, encryption, software,
security model: IncludedBy:model, security,; Includes:Bell-LaPadula security model,
security net control station: IncludedBy:security,; Related:communications security, networks,
security objective: IncludedBy:risk analysis, security, target of evaluation,; Related:threat,
security officer: IncludedBy:security,
security parameters index: IncludedBy:security,
security perimeter: IncludedBy:security,; Includes:perimeter-based security,; PreferredFor:perimeter,; Related:trust,
security plan: IncludedBy:security,
security policy: IncludedBy:component operations, information systems security policy, policy, risk management, security-relevant event, user,; Includes:FIPS approved security method, TOE security policy, corporate security policy, critical security parameters, cryptographic module security policy, formal security policy model, object, organisational security policy, security function policy, security policy model, system security policy, technical security policy, trusted functionality, trusted process, trusted subject, usage security policy,; Related:availability, confidentiality, incident, information protection policy, integrity policy, model, secrecy policy, software, threat,
security policy information file: IncludedBy:security,; Related:policy,
security policy model: IncludedBy:model, security policy,; Includes:anomaly detection model, misuse detection model,; Related:evaluation, policy, trust, trusted computer system,
security program manager: IncludedBy:security,; Related:certification,
Security Protocol 3: IncludedBy:security protocol,
Security Protocol 4: IncludedBy:security protocol,
security protocol: IncludedBy:protocol, security,; Includes:Authentication Header, Challenge Handshake Authentication Protocol, Distributed Authentication Security Service, Extensible Authentication Protocol, Generic Security Service Application Program Interface, Identification Protocol, Internet Protocol Security Option, Internet Protocol security, Internet Security Association and Key Management Protocol, Key Management Protocol, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Lightweight Directory Access Protocol, MIME Object Security Services, Message Security Protocol, Network Layer Security Protocol, On-line Certificate Status Protocol, Password Authentication Protocol, Remote Authentication Dial-In User Service, Secure Data Exchange, Secure Data Network System, Security Protocol 3, Security Protocol 4, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, Transport Layer Security Protocol, encapsulating security payload, multipurpose internet mail extensions, point-to-point tunneling protocol, pretty good privacy, privacy enhanced mail, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure socket layer, security association, security association identifier, simple key management for IP, virtual private network,
security purpose: IncludedBy:security,; Related:computer security, risk,
security range: IncludedBy:risk index, security,; Related:networks,
security relevant: IncludedBy:security, target of evaluation,; Includes:security-relevant event,
security requirements: IncludedBy:risk analysis, security target,; Includes:security requirements baseline,; Related:computer security, policy, test,
security requirements baseline: IncludedBy:baseline, security requirements,
security requirements review: IncludedBy:security,
security safeguards: IncludedBy:Automated Information System security,; Includes:security features,; PreferredFor:safeguards,; Related:security software, software,
security service: IncludedBy:security,; Related:security software,
security situation: IncludedBy:security,; PreferredFor:situation,; Related:classification level, networks,
security software: Antonym:attack, risk, threat, vulnerability,; IncludedBy:security, software,; Includes:Intrusion Detection In Our Time, Kerberos, Remote Authentication Dial-In User Service, SATAN, Tiger, Tripwire, activity analysis, anomaly detection, antivirus software, attack signature recognition, authentication tools, automated security incident measurement, automated security monitoring, computer oracle and password system, email security software, encryption tools, firewall, integrity-checking tools, intrusion detection system, intrusion detection tools, network monitoring tools, security support programming interface, service-filtering tools, tcpwrapper, tinkerbell program, vaccines, virus scanner, virus-detection tool,; Related:Automated Information System security, alarm reporting, alarm surveillance, anti-spoof, audit, computer security object, counter measures, risk management, rules based detection, security safeguards, security service, software security, trap, trusted computing system,
security specifications: IncludedBy:development process, risk analysis, security,
security support programming interface: IncludedBy:Generic Security Service Application Program Interface, security software, software,
security tag: IncludedBy:security,
security target: IncludedBy:Common Criteria for Information Technology Security Evaluation, component extensibility, construction of TOE requirements, functional package, security, target of evaluation,; Includes:functional component, security requirements,; Related:assurance, baseline, computer security, correctness, deliverable, deliverables list, effectiveness, evidence, rating, suitability of functionality, test, threat, vulnerability assessment,
security test & evaluation: IncludedBy:security, test,; Related:certification,
security test and evaluation: IncludedBy:software security, software system test and evaluation process, test,; Includes:security testing,; Related:analysis,
security testing: IncludedBy:risk analysis, security, security test and evaluation, test,; Includes:functional testing, penetration testing, verification,
security threat: IncludedBy:threat,; Related:exploit,
security token: IncludedBy:tokens,
security violation: IncludedBy:threat,; PreferredFor:violation,; Related:threat consequence, unauthorized access,
security-compliant channel: Antonym:covert channel,; IncludedBy:channel, security,; Related:computer security, evaluation, networks, trust,; Synonym:trusted channel,
security-critical mechanisms: IncludedBy:risk management,
security-relevant event: IncludedBy:risk, security relevant,; Includes:access control, security policy, subject, user,; Related:passwords, security event,
seed key: IncludedBy:key,
seek time
segregation of duties: IncludedBy:risk management,; Related:minimum essential infrastructure, unauthorized access,
selection
self-signed certificate: IncludedBy:certificate,; Related:key,
semantic security: IncludedBy:security,; Related:cryptography, encryption,
semiformal
sensitive: IncludedBy:classification level,
sensitive but unclassified: IncludedBy:classification level, sensitive information,
sensitive compartmented information
sensitive compartmented information facility
sensitive information: Includes:sensitive but unclassified,; Related:computer security, privacy, unauthorized access,
sensitive label: Related:security,
sensitivity analysis: IncludedBy:analysis,; Related:test,
sensitivity label: IncludedBy:access control, security label,; Includes:object,; Related:classification level, trust,
sensor or monitor
separation of duties: IncludedBy:security,; Related:risk,
sequence number
serial number: HasPreferred:certificate serial number,
server: Related:networks,
service-filtering tools: IncludedBy:security software,
session hijacking: IncludedBy:threat,; Related:IP splicing/hijacking, hijack attack,
session key: IncludedBy:Kerberos, key, key recovery, trust, virtual private network,; Related:encryption,
SET private extension: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certificate, encryption, hash, key,
SET qualifier: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certificate, certification, email, hash,
settlement
shall: Includes:object,
shared account: IncludedBy:risk,
shared secret: Related:Challenge-Response Authentication Mechanism, POP3 APOP, Remote Authentication Dial-In User Service, cryptography, key, key agreement, out of band, passwords, personal identification number, secret,
shielded enclosure
short title: Related:communications security,
should: Includes:object,
shoulder surfing: IncludedBy:attack,; Related:eavesdropping,
shrink-wrapped software: IncludedBy:software,
sign: Related:digital signature,
signaling: Related:communications, networks,
signaling system 7: IncludedBy:system,; Related:networks,
signals analysis: IncludedBy:analysis, threat consequence,
signals security: IncludedBy:security,
signature: IncludedBy:security,; Includes:digital signature, electronic signature,; Related:attack, unauthorized access, virus,
signature certificate: IncludedBy:certificate,; Related:digital signature, encryption, key,
signature equation: Related:digital signature,
signature function: Related:digital signature,
signature key: IncludedBy:key,; Related:digital signature,
signature process: Related:digital signature,
signature system: IncludedBy:system,; Related:digital signature,
signed applet: IncludedBy:software,; Related:security, tamper, trusted applet,
signed message
signer: Related:digital signature, key,
silver bullet
simple authentication: IncludedBy:authentication,; Related:passwords,
