Concepts

access control, assurance, attack, audit, authentication, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, evaluation, evidence, internet, key management, privacy, protection profile, public-key infrastructure, requirements, risk, risk management, security, security software, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, user,

Terms

*-property
IncludedBy:Bell-LaPadula security model,
PreferredFor:star (*) property,
Related:model,
Synonym:confinement property,
2-factor authentication
IncludedBy:3-factor authentication,
3-factor authentication
IncludedBy:authentication,
Includes:2-factor authentication, authentication information,
Related:biometric authentication, challenge/response, passwords, personal identification number, tokens,
A1
IncludedBy:Orange book,
Related:evaluation, trust,
ABA Guidelines
Related:certificate, digital signature,
abend
Related:failure, test,
abort
Related:failure,
Abrams, Jojodia, Podell essays
Related:security,
Abstract Syntax Notation One
Includes:Basic Encoding Rules, Distinguished Encoding Rules, object identifier,
Related:certificate, public-key infrastructure,
abuse of privilege
IncludedBy:threat,
acceptable level of risk
IncludedBy:threat,
Related:counter measures, networks,
acceptable risk
IncludedBy:risk,
acceptable use policy
IncludedBy:policy,
Related:networks,
acceptance criteria
IncludedBy:acceptance procedure,
acceptance inspection
IncludedBy:acceptance procedure,
Related:software, test,
acceptance procedure
IncludedBy:software development, target of evaluation,
Includes:acceptance criteria, acceptance inspection, acceptance testing, object,
acceptance testing
IncludedBy:acceptance procedure, test,
access
Includes:access control, delete access, execute access, merge access, object, read access, remote access, subject, update access,
Related:security,
access category
IncludedBy:access control,
access control
IncludedBy:Automated Information System security, access, authorization, risk management, security, security-relevant event, trusted computing base, user,
Includes:Terminal Access Controller Access Control System, access category, access control center, access control list, access control mechanism, access control officer, access control service, access level, access mode, access period, access port, access profile, access type, centralized authorization, component reference monitor, context-dependent access control, controlled sharing, cookies, discretionary access control, failure access, fetch protection, file protection, file security, granularity, identity based access control, mandatory access control, need-to-know, network reference monitor, non-discretionary access control, partition rule base access control, role-based access control, sandboxed environment, secure state, security kernel, sensitivity label, system entry, technical policy,
PreferredFor:access mediation, controlled access, limited access,
Related:Bell-LaPadula security model, Clark Wilson integrity model, Identification Protocol, Internet Protocol security, Kerberos, POSIX, TCB subset, accreditation range, anonymous login, application proxy, authentication, availability, availability service, compartment, computer security, confidentiality, controlled access protection, covert channel, domain, domain name system, exploitation, firewall, formulary, identification and authentication, integrity, labeled security protections, logical access, logical completeness measure, login, minimum essential infrastructure, national security information, network component, networks, permissions, proxy server, reference monitor, reference monitor concept, rule set, salt, simple network management protocol, software, spoofing, technological attack, threat consequence, ticket, unauthorized access,
access control center
IncludedBy:access control,
Related:cryptography, key,
access control list
IncludedBy:access control, authorization,
Includes:ACL-based authorization,
PreferredFor:access list,
Related:communications security,
access control mechanism
IncludedBy:access control,
Related:software, unauthorized access,
access control officer
IncludedBy:access control,
access control service
IncludedBy:access control,
Related:unauthorized access,
access level
IncludedBy:access control, security level,
access list
HasPreferred:access control list,
access mediation
HasPreferred:access control,
access mode
IncludedBy:access control, automated information system,
access period
IncludedBy:access control,
access port
IncludedBy:access control,
access profile
IncludedBy:access control,
access type
IncludedBy:access control,
accessibility
account aggregation
account authority digital signature
IncludedBy:public-key infrastructure,
Related:authentication,
account management
accountability
IncludedBy:security,
Includes:automated information system, identification, object, user,
Related:audit, communications security, failure, minimum essential infrastructure, non-repudiation, quality, recovery, trust,
accounting legend code
Related:communications security,
accounting number
Related:communications security,
accredit
HasPreferred:accreditation,
accreditation
IncludedBy:certification,
Includes:DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation,
PreferredFor:accredit,
Related:Common Criteria Testing Laboratory, National Information Assurance partnership, accredited, approved technologies list, approved test methods list, cascading, certificate, certificate revocation list, certification phase, certifier, controlled security mode, dedicated security mode, evaluation, external security controls, multilevel security mode, networks, partitioned security mode, pre-certification phase, risk, security evaluation, site certification, system-high security mode, test, trust, trusted computer system,
accreditation authority
IncludedBy:accreditation,
Related:trust,
accreditation body
IncludedBy:National Information Assurance partnership, accreditation,
accreditation disapproval
IncludedBy:accreditation,
Related:risk, security,
accreditation multiplicity parameter
IncludedBy:accreditation,
accreditation package
IncludedBy:accreditation,
accreditation phase
IncludedBy:accreditation,
Related:risk, security,
accreditation range
IncludedBy:accreditation,
Related:access control, computer security, evaluation, networks, risk, security, trust, trusted computer system,
accredited
Related:accreditation, evaluation,
accuracy
ACL-based authorization
IncludedBy:access control list, authorization,
Includes:distributed computing environment,
acquirer
IncludedBy:Secure Electronic Transaction,
acquisition plan
Related:analysis,
acquisition strategy
active attack
IncludedBy:attack,
active content
active wiretapping
IncludedBy:wiretapping,
Related:communications,
activity analysis
IncludedBy:analysis, security software,
activity-based costing
IncludedBy:business process,
ad hoc
ad hoc testing
IncludedBy:test,
ad-lib test
IncludedBy:test,
adaptive predictive coding
add-on security
IncludedBy:security,
Related:software,
address
address indicator group
address spoofing
IncludedBy:masquerade, spoofing,
Includes:ip spoofing,
Related:networks,
adequate security
IncludedBy:security,
Related:risk, unauthorized access,
administration documentation
IncludedBy:target of evaluation,
administrative access
administrative security
HasPreferred:procedural security,
Related:unauthorized access,
administrator
IncludedBy:target of evaluation,
advanced development model
IncludedBy:software development,
Advanced Encryption Standard
IncludedBy:National Institute of Standards and Technology, symmetric cryptography,
Related:encryption,
advanced intelligence network
IncludedBy:networks,
advanced intelligent network
IncludedBy:networks,
Advanced Mobile Phone Service
IncludedBy:user,
advanced narrowband digital voice terminal
Advanced Research Projects Agency Network
IncludedBy:networks,
advanced self-protection jammer
IncludedBy:communications security,
Related:assurance,
adversary
IncludedBy:security,
Related:threat,
advisory
Related:threat,
agency
agent
Related:attack,
aggregation
Related:security,
alarm reporting
Related:fault, identification, networks, security software,
alarm surveillance
Related:analysis, fault, networks, security software,
alert
Related:attack, audit, communications security, networks, security,
algorithm
Includes:Digital Signature Algorithm, International Data Encryption Algorithm, Rivest-Shamir-Adelman algorithm, asymmetric algorithm, crypto-algorithm, message digest algorithm 5, secure hash algorithm, symmetric algorithm,
Related:Data Encryption Standard, cryptanalysis, cryptographic key, cryptographic module, cryptography, cyclic redundancy check, initialization vector, key-escrow system, metric,
alias
Related:anonymous, masquerade,
alignment
allowed traffic
Related:bit forwarding rate, rule set, test,
alternate COMSEC custodian
IncludedBy:communications security,
American institute of certified public accountants
American National Standards Institute
Related:automated information system,
American Standard Code for Information Interchange
Related:automated information system,
analog signal
analysis
Includes:SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit analysis, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, fault analysis, gap analysis, information sharing and analysis center, mutation analysis, requirements analysis, risk analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, static analysis, threat analysis, traffic analysis, value analysis, vulnerability analysis,
Related:Federal Standard 1027, HMAC, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, cryptology, cryptoperiod, electronic security, elliptic curve cryptography, emanations security, emissions security, error seeding, evaluation assurance, fault injection, flaw hypothesis methodology, flooding, functional test case design, global requirements, independent validation and verification, instrumentation, judgment sample, known-plaintext attack, local requirements, model, national computer security assessment program, one-time pad, reference monitor, reference validation mechanism, risk assessment, risk identification, risk management, security test and evaluation, symbolic execution, system development, system development methodologies, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, vulnerability,
Synonym:evaluation, test,
analysis of alternatives
IncludedBy:analysis,
ankle-biter
IncludedBy:threat,
anomaly
Related:bug, failure, fault, software,
anomaly detection
IncludedBy:security software,
anomaly detection model
IncludedBy:model, security policy model,
anonymity
IncludedBy:user,
Related:identification,
anonymous
Related:alias, attack, privacy, security,
anonymous and guest login
Related:authentication,
anonymous login
IncludedBy:internet,
Related:access control, passwords, threat,
anti-jam
IncludedBy:communications security,
anti-jamming
IncludedBy:communications security,
anti-spoof
Antonym:spoofing,
Related:security software,
antivirus software
IncludedBy:security software,
Related:virus,
appendix
applet
Related:world wide web,
applicant
application
IncludedBy:software,
application controls
Related:security controls,
application entity
application gateway firewall
IncludedBy:firewall,
application generator
Related:software,
application level gateway
Related:firewall,
Synonym:application proxy,
application program interface
IncludedBy:security, software,
Related:networks,
application programming interface
Related:software,
application proxy
IncludedBy:firewall, proxy,
Includes:forwarder, gateway,
Related:access control, audit,
Synonym:application level gateway,
application software
IncludedBy:software,
application system
Related:automated information system,
application-level firewall
IncludedBy:firewall, security,
approach
approval for service use
approval/accreditation
IncludedBy:accreditation,
Related:TEMPEST, communications security, evaluation, security, software,
approved technologies list
IncludedBy:Common Criteria Testing Laboratory, National Information Assurance partnership,
Related:accreditation, computer security, evaluation, test,
approved test methods list
IncludedBy:Common Criteria Testing Laboratory, National Information Assurance partnership, test,
Related:accreditation, computer security, evaluation,
architectural design
IncludedBy:software development, target of evaluation,
architecture
archive
IncludedBy:recovery,
Related:audit, backup, certificate, digital signature, key, public-key infrastructure,
Synonym:archiving,
archiving
Related:backup,
Synonym:archive,
area interswitch rekeying key
IncludedBy:key,
areas of control
areas of potential compromise
IncludedBy:vulnerability,
Related:minimum essential infrastructure,
ARPANET
IncludedBy:internet, networks,
as is process model
IncludedBy:model,
Related:baseline, business process,
assembly
Related:communications security,
assessment
Related:analysis,
asset
IncludedBy:target of evaluation,
Related:counter measures,
assignment
IncludedBy:protection profile,
association
Related:risk,
assurance
IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, target of evaluation,
Includes:National Information Assurance partnership, assurance approach, assurance authority, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, automated information system, configuration management, correctness, defense-wide information assurance program, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, identification and authentication, information assurance, infrastructure assurance, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, software quality assurance, test,
Related:advanced self-protection jammer, augmentation, authentication, bebugging, closed security environment, communications deception, component dependencies, component extensibility, component hierarchy, computer security, computing security methods, confidence coefficient, confidentiality, controlled access protection, data privacy, demilitarized zone, electronic protection, environmental failure protection, error seeding, exploit, extension, fetch protection, file protection, functional protection requirements, hardening, information protection policy, infrastructure protection, level of protection, lock-and-key protection system, minimum level of protection, network security, non-repudiation, open security environment, package, physical protection, port protection device, privacy protection, product rationale, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, purge, quality of protection, security evaluation, security goals, security target, suspicious activity report, trusted computer system, trusted computing system, validation,
assurance approach
IncludedBy:assurance,
assurance authority
IncludedBy:assurance,
assurance component
IncludedBy:Common Criteria for Information Technology Security Evaluation, assurance, component,
assurance element
IncludedBy:assurance,
assurance level
IncludedBy:assurance,
assurance method
IncludedBy:assurance,
assurance profile
IncludedBy:assurance,
assurance results
IncludedBy:assurance,
assurance scheme
IncludedBy:assurance,
assurance stage
IncludedBy:assurance,
asymmetric algorithm
IncludedBy:algorithm, asymmetric cryptography,
Includes:Diffie-Hellman, Rivest-Shamir-Adleman, elliptic curve cryptosystem, private key, public key, public-key cryptography standards,
asymmetric cipher
IncludedBy:asymmetric cryptography,
asymmetric cryptographic algorithm
IncludedBy:encryption, key,
asymmetric cryptographic technique
IncludedBy:asymmetric cryptography,
asymmetric cryptography
Includes:asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public key derivation function, public key information, public key system,
Related:authentication, confidentiality, digital signature, encryption, key,
asymmetric encipherment system
IncludedBy:asymmetric cryptography, system,
asymmetric encryption algorithm
IncludedBy:asymmetric cryptography,
asymmetric key pair
IncludedBy:asymmetric cryptography,
asymmetric signature system
IncludedBy:asymmetric cryptography, system,
asynchronous attacks
IncludedBy:attack,
asynchronous communication
IncludedBy:communications,
asynchronous transfer mode
IncludedBy:security,
Related:networks,
attack
Antonym:security software,
IncludedBy:incident, risk, security, threat,