Simple Authentication and Security Layer: IncludedBy:authentication, internet, security protocol,; Includes:Kerberos, Remote Authentication Dial-In User Service,; Related:key,
Simple Distributed Security Infrastructure: IncludedBy:Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, security,
simple key management for IP: IncludedBy:security protocol,; Related:privacy,
Simple Key-management for Internet Protocols: IncludedBy:internet, security protocol,; Related:encryption, key,
simple mail transfer protocol: IncludedBy:internet,; Related:email,
simple network management protocol: IncludedBy:internet, networks,; Related:access control, authentication, communications, confidentiality, cryptography, passwords, security, software,
Simple Public Key Infrastructure: IncludedBy:Simple Public Key Infrastructure/Simple Distributed Security Infrastructure,
Simple Public Key Infrastructure/Simple Distributed Security Infrastructure: IncludedBy:key, public-key infrastructure,; Includes:Simple Distributed Security Infrastructure, Simple Public Key Infrastructure,; Related:networks,
simple random sample
simple security condition: IncludedBy:Bell-LaPadula security model, simple security property,; Includes:object, subject,; Related:model,
simple security property: IncludedBy:Bell-LaPadula security model,; Includes:object, simple security condition, subject,; Related:model,
simulation modeling: IncludedBy:model,; Related:business process, risk, test,
single point keying: IncludedBy:key,
single sign-on: Related:authentication, networks, secure single sign-on, trust,
single-level device: IncludedBy:modes of operation,; Related:security, trust,
site accreditation: IncludedBy:accreditation,; Related:baseline,
site certification: IncludedBy:certification,; Related:accreditation, security,
situation: HasPreferred:security situation,
Skipjack: IncludedBy:National Security Agency, symmetric algorithm,; Related:key,
slot: IncludedBy:Multilevel Information System Security Initiative,; Related:Fortezza, certificate, key, public-key infrastructure,
smart testing: IncludedBy:test,
smartcards: IncludedBy:tokens,; Related:key, passwords, tamper,
smurf: IncludedBy:attack,; Related:denial of service, exploit, networks, smurfing, software,
smurfing: IncludedBy:attack,; Related:networks, smurf,
snake oil
snarf: IncludedBy:threat,
sneaker: IncludedBy:threat,; Related:security, test, tiger team,
sniffer: IncludedBy:internet, threat,; Includes:packet sniffer,; Related:audit, networks, passwords, sniffing, software,
sniffing: IncludedBy:threat,; Includes:ethernet sniffing, password sniffing,; Related:sniffer,
social engineering: IncludedBy:attack, user,; Related:tokens,
SOCKS: IncludedBy:internet,; Related:authentication, networks, unauthorized access,
SOF-basic: IncludedBy:strength of function, target of evaluation,; Related:analysis, attack,
SOF-high: IncludedBy:strength of function, target of evaluation,; Related:analysis, attack,
SOF-medium: IncludedBy:strength of function, target of evaluation,; Related:analysis, attack,
soft TEMPEST: IncludedBy:TEMPEST,; Related:software,
software: Includes:CGI scripts, COTS software, Java, application, application program interface, application software, audit software, commercial software, computer-aided software engineering, cryptographic application programming interface, email security software, encryption software, mass-market software, modular software, network management software, networking features of software, programming languages and compilers, remote access software, reusable software asset, reverse software engineering, security software, security support programming interface, shrink-wrapped software, signed applet, software architecture, software build, software development, software development life cycle, software development methodologies, software engineering, software enhancement, software library, software life cycle, software maintenance, software operation, software performance engineering, software product, software quality assurance, software reengineering, software release, software reliability, software repository, software requirement, software security, software system test and evaluation process, support software, system software, systems software, trusted software, virus,; Related:Automated Information System security, CASE tools, Clark Wilson integrity model, Common Criteria for Information Technology Security, FIPS PUB 140-1, Fortezza, HMAC, IT security product, Integrated CASE tools, PKCS #11, TCB subset, TOE security functions, Tiger, Tripwire, Trusted Computer System Evaluation Criteria, acceptance inspection, access control, access control mechanism, add-on security, anomaly, application generator, application programming interface, approval/accreditation, authentication, authentication code, automated data processing system, automated information system, automated security monitoring, availability, back door, baseline, bastion host, benchmark, black-box testing, bomb, candidate TCB subset, cardholder, clean system, coding, completeness, component, computer architecture, computer fraud, computer oracle and password system, computer security, computer security technical vulnerability reporting program, computer-assisted audit technique, computing security methods, configuration, configuration control, configuration item, configuration management, controlled security mode, conversion, correctness, cryptographic module, cryptographic service, data driven attack, database management system, debug, development process, domain name system, dongle, ethernet sniffing, evaluated products list, executive state, fail safe, fail soft, failure, failure access, failure control, fault tolerance, firmware, formal specification, front-end security filter, group of users, host, host-based firewall, implementation, independent validation and verification, information processing standard, information technology, integrity, internal security controls, interoperable, intrusion detection, key management infrastructure, keystroke monitoring, license, loophole, maintenance, maintenance hook, malicious code, malicious logic, malware, message authentication code vs. Message Authentication Code, message integrity code, metric, modes of operation, modularity, network architecture, network management architecture, network trusted computing base, noncomputing security methods, operating system, packet switching, pilot testing, platform, plug-in modules, portability, pretty good privacy, privacy programs, process, product, proxy, pseudo-random number generator, public-key infrastructure, quality attributes, rapid application development, regression testing, release, rootkit, safety, scalability, secure configuration management, secure operating system, security evaluation, security event, security features, security kernel, security measures, security mechanism, security policy, security safeguards, simple network management protocol, smurf, sniffer, soft TEMPEST, software publisher certificate, source code, source code generator, system, system development methodologies, system life, system low, system safety, system-high security mode, tcpwrapper, technical attack, technical countermeasure, technical security policy, technical vulnerability, technological attack, telecommuting, test coverage, test plan, testability, trap door, trojan horse, trust-file PKI, trusted channel, trusted computer system, trusted computing base, trusted distribution, trusted gateway, trusted path, trustworthy system, unit, unit testing, utility programs, validation, verification, verification and validation, version, virus scanner, virus-detection tool, vulnerability, web server, wedged, workgroup computing,
software architecture: IncludedBy:software, software development,
software build: IncludedBy:software, software development,
software configuration management: IncludedBy:software development,
software development: IncludedBy:software, software product,; Includes:acceptance procedure, advanced development model, architectural design, change control and life cycle management, closed security environment, compiler, configuration management, detailed design, development process, requirements, software architecture, software build, software configuration management, software development life cycle, software development methodologies, software engineering, software enhancement, software life cycle, software performance engineering, software quality assurance, software reengineering, software system test and evaluation process, software verification and validation, source code,; Related:integrated test facility, integration test, test, test case, test design, test facility, white-box testing,
software development life cycle: IncludedBy:software, software development,
software development methodologies: IncludedBy:development assurance, software, software development, system development methodologies,; Includes:Gypsy verification environment, enhanced hierarchical development methodology, formal development methodology, hierarchical development methodology,
software engineering: IncludedBy:software, software development,
software enhancement: IncludedBy:software, software development,
software error: Related:threat consequence,
software library: IncludedBy:software,; Related:baseline,
software life cycle: IncludedBy:software, software development, software product,; Related:test,
software maintenance: IncludedBy:software,
software operation: IncludedBy:software,
software performance engineering: IncludedBy:software, software development,
software product: IncludedBy:product, software,; Includes:mass-market software, software development, software life cycle, software requirement,
software publisher certificate: Related:software,
software quality assurance: IncludedBy:assurance, quality, software, software development,
software reengineering: IncludedBy:software, software development,
software release: IncludedBy:software,
software reliability: IncludedBy:reliability, software,; Related:failure, fault, robustness,
software repository: IncludedBy:software,
software requirement: IncludedBy:requirements, software, software product,; Includes:object, software security, testability,
software security: IncludedBy:security, software, software requirement,; Includes:security test and evaluation,; Related:security software,
software system test and evaluation process: IncludedBy:evaluation, software, software development, system, test,; Includes:security test and evaluation,; Related:baseline,
software verification and validation: IncludedBy:software development,
sole source acquisition
solicitation
source authentication: IncludedBy:authentication,
source code: IncludedBy:software development,; Includes:source code generator,; Related:compiler, software,
source code generator: IncludedBy:source code,; Related:software,
source data automation
source data entry
source integrity: IncludedBy:integrity,; Related:trust,
source program
source selection: Related:evaluation, policy,
spam: IncludedBy:email, threat,; Related:denial of service, spamming,
spamming: IncludedBy:threat,; Related:spam,
special access office
special access program
special information operations: Related:security,
special intelligence
special mission modification
special security officer: IncludedBy:security,
specific SIO class
specification
speech privacy: IncludedBy:privacy,
split key: IncludedBy:key,
split knowledge: IncludedBy:key recovery,; Related:key,
sponsor: Related:evaluation,
spoof: IncludedBy:spoofing, threat consequence,
spoofing: Antonym:anti-spoof,; IncludedBy:attack, masquerade,; Includes:DNS spoofing, address spoofing, ip spoofing, spoof,; Related:access control, authentication, hijack attack,; Synonym:mimicking,
spoofing attack: IncludedBy:attack, masquerade,
spread
SSO PIN: IncludedBy:Multilevel Information System Security Initiative,; Related:Fortezza, certification, identification,
SSO-PIN ORA: IncludedBy:Multilevel Information System Security Initiative,; Related:Fortezza,
stakeholder
stand-alone, shared system: IncludedBy:modes of operation, system,
stand-alone, single-user system: IncludedBy:modes of operation, system, user,
standard: Related:quality,
standard deviation
standard error of the mean
standard generalized markup language: Includes:hypertext markup language, markup language,; Related:automated information system, hypertext, wireless application protocol,
Standard Security Label: IncludedBy:security,
Standards for Interoperable LAN/MAN Security: IncludedBy:security,; Related:key, model,
star (*) property: HasPreferred:*-property,
Star Trek attack: IncludedBy:attack,
start-up KEK: Related:encryption, key, networks,
starting variable
state
state delta verification system: IncludedBy:system,
state transition diagram: Related:networks,
state variable
stateful inspection
stateful packet filtering: IncludedBy:firewall, packet filtering,; Related:proxy,
statement coverage: Related:test,
static analysis: IncludedBy:analysis,
static binding
statistic
statistical estimate: Related:evidence,
statistical process control
status information: Related:cryptography,
stealth probe: IncludedBy:threat,; Related:networks,
steganography: Related:cryptography,
storage channel: HasPreferred:covert channel,
storage object: Includes:object,
stovepipe systems: IncludedBy:system,
strata
stratified random sample
stream cipher: Related:encryption, key,
strength of a requirement: IncludedBy:evaluation, requirements,; Related:attack, failure,
strength of encryption: HasPreferred:encryption strength,
strength of function: IncludedBy:TOE security functions, target of evaluation,; Includes:SOF-basic, SOF-high, SOF-medium,; Related:attack,
strength of mechanisms: IncludedBy:security, target of evaluation,; Related:attack,
strengths, weaknesses, opportunities, threats: Includes:SWOT analysis,; Related:risk, risk management, threat,
stress testing: IncludedBy:test,; Related:black-box testing, boundary value,
stretch goal: Related:quality,
strong authentication: IncludedBy:authentication,; Related:certificate, cryptography, key, public-key infrastructure,
structural testing: IncludedBy:test,
structured query language: Related:automated information system,
sub-registration authority
subassembly
subclass
subcommittee on Automated Information System security: IncludedBy:National Security Decision Directive 145, computer security, system,; Includes:Automated Information System security,
Subcommittee on Information Systems Security: IncludedBy:computer security, system,
subcommittee on telecommunications security: IncludedBy:National Security Decision Directive 145, communications security,; Related:computer security,
subject: IncludedBy:Bell-LaPadula security model, TCB subset, access, candidate TCB subset, component reference monitor, covert storage channel, declassification of AIS storage media, exploitable channel, granularity of a requirement, internal security controls, isolation, least privilege, list-oriented, network reference monitor, object reuse, owner, permissions, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource encapsulation, restricted area, scope of a requirement, secure state, secure subsystem, security attribute, security-relevant event, simple security condition, simple security property, technical policy, ticket-oriented, transaction, write,; Includes:domain, internal subject, process, subject security level, trusted subject,; Related:certificate, key, public-key infrastructure,; Uses:object,
subject security level: IncludedBy:security, subject,; Includes:object,; Related:user,
subnetwork: IncludedBy:networks,; Related:communications,
subordinate certification authority: IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,; Related:certificate, certification, key,
subordinate distinguished name: IncludedBy:distinguished name,
subprocess
subset-domain: IncludedBy:trusted computing base,; Related:evaluation,
substitution: IncludedBy:threat consequence,
subsystem
subtest: IncludedBy:test,
subversion: IncludedBy:attack,
suitability of functionality: IncludedBy:target of evaluation,; Related:security, security target, threat,
superclass
superencryption: IncludedBy:encryption,
supersession: Related:communications security,
superuser: IncludedBy:user,; Related:networks,
supervisor state: HasPreferred:executive state,
supplementary character: PreferredFor:supplementary check character,
supplementary check character: HasPreferred:supplementary character,
support software: IncludedBy:software,
suppression measure: Related:emanation, emanations security,
surrogate access: IncludedBy:discretionary access control,
survivability: Related:attack,
suspicious activity report: Related:assurance, threat,
suspicious event: IncludedBy:incident, threat,; Related:computer security,
switched multi-megabit data service
SWOT analysis: IncludedBy:analysis, strengths, weaknesses, opportunities, threats,; Related:threat,
syllabary
symbolic execution: Related:analysis,
symmetric algorithm: IncludedBy:algorithm, encryption, key,; Includes:Data Encryption Standard, International Data Encryption Algorithm, Rivest Cipher 2, Rivest Cipher 4, Skipjack, secret key,
symmetric cryptographic technique: Related:symmetric cryptography,
symmetric cryptography: Includes:Advanced Encryption Standard, Blowfish, CAST, Data Encryption Algorithm,; Related:confidentiality, digital signature, encryption, key, symmetric cryptographic technique, symmetric encipherment algorithm, symmetric encryption algorithm,
symmetric encipherment algorithm: Related:symmetric cryptography,
symmetric encryption algorithm: Related:symmetric cryptography,
symmetric key: IncludedBy:key,; Related:encryption,
symmetric measure of association
SYN flood: IncludedBy:attack, synchronous flood,; Related:denial of service,
synchronous crypto-operation: IncludedBy:cryptography,
synchronous flood: Includes:SYN flood,; Related:networks,
synchronous transmission: Related:networks,
syntax
syntax testing: IncludedBy:test,
synthetic benchmarks: Related:test,