Includes:C2-attack, ICMP flood, IP splicing/hijacking, SYN flood, Star Trek attack, TTY watcher, active attack, asynchronous attacks, attack potential, attack signature, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial of service, dictionary attack, eavesdropping, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, keystroke monitoring, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle, masquerade attack, masquerading, mimicking, nak attack, outside attack, outsider attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attack, rootkit, scanning, scavenging, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping,
Related:Authentication Header, Diffie-Hellman, POP3 APOP, SOF-basic, SOF-high, SOF-medium, agent, alert, anonymous, attack signature recognition, availability, bastion host, checksum, computer emergency response team/ coordination center, cookies, counter measures, cryptanalysis, elliptic curve cryptography, exploit, flaw hypothesis methodology, handler, hash function, hijacking, honeypot, indicator, internet, key validation, mailbombing, manipulation detection code, nonce, precursor, privacy system, protected checksum, salt, security audit, security management infrastructure, signature, strength of a requirement, strength of function, strength of mechanisms, survivability, threat consequence, tiger team, traceability, trusted process, victim, vulnerability, vulnerability assessment,
attack potential
IncludedBy:attack,
attack signature
IncludedBy:attack, attack signature recognition,
Related:audit,
attack signature recognition
IncludedBy:security software,
Includes:attack signature, virus signature,
Related:attack,
attention character
Related:communications, trust, user,
attribute
Related:quality,
attribute authority
IncludedBy:public-key infrastructure,
Related:certificate, trust,
attribute certificate
IncludedBy:certificate,
Related:cryptography, digital signature, identification, key,
attribute sampling
audit
IncludedBy:security,
Includes:audit charter, audit plan, audit program, audit service, audit software, audit trail, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, multihost based auditing, security audit, test, vulnerability audit,
Related:Identification Protocol, accountability, alert, application proxy, archive, attack signature, distributed computing environment, functional component, gap analysis, host based, independence, intrusion detection, intrusion detection system, key management, key-escrow, keystroke monitoring, login, network based, network component, population, sas 70 report, secure single sign-on, security features, security software, sniffer, system security officer, threat monitoring, vulnerability analysis, work program,
audit charter
IncludedBy:audit,
audit plan
IncludedBy:audit,
audit program
IncludedBy:audit,
audit service
IncludedBy:audit,
audit software
IncludedBy:audit, software,
audit trail
IncludedBy:audit, threat monitoring,
Includes:automated information system, security audit trail,
Related:communications security, computer security, evidence,
Synonym:logging,
auditing tool
IncludedBy:audit,
Related:networks, passwords,
augmentation
Related:assurance,
authentic signature
Related:digital signature, trust,
authenticate
Related:certificate, digital signature, networks, public-key infrastructure, user,
authentication
IncludedBy:quality of protection, security,
Includes:3-factor authentication, Authentication Header, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, Simple Authentication and Security Layer, authentication code, authentication data, authentication exchange, authentication service, authentication system, authentication token, authentication tools, biometric authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification and authentication, implicit key authentication from A to B, key authentication, low-cost encryption/authentication device, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication,
Related:COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Protocol security, Internet Security Association and Key Management Protocol, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access control, account authority digital signature, anonymous and guest login, assurance, asymmetric cryptography, authorization, biometrics, call back, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge and reply, challenge/response, claimant, code, common data security architecture, communications security, computer cryptography, credentials, critical security parameters, crypto-algorithm, cryptographic key, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distributed computing environment, domain name system, dongle, encapsulating security payload, entity, exchange multiplicity parameter, fingerprint, handshaking procedures, hash function, impersonation, information assurance, information systems security, interleaving attack, keyed hash, keying material, man-in-the-middle, masquerading, message integrity code, network component, non-repudiation, non-repudiation service, one-time passwords, origin authenticity, password system, passwords, personal identification number, point-to-point protocol, pretty good privacy, privacy enhanced mail, proxy, proxy server, public-key forward secrecy, realm, registration, registration authority, replay attack, sandboxed environment, secret, secure shell, secure socket layer, security association identifier, security controls, security mechanism, simple network management protocol, single sign-on, software, spoofing, system entity, system entry, test, third party trusted host model, tokens, trust, trusted identification, trusted identification forwarding, trusted third party, user, user identifier, validate vs. verify, verifier, vulnerability,
authentication code
IncludedBy:authentication,
Related:cryptography, encryption, software,
authentication data
IncludedBy:authentication,
authentication exchange
IncludedBy:authentication,
Authentication Header
IncludedBy:Internet Protocol security, authentication, security protocol,
Related:attack, confidentiality,
authentication information
IncludedBy:3-factor authentication,
authentication service
IncludedBy:authentication,
Related:networks,
authentication system
IncludedBy:authentication, system,
Related:cryptography,
authentication token
IncludedBy:authentication, tokens,
authentication tools
IncludedBy:authentication, security software,
authenticator
authenticity
IncludedBy:integrity,
Related:trust,
authority
Related:certificate, certification, public-key infrastructure,
authority certificate
IncludedBy:certificate,
Related:certification,
authority revocation list
Related:certificate, key,
authorization
IncludedBy:user,
Includes:ACL-based authorization, access control, access control list, authorized, authorized user, centralized authorization, list-oriented, multilevel security, permissions, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented,
Related:authentication, authorized person, hacker, intruder, intrusion, intrusion detection, least privilege, trust, vulnerability,
Synonym:authorize,
authorize
IncludedBy:Secure Electronic Transaction,
Includes:delegation,
Synonym:authorization,
authorize processing
Related:risk,
authorized
IncludedBy:authorization,
Related:no-lone zone,
authorized person
Related:authorization,
Synonym:authorized user,
authorized user
IncludedBy:authorization,
Synonym:authorized person,
authorized vendor
Related:cryptography,
authorized vendor program
auto-manual system
IncludedBy:system,
automated clearing house
automated data processing
HasPreferred:automated information system,
automated data processing security
HasPreferred:Automated Information System security,
automated data processing system
IncludedBy:automated information system, system,
Related:software,
automated information system
IncludedBy:accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, modes of operation, security, system,
Includes:Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed data processing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, life cycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, networks, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation,
PreferredFor:IT system, automated data processing,
Related:American National Standards Institute, American Standard Code for Information Interchange, PCMCIA, application system, backus-naur form, computer, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, network protocol stack, nibble, object code, object-oriented programming, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload,
Automated Information System security
IncludedBy:automated information system, risk management, subcommittee on Automated Information System security, system,
Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards,
PreferredFor:automated data processing security,
Related:denial of service, security software, software,
Synonym:computer security,
automated key distribution
IncludedBy:key, key management,
Related:networks,
automated key management center
IncludedBy:key,
automated key management system
IncludedBy:key, system,
automated office support systems
IncludedBy:system,
automated security incident measurement
IncludedBy:incident, security software,
Related:networks,
automated security monitoring
IncludedBy:risk management, security software,
Related:software,
automatic digital network
IncludedBy:networks,
automatic key distribution center
IncludedBy:key,
automatic key distribution/rekeying control unit
IncludedBy:key,
automatic log-on
automatic remote rekeying
IncludedBy:key,
autonomous message switch
auxiliary power unit
auxiliary vector
availability
IncludedBy:risk management,
Includes:availability of data, availability service, business continuity plan, business impact analysis, contingency plan, contingency planning, object, privacy, authentication, integrity, non-repudiation, recovery, token backup,
Related:Common Criteria for Information Technology Security, IT security, National Computer Security Center, access control, attack, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial of service, entry-level certification, failure, hardening, information assurance, information security, intrusion, levels of concern, maintainability, mid-level certification, minimum essential infrastructure, mirroring, post-accreditation phase, reliability, remediation, requirements for procedures and standards, retro-virus, security, security controls, security event, security goals, security policy, software, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, user, vaulting, vulnerability,
availability of data
IncludedBy:availability,
Related:user,
availability service
IncludedBy:availability,
Related:access control,
back door
IncludedBy:threat,
Related:software,
Synonym:trap door,
back up vs. backup
IncludedBy:contingency plan,
backup
IncludedBy:recovery,
Related:archive, archiving, fallback procedures, mirroring, vaulting,
backup generations
IncludedBy:contingency plan,
backup operations
IncludedBy:contingency plan,
Related:business process,
backup plan
IncludedBy:contingency plan,
backup procedures
IncludedBy:recovery,
Related:failure,
backus-naur form
Related:automated information system,
baggage
IncludedBy:Secure Electronic Transaction,
Related:encryption,
bandwidth
PreferredFor:information rate,
Related:channel capacity, communications, networks,
bank identification number
IncludedBy:Secure Electronic Transaction, identification,
banking and finance
IncludedBy:critical infrastructure,
banner
barograph
barometer
baseline
IncludedBy:security,
Includes:baseline architecture, baseline controls, baseline management, baselining, security requirements baseline,
Related:as is process model, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version,
baseline architecture
IncludedBy:baseline,
baseline controls
IncludedBy:baseline,
Related:security controls,
baseline management
IncludedBy:baseline, configuration management,
baselining
IncludedBy:baseline,
basic component
IncludedBy:component,
Basic Encoding Rules
IncludedBy:Abstract Syntax Notation One,
Includes:Distinguished Encoding Rules,
bastion host
IncludedBy:automated information system, firewall,
Related:attack, networks, software,
batch mode
IncludedBy:automated information system,
batch processing
IncludedBy:automated information system,
bebugging
Related:assurance, test,
Synonym:error seeding,
Bell-LaPadula model
HasPreferred:Bell-LaPadula security model,
Bell-LaPadula security model
IncludedBy:formal security policy model, model, security model,
Includes:*-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject,
PreferredFor:Bell-LaPadula model, tranquility property,
Related:access control, classification level, computer security, confinement property,
benchmark
Related:business process, evaluation, software, test,
benchmarking
Related:quality,
benign
Related:counter measures, cryptography,
benign environment
Related:counter measures, security,
best practices
IncludedBy:risk management,
Related:business process, recommended practices,
between-the-lines-entry
IncludedBy:attack,
Includes:piggyback,
Related:unauthorized access,
beyond A1
IncludedBy:trusted computer system,
Related:evaluation, security,
bias
Biba Integrity model
IncludedBy:formal security policy model, model,
Synonym:Biba model,
Biba model
IncludedBy:model,
Related:trust,
Synonym:Biba Integrity model,
big-endian
IncludedBy:automated information system,
bilateral trust
IncludedBy:public-key infrastructure, trust,
Related:business process,
bill payment
Related:internet,
bill presentment
Related:internet,
bind
Related:certificate, digital signature, key, public-key infrastructure,
binding
Related:cryptography, key, security, trust,
binding of functionality
IncludedBy:target of evaluation,
Related:security,
binding of security functionality
IncludedBy:security,
biometric authentication
IncludedBy:authentication,
Includes:thumbprint,
Related:3-factor authentication,
biometrics
IncludedBy:security,
Related:authentication,
bit
IncludedBy:automated information system,
bit error rate
Related:communications,
bit forwarding rate
Related:allowed traffic, goodput, illegal traffic, rejected traffic, test, unit of transfer,
BLACK
Related:communications security, cryptography, security,
black-box testing
IncludedBy:test,
Related:analysis, functional test case design, functional testing, software, stress testing,
blended attack
IncludedBy:attack,
block
block chaining
Synonym:cipher block chaining,
block cipher
Related:encryption, key,
block cipher key
IncludedBy:key,
Blowfish
IncludedBy:symmetric cryptography,
Related:key,
blue box devices
IncludedBy:threat,
bomb
IncludedBy:threat,
Related:failure, software,
boot sector virus
IncludedBy:virus,
bounce
Related:email,
boundary
boundary value
Related:stress testing,
boundary value analysis
IncludedBy:analysis,
Related:test,
boundary value coverage
Related:test,
boundary value testing
IncludedBy:test,
branch coverage
Related:test,
brand
IncludedBy:Secure Electronic Transaction,
Related:networks,
brand certification authority
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:certification,
brand CRL identifier
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:digital signature,
breach
IncludedBy:threat,
Related:security,
break
Related:analysis, cryptography, encryption, key, networks,
brevity list
bridge
Related:router,
British Standard 7799
Related:certification, security,
broadband network
IncludedBy:networks,
brouters
Related:networks,
browser
IncludedBy:world wide web,
browsing
IncludedBy:attack,
brute force
IncludedBy:attack,
Related:analysis, cryptography, key,
brute force attack
IncludedBy:attack,
Related:analysis, cryptography,
buffer overflow
IncludedBy:threat,
bug
IncludedBy:threat,
Related:anomaly, defect, error, exception, fault,
bulk encryption
IncludedBy:encryption,
bulletin board services (systems)
IncludedBy:system,
business case
IncludedBy:business process,
Related:analysis, risk,
business continuity plan
IncludedBy:availability, business process,
Related:risk,
business impact analysis
IncludedBy:analysis, availability, business process, risk analysis,
business process
Includes:activity-based costing, business case, business continuity plan, business impact analysis, business process improvement, business process reengineering, constructive cost model, cost reimbursement contract, cost-risk analysis, cost/benefit, cost/benefit analysis, rolling cost forecasting technique,