system: Includes:Automated Information System security, COMSEC Material Control System, Defense Information System Network, DoD Trusted Computer System, DoD Trusted Computer System Evaluation Criteria, Information Systems Security products and services catalogue, Multilevel Information System Security Initiative, National Communications System, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Network File System, Secure Data Network System, Subcommittee on Information Systems Security, Terminal Access Controller Access Control System, The Exponential Encryption System, asymmetric encipherment system, asymmetric signature system, authentication system, auto-manual system, automated data processing system, automated information system, automated key management system, automated office support systems, bulletin board services (systems), certified information systems security professional, check character system, clean system, coded switch system, computer oracle and password system, computer security subsystem, concealment system, cryptographic system, cryptosystem, cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, database management system, decision support systems, defense communications system, defense message system, domain name system, electronic document management system, electronic funds transfer system, electronic generation, accounting, and distribution system, electronic key management system, elliptic curve cryptosystem, embedded system, end system, evaluated system, executive information systems, federal telecommunications system, general-purpose system, generally accepted system security principles, global command and control system, global positioning system, imaging system, improved emergency message automatic transmission system, information system, information systems security association, information systems security engineering, information systems security manager, information systems/technology, information technology system, intrusion detection system, kernelized secure operating system, key management system, key management system Agent, key-escrow system, legacy systems, lock-and-key protection system, logical system definition, manager information systems, message handling system, mission critical system, multilevel information systems security initiative, national security system, national telecommunications and information system security directives, network system, on-line system, one-time cryptosystem, open system environment, open system interconnection, open system interconnection model, open systems, open systems interconnection, open systems security, operating system, password system, positive enable system, program automated information system security incident support team, protected distribution systems, protected wireline distribution system, public key system, real-time system, secure operating system, secure subsystem, signaling system 7, signature system, software system test and evaluation process, stand-alone, shared system, stand-alone, single-user system, state delta verification system, stovepipe systems, subcommittee on Automated Information System security, system acquisition plan, system administrator, system assets, system design review, system development, system development life cycle, system entity, system entry, system files, system profile, system security management, system security plan, system software, system verification, systems security steering group, triservice tactical communications system, trusted computer system, trusted computing system, trustworthy system, user interface system,; Related:Open Systems Interconnection Reference model, Trusted Computer System Evaluation Criteria, Trusted Systems Interoperability Group, information system security officer, information systems security, software, system administrator privileges, system development methodologies, system high, system integrity, system integrity service, system life, system life cycle, system low, system parameter, system requirement, system safety, system security authorization agreement, system security officer, system security policy, system-high security mode, systematic selection with a random start, systems administrator, systems engineering, systems software,
system accreditation: IncludedBy:accreditation,
system acquisition plan: IncludedBy:system,
system administrator: IncludedBy:system,
system administrator privileges: Related:system,
system and data integrity: IncludedBy:integrity,
system assets: IncludedBy:system,
system boundary
system design review: IncludedBy:system,
system development: IncludedBy:system,; Related:analysis,
system development and acquisition: Related:security,
system development life cycle: IncludedBy:system,; Related:test,
system development methodologies: Includes:software development methodologies,; Related:analysis, software, system,
system entity: IncludedBy:system,; PreferredFor:entity,; Related:authentication,
system entry: IncludedBy:access control, system,; Related:authentication,
system files: IncludedBy:system,; Related:security,
system high: Antonym:system low,; IncludedBy:modes of operation, system-high security mode,; Related:system,
system high mode: Related:computer security, user,
system indicator: Related:cryptography, encryption,
system integrity: IncludedBy:integrity,; Related:quality, system,
system integrity service: IncludedBy:security,; Related:system,
system interconnection: Related:security,
system life: Related:software, system,
system life cycle: Related:system,
system low: Antonym:system high,; IncludedBy:modes of operation,; Related:security, software, system,
system owner
system parameter: Related:system,
system profile: IncludedBy:system,
system requirement: IncludedBy:requirements,; Related:system,
system resources: Related:automated information system,
system safety: Related:software, system,
system security: IncludedBy:information systems security,
system security authorization agreement: IncludedBy:authorization, requirements,; Related:system,
system security engineering: IncludedBy:information systems security,
system security evaluation: IncludedBy:evaluation,; Related:threat,
system security management: IncludedBy:security, system,
system security officer: IncludedBy:security,; Includes:information system security officer,; Related:audit, system,
system security plan: IncludedBy:security, system,
system security policy: IncludedBy:policy, security policy,; Related:system,
system software: IncludedBy:software, system,
system testing: IncludedBy:test,; Related:recovery, security,
system under test: IncludedBy:test,
system verification: IncludedBy:system, verification,
system-high security mode: IncludedBy:modes of operation, multilevel security mode,; Includes:system high,; Related:accreditation, classification level, software, system, trust,
systematic selection with a random start: Related:system,
systems administrator: Related:system,
systems engineering: Related:system, test,
systems security steering group: IncludedBy:security, system,; Related:communications security, computer security,
systems software: IncludedBy:software,; Related:system,
t-1 line
tactical terminal
tactical trunk encryption device: Related:encryption,
tamper: IncludedBy:encryption, security, threat consequence,; Includes:tampering,; Related:Clipper chip, Federal Standard 1027, QUADRANT, TCB subset, computer security, denial of service, personal security environment, protective technologies, reference validation mechanism, signed applet, smartcards,
tampering: IncludedBy:attack, tamper,
target of evaluation: IncludedBy:evaluation, trusted computing base,; Includes:European Information Technology Security Evaluation Criteria, IT security certification, SOF-basic, SOF-high, SOF-medium, TOE resource, TOE security functions, TOE security functions interface, TOE security policy, TOE security policy model, TSF data, TSF scope of control, acceptance procedure, administration documentation, administrator, architectural design, asset, assurance, binding of functionality, component, configuration, configuration control, connectivity, construction, construction of TOE requirements, critical mechanism, deliverables list, delivery, detailed design, developer, development environment, development process, documentation, ease of use, end-user, external it entity, formal model of security policy, functionality, functionality class, human user, implementation, inter-TSF transfers, internal TOE transfer, internal communication channel, operating procedure, operation, operational documentation, operational environment, penetration testing, production, programming languages and compilers, reference monitor, requirements, requirements for procedures and standards, resource, role, security enforcing, security function, security objective, security relevant, security target, strength of function, strength of mechanisms, suitability of functionality, tool, transfers outside TSF control, user documentation, vulnerability, vulnerability assessment,; Related:user,
task
TCB subset: IncludedBy:trusted computing base,; Includes:object, subject,; Related:access control, analysis, software, tamper, test,
tcpwrapper: IncludedBy:security software,; Related:networks, software,
technical attack: IncludedBy:attack,; Related:software, user,
technical controls: Related:security controls,
technical countermeasure: IncludedBy:counter measures, security,; Related:networks, software,
technical policy: IncludedBy:access control, policy,; Includes:object, subject,; Related:trust,
technical review board
technical security policy: IncludedBy:policy, security policy,; Includes:object,; Related:software, threat,
technical surveillance countermeasures: IncludedBy:counter measures,
technical vulnerability: IncludedBy:vulnerability,; Related:exploit, risk, software, user,
technological attack: IncludedBy:attack,; Related:access control, software,
technology: Related:counter measures,
technology area: Related:computer security, evaluation, networks, security,
technology gap: IncludedBy:threat,
telecommunications: IncludedBy:communications,; Related:emissions security, networks,
telecommunications security: IncludedBy:communications security, information systems security,
telecommuting: Related:communications, software,
teleprocessing: Related:communications,
telnet: IncludedBy:internet,; Related:networks, remote access software,
TEMPEST: IncludedBy:preferred products list, security,; Includes:Certified TEMPEST Technical Authority, Endorsed TEMPEST Products List, TEMPEST Endorsement Program, TEMPEST advisory group, TEMPEST shielded, TEMPEST test, TEMPEST zone, certified TEMPEST technical, compromising emanations, emanation, emanations security, emissions security, equipment radiation TEMPEST zone, soft TEMPEST,; Related:International Traffic in Arms Regulations, approval/accreditation, inspectable space, optional modification,
TEMPEST advisory group: IncludedBy:TEMPEST,
TEMPEST Endorsement Program: IncludedBy:TEMPEST,
TEMPEST shielded: IncludedBy:TEMPEST,
TEMPEST test: IncludedBy:TEMPEST, test,; Related:emanation, emanations security,
TEMPEST zone: IncludedBy:TEMPEST,
term rule-based security policy: IncludedBy:policy, security,
Terminal Access Controller Access Control System: IncludedBy:access control, internet, security protocol, system,; Related:authentication, encryption, networks, passwords,
terminal hijacking: IncludedBy:attack,; Related:TTY watcher, derf, hijack attack,
terminal identification: IncludedBy:identification,
test: IncludedBy:assurance, audit, risk management,; Includes:Common Criteria Testing Laboratory, Common Criteria Testing Program, TEMPEST test, acceptance testing, ad hoc testing, ad-lib test, approved test methods list, black-box testing, boundary value testing, certification test and evaluation, environmental failure testing, exhaustive testing, functional test case desgin, functional testing, implementation under test, integrated test facility, integration test, interface testing, mutation testing, negative tests, operational testing, penetration test, penetration testing, pilot testing, regression testing, reliability qualification tests, security test & evaluation, security test and evaluation, security testing, smart testing, software system test and evaluation process, stress testing, structural testing, subtest, syntax testing, system testing, system under test, test bed, test bed configuration, test case, test case generator, test case specification, test case suite, test coverage, test cycle, test design, test driver, test environment, test execution, test facility, test generator, test item, test key, test log, test method, test plan, test procedure, test report, test result analyzer, test strategy, test suite, testability, tester, testing, unit testing, white-box testing,; Related:CASE tools, FIPS PUB 140-1, National Information Assurance partnership, Rivest-Shamir-Adleman, Scope of Accreditation, TCB subset, abend, acceptance inspection, accreditation, allowed traffic, approved technologies list, authentication, bebugging, benchmark, bit forwarding rate, boundary value analysis, boundary value coverage, branch coverage, certificate, certificate authority, certification, change management, code coverage, component, computer-assisted audit technique, concurrent connections, configuration management, connection establishment, connection teardown, coverage, development assurance, error guessing, exercised, flaw hypothesis methodology, goodput, homed, identity validation, independent validation and verification, information processing standard, instrument, lattice, lattice model, logging, message digest, mutation analysis, non-repudiation service, oracle, password cracker, path coverage, point of control and observation, protection profile, pseudo-random number generator, public-key certificate, random, reference monitor, reference validation mechanism, remote terminal emulation, rule set, sample, security certification level, security event, security function, security requirements, security target, sensitivity analysis, simulation modeling, sneaker, software development, software life cycle, statement coverage, synthetic benchmarks, system development life cycle, systems engineering, tiger team, time-stamping service, trusted certificate, trusted process, unit, unit of transfer, user, validate vs. verify, validation,; Synonym:analysis,
test bed: IncludedBy:test,
test bed configuration: IncludedBy:test,; Related:test case generator, test case specification,
test case: IncludedBy:test,; Related:software development, test procedure,
test case generator: IncludedBy:test,; Related:test bed configuration, test generator,
test case specification: IncludedBy:test,; Related:test bed configuration,
test case suite: IncludedBy:test,
test coverage: IncludedBy:test,; Related:software,
test cycle: IncludedBy:test,; Related:user,
test design: IncludedBy:test,; Related:software development,
test driver: IncludedBy:test,
test environment: IncludedBy:test,
test execution: IncludedBy:test,
test facility: IncludedBy:test,; Related:software development,
test generator: IncludedBy:test,; Related:test case generator,
test item: IncludedBy:test,
test key: IncludedBy:key, test,; Related:communications security,
test log: IncludedBy:test,
test method: IncludedBy:test,; Related:evaluation,
test plan: IncludedBy:test,; Related:risk, software,
test procedure: IncludedBy:test,; Related:evaluation, test case,
test report: IncludedBy:test,
test result analyzer: IncludedBy:test,
test strategy: IncludedBy:test,
test suite: IncludedBy:test,
testability: IncludedBy:software requirement, test,; Related:software,
tester: IncludedBy:test,
testing: IncludedBy:test,; Related:dynamic analysis, evaluation,
The Exponential Encryption System: IncludedBy:system,; Related:authentication, digital signature, encryption, key,
theft: IncludedBy:threat consequence,
theft of data: IncludedBy:threat consequence,
theft of functionality: IncludedBy:threat consequence,
theft of service: IncludedBy:threat consequence,
thermostat
think time
third party trusted host model: IncludedBy:Kerberos, model, trust,; Includes:ticket,; Related:authentication, passwords,
thrashing
threat: Antonym:security software,; IncludedBy:component operations, risk,; Includes:CGI scripts, Chernobyl packet, PHF, PHF hack, RED signal, abuse of privilege, acceptable level of risk, ankle-biter, attack, back door, blue box devices, bomb, breach, buffer overflow, bug, code amber, code red, compromise, compromised key list, compromising emanations, computer abuse, computer fraud, computer related crime, counter measures, crack, crash, dangling threat, dark-side hacker, deadlock, deadly embrace, derf, dumpster diving, emanation, ethernet meltdown, exploit, exploitable channel, failure access, fault, flaw, fork bomb, generic threat, hacking, incident, incomplete parameter checking, infection, information systems security, information systems security engineering, information warfare, intelligent threat, intruder, intrusion, leakage, letterbomb, logic bomb, loophole, lurking, mailbomb, malicious applets, malicious code, malicious logic, malicious program, malware, mission needs statement, mockingbird, natural disaster, passive threat, password cracker, phage, phracker, phreaker, piggyback entry, promiscuous mode, prowler, pseudo-flaw, psychological operations, residual risk, retro-virus, reverse engineering, salami technique, security breach, security flaw, security threat, security violation, session hijacking, snarf, sneaker, sniffer, sniffing, spam, spamming, stealth probe, suspicious event, technology gap, threat action, threat agent, threat analysis, threat assessment, threat event, threat monitoring, threat source, time bomb, traffic analysis, trap, trap door, trojan horse, troll, unauthorized access, vulnerability, war dialer, wedged,; Related:Common Criteria for Information Technology Security, IS related risk, OAKLEY, RED team, SWOT analysis, adversary, advisory, anonymous login, computer emergency response team, defense, disaster plan, effectiveness, electronic warfare support, emergency plan, emergency response, evaluation assurance, firewall, information protection policy, information sharing and analysis center, infrastructure assurance, infrastructure protection, joint task force-computer network defense, keyed hash, level of protection, levels of concern, masquerade, national computer security assessment program, networks, one-time passwords, passive, physical and environmental protection, physical security, post-accreditation phase, privacy protection, product rationale, risk analysis, risk assessment, risk identification, security architecture, security objective, security policy, security target, strengths, weaknesses, opportunities, threats, suitability of functionality, suspicious activity report, system security evaluation, technical security policy, threat consequence, tiger team,
threat action: IncludedBy:threat,; Related:threat consequence,
threat agent: IncludedBy:threat,; Related:exploit, vulnerability,
threat analysis: IncludedBy:analysis, risk analysis, threat,
threat assessment: IncludedBy:threat,; Related:evaluation,