Related:as is process model, backup operations, benchmark, best practices, bilateral trust, change management, contingency plan, continuity of services and operations, core or key process, hardening, integrity, legacy systems, mission critical system, process management approach, recovery site, remediation, simulation modeling, to be process model, total quality management, workload, world class organizations,
business process improvement
IncludedBy:business process, quality,
business process reengineering
IncludedBy:business process,
Related:quality,
bypass label processing
byte
IncludedBy:automated information system,
C2-attack
IncludedBy:attack,
Related:C2-protect,
C2-protect
IncludedBy:Orange book, security,
Related:C2-attack, command and control,
CA certificate
IncludedBy:certificate,
Related:digital signature, key,
call back
IncludedBy:security,
Related:authentication,
call back security
IncludedBy:security,
Canadian Trusted Computer Product Evaluation Criteria
IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, trust,
candidate TCB subset
IncludedBy:trusted computing base,
Includes:object, subject,
Related:evaluation, identification, software,
canister
capability
Includes:object,
Related:certificate, critical infrastructure, public-key infrastructure, risk, tokens,
capacity
CAPSTONE chip
IncludedBy:National Security Agency,
Related:Fortezza, cryptography, key,
card backup
HasPreferred:token backup,
cardholder
IncludedBy:Secure Electronic Transaction,
Related:software,
cardholder certificate
IncludedBy:Secure Electronic Transaction, certificate,
Related:encryption, tokens,
cardholder certification authority
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:certificate, certification, tokens,
cascading
Related:accreditation, networks,
CASE tools
Related:model, software, test,
CAST
IncludedBy:symmetric cryptography,
Related:encryption,
category
Includes:object,
Related:security,
cause and effect diagram
HasPreferred:fishbone diagram,
CCI assembly
Related:communications security, cryptography,
CCI component
Related:communications security, cryptography,
CCI equipment
Related:communications, communications security, cryptography,
CCITT
IncludedBy:ITU-T,
cell
cellular telephone
cellular transmission
Related:communications, networks,
center for information technology excellence
central office of record
Related:communications security,
central processing unit
IncludedBy:automated information system,
centralized authorization
IncludedBy:access control, authorization,
centralized data processing
IncludedBy:automated information system,
centrally-administered network
IncludedBy:networks,
certificate
IncludedBy:Multilevel Information System Security Initiative, Secure Electronic Transaction, certification authority, pretty good privacy, privacy enhanced mail, user, web of trust,
Includes:CA certificate, X.509 attribute certificate, X.509 certificate, X.509 public-key certificate, attribute certificate, authority certificate, cardholder certificate, cross-certificate, digital certificate, encryption certificate, merchant certificate, organizational certificate, public-key certificate, root certificate, self-signed certificate, signature certificate, trusted certificate, v1 certificate, v2 certificate, v3 certificate, valid certificate,
Related:ABA Guidelines, Abstract Syntax Notation One, Cryptographic Message Syntax, Distinguished Encoding Rules, Federal Public-key Infrastructure, MISSI user, Minimum Interoperability Specification for PKI Components, On-line Certificate Status Protocol, PKCS #10, PKIX, RA domains, SET private extension, SET qualifier, X.500 Directory, X.509, X.509 authority revocation list, X.509 certificate revocation list, accreditation, archive, attribute authority, authenticate, authority, authority revocation list, bind, capability, cardholder certification authority, certificate authority, certificate chain, certificate chain validation, certificate creation, certificate expiration, certificate extension, certificate holder, certificate management, certificate owner, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate revocation list, certificate revocation tree, certificate serial number, certificate status responder, certificate update, certificate user, certificate validation, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, certify, common name, compromised key list, critical, cross-certification, cryptoperiod, delta CRL, digital id, directory vs. Directory, distinguished name, distribution point, domain, end entity, evaluation, extension, geopolitical certificate authority, hierarchy management, indirect certificate revocation list, invalidity date, issue, issuer, key, key lifetime, key material identifier, merchant certification authority, mesh PKI, organizational registration authority, path discovery, path validation, payment gateway certification authority, personality label, policy, policy approving authority, policy creation authority, policy mapping, privilege management infrastructure, registration, registration authority, relying party, repository, revocation, revocation date, revocation list, root, secure hypertext transfer protocol, security event, slot, strong authentication, subject, subordinate certification authority, test, ticket, token management, trust-file PKI, trusted key, unforgeable, v1 CRL, v2 CRL, valid signature, validate vs. verify, validity period, world wide web,
certificate authority
HasPreferred:certification authority,
IncludedBy:public-key infrastructure,
Related:certificate, certification, test,
certificate authority workstation
certificate chain
Related:certificate, certification, public-key infrastructure,
certificate chain validation
Related:certificate, public-key infrastructure,
certificate creation
IncludedBy:public-key infrastructure,
Related:certificate,
certificate directory
IncludedBy:public-key infrastructure,
certificate domain
Related:security,
certificate domain parameters
Related:cryptography, public-key infrastructure,
certificate expiration
PreferredFor:expire,
Related:certificate, public-key infrastructure,
certificate extension
IncludedBy:extension,
Related:certificate,
certificate holder
Related:certificate,
certificate management
IncludedBy:public-key infrastructure,
Related:certificate, key,
certificate management services
Related:public-key infrastructure,
certificate owner
Related:certificate, world wide web,
certificate policy
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:authentication, certificate, key, trust,
certificate policy qualifier
IncludedBy:public-key infrastructure,
Related:certificate, key,
certificate reactivation
IncludedBy:public-key infrastructure,
Related:certificate,
certificate rekey
IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,
Related:certificate, key,
certificate renewal
IncludedBy:public-key infrastructure,
PreferredFor:renew,
Related:certificate, key,
certificate request
IncludedBy:public-key infrastructure,
Related:certificate, certification,
certificate revocation
IncludedBy:public-key infrastructure,
Includes:revocation,
PreferredFor:revoke,
Related:certificate,
certificate revocation list
IncludedBy:certification authority, user,
Includes:revocation list,
Related:accreditation, authentication, certificate, evaluation, key,
certificate revocation tree
Related:certificate, hash,
certificate serial number
PreferredFor:serial number,
Related:certificate,
certificate status responder
IncludedBy:public-key infrastructure,
Related:authentication, certificate, trust,
certificate update
IncludedBy:public-key infrastructure,
Related:certificate, key,
certificate user
IncludedBy:user,
Related:certificate, key,
certificate validation
IncludedBy:public-key infrastructure,
Related:certificate, certification, digital signature, key, trust,
certification
IncludedBy:Multilevel Information System Security Initiative, Secure Electronic Transaction,
Includes:IT security certification, accreditation, automated information system, certification agent or certifier, certification authority, certification body, certification phase, entry-level certification, evaluation, mid-level certification, pre-certification phase, requirements, security certification level, site certification, top-level certification,
Related:British Standard 7799, Internet Policy Registration Authority, MISSI user, RA domains, SET qualifier, SSO PIN, authority, authority certificate, brand certification authority, cardholder certification authority, certificate authority, certificate chain, certificate request, certificate validation, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, computer security, extension, external security controls, geopolitical certificate authority, hierarchical PKI, hierarchy management, hierarchy of trust, key, merchant certification authority, path discovery, path validation, payment gateway certification authority, penetration test, policy approving authority, policy certification authority, policy creation authority, pre-authorization, privacy enhanced mail, public-key certificate, public-key infrastructure, root, root certificate, security event, security program manager, security test & evaluation, subordinate certification authority, test, top CA, trust, trust chain, trust hierarchy, trust-file PKI, trusted certificate, trusted key, validate vs. verify,
certification agent or certifier
IncludedBy:certification,
Related:risk, security,
certification and accreditation
IncludedBy:accreditation, evaluation, requirements, risk,
certification authorities
IncludedBy:public-key infrastructure,
certification authority
IncludedBy:certification, public-key infrastructure, trust,
Includes:certificate, certificate revocation list, credentials, cross-certification, non-repudiation, root CA,
PreferredFor:certificate authority,
Related:key, user,
certification authority digital signature
IncludedBy:public-key infrastructure,
Related:authentication,
certification authority workstation
IncludedBy:public-key infrastructure,
Related:certificate, certification,
certification body
IncludedBy:certification,
certification hierarchy
IncludedBy:Multilevel Information System Security Initiative, Secure Electronic Transaction, public-key infrastructure,
Related:certificate, certification, internet, key,
certification package
certification path
IncludedBy:public-key infrastructure,
Related:certificate, certification, digital signature, key, trust,
certification phase
IncludedBy:certification,
Related:accreditation, security, verification,
certification policy
Related:certificate, certification, public-key infrastructure,
certification practice statement
IncludedBy:public-key infrastructure,
Related:certificate, certification, trust,
certification request
IncludedBy:public-key infrastructure,
Related:certificate, certification, key,
certification service
IncludedBy:public-key infrastructure,
certification test and evaluation
IncludedBy:evaluation, test,
certified information systems security professional
IncludedBy:computer security, system,
certified TEMPEST technical
IncludedBy:TEMPEST,
Certified TEMPEST Technical Authority
IncludedBy:TEMPEST,
certifier
Related:accreditation,
certify
Related:certificate, key, public-key infrastructure,
CGI scripts
IncludedBy:common gateway interface, software, threat, world wide web,
challenge
IncludedBy:challenge/response,
challenge and reply
Related:authentication,
Challenge Handshake Authentication Protocol
IncludedBy:authentication, challenge/response, security protocol,
Related:cryptography, hash, key,
Challenge-Response Authentication Mechanism
IncludedBy:authentication, challenge/response,
Related:hash, key, shared secret,
challenge/response
IncludedBy:user,
Includes:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, challenge,
Related:3-factor authentication, Extensible Authentication Protocol, IMAP4 AUTHENTICATE, POP3 AUTH, authentication, tokens,
change control and life cycle management
IncludedBy:software development,
change management
Related:business process, test,
channel
Includes:communication channel, covert channel, covert storage channel, covert timing channel, exploitable channel, internal communication channel, overt channel, security-compliant channel, trusted channel,
channel capacity
Related:bandwidth, communications,
check character
IncludedBy:error detection code, integrity,
Includes:check character system,
check character system
IncludedBy:check character, system,
check digits
check word
Related:cryptography, check_password
check_password
IncludedBy:attack,
Related:passwords,
checksum
IncludedBy:integrity,
Related:attack, counter measures, cryptography, hash, networks,
Chernobyl packet
IncludedBy:threat,
Related:networks,
chief information officer
chosen-ciphertext attack
IncludedBy:attack,
Related:analysis, key,
chosen-plaintext attack
IncludedBy:attack,
Related:analysis, cryptography, key,
cipher
Related:encryption,
cipher block chaining
Synonym:block chaining,
cipher feedback
IncludedBy:cryptography,
cipher text auto-key
IncludedBy:key,
ciphertext
Related:encryption,
ciphertext key
HasPreferred:encrypted key,
ciphertext-only attack
IncludedBy:attack,
Related:analysis, key,
ciphony
circuit control officer
circuit level gateway
Related:firewall,
Synonym:circuit proxy,
circuit proxy
IncludedBy:firewall, proxy,
Synonym:circuit level gateway,
circuit switching
Related:communications, networks,
civil liberties
claimant
Related:authentication,
Clark Wilson integrity model
IncludedBy:model,
Related:access control, software,
class 2, 3, 4, or 5
IncludedBy:public-key infrastructure,
Related:identification, key, tokens,
class
class hierarchy
Related:networks,
class object
classification
HasPreferred:classification level,
classification level
Includes:classified, default classification, secret, sensitive, sensitive but unclassified, trust level,
PreferredFor:classification,
Related:Bell-LaPadula security model, Internet Protocol Security Option, clearance level, compartment, confinement property, controlled security mode, dedicated security mode, dominated by, dominates, downgrade, lattice model, mode of operation, modes of operation, multilevel security, multilevel security mode, non-discretionary security, regrade, risk index, sanitize, security, security label, security level, security situation, sensitivity label, system-high security mode, user,
classified
Antonym:unclassified,
IncludedBy:classification level,
Related:confidentiality, security,
classified information
clean system
IncludedBy:system,
Related:risk, security, software, trust,
clearance
HasPreferred:security clearance,
clearance level
Related:classification level, security, security clearance,
clearing
cleartext
Antonym:encryption,
PreferredFor:plain text,
client
client server
IncludedBy:automated information system,
Related:communications, model,
Clipper chip
IncludedBy:National Institute of Standards and Technology, National Security Agency,
Includes:Law Enforcement Access Field,
Related:cryptography, encryption, key, tamper,
closed security environment
IncludedBy:security, software development,
Related:assurance,
closed user group
IncludedBy:user,
cluster sample
coaxial cable
code
Related:authentication, communications security, encryption, hash,
code amber
IncludedBy:critical infrastructure, threat,
code book
Related:encryption,
code coverage
Related:analysis, test,
code division multiple access
IncludedBy:security,
Related:cryptography,
code green
IncludedBy:critical infrastructure,
code group
code red
IncludedBy:critical infrastructure, threat,
code vocabulary
coded switch system
IncludedBy:system,
coding
Related:software,
coefficient of variation
cold site
IncludedBy:disaster recovery,
Related:hot site,
cold start
Related:cryptography, user,
collision-resistant hash function
IncludedBy:hash,
color change
command and control
Includes:command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, global command and control system, nuclear command and control document,
Related:C2-protect, Defense Information Infrastructure,
command and control warfare
IncludedBy:command and control, warfare,
Related:security,
command, control, and communications
IncludedBy:command and control, communications,
command, control, communications and computers
IncludedBy:command and control, communications,
command, control, communications and intelligence
IncludedBy:command and control, communications,
Commercial COMSEC