threat consequence: IncludedBy:risk management,; Includes:corruption, cryptanalysis, deception, deliberate exposure, disruption, emanations analysis, exposure, false denial of origin, false denial of receipt, falsification, hardware or software error, human error, incapacitation, inference, insertion, interception, interference, intrusion, malicious logic, masquerade, misappropriation, misuse, natural disaster, obstruction, overload, penetration, physical destruction, repudiation, reverse engineering, scavenging, signals analysis, spoof, substitution, tamper, theft, theft of data, theft of functionality, theft of service, traffic analysis, trespass, usurpation, violation of permissions, wiretapping,; Related:access control, attack, encryption, hardware error, security violation, software error, threat, threat action,
threat event: IncludedBy:threat,; Related:analysis,
threat monitoring: IncludedBy:risk management, threat,; Includes:audit trail,; Related:analysis, audit,
threat source: IncludedBy:threat,
thumbprint: IncludedBy:biometric authentication,; Related:hash,
ticket: IncludedBy:credentials, third party trusted host model,; Related:access control, certificate, cryptography, model, passwords,
ticket-oriented: Antonym:list-oriented,; IncludedBy:authorization,; Includes:object, subject,
Tiger: IncludedBy:security software,; Related:software,
tiger team: Related:attack, security, sneaker, test, threat,
time bomb: IncludedBy:threat,; Related:logic bomb,
time compliance data
time division multiple access: IncludedBy:security,
time stamp: Includes:time-stamp requester, time-stamp token, time-stamp verifier, time-stamping authority, time-stamping service, trusted time stamp, trusted time stamping authority,
time variant parameter
time-and-materials contract
time-compliance date: Related:communications security,
time-dependent password: IncludedBy:passwords,
time-stamp requester: IncludedBy:time stamp,; Related:trust,
time-stamp token: IncludedBy:time stamp, tokens,; Related:cryptography,
time-stamp verifier: IncludedBy:time stamp,; Related:trust,
time-stamping authority: IncludedBy:time stamp,; Related:evidence, trust,
time-stamping service: IncludedBy:time stamp,; Related:evidence, test, validation,
time-to-recover
timing attacks: IncludedBy:attack,
timing channel: HasPreferred:covert channel,
tinkerbell program: IncludedBy:security software,; Related:networks,
to be process model: IncludedBy:model,; Related:business process,
TOE resource: IncludedBy:target of evaluation,
TOE security functions: IncludedBy:object, resource, security attribute, target of evaluation,; Includes:TOE security functions interface, TSF data, TSF scope of control, inter-TSF transfers, secret, strength of function, transfers outside TSF control, trusted path, user data,; Related:software, trusted channel,
TOE security functions interface: IncludedBy:TOE security functions, target of evaluation,
TOE security policy: IncludedBy:policy, security policy, target of evaluation,; Includes:object, trusted path,
TOE security policy model: IncludedBy:model, target of evaluation,; Related:policy,
token backup: IncludedBy:availability, tokens,; PreferredFor:card backup,
token copy: IncludedBy:tokens,; Related:key,
token device: IncludedBy:tokens,; Related:identification,
token management: IncludedBy:tokens,; Related:availability, certificate, key,
token restore: IncludedBy:tokens,
token storage key: IncludedBy:key, tokens,
tokens: IncludedBy:Secure Electronic Transaction, key,; Includes:NRD token, NRO token, NRS token, NRT token, authentication token, cryptographic card, cryptographic token, hash token, identity token, key token, non-repudiation token, notarization token, security token, smartcards, time-stamp token, token backup, token copy, token device, token management, token restore, token storage key,; PreferredFor:hardware token,; Related:3-factor authentication, Europay, MasterCard, Visa, Fortezza, Generic Security Service Application Program Interface, PKCS #11, authentication, capability, cardholder certificate, cardholder certification authority, challenge/response, class 2, 3, 4, or 5, cryptographic ignition key, domain parameter, notary, passwords, personal security environment, public-key infrastructure, registration authority, secret, social engineering, witness,
tolerable error
tool: IncludedBy:target of evaluation,
top CA: IncludedBy:public-key infrastructure,; Related:certification, trust,
top-level certification: IncludedBy:certification,; Related:availability, confidentiality, integrity,
top-level security objectives: IncludedBy:security, top-level specification,
top-level specification: IncludedBy:development process,; Includes:descriptive top-level specification, formal top-level specification, top-level security objectives,; Related:model, security,
topical areas
topology: Related:networks,
total quality management: IncludedBy:quality,; Related:business process,
total risk: IncludedBy:risk,
trace a correspondence
trace packet: Related:networks,
traceability: Related:attack,
traceroute: IncludedBy:internet,
traditional: Related:communications security,
traffic analysis: IncludedBy:analysis, threat, threat consequence,; Related:cryptography, encryption, traffic flow confidentiality, traffic padding,
traffic encryption key: IncludedBy:key,
traffic flow confidentiality: IncludedBy:confidentiality,; Related:analysis, traffic analysis,
traffic load: Related:networks,
traffic padding: Related:cryptography, traffic analysis,
traffic-flow security: IncludedBy:security,; Related:cryptography,
trailer
training key: IncludedBy:key,
tranquility: IncludedBy:Bell-LaPadula security model,; Includes:object,; Related:model,
tranquility property: HasPreferred:Bell-LaPadula security model,
transaction: IncludedBy:database management system,; Includes:subject,
transaction file: Related:networks,
transfer device: Related:networks,
transfer time: Related:networks,
transfers outside TSF control: IncludedBy:TOE security functions, target of evaluation,
transmission: Related:networks,
transmission control protocol: IncludedBy:internet,; Related:networks,
transmission control protocol/internet protocol: IncludedBy:internet,
transmission medium: Related:networks,
transmission security: IncludedBy:security,; Related:analysis, communications security, confidentiality, networks,
transmission security key: IncludedBy:key,
transport layer security: IncludedBy:internet, security,; Related:secure socket layer,
Transport Layer Security Protocol: IncludedBy:security protocol,; Related:encryption,
transport mode vs. tunnel mode: IncludedBy:Internet Protocol security,
transportation: IncludedBy:critical infrastructure,
trap: IncludedBy:threat,; Related:fault, security software,
trap door: IncludedBy:threat,; Related:cryptography, software,; Synonym:back door,
tree diagram
trespass: IncludedBy:threat consequence,
tri-homed: IncludedBy:homed,
triple DES: Related:digital signature, encryption, key,
Tripwire: IncludedBy:security software,; Related:software, triservice tactical communications system
triservice tactical communications system: IncludedBy:system,
trojan horse: IncludedBy:threat,; Includes:virus,; Related:exploit, internet, software, worm,
troll: IncludedBy:threat,
trunk
trunk encryption device: Related:encryption,
trust: Includes:Canadian Trusted Computer Product Evaluation Criteria, DoD Trusted Computer System, DoD Trusted Computer System Evaluation Criteria, Trusted Computer System Evaluation Criteria, Trusted Network Interpretation Environment Guideline, Trusted Products Evaluation Program, Trusted Systems Interoperability Group, bilateral trust, certification authority, directly trusted CA, directly trusted CA key, hierarchy of trust, session key, third party trusted host model, trust chain, trust hierarchy, trust level, trust-file PKI, trusted applet, trusted certificate, trusted facility manual, trusted functionality, trusted identification, trusted identification forwarding, trusted key, trusted network interpretation, trusted operating system, trusted process, trusted recovery, trusted system, trusted third party, trusted time stamp, trusted time stamping authority, trustworthy system, tunneling router, untrusted process, virtual network perimeter, web of trust,; Related:A1, Biba model, Common Criteria for Information Technology Security, Federal Criteria for Information Technology Security, Internet Architecture Board, Internet Engineering Steering Group, Internet Society, Kerberos, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, National Computer Security Center glossary, PKIX, Red book, Yellow book, accountability, accreditation, accreditation authority, accreditation range, analysis, attention character, attribute authority, authentic signature, authentication, authenticity, authorization, binding, certificate policy, certificate status responder, certificate validation, certification, certification path, certification practice statement, clean system, common security, confidence, controlled access protection, criteria, data integrity, delivery authority, descriptive top-level specification, design documentation, digital notary, domain modulus, dominated by, endorsed tools list, evaluated products list, evidence requester, external it entity, guard, inter-TSF transfers, key, key distribution centre, key generation exponent, key recovery, key translation centre, key-escrow, labeled security protections, mesh PKI, modes of operation, monitor, multilevel device, mutual suspicion, network component, non-repudiation service, notarization, notary, path discovery, penetration testing, personal security environment, personalization service, privileged process, public confidence, public-key infrastructure, registration authority, repository, root, secure hypertext transfer protocol, security evaluation, security filter, security gateway, security kernel, security perimeter, security policy model, security-compliant channel, sensitivity label, single sign-on, single-level device, source integrity, system-high security mode, technical policy, time-stamp requester, time-stamp verifier, time-stamping authority, top CA, tunneled VPN, user, valid certificate, validate vs. verify, web vs. Web,