IncludedBy:communications security,
Related:evaluation,
Commercial COMSEC Endorsement Program
IncludedBy:communications security,
commercial off the shelf
Includes:COTS software,
commercial software
IncludedBy:software,
Committee of sponsoring organizations (of the Treadway Commission)
Common Criteria
Related:computer security,
Synonym:Common Criteria for Information Technology Security,
Common Criteria for Information Technology Security
IncludedBy:National Institute of Standards and Technology, computer security, security,
Includes:Common Criteria for Information Technology Security Evaluation, National Information Assurance partnership,
Related:National Security Agency, availability, confidentiality, cryptography, emanation, emanations security, evaluation, networks, software, threat, trust,
Synonym:Common Criteria,
Common Criteria for Information Technology Security Evaluation
IncludedBy:Common Criteria for Information Technology Security, computer security, criteria, evaluation,
Includes:Canadian Trusted Computer Product Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria, assurance component, common criteria version 1.0, common criteria version 2.0, component dependencies, component extensibility, component hierarchy, component operations, evaluation assurance level, functional component, protection profile, security target, trusted gateway,
Related:risk,
Common Criteria Testing Laboratory
IncludedBy:National Information Assurance partnership, test,
Includes:Evaluation Technical Report, Evaluation Work Plan, Monitoring of Evaluations, Scope of Accreditation, Validation Certificate, approved technologies list, approved test methods list, deliverables list, designated laboratories list, designating authority, designation policy, observation reports,
Related:accreditation, computer security, evaluation,
Common Criteria Testing Program
IncludedBy:National Information Assurance partnership, test,
Related:evaluation,
common criteria version 1.0
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Related:computer security,
common criteria version 2.0
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Related:computer security,
common data security
IncludedBy:common data security architecture,
common data security architecture
Includes:common data security, common security, common security services manager, cryptographic service, cryptographic service providers,
PreferredFor:communication and data security architecture,
Related:authentication,
Common Evaluation Methodology
IncludedBy:National Information Assurance partnership, evaluation,
common fill device
common gateway interface
IncludedBy:world wide web,
Includes:CGI scripts,
common interswitch rekeying key
IncludedBy:key,
Common IP Security Option
IncludedBy:security,
common name
IncludedBy:public-key infrastructure,
Related:certificate, key,
common security
IncludedBy:common data security architecture,
Related:public-key infrastructure, trust,
common security services manager
IncludedBy:common data security architecture,
common vulnerabilities and exposures
IncludedBy:exposure, vulnerability,
communication and data security architecture
HasPreferred:common data security architecture,
communication channel
IncludedBy:channel, communications,
Includes:internal communication channel,
Related:networks,
communication equipment room
IncludedBy:communications,
communication link
IncludedBy:communications,
communications
IncludedBy:communications security, networks,
Includes:asynchronous communication, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, communication channel, communication equipment room, communication link, communications cover, communications electronics operating instruction, communications profile, communications protocol, data communications, defense communications system, imitative communications, internal communication channel, private communication technology, protected communications, telecommunications,
Related:CCI equipment, Integrated services digital network, OSI architecture, active wiretapping, attention character, bandwidth, bit error rate, cellular transmission, channel capacity, circuit switching, client server, cross-talk, dial-up, dial-up line, digital telephony, distributed processing, electronic commerce, electronic data interchange, extraction resistance, frequency hopping, gateway, help desk, host, information processing standard, information superhighway, information technology, information technology system, interface, internet control message protocol, internet protocol, internetwork, line conditioning, line conduction, link, local loop, local-area netwokr, message indicator, multicast, network architecture, network configuration, network device, network management architecture, network management protocol, network weaving, open system interconnection model, operations code, outage, privacy system, protocol, protocol suite, remote access, remote terminal emulation, secure hypertext transfer protocol, secure socket layer, signaling, simple network management protocol, subnetwork, telecommuting, teleprocessing, trusted gateway, tunnel, user data protocol, virtual private network, wide-area network,
communications cover
IncludedBy:communications,
communications deception
IncludedBy:security,
Related:assurance,
communications electronics operating instruction
IncludedBy:communications,
communications profile
IncludedBy:communications,
Related:communications security,
communications protocol
IncludedBy:communications,
communications security
IncludedBy:Automated Information System security,
Includes:COMSEC Material Control System, COMSEC Parent Switch, COMSEC Resources Program, COMSEC Subordinate Switch, COMSEC Utility Program, COMSEC account, COMSEC account audit, COMSEC aid, COMSEC boundary, COMSEC chip set, COMSEC control program, COMSEC custodian, COMSEC end-item, COMSEC equipment, COMSEC facility, COMSEC incident, COMSEC insecurity, COMSEC manager, COMSEC material, COMSEC modification, COMSEC module, COMSEC monitoring, COMSEC profile, COMSEC survey, COMSEC system data, COMSEC training, Commercial COMSEC, Commercial COMSEC Endorsement Program, Internet Protocol security, National COMSEC Advisory Memorandum, National COMSEC Information Memorandum, National COMSEC Instruction, advanced self-protection jammer, alternate COMSEC custodian, anti-jam, anti-jamming, communications, communications security element, crypto-security, emissions security, meaconing, intrusion, jamming, and interference, network security, network security architecture, network security architecture and design, network security officer, subcommittee on telecommunications security, telecommunications security,
Related:BLACK, CCI assembly, CCI component, CCI equipment, CRYPTO, FIPS PUB 140-1, Federal Public-key Infrastructure, RED, RED/BLACK separation, Secure Data Exchange, TSEC nomenclature, access control list, accountability, accounting legend code, accounting number, alert, approval/accreditation, assembly, audit trail, authentication, central office of record, code, communications profile, computer emergency response team, confidentiality, cryptography, data transfer device, design controlled spare parts, direct shipment, drop accountability, electronic attack, electronic key management, electronic key management system, electronically generated key, element, encryption algorithm, fill device, fixed COMSEC facility, frequency hopping, incident, information security, key, key distribution center, limited maintenance, local management device/key processor, long title, mandatory modification, network sponsor, optional modification, procedural security, protective packaging, repair action, security architecture, security incident, security net control station, short title, supersession, systems security steering group, test key, time-compliance date, traditional, transmission security, trusted path, two-person integrity, updating, user representative,
communications security element
IncludedBy:communications security,
community string
Related:passwords,
compartment
Related:access control, classification level,
compartment key
IncludedBy:key,
compartmentalization
compartmented mode
Related:user,
compartmented security mode
IncludedBy:modes of operation, security,
competition
compiler
IncludedBy:software development,
Related:source code,
completeness
Related:software,
component
IncludedBy:component dependencies, component extensibility, component hierarchy, component operations, component reference monitor, construction of TOE requirements, target of evaluation,
Includes:assurance component, basic component, development assurance component, evaluation assurance component, functional component, functional unit, network component,
Related:networks, software, test,
component dependencies
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Includes:component,
Related:assurance,
component extensibility
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Includes:component, security target,
Related:assurance,
component hierarchy
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Includes:component,
Related:assurance,
component operations
IncludedBy:Common Criteria for Information Technology Security Evaluation,
Includes:component, security policy, threat,
component reference monitor
IncludedBy:access control,
Includes:component, object, subject,
compromise
IncludedBy:incident, threat,
Includes:data compromise, security compromise,
Related:cryptography, key, security,
compromised key list
IncludedBy:Multilevel Information System Security Initiative, key, public-key infrastructure, threat, user,
Related:certificate, identification,
compromising emanation performance requirement
IncludedBy:emanations security, risk,
compromising emanations
IncludedBy:TEMPEST, emanations security, threat,
computer
Related:automated information system,
computer abuse
IncludedBy:automated information system, threat,
Related:availability, confidentiality, denial of service,
computer architecture
IncludedBy:security architecture,
Includes:object,
Related:software,
computer cryptography
Related:authentication,
computer emergency response team
IncludedBy:security,
Includes:Forum of Incident Response and Security Teams, computer emergency response teams' coordination center,
Related:Computer Incident Advisory Capability, availability, communications security, computer security, computer security incident response team, incident, integrity, internet, networks, threat,
computer emergency response team/ coordination center
Related:attack, internet,
computer emergency response teams' coordination center
IncludedBy:computer emergency response team,
computer forensics
PreferredFor:Forensics,
computer fraud
IncludedBy:fraud, threat,
Related:software,
Computer Incident Advisory Capability
IncludedBy:incident,
Related:computer emergency response team,
computer incident assessment capability
IncludedBy:incident,
computer intrusion
IncludedBy:attack, incident, intrusion,
Related:unauthorized access,
computer network
IncludedBy:networks,
Related:internet,
computer network attack
IncludedBy:attack, networks,
computer network defense
IncludedBy:networks,
computer operations, audit, and security technology
IncludedBy:audit,
Related:computer security,
computer oracle and password system
IncludedBy:security software, system,
Related:networks, passwords, software,
computer related controls
Related:availability, confidentiality, security controls,
computer related crime
IncludedBy:threat,
computer security
IncludedBy:security,
Includes:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Computer Security Objects Register, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IS security architecture, IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security certification, IT security policy, IT security product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, Multilevel Information System Security Initiative, National Computer Security Center, National Computer Security Center glossary, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, certified information systems security professional, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computing security methods, emissions security, information system security officer, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, information systems security policy, multilevel information systems security initiative, national computer security assessment program, national telecommunications and information system security directives, program automated information system security incident support team, subcommittee on Automated Information System security,
Related:Bell-LaPadula security model, Common Criteria, Common Criteria Testing Laboratory, Evaluation Work Plan, Federal Criteria Vol. I, Federal Information Processing Standards, Forum of Incident Response and Security Teams, National Security Decision Directive 145, National Voluntary Laboratory Accreditation Program, Orange book, Scope of Accreditation, Trusted Computer System Evaluation Criteria, Yellow book, access control, accreditation range, approved technologies list, approved test methods list, assurance, audit trail, availability, certification, common criteria version 1.0, common criteria version 2.0, computer emergency response team, computer operations, audit, and security technology, confidentiality, conformant validation certificate, control, correctness, covert channel, criteria, dedicated mode, degausser, degausser products list, deliverables list, designated, designated laboratories list, dominates, endorsed tools list, evaluated products list, evaluation, observation reports, partitioned security mode, party, preferred products list, procedural security, protection profile, public law 100-235, residual risk, risk treatment, security architecture, security purpose, security requirements, security target, security-compliant channel, sensitive information, software, subcommittee on telecommunications security, suspicious event, system high mode, systems security steering group, tamper, technology area, trusted network interpretation,
Synonym:Automated Information System security, IT security, information systems security,
computer security emergency response team
IncludedBy:computer security,
computer security incident
IncludedBy:computer security, incident,
computer security incident response capability
IncludedBy:computer security, incident,
computer security incident response team
IncludedBy:computer security, incident,
Related:computer emergency response team,
computer security intrusion
IncludedBy:computer security, intrusion,
Related:unauthorized access,
computer security object
IncludedBy:computer security,
Related:security software,
Computer Security Objects Register
IncludedBy:National Institute of Standards and Technology, computer security,
computer security subsystem
IncludedBy:computer security, system,
computer security technical vulnerability reporting program
IncludedBy:computer security,
Related:software,
computer-aided software engineering
IncludedBy:software,
computer-assisted audit technique
IncludedBy:audit,
Related:software, test,
computing security methods
IncludedBy:computer security,
Related:assurance, networks, software,
COMSEC account
IncludedBy:communications security,
COMSEC account audit
IncludedBy:communications security,
COMSEC aid
IncludedBy:communications security,
Related:key,
COMSEC boundary
IncludedBy:communications security,
Related:key,
COMSEC chip set
IncludedBy:communications security,
COMSEC control program
IncludedBy:communications security,
Related:authentication, encryption, key,
COMSEC custodian
IncludedBy:communications security,
COMSEC end-item
IncludedBy:communications security,
COMSEC equipment
IncludedBy:communications security,
Related:authentication, cryptography,
COMSEC facility
IncludedBy:communications security,
COMSEC incident
IncludedBy:communications security, incident,
COMSEC insecurity
IncludedBy:communications security,
Related:incident,
COMSEC manager
IncludedBy:communications security,
COMSEC material
IncludedBy:communications security,
Related:cryptography, key,
COMSEC Material Control System
IncludedBy:communications security, system,
COMSEC modification
IncludedBy:communications security, information systems security equipment modification,
COMSEC module
IncludedBy:communications security,