trust chain: IncludedBy:trust,; Related:certification, public-key infrastructure,
trust hierarchy: IncludedBy:trust,; Related:certification, public-key infrastructure,
trust level: IncludedBy:classification level, trust,; Related:analysis,
trust-file PKI: IncludedBy:public-key infrastructure, trust,; Related:certificate, certification, key, software,
trusted applet: IncludedBy:trust,; Related:signed applet,
trusted certificate: IncludedBy:certificate, trust,; Related:certification, key, test,
trusted channel: IncludedBy:channel, trusted computing base,; Related:TOE security functions, software,; Synonym:security-compliant channel,
trusted computer system: IncludedBy:National Computer Security Center, system, trusted computing base,; Includes:beyond A1,; Related:accreditation, accreditation range, assurance, evaluated products list, network component, security policy model, software, trusted network interpretation,; Synonym:trusted computing system, trusted operating system, trusted system,
Trusted Computer System Evaluation Criteria: IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, evaluation, trust,; Includes:rainbow series, trusted computing base,; Related:computer security, software, system,
trusted computing base: IncludedBy:Trusted Computer System Evaluation Criteria, protection profile,; Includes:NTCB partition, TCB subset, access control, candidate TCB subset, dependency, depends, exploitable channel, formal security policy model, global requirements, granularity of a requirement, local requirements, monolithic TCB, network trusted computing base, output, primitive, protection-critical portions of the TCB, reference validation mechanism, scope of a requirement, subset-domain, target of evaluation, trusted channel, trusted computer system, trusted computing system, trusted distribution, trusted gateway, trusted path, trusted software, trusted subject,; Related:software,
trusted computing system: IncludedBy:security, system, trusted computing base,; Related:assurance, security software,; Synonym:trusted computer system,
trusted distribution: IncludedBy:trusted computing base,; Related:software,
trusted facility manual: IncludedBy:trust,
trusted functionality: IncludedBy:security policy, trust,
trusted gateway: IncludedBy:Common Criteria for Information Technology Security Evaluation, firewall, gateway, trusted computing base,; Related:communications, risk, software,
trusted identification: IncludedBy:identification, trust,; Related:authentication, networks, user,
trusted identification forwarding: IncludedBy:identification, trust,; Related:authentication, networks,
trusted key: IncludedBy:key, trust,; Related:certificate, certification, public-key infrastructure,
trusted network interpretation: IncludedBy:networks, trust,; Related:computer security, evaluation, security, trusted computer system,
Trusted Network Interpretation Environment Guideline: IncludedBy:networks, trust,
trusted operating system: IncludedBy:trust,; Synonym:trusted computer system,
trusted path: IncludedBy:TOE security functions, TOE security policy, trusted computing base,; Related:communications security, cryptography, software,
trusted process: Antonym:untrusted process,; IncludedBy:security policy, trust,; Related:attack, networks, risk, test,
Trusted Products Evaluation Program: IncludedBy:evaluation, trust,
trusted recovery: IncludedBy:recovery, trust,
trusted software: IncludedBy:software, trusted computing base,
trusted subject: IncludedBy:Bell-LaPadula security model, security policy, subject, trusted computing base,; Includes:object,; Related:model,
trusted system: IncludedBy:trust,; Synonym:trusted computer system,
Trusted Systems Interoperability Group: IncludedBy:trust,; Related:system,
trusted third party: IncludedBy:trust,; Related:authentication, public-key infrastructure, security,
trusted time stamp: IncludedBy:time stamp, trust,
trusted time stamping authority: IncludedBy:time stamp, trust,; Related:evidence,
trustworthy system: IncludedBy:system, trust,; Related:availability, security, software,
TSEC nomenclature: Related:communications security,
TSF data: IncludedBy:TOE security functions, target of evaluation,
TSF scope of control: IncludedBy:TOE security functions, target of evaluation,
TTY watcher: IncludedBy:attack,; Related:terminal hijacking,
tunnel: IncludedBy:Secure Electronic Transaction, internet,; Related:communications, encryption, networks, public-key infrastructure,
tunnel
tunnel mode: IncludedBy:Internet Protocol security,
tunneled VPN: IncludedBy:virtual private network,; Related:networks, trust,
tunneling: IncludedBy:virtual private network,; Related:networks,
tunneling attack: IncludedBy:attack,
tunneling router: IncludedBy:security, trust,; Related:networks,
turnaround time: Related:availability,
twisted-pair wire
two-part code
two-person control: Related:cryptography, security,
two-person integrity: Related:communications security,
type 1 product: Related:user,
type 2 product
type 3 algorithm
type 4 algorithm
type accreditation: IncludedBy:accreditation,
Type I cryptography: Related:National Security Agency,
Type II cryptography: Related:National Security Agency,
Type III cryptography: IncludedBy:cryptography,
type time
U.S. person
U.S.-controlled facility
U.S.-controlled space: Related:key,
unauthorized access: IncludedBy:threat,; Related:SOCKS, access control, access control mechanism, access control service, adequate security, administrative security, between-the-lines-entry, computer intrusion, computer security intrusion, covert channel analysis, data compromise, failure access, fetch protection, file protection, firewall, information systems security, intrusion, intrusion detection tools, major application, malicious logic, motivation, network security, penetration, physical and environmental protection, physical security, piggyback, piggyback entry, probe, protected network, security, security compromise, security incident, security violation, segregation of duties, sensitive information, signature, vulnerability,
unauthorized disclosure: IncludedBy:risk,; Related:exposure,
unclassified: Antonym:classified,
underflow
undesired signal data emanations: IncludedBy:emanations security, risk,
unencrypted: Related:encryption,
unforgeable: Related:certificate, cryptography, digital signature, key, public-key infrastructure,
uniform resource identifier: IncludedBy:internet,; Related:identification,
uniform resource locator: IncludedBy:internet,
uniform resource name: IncludedBy:internet,; Related:availability,
unilateral authentication: IncludedBy:authentication,; Related:mutual authentication,
uninterruptible power supply: Related:failure,
unique interswitch rekeying key: IncludedBy:key,
unit: Related:software, test,
unit of transfer: Related:bit forwarding rate, firewall, test,
unit testing: IncludedBy:test,; Related:software,
unprotected network: Antonym:protected network,; IncludedBy:demilitarized zone, firewall, networks,; Related:rule set,
untrusted process: Antonym:trusted process,; IncludedBy:risk, trust,
update access: IncludedBy:access,
updating: Related:communications security, cryptography,
upload
usage security policy: IncludedBy:policy, security policy,
USENET: IncludedBy:internet,
user: IncludedBy:accountability, data source, security-relevant event,; Includes:Advanced Mobile Phone Service, MISSI user, Remote Authentication Dial-In User Service, access control, anonymity, authorization, certificate, certificate revocation list, certificate user, challenge/response, closed user group, compromised key list, consumers, denial of service, end-user, end-user computing, frequency division multiple access, graphical-user interface, group of users, hacker, human user, identity, information systems security, local-area network, multiuser mode of operation, owner, proxy, role, security features users guide, security policy, social engineering, stand-alone, single-user system, superuser, user PIN, user agent, user data, user documentation, user id, user identifier, user interface, user partnership program, user profile, user representative, user-PIN ORA, wide-area network,; PreferredFor:customer,; Related:attention character, authenticate, authentication, availability, availability of data, certification authority, classification level, cold start, compartmented mode, dedicated mode, direct shipment, identity validation, individual accountability, local authority, local management device/key processor, mode of operation, multilevel mode, networks, organizational maintenance, organizational registration, penetration testing, privileged access, protection ring, risk index, subject security level, system high mode, target of evaluation, technical attack, technical vulnerability, test, test cycle, trust, trusted identification, type 1 product, vendor, vulnerability,