COMSEC monitoring
IncludedBy:communications security,
COMSEC Parent Switch
IncludedBy:communications security,
COMSEC profile
IncludedBy:communications security,
COMSEC Resources Program
IncludedBy:communications security,
COMSEC Subordinate Switch
IncludedBy:communications security,
COMSEC survey
IncludedBy:communications security,
COMSEC system data
IncludedBy:communications security,
Related:key,
COMSEC training
IncludedBy:communications security,
COMSEC Utility Program
IncludedBy:communications security,
concealment system
IncludedBy:system,
Related:confidentiality, security,
concept of operations
IncludedBy:security,
Related:internet,
concurrency control
concurrent connections
IncludedBy:connection,
Related:test,
confidence
Related:security, trust,
confidence coefficient
Related:assurance,
confidence interval
confidence level
confidence limits
confidentiality
IncludedBy:privacy, security,
Includes:cryptographic algorithm for confidentiality, data confidentiality, data confidentiality service, traffic flow confidentiality,
Related:Authentication Header, Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, Internet Protocol security, NULL encryption algorithm, Secure Electronic Transaction, access control, assurance, asymmetric cryptography, classified, communications security, computer abuse, computer related controls, computer security, concealment system, data privacy, data security, defense-in-depth, defense-wide information assurance program, digital envelope, encapsulating security payload, encryption algorithm, entry-level certification, hybrid encryption, information assurance, information security, internet, intrusion, key recovery, levels of concern, mid-level certification, networks, passive, post-accreditation phase, privacy enhanced mail, privacy programs, privacy protection, public-key infrastructure, requirements for procedures and standards, secure shell, secure socket layer, security controls, security event, security goals, security policy, simple network management protocol, symmetric cryptography, top-level certification, transmission security, vulnerability, wrap,
configuration
IncludedBy:configuration management, target of evaluation,
Related:software,
configuration control
IncludedBy:configuration management, target of evaluation,
Includes:object,
Related:identification, software,
configuration identification
IncludedBy:configuration management, identification,
configuration item
IncludedBy:configuration management,
Related:software,
configuration management
IncludedBy:assurance, risk management, software development,
Includes:baseline management, configuration, configuration control, configuration identification, configuration item, secure configuration management,
Related:software, test,
confinement
Includes:confinement channel, confinement property,
Related:risk,
confinement channel
IncludedBy:confinement,
Related:covert channel, covert timing channel,
confinement property
IncludedBy:confinement,
Related:Bell-LaPadula security model, classification level,
Synonym:*-property,
conformant validation certificate
Related:computer security, security, validation,
congruence
connection
IncludedBy:firewall,
Includes:concurrent connections, connection establishment, connection establishment time, connection maintenance, connection overhead, connection teardown, connection teardown time,
Related:data source, networks,
connection establishment
IncludedBy:connection,
Related:security association, test,
connection establishment time
IncludedBy:connection,
connection maintenance
IncludedBy:connection,
connection overhead
IncludedBy:connection,
connection teardown
IncludedBy:connection,
Related:test,
connection teardown time
IncludedBy:connection,
connectionless data integrity service
Related:security,
connectivity
IncludedBy:target of evaluation,
consequence management
IncludedBy:risk management,
consistency
IncludedBy:database management system,
constant surveillance service
construction
IncludedBy:target of evaluation,
construction of TOE requirements
IncludedBy:requirements, target of evaluation,
Includes:component, security target,
constructive cost model
IncludedBy:business process,
consumers
IncludedBy:user,
contamination
IncludedBy:fetch protection, file protection, incident, risk,
context-dependent access control
IncludedBy:access control,
contingency key
IncludedBy:key,
contingency plan
IncludedBy:availability,
Includes:back up vs. backup, backup generations, backup operations, backup plan, disaster plan, disaster recovery, disaster recovery plan, emergency plan, recovery procedures, redundancy,
Related:business process, failure, recovery,
contingency planning
IncludedBy:availability,
Related:recovery, security,
continuity of services and operations
IncludedBy:risk management,
Related:business process, minimum essential infrastructure, recovery,
continuous process improvement
IncludedBy:quality,
continuous signature service
contract
contracting officer representative
contractor special security officer
IncludedBy:security,
control
Related:computer security, security,
control class
Related:security,
control family
Related:security,
control identification list
Related:security,
control information
IncludedBy:cryptographic module,
control objectives
IncludedBy:risk management,
control objectives for information and related technology
control zone
IncludedBy:security,
controlled access
HasPreferred:access control,
controlled access protection
Related:access control, assurance, evaluation, trust,
controlled cryptographic item
IncludedBy:cryptography,
controlled security mode
IncludedBy:multilevel security,
Related:accreditation, classification level, software,
controlled sharing
IncludedBy:access control,
controlled space
controlling authority
Related:cryptography,
conversion
Related:software,
cookies
IncludedBy:access control,
Related:attack, internet, privacy, world wide web,
cooperative key generation
IncludedBy:key,
Related:encryption,
coordinated universal time
Related:GeneralizedTime, UTCTime,
core or key process
Related:business process,
corporate security policy
IncludedBy:policy, security policy,
correctness
IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, assurance, integrity,
Related:analysis, computer security, evidence, fault, security target, software,
correctness integrity
IncludedBy:integrity,
correctness proof
IncludedBy:security,
corruption
IncludedBy:threat consequence,
cost reimbursement contract
IncludedBy:business process,
cost-risk analysis
IncludedBy:analysis, business process, risk analysis,
cost/benefit
IncludedBy:business process,
cost/benefit analysis
IncludedBy:analysis, business process,
COTS software
IncludedBy:commercial off the shelf, software,
Related:mass-market software,
counter
counter measures
IncludedBy:risk management, threat,
Includes:electronic counter-countermeasures, electronic countermeasures, non-technical countermeasure, security counter measures, technical countermeasure, technical surveillance countermeasures,
Related:acceptable level of risk, asset, attack, benign, benign environment, checksum, information systems security engineering, internet, key, layered solution, level of protection, physical security, residual risk, risk analysis, risk assessment, security audit, security software, technology, vulnerability, work factor,
country code
coverage
Related:test,
covert channel
Antonym:overt channel, security-compliant channel,
IncludedBy:channel, exploitable channel,
Includes:covert storage channel, covert timing channel,
PreferredFor:storage channel, timing channel,
Related:access control, computer security, confinement channel, exploit,
covert channel analysis
IncludedBy:analysis,
Related:unauthorized access,
covert storage channel
IncludedBy:channel, covert channel,
Includes:subject,
covert timing channel
IncludedBy:channel, covert channel,
Related:confinement channel,
CPU time
IncludedBy:automated information system,
crack
IncludedBy:threat,
Includes:crack root, cracker, cracking,
Related:cryptography, passwords,
crack root
IncludedBy:crack,
cracker
IncludedBy:crack, hacker,
cracking
IncludedBy:crack,
crash
IncludedBy:threat,
Related:failure,
credentials
IncludedBy:certification authority,
Includes:digital certificate, ticket,
Related:authentication, model,
crisis management
IncludedBy:risk management,
criteria
Includes:Canadian Trusted Computer Product Evaluation Criteria, Common Criteria for Information Technology Security Evaluation, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria,
Related:computer security, evaluation, security, trust,
criteria of control
critical
IncludedBy:risk,
Related:availability, certificate, public-key infrastructure,
critical asset
Related:vulnerability,
critical elements
Related:security,
critical financial markets
critical infrastructure
IncludedBy:risk management,
Includes:banking and finance, code amber, code green, code red, electrical power systems, emergency services, gas and oil production, storage and transportation, information and communications, infrastructure protection, transportation, utility, water supply system,
Related:capability, destruction, government services, incapacitation, infrastructure assurance, natural disaster, partnership, risk assessment, sector coordinator, sector liaison,
critical mechanism
IncludedBy:target of evaluation,
Related:failure, security,
critical path method
critical security parameters
IncludedBy:security policy,
Related:authentication, cryptography, key, passwords,
criticality/sensitivity
cross-certificate
IncludedBy:certificate,
Related:cross-certification,
cross-certification
IncludedBy:certification authority,
Related:certificate, cross-certificate, key,
cross-talk
Related:communications,
cryptanalysis
IncludedBy:analysis, threat consequence,
Related:algorithm, attack, encryption, key,
CRYPTO
Related:communications security, key,
crypto-alarm
IncludedBy:cryptography,
crypto-algorithm
IncludedBy:algorithm,
Related:authentication, encryption,
crypto-ancillary equipment
IncludedBy:cryptography,
crypto-equipment
IncludedBy:cryptography,
crypto-ignition key
IncludedBy:key,
crypto-ignition plug
IncludedBy:cryptography,
crypto-security
IncludedBy:communications security,
cryptographic
IncludedBy:cryptography,
cryptographic algorithm
Related:digital signature, encryption, hash, key,
cryptographic algorithm for confidentiality
IncludedBy:confidentiality, cryptography,
Cryptographic Application Program Interface
IncludedBy:encryption, security,
cryptographic application programming interface
IncludedBy:software,
cryptographic boundary
IncludedBy:cryptographic module,
Includes:physical protection,
cryptographic card
IncludedBy:tokens,
cryptographic check function
IncludedBy:cryptography,
cryptographic check value
IncludedBy:cryptography,
cryptographic component
Related:hash,
cryptographic device services
IncludedBy:cryptography,
cryptographic equipment room
IncludedBy:cryptography,
cryptographic functions
IncludedBy:encryption, key,
cryptographic hash function
IncludedBy:hash,
Related:hash function,
cryptographic ignition key
IncludedBy:key,
Related:encryption, tokens,
cryptographic initialization
Related:encryption,
cryptographic key
IncludedBy:key,
Related:algorithm, authentication, encryption,
cryptographic key component
IncludedBy:cryptography,
cryptographic logic
IncludedBy:cryptography,
Cryptographic Message Syntax
Related:certificate, digital signature, encryption, hash, key, public-key infrastructure,
cryptographic module
Includes:control information, cryptographic boundary, cryptographic module security policy, data path, firmware, hardware, input data, microcode, operator, output data,
Related:algorithm, software,
cryptographic module security policy
IncludedBy:cryptographic module, policy, security policy,
cryptographic randomization
IncludedBy:cryptography,
cryptographic service
IncludedBy:common data security architecture,
Related:hash, software,
cryptographic service providers
IncludedBy:common data security architecture,
cryptographic synchronization
IncludedBy:cryptography,
cryptographic system
IncludedBy:system,
Related:digital signature, hash, key,
cryptographic token
IncludedBy:tokens,
Related:key,
cryptography
Includes:National Cryptologic School, Type III cryptography, cipher feedback, controlled cryptographic item, crypto-alarm, crypto-ancillary equipment, crypto-equipment, crypto-ignition plug, cryptographic, cryptographic algorithm for confidentiality, cryptographic check function, cryptographic check value, cryptographic device services, cryptographic equipment room, cryptographic key component, cryptographic logic, cryptographic randomization, cryptographic synchronization, cryptonet control station, cryptosynchronization, embedded cryptographic system, embedded cryptography, encipherment algorithm, encrypt, endorsed cryptographic products list, endorsed for unclassified cryptographic information, manual cryptosystem, rapid automatic cryptographic equipment, synchronous crypto-operation,
Related:BLACK, CAPSTONE chip, CCI assembly, CCI component, CCI equipment, COMSEC equipment, COMSEC material, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Distributed Authentication Security Service, FIPS PUB 140-1, HMAC, IEEE P1363, International Traffic in Arms Regulations, Internet Security Association and Key Management Protocol, MD2, MD4, MD5, MIME Object Security Services, PC card, QUADRANT, RED/BLACK separation, Secure Hash Standard, access control center, algorithm, attribute certificate, authentication code, authentication system, authorized vendor, benign, binding, break, brute force, brute force attack, certificate domain parameters, check word, checksum, chosen-plaintext attack, code division multiple access, cold start, communications security, compromise, controlling authority, crack, critical security parameters, cut-and-paste attack, cyclic redundancy check, data driven attack, data items' representation, domain of interpretation, emissions security, end entity, end-to-end security, endorsed for unclassified, environmental failure protection, environmental failure testing, extraction resistance, feedback buffer, fill device, hash, hash function, information, initialize, integrity check, intelligent threat, interface, internetwork private line, known-plaintext attack, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message indicator, national security system, non-repudiation, one-time pad, one-time passwords, one-time tape, one-way function, operations manager, out of band, permuter, personal security environment, personalization service, plain text, port, primary account number, privacy, random, rekey, scavenging, seal, security event, semantic security, shared secret, simple network management protocol, status information, steganography, strong authentication, system indicator, ticket, time-stamp token, traffic analysis, traffic padding, traffic-flow security, trap door, trusted path, two-person control, unforgeable, updating, user partnership program, validate vs. verify, work factor, wrap, zeroize,
cryptology
Related:analysis,
cryptonet
Related:key,
cryptonet control station
IncludedBy:cryptography,
cryptonet key
IncludedBy:key,
cryptoperiod
Related:analysis, certificate, key, public-key infrastructure,
cryptosynchronization
IncludedBy:cryptography,
cryptosystem
IncludedBy:system,
Related:encryption,
cryptosystem analysis
IncludedBy:analysis, system,
cryptosystem evaluation
IncludedBy:evaluation, system,
cryptosystem review
IncludedBy:system,
cryptosystem survey
IncludedBy:system,
Related:evaluation,
cultural assumptions
customer
HasPreferred:user,
cut-and-paste attack
IncludedBy:attack,
Related:cryptography,
cyberattack
IncludedBy:attack,
cyberspace
IncludedBy:internet,
cycle time
cyclic redundancy check
Related:algorithm, cryptography, hash,
dangling threat
IncludedBy:threat,
dangling vulnerability
IncludedBy:vulnerability,
dark-side hacker
IncludedBy:threat,
data
IncludedBy:automated information system,
data administration
IncludedBy:automated information system,
data aggregation
IncludedBy:automated information system,
data architecture
IncludedBy:automated information system,
Data Authentication Algorithm
IncludedBy:authentication,
Related:hash, key,
data authentication code
IncludedBy:National Institute of Standards and Technology, authentication, integrity,
Related:hash function, key,
Synonym:message authentication code,
data authentication code vs. Data Authentication Code
IncludedBy:authentication,
Related:hash, key,
data communications
IncludedBy:communications,
data compromise
IncludedBy:compromise, incident,
Related:unauthorized access,
data confidentiality
IncludedBy:confidentiality, data privacy,
data confidentiality service
IncludedBy:confidentiality,
data contamination
IncludedBy:automated information system,
data control language
IncludedBy:automated information system,
data definition language
IncludedBy:automated information system,
data dictionary
IncludedBy:automated information system,
data diddling
IncludedBy:attack,
data driven attack
IncludedBy:attack,
Related:cryptography, software,
Data Encryption Algorithm
IncludedBy:symmetric cryptography,
Related:encryption, key,
data encryption key
IncludedBy:encryption, key,
Includes:data key,
Data Encryption Standard
IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, encryption, key, symmetric algorithm,
Includes:initialization vector,
Related:algorithm,
data flow diagram
IncludedBy:automated information system,
data input
IncludedBy:automated information system,
data integrity
IncludedBy:data security, integrity,
Related:quality, trust,
data integrity service
IncludedBy:integrity,
Related:authentication,
data items' representation
Related:cryptography, hash,
data key
IncludedBy:data encryption key, key, key recovery,
Related:authentication,
data management
IncludedBy:automated information system,
data manipulation language
IncludedBy:automated information system,
data origin authentication
IncludedBy:authentication,
data origin authentication service
IncludedBy:authentication,
Related:digital signature, key,
data path
IncludedBy:cryptographic module,
data privacy
IncludedBy:data security, privacy,
Includes:data confidentiality,
Related:assurance, confidentiality,
data processing
IncludedBy:automated information system,
data reengineering
IncludedBy:automated information system,
data security
IncludedBy:security,
Includes:data integrity, data privacy,
Related:confidentiality,
data source
Includes:user,
Related:connection, firewall, networks,
data storage
IncludedBy:automated information system,
data string
Related:hash,
data structure
IncludedBy:automated information system,
data synchronization
Related:automated information system,
data transfer device
Related:communications security,
data validation
IncludedBy:automated information system,
database administration
IncludedBy:automated information system,
database management system
IncludedBy:system,
Includes:consistency, metadata, transaction, view, view definition,
Related:Directory Access Protocol, security, software,
datagram
Related:networks,
deadlock
IncludedBy:threat,
Synonym:deadly embrace,
deadly embrace
IncludedBy:threat,
Synonym:deadlock,
debilitated
IncludedBy:risk,
debug
Related:fault, software,
debugger
debugging
IncludedBy:automated information system,
deception
IncludedBy:threat consequence,
decertification
decipher
Related:key,
decipherment
decision support systems
IncludedBy:system,
declassification of AIS storage media
Includes:automated information system, subject,
Related:security,
decode
decomposition
IncludedBy:protection profile,
decrypt
Related:encryption,
decryption
Antonym:encryption,
dedicated loop encryption device
IncludedBy:encryption,
dedicated mode
Related:computer security, user,
dedicated security mode
IncludedBy:modes of operation, security,
Related:accreditation, classification level,
default account
Related:passwords,
default classification
IncludedBy:classification level,
Includes:object,
defect
IncludedBy:risk,
Related:bug, failure, fault,
defense
Related:threat,
defense communications system
IncludedBy:communications, system,
defense courier service
Defense Information Infrastructure
Related:command and control, networks, security,
Defense Information System Network
IncludedBy:networks, system,
defense message system
IncludedBy:system,
defense switched network
IncludedBy:networks,
defense-in-depth
IncludedBy:security,
Related:availability, confidentiality,
defense-wide information assurance program
IncludedBy:assurance,
Related:authentication, availability, confidentiality, non-repudiation,
Defensive Information Operations
Related:exploit, security,
degauss
IncludedBy:erasure,
degausser
IncludedBy:National Security Agency, degausser products list,
Related:computer security,
degausser products list
IncludedBy:Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency,
Includes:degausser,
Related:computer security,
degaussing
degrees of freedom
delegated accrediting authority
delegated development program
delegation
IncludedBy:authorize,
delete access
IncludedBy:access,
deliberate exposure
IncludedBy:threat consequence,
deliverable
Related:security, security target,
deliverables list
IncludedBy:Common Criteria Testing Laboratory, National Information Assurance partnership, target of evaluation,
Related:computer security, security target,
delivery
IncludedBy:target of evaluation,
delivery authority
Related:evidence, trust,
delta CRL
IncludedBy:public-key infrastructure,
Related:certificate,
demand assigned multiple access
demilitarized zone
IncludedBy:firewall,
Includes:protected network, unprotected network,
Related:assurance, rule set,
demon dialer
IncludedBy:attack,
Related:denial of service,
denial of service
IncludedBy:attack, incident, user,
Includes:distributed denial of service,
PreferredFor:interdiction,
Related:Automated Information System security, ICMP flood, SYN flood, availability, computer abuse, demon dialer, information systems security, letterbomb, logic bomb, ping of death, smurf, spam, tamper,
denial time
Related:risk,
dependency
IncludedBy:trusted computing base,
depends
IncludedBy:trusted computing base,
depot maintenance
IncludedBy:full maintenance,
derf
IncludedBy:threat,
Related:exploit, terminal hijacking,
descriptive top-level specification
IncludedBy:top-level specification,
Related:evaluation, trust,
design controlled spare parts
Related:communications security,
design documentation
Related:evaluation, trust,
designated
Related:computer security, evaluation, security,
designated accrediting authority
designated approving authority
IncludedBy:accreditation, risk,
Includes:automated information system,
Related:networks,
designated laboratories list
IncludedBy:Common Criteria Testing Laboratory, National Information Assurance partnership,
Related:computer security, evaluation,
designating authority
IncludedBy:Common Criteria Testing Laboratory,
Related:evaluation,
designation policy
IncludedBy:Common Criteria Testing Laboratory, policy,
Related:evaluation, security,
destruction
IncludedBy:risk,
Related:critical infrastructure,
detailed design
IncludedBy:software development, target of evaluation,
deterministic
developer
IncludedBy:target of evaluation,
developer security
IncludedBy:security,
development assurance
IncludedBy:assurance, development process,
Includes:software development methodologies,
Related:evidence, test,
development assurance component
IncludedBy:assurance, component,
development assurance package
IncludedBy:assurance,
development assurance requirements
IncludedBy:assurance, requirements,
Related:evidence,
development environment
IncludedBy:development process, target of evaluation,
development process
IncludedBy:software development, target of evaluation,
Includes:development assurance, development environment, hierarchical decomposition, informal specification, security specifications, top-level specification, validation, verification,
Related:software,
deviation
dial back
dial-up
Includes:dial-up line, dial-up security,
Related:communications,
dial-up line
IncludedBy:dial-up,
Related:communications, internet,
dial-up security
IncludedBy:dial-up, security,
dictionary attack
IncludedBy:attack,
Related:authentication, encryption, key, password cracker, passwords,
Diffie-Hellman
IncludedBy:asymmetric algorithm,
Related:attack, authentication, encryption, key, privacy,
digest
HasPreferred:message digest,
digital certificate
IncludedBy:certificate, credentials, key,
Related:digital signature,
digital certification
Related:key,
digital document
Related:automated information system,
digital envelope
Related:confidentiality, encryption, key,
digital id
IncludedBy:public-key infrastructure,
Related:authentication, certificate, identification, key,
digital key
IncludedBy:key,
digital notary
Related:digital signature, trust,
digital signature
IncludedBy:key, public-key infrastructure, signature,
Includes:Digital Signature Algorithm, Digital Signature Standard,
Related:ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, archive, asymmetric cryptography, attribute certificate, authentic signature, authenticate, authentication, bind, brand CRL identifier, certificate validation, certification path, cryptographic algorithm, cryptographic system, data origin authentication service, digital certificate, digital notary, digitized signature, dual signature, electronic signature, elliptic curve cryptography, encryption, encryption certificate, end entity, hash, integrity, invalidity date, key pair, merchant certificate, networks, no prior relationship, non-repudiation, personality label, pre-signature, pretty good privacy, private signature key, public-key certificate, revocation date, seal, security mechanism, sign, signature certificate, signature equation, signature function, signature key, signature process, signature system, signer, symmetric cryptography, triple DES, unforgeable, valid signature, validate vs. verify,
Digital Signature Algorithm
IncludedBy:Digital Signature Standard, algorithm, digital signature,
Related:hash, secure hash algorithm,
Digital Signature Standard
IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, digital signature,
Includes:Digital Signature Algorithm, Elliptic Curve Digital Signature Algorithm,
digital subscriber voice terminal
digital telephony
Related:communications,
digital watermarking
PreferredFor:watermarking,
digitized signature
Related:digital signature,
diplomatic telecommunications service
Related:networks,
direct access storage device
Related:automated information system,
direct data feed
direct memory access
IncludedBy:automated information system,
direct shipment
Related:communications security, user,
directly trusted CA
IncludedBy:public-key infrastructure, trust,
directly trusted CA key
IncludedBy:key, public-key infrastructure, trust,
Director Central Intelligence Directive
directory
HasPreferred:directory vs. Directory,
Directory Access Protocol
Related:database management system,
directory information base
directory service
Related:public-key infrastructure,
directory user agent
directory vs. Directory
PreferredFor:directory,
Related:certificate, public-key infrastructure,
disaster plan
IncludedBy:contingency plan,
Related:threat,
disaster recovery
IncludedBy:contingency plan, recovery, risk management,
Includes:cold site, hot site,
Related:reconstitution,
disaster recovery plan
IncludedBy:contingency plan, recovery,
disclosure of information
discrete event simulation
Related:model,
discretionary access control
Antonym:non-discretionary access control,
IncludedBy:access control,
Includes:surrogate access,
dispersion
disruption
IncludedBy:threat consequence,
Distinguished Encoding Rules
IncludedBy:Abstract Syntax Notation One, Basic Encoding Rules,
Related:certificate, digital signature,
distinguished name
IncludedBy:public-key infrastructure,
Includes:subordinate distinguished name,
Related:certificate, key,
distinguishing identifier
Related:non-repudiation,
Distributed Authentication Security Service
IncludedBy:authentication, internet, security protocol,
Related:cryptography,
distributed computing environment
IncludedBy:ACL-based authorization, Generic Security Service Application Program Interface,
Includes:Kerberos,
Related:audit, authentication,
distributed data
Related:networks,
distributed data processing
IncludedBy:automated information system,
distributed database
Related:networks,
distributed denial of service
IncludedBy:denial of service,
distributed processing
IncludedBy:automated information system,
Related:communications, networks,
distribution point
IncludedBy:public-key infrastructure,
Related:certificate, key,
DNS spoofing
IncludedBy:domain name system, masquerade, spoofing,
documentation
IncludedBy:target of evaluation,
DoD Information Technology Security Certification and Accreditation Process
IncludedBy:accreditation, computer security, requirements,
DoD Trusted Computer System
IncludedBy:system, trust,
Related:evaluation,
DoD Trusted Computer System Evaluation Criteria
IncludedBy:evaluation, system, trust,
domain
IncludedBy:Multilevel Information System Security Initiative, object, subject,
Related:access control, certificate, internet, model, public-key infrastructure, security domain,
domain modulus
Related:trust,
domain name
IncludedBy:domain name system,
domain name service server
IncludedBy:internet,
domain name system
IncludedBy:internet, system,
Includes:DNS spoofing, domain name,
Related:access control, authentication, key, software,
domain of interpretation
Related:cryptography, security,
domain parameter
Related:hash, security, tokens,
domain verification exponent
Related:verification,
dominated by
Antonym:dominates,
Includes:object,
Related:classification level, security, trust,
dominates
Antonym:dominated by,
Related:classification level, computer security, security,
dongle
Related:authentication, key, software,
downgrade
IncludedBy:requirements, security,
Related:classification level, networks,
download
draft RFC
IncludedBy:Request for Comment,
drop accountability
Related:communications security,
dual control
IncludedBy:security,
dual driver service
dual signature
IncludedBy:Secure Electronic Transaction,
Related:digital signature, encryption, hash, key,
dual-homed gateway firewall
IncludedBy:firewall,
Related:networks,
dump
Related:failure,
dumpster diving
IncludedBy:threat,
dynamic analysis
IncludedBy:analysis,
Related:testing,
dynamic binding
e-banking
IncludedBy:internet,
e-mail server
IncludedBy:internet,
ease of use
IncludedBy:target of evaluation,
eavesdropping
IncludedBy:attack,
Related:emanation, emanations security, shoulder surfing,
economy of mechanism
IncludedBy:security,
EE
effective key length
IncludedBy:encryption, key,
effectiveness
IncludedBy:assurance,
Related:risk, security target, threat,
egress filtering
Related:internet,
El Gamal algorithm
Related:digital signature, encryption,
elapsed time
electrical power systems
IncludedBy:critical infrastructure,
electromagnetic compatibility
electromagnetic emanations
IncludedBy:emanation, emanations security,
electromagnetic interference
IncludedBy:risk,
electronic attack
IncludedBy:attack,
Related:communications security,
electronic benefit transfer
Related:networks,
electronic codebook
electronic commerce
IncludedBy:Secure Electronic Transaction,
Related:communications, electronic data interchange, email, internet,
electronic counter-countermeasures
IncludedBy:counter measures,
electronic countermeasures
IncludedBy:counter measures,
electronic data interchange
Related:communications, electronic commerce, value-added network,
electronic document management system
IncludedBy:system,
electronic fill device
electronic funds transfer system
IncludedBy:system,
electronic generation, accounting, and distribution system
IncludedBy:system,
electronic intelligence
electronic key entry
IncludedBy:key management,
electronic key management
IncludedBy:key,
Related:communications security,
electronic key management system
IncludedBy:key, system,
Related:communications security,
electronic messaging services
Related:internet,
electronic protection
Related:assurance,
electronic security
IncludedBy:security,
Related:analysis,
electronic signature
IncludedBy:signature,
Related:digital signature,
electronic warfare
IncludedBy:warfare,
electronic warfare support
IncludedBy:warfare,
Related:threat,
electronically generated key
IncludedBy:key,
Related:communications security,
element
Related:communications security, security,
elliptic curve cryptography
Related:analysis, attack, digital signature, key,
elliptic curve cryptosystem
IncludedBy:asymmetric algorithm, system,
Elliptic Curve Digital Signature Algorithm
IncludedBy:Digital Signature Standard,
Related:digital signature,
email
IncludedBy:internet,