user agent: IncludedBy:user,
user data: IncludedBy:TOE security functions, user,
user data protocol: IncludedBy:internet,; Related:communications, networks,
user datagram protocol: IncludedBy:internet,
user documentation: IncludedBy:target of evaluation, user,
user id: IncludedBy:user,; Synonym:user identifier,
user identifier: IncludedBy:user,; Related:authentication, passwords,; Synonym:user id,
user interface: IncludedBy:user,
user interface system: IncludedBy:system,
user partnership program: IncludedBy:user,; Related:cryptography,
user PIN: IncludedBy:Multilevel Information System Security Initiative, user,; Related:Fortezza, identification,
user profile: IncludedBy:risk management, user,
user representative: IncludedBy:user,; Related:communications security,
user-PIN ORA: IncludedBy:Multilevel Information System Security Initiative, user,; Related:Fortezza,
usurpation: IncludedBy:threat consequence,
UTCTime: Related:GeneralizedTime, coordinated universal time,
utility: IncludedBy:critical infrastructure,
utility programs: Related:software,
v1 certificate: IncludedBy:certificate,; Related:key,
v1 CRL: IncludedBy:public-key infrastructure,; Related:certificate,
v2 certificate: IncludedBy:certificate,; Related:key,
v2 CRL: IncludedBy:public-key infrastructure,; Related:certificate,
v3 certificate: IncludedBy:certificate,; Related:key,
vaccines: IncludedBy:security software,; Related:virus-detection tool,
valid certificate: IncludedBy:certificate,; Related:trust,
valid signature: Related:certificate, digital signature, public-key infrastructure,
validate vs. verify: IncludedBy:National Institute of Standards and Technology,; Related:authentication, certificate, certification, cryptography, digital signature, evidence, identification, internet, key, public-key infrastructure, security, test, trust, validation, verification,
validated products list: IncludedBy:National Information Assurance partnership,
validation: IncludedBy:development process, evaluation,; Includes:reference validation mechanism, validation report,; Related:assurance, conformant validation certificate, evidence, software, test, time-stamping service, validate vs. verify,; Synonym:verification,
Validation Certificate: IncludedBy:Common Criteria Testing Laboratory,; Related:evaluation,
validation report: IncludedBy:validation,; Related:evidence,
validity period: IncludedBy:public-key infrastructure,; Related:certificate, key,
value analysis: IncludedBy:analysis,; Related:quality,
value-added
value-added network: IncludedBy:networks,; Related:electronic data interchange,
variable sampling
variance
variant
vaulting: Related:availability, backup, recovery, risk,
vendor: Related:internet, user,
verification: IncludedBy:development process, evaluation, security testing,; Includes:formal verification, object, system verification, verification procedure refinements, verification techniques,; Related:certification phase, domain verification exponent, identification, model, non-repudiation policy, policy, pre-certification phase, public accreditation verification exponent, security certification level, software, validate vs. verify, verification function, verification key, verification process, verifier,; Synonym:validation,
verification and validation: Related:software,
verification function: Related:verification,
verification key: IncludedBy:key,; Related:verification,
verification procedure refinements: IncludedBy:verification,
verification process: Related:verification,
verification techniques: IncludedBy:verification,; Related:security,
verified design
verifier: Related:authentication, evidence, verification,
version: Related:baseline, software,
victim: Related:attack,
view: IncludedBy:database management system,
view definition: IncludedBy:database management system,
violation: HasPreferred:security violation,; Related:penetration,
violation of permissions: IncludedBy:threat consequence,
virtual departments or divisions
virtual mall: IncludedBy:world wide web,
virtual network perimeter: IncludedBy:networks, security, trust,
virtual password: IncludedBy:passwords,
virtual private network: IncludedBy:internet, key, networks, privacy, security protocol,; Includes:point-to-point tunneling protocol, session key, tunneled VPN, tunneling,; Related:communications, encryption, extranet,
virus: IncludedBy:internet, software, trojan horse,; Includes:boot sector virus, file infector virus, macro virus, virus hoax,; Related:antivirus software, malicious code, signature, virus scanner, virus-detection tool, worm,
virus hoax: IncludedBy:virus,
virus scanner: IncludedBy:security software,; Related:risk, software, virus,; Synonym:virus-detection tool,
virus signature: IncludedBy:attack signature recognition,
virus-detection tool: IncludedBy:security software,; Related:risk, software, vaccines, virus,; Synonym:virus scanner,
vision
vulnerability: Antonym:security software,; IncludedBy:target of evaluation, threat,; Includes:areas of potential compromise, common vulnerabilities and exposures, dangling vulnerability, implementation vulnerability, technical vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit,; Related:IS related risk, MEI resource elements, analysis, attack, authentication, authorization, availability, confidentiality, counter measures, critical asset, exploit, exploitation, failure, incident, infrastructure protection, level of protection, mission critical, networks, security, software, threat agent, unauthorized access, user,
vulnerability analysis: IncludedBy:analysis, risk analysis, vulnerability,; Related:audit, gap analysis, security,; Synonym:vulnerability assessment,
vulnerability assessment: IncludedBy:target of evaluation, vulnerability,; Related:attack, security target,; Synonym:vulnerability analysis,
vulnerability audit: IncludedBy:audit, vulnerability,
war dialer: IncludedBy:threat,
warehouse attack: IncludedBy:attack,
warfare: Includes:command and control warfare, electronic warfare, electronic warfare support, information warfare,
Wassenaar Arrangement: Related:key, security,
water supply system: IncludedBy:critical infrastructure,
watermarking: HasPreferred:digital watermarking,
web browser cache: IncludedBy:world wide web,; Related:networks,
web of trust: IncludedBy:trust,; Includes:certificate, pretty good privacy,; Related:key, networks, public-key infrastructure,
web server: IncludedBy:world wide web,; Related:software,
web vs. Web: IncludedBy:world wide web,; Related:networks, trust,
weblinking: IncludedBy:world wide web,
website: IncludedBy:world wide web,
website hosting: IncludedBy:world wide web,
wedged: IncludedBy:threat,; Related:software,
white-box testing: IncludedBy:test,; Related:software development,
wide area information service: IncludedBy:internet,
wide-area network: IncludedBy:networks, user,; Related:communications,
wireless application protocol: Related:standard generalized markup language,
wireless gateway server
wiretapping: IncludedBy:attack, threat consequence,; Includes:active wiretapping, passive wiretapping,; Related:networks,
witness: Related:evidence, hash, tokens,
word: Related:hash,
work breakdown structure
work factor: Related:counter measures, cryptography, risk, security,
work product
work program: Related:audit,
workflow: Related:automated information system,
workgroup computing: Related:software,
workload: Related:automated information system, business process,
workstation: IncludedBy:automated information system,
world class organizations: Related:business process, model,
world wide web: IncludedBy:internet,; Includes:CGI scripts, browser, common gateway interface, hyperlink, hypertext markup language, hypertext transfer protocol, secure hyptertext transfer protocol, secure socket layer, virtual mall, web browser cache, web server, web vs. Web, weblinking, website, website hosting,; Related:applet, certificate, certificate owner, cookies, hypertext, link, pagejacking, plug-in modules, pop-up box, proxy server, push technology,
worm: IncludedBy:internet, malicious code,; Includes:Internet worm, morris worm,; Related:infection, networks, replicator, trojan horse, virus,
wrap: Related:confidentiality, cryptography, encryption,
write: Includes:object, subject,
write access: Includes:object,
X.400: Related:email,
X.500: HasPreferred:X.500 Directory,
X.500 Directory: PreferredFor:X.500,; Related:certificate, key, public-key infrastructure,
X.509: IncludedBy:public-key infrastructure,; Related:authentication, certificate, key,
X.509 attribute certificate: IncludedBy:certificate,; Related:digital signature, key,
X.509 authority revocation list: IncludedBy:public-key infrastructure,; Related:certificate,
X.509 certificate: IncludedBy:certificate,; Related:key,
X.509 certificate revocation list: IncludedBy:public-key infrastructure,; Related:certificate, digital signature, key,
X.509 public-key certificate: IncludedBy:certificate,; Related:digital signature, key,
Yellow book: IncludedBy:rainbow series,; Related:computer security, evaluation, security, trust,
zero fill: Related:zeroize,
zeroization: Related:FIPS PUB 140-1, recovery,; Synonym:zeroize,
zeroize: Related:FIPS PUB 140-1, cryptography, key, recovery, zero fill,; Synonym:zeroization,