Includes:email packages, email security software, letterbomb, mailbomb, multipurpose internet mail extensions, privacy enhanced mail, secure multipurpose internet mail extensions, spam,
Related:SET qualifier, Secure Data Network System, X.400, bounce, electronic commerce, message authentication code vs. Message Authentication Code, message handling system, message integrity code, pretty good privacy, simple mail transfer protocol,
email packages
IncludedBy:email,
Includes:email security software,
email security software
IncludedBy:email, email packages, security software, software,
Includes:pretty good privacy,
Related:networks,
emanation
IncludedBy:TEMPEST, emanations security, threat,
Includes:electromagnetic emanations, emanations analysis,
Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, eavesdropping, implant, procedural security, security architecture, suppression measure,
Synonym:RED signal,
emanations analysis
IncludedBy:analysis, emanation, threat consequence,
emanations security
IncludedBy:TEMPEST,
Includes:compromising emanation performance requirement, compromising emanations, electromagnetic emanations, emanation, undesired signal data emanations,
Related:Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, analysis, eavesdropping, implant, procedural security, security architecture, suppression measure,
Synonym:emissions security,
embedded computer
embedded cryptographic system
IncludedBy:cryptography,
embedded cryptography
IncludedBy:cryptography,
embedded system
IncludedBy:system,
emergency action message
emergency plan
IncludedBy:contingency plan,
Related:threat,
emergency response
Related:threat,
emergency response time
emergency services
IncludedBy:critical infrastructure,
Related:recovery,
emissions security
IncludedBy:Automated Information System security, TEMPEST, communications security, computer security,
Related:RED signal, analysis, cryptography, telecommunications,
Synonym:emanations security,
empty position
encapsulating security payload
IncludedBy:Internet Protocol security, security protocol,
Related:authentication, confidentiality,
encapsulation
encipher
IncludedBy:encryption,
encipherment
IncludedBy:encryption,
encipherment algorithm
IncludedBy:cryptography,
encode
IncludedBy:encryption,
encrypt
IncludedBy:cryptography,
encrypt
IncludedBy:encryption,
encrypt for transmission only
Related:encryption, networks,
encrypted key
IncludedBy:key, key recovery,
PreferredFor:ciphertext key,
Related:passwords,
encryption
Antonym:cleartext, decryption,
IncludedBy:Secure Electronic Transaction, privacy enhanced mail,
Includes:Cryptographic Application Program Interface, Data Encryption Standard, asymmetric cryptographic algorithm, bulk encryption, cryptographic functions, data encryption key, dedicated loop encryption device, effective key length, encipher, encipherment, encode, encrypt, encryption algorithm, encryption software, end-to-end encryption, key-encryption-key, link encryption, one-way encryption, pretty good privacy, secure multipurpose internet mail extensions, superencryption, symmetric algorithm, tamper,
Related:Advanced Encryption Standard, CAST, COMSEC control program, Clipper chip, Cryptographic Message Syntax, Data Encryption Algorithm, Diffie-Hellman, El Gamal algorithm, Escrowed Encryption Standard, Federal Standard 1027, Fortezza, IEEE P1363, Internet Protocol security, Internet Security Association and Key Management Protocol, Law Enforcement Access Field, MIME Object Security Services, NULL encryption algorithm, Rivest-Shamir-Adelman algorithm, Rivest-Shamir-Adleman, SET private extension, Secure/MIME, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, The Exponential Encryption System, Transport Layer Security Protocol, asymmetric cryptography, authentication code, baggage, block cipher, break, cardholder certificate, cipher, ciphertext, code, code book, cooperative key generation, cryptanalysis, crypto-algorithm, cryptographic algorithm, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptosystem, decrypt, dictionary attack, digital envelope, digital signature, dual signature, encrypt for transmission only, encryption certificate, endorsed data encryption standard products list, hybrid encryption, in the clear, indistinguishability, information systems security, initialization vector, initialize, intelligent threat, key, key agreement, key center, key distribution center, key generator, key pair, key recovery, key translation center, key transport, key-encrypting key, key-escrow system, keyed hash, low-cost encryption/authentication device, merchant certificate, message authentication code vs. Message Authentication Code, message integrity code, mode of operation, off-line cryptosystem, on-line cryptosystem, one-time pad, over-the-air key transfer, over-the-air rekeying, password system, per-call key, personality label, privacy system, protected communications, protected distribution systems, public cryptography, public-key cryptography, public-key forward secrecy, salt, secret-key cryptography, secure shell, secure socket layer, security management infrastructure, security mechanism, semantic security, session key, signature certificate, start-up KEK, stream cipher, symmetric cryptography, symmetric key, system indicator, tactical trunk encryption device, threat consequence, traffic analysis, triple DES, trunk encryption device, tunnel, unencrypted, virtual private network, wrap,
encryption algorithm
IncludedBy:encryption,
Related:communications security, confidentiality,
encryption certificate
IncludedBy:certificate,
Related:digital signature, encryption, key,
encryption software
IncludedBy:encryption, software,
encryption strength
IncludedBy:quality of protection,
PreferredFor:strength of encryption,
encryption tools
IncludedBy:security software,
end entity
Related:certificate, cryptography, digital signature, key, public-key infrastructure,
end system
IncludedBy:system,
Related:internet, networks,
end-to-end encryption
IncludedBy:encryption,
Related:networks,
end-to-end security
IncludedBy:security,
Related:cryptography,
end-user
IncludedBy:target of evaluation, user,
Related:networks, public-key infrastructure,
end-user computing
IncludedBy:user,
endorsed cryptographic products list
IncludedBy:cryptography,
endorsed data encryption standard products list
Related:encryption,
endorsed for unclassified
Related:cryptography,
endorsed for unclassified cryptographic information
IncludedBy:cryptography,
Endorsed TEMPEST Products List
IncludedBy:TEMPEST,
endorsed tools list
IncludedBy:Information Systems Security products and services catalogue, National Information Assurance partnership, formal verification,
Related:computer security, trust,
endorsement
energy-efficient computer equipment
Related:model,
enforcement vector
engineering development model
enhanced hierarchical development methodology
IncludedBy:software development methodologies,
Related:security,
enterprise resource planning
entity
HasPreferred:system entity,
Related:authentication,
entity authentication
IncludedBy:authentication,
entity authentication of A to B
IncludedBy:authentication,
entity-wide security
IncludedBy:security,
entrapment
IncludedBy:risk management,
Related:exploit,
entry label
entry-level certification
IncludedBy:certification,
Related:availability, confidentiality, integrity,
environment
Includes:object,
environmental failure protection
IncludedBy:failure, risk management,
Related:assurance, cryptography,
environmental failure testing
IncludedBy:failure, test,
Related:cryptography,
ephemeral key
IncludedBy:key,
equipment radiation TEMPEST zone
IncludedBy:TEMPEST,
erasure
Includes:degauss, overwrite procedure,
error
Related:bug, fault,
error analysis
IncludedBy:analysis,
error detection and correction
error detection code
IncludedBy:integrity,
Includes:check character,
error guessing
Related:test,
error seeding
Related:analysis, assurance, mutation analysis,
Synonym:bebugging,
Escrowed Encryption Standard
Related:encryption, key,
Estelle
Related:networks,
ethernet meltdown
IncludedBy:threat,
Related:networks,
ethernet sniffing
IncludedBy:sniffing,
Related:packet sniffer, passwords, promiscuous mode, software,
Europay, MasterCard, Visa
Related:tokens,
European Information Technology Security Evaluation Criteria
IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria, target of evaluation,
Includes:assurance, correctness,
European quality award
IncludedBy:quality,
evaluated products list
IncludedBy:Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency,
Related:computer security, evaluation, software, trust, trusted computer system,
evaluated system
IncludedBy:evaluation, system,
Related:security,
evaluation
IncludedBy:certification,
Includes:Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology, DoD Trusted Computer System Evaluation Criteria, Evaluation Technical Report, Evaluation Work Plan, IT Security Evaluation Criteria, IT Security Evaluation Methodology, Information Technology Security Evaluation Criteria, Monitoring of Evaluations, NIAP Common Criteria Evaluation and Validation Scheme, Trusted Computer System Evaluation Criteria, Trusted Products Evaluation Program, assurance, certification and accreditation, certification test and evaluation, cryptosystem evaluation, evaluated system, evaluation and validation scheme, evaluation authority, evaluation facility, evaluation pass statement, evaluation scheme, program evaluation and review technique, quality of protection, risk evaluation, security evaluation, software system test and evaluation process, strength of a requirement, system security evaluation, target of evaluation, validation, verification,
Related:A1, Commercial COMSEC, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, DoD Trusted Computer System, FIPS approved security method, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Red book, Scope of Accreditation, Validation Certificate, Yellow book, accreditation, accreditation range, accredited, approval/accreditation, approved technologies list, approved test methods list, benchmark, beyond A1, candidate TCB subset, certificate, certificate revocation list, computer security, controlled access protection, criteria, cryptosystem survey, descriptive top-level specification, design documentation, designated, designated laboratories list, designating authority, designation policy, evaluated products list, flaw hypothesis methodology, interface control document, network component, observation reports, penetration test, preproduction model, protection philosophy, quality, requirements for content and presentation, requirements for evidence, risk analysis, risk management, risk treatment, security, security policy model, security-compliant channel, source selection, sponsor, subset-domain, technology area, test method, test procedure, testing, threat assessment, trusted network interpretation,
Synonym:analysis,
evaluation and validation scheme
IncludedBy:evaluation,
evaluation assurance
IncludedBy:assurance,
Includes:evaluation assurance level,
Related:analysis, threat,
evaluation assurance component
IncludedBy:assurance, component,
evaluation assurance level
IncludedBy:Common Criteria for Information Technology Security Evaluation, evaluation assurance, requirements,
Includes:evaluation criteria, evaluator, evaluator actions,
Related:networks,
evaluation assurance package
IncludedBy:assurance,
evaluation assurance requirements
IncludedBy:assurance,
evaluation authority
IncludedBy:evaluation,
Related:quality,
evaluation criteria
IncludedBy:evaluation assurance level,
evaluation facility
IncludedBy:evaluation,
evaluation pass statement
IncludedBy:evaluation,
evaluation scheme
IncludedBy:evaluation,
Evaluation Technical Report
IncludedBy:Common Criteria Testing Laboratory, evaluation,
Evaluation Work Plan
IncludedBy:Common Criteria Testing Laboratory, evaluation,
Related:computer security, security,
evaluator
IncludedBy:evaluation assurance level,
evaluator actions
IncludedBy:evaluation assurance level,
event
Related:incident,
evidence
Includes:evidence requester, evidence subject, requirements for evidence,
Related:audit trail, correctness, delivery authority, development assurance, development assurance requirements, failure, logging, monitor, non-repudiation, non-repudiation information, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, notarization, notary, operations security, proof, secure envelope, security audit trail, security target, statistical estimate, time-stamping authority, time-stamping service, trusted time stamping authority, validate vs. verify, validation, validation report, verifier, witness,
evidence requester
IncludedBy:evidence,
Related:trust,
evidence subject
IncludedBy:evidence,
exception
Related:bug, fault,
exchange multiplicity parameter
Related:authentication,
executable code
execute access
IncludedBy:access,
executive information systems
IncludedBy:system,
executive state
Includes:privileged instructions,
PreferredFor:supervisor state,
Related:software,
executive steering committee
exercise key
IncludedBy:key,
exercised
Related:test,
exhaustive testing
IncludedBy:test,
expansibility
expert review team
expire
HasPreferred:certificate expiration,
explain
explicit key authentication from A to B
IncludedBy:authentication,
Related:key,
exploit
IncludedBy:threat,
Related:Defensive Information Operations, assurance, attack, covert channel, derf, entrapment, exploitable channel, firewall, flaw hypothesis methodology, information superiority, information warfare, intelligent threat, non-technical countermeasure, operations security, penetration testing, port scan, security threat, smurf, technical vulnerability, threat agent, trojan horse, vulnerability,
exploitable channel
IncludedBy:channel, threat, trusted computing base,
Includes:covert channel, subject,
Related:exploit,
exploitation
PreferredFor:exploitation of vulnerability,
Related:access control, security, vulnerability,
exploitation of vulnerability
HasPreferred:exploitation,
exposure
IncludedBy:threat consequence,
Includes:common vulnerabilities and exposures, external system exposure, internal system exposure,
Related:inadvertent disclosure, levels of concern, media protection, risk assessment, unauthorized disclosure,
extended industry standard architecture
Related:automated information system,
extensibility
extensible
Extensible Authentication Protocol
IncludedBy:authentication, security protocol,
Related:challenge/response, networks, passwords,
extension
IncludedBy:public-key infrastructure,
Includes:certificate extension,
PreferredFor:private extension,
Related:assurance, certificate, certification, key,
external it entity
IncludedBy:target of evaluation,
Related:trust,
external security controls
IncludedBy:protection profile, risk management, security controls,
Related:accreditation, certification,
external system exposure
IncludedBy:exposure,
Related:internet,
external throughput rate
extraction resistance
Related:communications, cryptography,
extranet
IncludedBy:internet,
Related:networks, virtual private network,
facilities
facility manager
Related:security,
facsimile
fail safe
IncludedBy:failure control,
Related:failure, software,
fail soft
IncludedBy:automated information system, failure control,
Related:failure, software,
failure
IncludedBy:risk,
Includes:environmental failure protection, environmental failure testing, failure access, failure control, mean-time-between-failure, mean-time-between-outages, mean-time-to-fail,
Related:IS related risk, abend, abort, accountability, anomaly, availability, backup procedures, bomb, contingency plan, crash, critical mechanism, defect, dump, evidence, fail safe, fail soft, fallback procedures, flooding, mean-time-to-repair, mean-time-to-service-restoral, outage, problem, recovery procedures, software, software reliability, strength of a requirement, uninterruptible power supply, vulnerability,
Synonym:fault,
failure access
IncludedBy:access control, failure, threat,
Related:incident, software, unauthorized access,
failure control
IncludedBy:failure, risk management,
Includes:fail safe, fail soft,
Related:recovery, software,
fallback procedures
Related:backup, failure,
false denial of origin
IncludedBy:threat consequence,
false denial of receipt
IncludedBy:threat consequence,
false negative
IncludedBy:risk,
false positive
IncludedBy:risk,
falsification
IncludedBy:threat consequence,
family
Related:security,
fault
IncludedBy:threat,
Includes:fault analysis, fault management, fault tolerance, security fault analysis,
Related:Federal Standard 1027, alarm reporting, alarm surveillance, anomaly, bug, correctness, debug, defect, error, exception, maintenance, network management, networks, problem, software reliability, trap,
Synonym:failure,
fault analysis
IncludedBy:analysis, fault,
Related:risk analysis,
fault injection
Related:analysis,
fault management
IncludedBy:fault,
fault tolerance
IncludedBy:fault,
Related:risk, software,
Federal Criteria for Information Technology Security
IncludedBy:Common Criteria for Information Technology Security Evaluation, computer security, criteria,
Includes:Federal Criteria Vol. I, assurance, correctness,
Related:trust,
Federal Criteria Vol. I
IncludedBy:Federal Criteria for Information Technology Security, National Institute of Standards and Technology,
Includes:protection profile,
Related:computer security,
Federal Information Processing Standards
IncludedBy:National Institute of Standards and Technology,
Includes:Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Information Processing Standards Publication 140,
Related:computer security, security,
Federal Information Processing Standards Publication 140
IncludedBy:Federal Information Processing Standards,
Synonym:FIPS PUB 140-1,
Federal Public-key Infrastructure
IncludedBy:public-key infrastructure,
Related:certificate, communications security, key,
Federal Reserve Banks
federal secure telephone service
Federal Standard 1027
IncludedBy:National Institute of Standards and Technology,
Related:FIPS PUB 140-1, National Security Agency, analysis, emanation, emanations security, encryption, fault, key, security, tamper,
federal telecommunications system
IncludedBy:system,
fedline
fedwire
feedback buffer
Related:cryptography,
fetch protection
IncludedBy:access control,
Includes:contamination,
Related:assurance, unauthorized access,
fiber distributed data interface
Related:automated information system,
fiber-optics
field
file
file infector virus
IncludedBy:virus,
file integrity checker
file protection
IncludedBy:access control,
Includes:contamination,
Related:assurance, unauthorized access,
file security
IncludedBy:access control,
file transfer
Related:networks,
file transfer access management
Related:networks,
file transfer protocol
IncludedBy:internet,
Related:networks,
fill device
Related:communications security, cryptography,
fill device interface unit
filtering router
IncludedBy:router,
Related:networks, packet filter, security,
Synonym:screening router,
finality
fingerprint
Related:authentication, hash, key,
finite population correction factor
finite state machine
Related:model,
FIPS approved security method
IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology, security policy,
Related:authentication, evaluation,
FIPS PUB 140-1
IncludedBy:Federal Information Processing Standards, National Institute of Standards and Technology,
Includes:random number generator,
Related:Federal Standard 1027, communications security, cryptography, key, security, software, test, zeroization, zeroize,
Synonym:Federal Information Processing Standards Publication 140,
FIREFLY
Related:key,
firewall
IncludedBy:front-end security filter, gateway, guard, internet, security filter, security software,
Includes:application gateway firewall, application proxy, application-level firewall, bastion host, circuit proxy, connection, demilitarized zone, dual-homed gateway firewall, goodput, homed, host-based firewall, illegal traffic, logging, network address translation, network level firewall, packet filter, packet filtering, packet filtering firewall, protected network, proxy, rejected traffic, router-based firewall, rule set, screened host firewall, screened subnet firewall, stateful packet filtering, trusted gateway, unprotected network,
PreferredFor:firewall machine,
Related:access control, application level gateway, circuit level gateway, data source, exploit, networks, policy, screening router, threat, unauthorized access, unit of transfer,
firewall machine
HasPreferred:firewall,
firmware
IncludedBy:cryptographic module,
Related:software,
fishbone diagram
PreferredFor:cause and effect diagram,
fishbowl
fixed COMSEC facility
Related:communications security,
fixed price contract
flaw
IncludedBy:threat,
flaw hypothesis methodology
IncludedBy:risk management,
Related:analysis, attack, evaluation, exploit, test,
flexibility
flooding
IncludedBy:attack, incident,
Related:analysis, failure,
flow control
HasPreferred:information flow control,
for official use only
foreign owned, controlled or influenced
Forensics
HasPreferred:computer forensics,
fork bomb
IncludedBy:threat,
formal
Antonym:informal,
Includes:formal access approval, formal development methodology, formal model of security policy, formal proof, formal security policy model, formal specification, formal top-level specification, formal verification,
formal access approval
IncludedBy:formal,
formal development
formal development methodology
IncludedBy:formal, software development methodologies,
Related:identification, model,
formal model of security policy
IncludedBy:formal, model, policy, security, target of evaluation,
Synonym:formal security policy model,
formal proof
IncludedBy:formal, formal verification,
formal security policy model
IncludedBy:formal, formal verification, model, security policy, trusted computing base,
Includes:Bell-LaPadula security model, Biba Integrity model,
Related:policy,
Synonym:formal model of security policy,
formal specification
Antonym:informal specification,
IncludedBy:formal, formal verification,
Includes:formal top-level specification,
Related:software,
formal top-level specification
IncludedBy:formal, formal specification, top-level specification,
Related:model, security,
formal verification
IncludedBy:formal, verification,
Includes:endorsed tools list, formal proof, formal security policy model, formal specification,
Related:model, security,
format
formulary
Related:access control,
Fortezza
IncludedBy:National Institute of Standards and Technology, National Security Agency,
Related:CAPSTONE chip, MISSI user, SSO PIN, SSO-PIN ORA, digital signature, encryption, hash, key, no-PIN ORA, personal identification number, personality label, slot, software, tokens, user PIN, user-PIN ORA,
Forum of Incident Response and Security Teams
IncludedBy:computer emergency response team, incident,
Related:computer security, quality,
forward engineering
forward secrecy
Includes:forward secrecy with respect to A, forward secrecy with respect to both A and B individually, mutual forward secrecy, public-key forward secrecy,
PreferredFor:perfect forward secrecy,
forward secrecy with respect to A
IncludedBy:forward secrecy,
forward secrecy with respect to both A and B individually
IncludedBy:forward secrecy,
forwarder
IncludedBy:application proxy,
frame relay
Related:automated information system,
framing
fraud
Includes:computer fraud,
frequency division multiple access
IncludedBy:user,
frequency hopping
Related:communications, communications security,
front-end processor
IncludedBy:automated information system,
front-end security filter
IncludedBy:security,
Includes:firewall,
Related:software,
full accreditation
IncludedBy:accreditation,
Related:security,
full maintenance
Includes:depot maintenance,
full-duplex
function
functional component
IncludedBy:Common Criteria for Information Technology Security Evaluation, component, security target,
Includes:object,
Related:audit,
functional package
Includes:security target,
functional proponent
IncludedBy:network sponsor,
functional protection requirements
IncludedBy:protection profile,
Related:assurance,
functional security requirements specification
IncludedBy:security,
functional test case desgin
IncludedBy:test,
functional test case design
Related:analysis, black-box testing,
functional testing
IncludedBy:security testing, test,
Related:black-box testing,
functional unit
IncludedBy:component,
functionality
IncludedBy:target of evaluation,
Related:security,
functionality class
IncludedBy:target of evaluation,
Related:security,
future narrow band digital terminal
IncludedBy:security,
Related:networks,
gap analysis
IncludedBy:analysis, risk analysis,
Related:audit, vulnerability analysis,
gas and oil production, storage and transportation
IncludedBy:critical infrastructure,
gateway
IncludedBy:application proxy,
Includes:firewall, trusted gateway,
Related:communications, networks,
gateway server
IncludedBy:internet,
general accounting office
general controls
Related:recovery,
general support system
general-purpose system
IncludedBy:system,
GeneralizedTime
Related:UTCTime, coordinated universal time,
generally accepted system security principles
IncludedBy:security, system,
Generic Security Service Application Program Interface
IncludedBy:internet, security protocol,
Includes:distributed computing environment, security support programming interface,
Related:authentication, confidentiality, non-repudiation, privacy, tokens,
generic SIO class
generic threat
IncludedBy:threat,
Generic Upper Layer Security
IncludedBy:security,
Related:confidentiality,
geopolitical certificate authority
IncludedBy:Secure Electronic Transaction,
Related:certificate, certification, public-key infrastructure,
geosynchronous orbit
global command and control system
IncludedBy:command and control, security, system,
Related:networks,
global information grid
IncludedBy:security,
global network information environment
IncludedBy:networks, security,
global positioning system
IncludedBy:system,
global requirements
Antonym:local requirements,
IncludedBy:requirements, trusted computing base,
Related:analysis,
global telecommunications service
Related:networks,
goodput
IncludedBy:firewall,
Related:bit forwarding rate, networks, test,
gopher
Related:networks,
government emergency telecommunications service
Related:networks,
government services
Related:critical infrastructure,
granularity
IncludedBy:access control,
Includes:object,
granularity of a requirement
IncludedBy:requirements, trusted computing base,
Includes:object, subject,
graphical-user interface
IncludedBy:user,
Green book
IncludedBy:rainbow series,
Related:internet, passwords,
ground wave emergency network
IncludedBy:networks,
group
group of users
IncludedBy:user,
Related:software,
guard
IncludedBy:security,
Includes:firewall,
Related:networks, trust,
Guidelines and Recommendations for Security Incident Processing
IncludedBy:incident, security,
Related:internet, networks,
Gypsy verification environment
IncludedBy:software development methodologies,
hacker
IncludedBy:user,
Includes:cracker, hacking,
Related:Samurai, authorization, hacking run, networks,
hacking
IncludedBy:hacker, threat,
Related:networks,
hacking run
Related:hacker,
half-block
handle
handler
Related:attack, incident,
handshaking procedures
Related:authentication,
hard copy key
IncludedBy:key,
hardened unique storage
hardened unique storage Key
IncludedBy:key,
hardening
Related:assurance, availability, business process,
hardware
IncludedBy:cryptographic module,
hardware and system software maintenance
Related:security,
hardware error
Related:threat consequence,
hardware or software error
IncludedBy:threat consequence,
hardware token
HasPreferred:tokens,
hardwired key
IncludedBy:key,
hash
IncludedBy:security,
Includes:Secure Hash Standard, collision-resistant hash function, cryptographic hash function, hash code, hash function, hash function identifier, hash result, hash token, hash value, keyed hash, secure hash algorithm,
Related:Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Cryptographic Message Syntax, Data Authentication Algorithm, Digital Signature Algorithm, Fortezza, HMAC, MD2, MD4, MD5, POP3 APOP, Rivest-Shamir-Adleman, S/Key, SET private extension, SET qualifier, certificate revocation tree, checksum, code, cryptographic algorithm, cryptographic component, cryptographic service, cryptographic system, cryptography, cyclic redundancy check, data authentication code vs. Data Authentication Code, data items' representation, data string, digital signature, domain parameter, dual signature, fingerprint, initializing value, integrity, integrity check, matrix, message authentication code vs. Message Authentication Code, message digest, message integrity code, one-time passwords, one-way function, output transformation, public-key forward secrecy, reduction-function, round-function, secure socket layer, thumbprint, witness, word,
hash code
IncludedBy:hash,
Related:hash function,
hash function
IncludedBy:hash,
Related:attack, authentication, cryptographic hash function, cryptography, data authentication code, hash code, hash result, hash value, message authentication code,
hash function identifier
IncludedBy:hash,
hash result
IncludedBy:hash,
Related:hash function,
hash token
IncludedBy:hash, tokens,
hash totals
hash value
IncludedBy:hash,
Related:hash function,
hashing
hashword
help desk
Related:communications,
hierarchical decomposition
IncludedBy:development process,
hierarchical development methodology
IncludedBy:software development methodologies,
hierarchical input process output
hierarchical PKI
IncludedBy:public-key infrastructure,
Related:certification,
hierarchy management
IncludedBy:public-key infrastructure,
Related:certificate, certification, key,
hierarchy of trust
IncludedBy:public-key infrastructure, trust,
Related:certification,
hijack attack
IncludedBy:attack,
Related:IP splicing/hijacking, hijacking, pagejacking, session hijacking, spoofing, terminal hijacking,
hijacking
Related:attack, hijack attack,
HMAC
Related:analysis, cryptography, hash, key, software,
homed
IncludedBy:firewall,
Includes:tri-homed,
Related:networks, test,
honeypot
Related:attack,
host
IncludedBy:automated information system,
Related:communications, internet, networks, software,
host based
IncludedBy:automated information system,
Related:audit,
host to front-end protocol
IncludedBy:automated information system,
host-based firewall
IncludedBy:automated information system, firewall,
Related:networks, software,
host-based security
IncludedBy:security,
hot site
IncludedBy:disaster recovery,
Related:cold site,
https
Related:internet, security,
human error
IncludedBy:threat consequence,
human user
IncludedBy:target of evaluation, user,
hybrid encryption
Related:confidentiality, encryption, key,
hydrometer
hydrophone
hydroscope
hygrograph
hygrometer
hygroscope
hyperlink
IncludedBy:world wide web,
Related:link,
hypermedia
Related:internet,
hypertext
Related:internet, standard generalized markup language, world wide web,
hypertext markup language
IncludedBy:standard generalized markup language, world wide web,
hypertext transfer protocol
IncludedBy:world wide web,
Related:networks, secure socket layer,
ICMP flood
IncludedBy:attack,
Related:denial of service,
identification
IncludedBy:accountability,
Includes:Identification Protocol, bank identification number, configuration identification, identification and accreditation, identification and authentication, identification data, identification, friend or foe, identification, friend, foe, or neutral, identity, identity based access control, identity-based security policy, personal identification number, privacy, authentication, integrity, identification, non-repudiation, risk identification, terminal identification, trusted identification, trusted identification forwarding,
Related:SSO PIN, alarm reporting, anonymity, attribute certificate, candidate TCB subset, class 2, 3, 4, or 5, compromised key list, configuration control, digital id, formal development methodology, information systems security, key tag, network component, primary account number, public key derivation function, redundant identity, registration authority, repair action, risk analysis, token device, uniform resource identifier, user PIN, validate vs. verify, verification,
identification and accreditation
IncludedBy:identification,
identification and authentication
IncludedBy:assurance, authentication, identification,
Related:access control,
identification data
IncludedBy:identification,
Identification Protocol
IncludedBy:identification, internet, security protocol,
Related:access control, audit,
identification, friend or foe
IncludedBy:identification,
identification, friend, foe, or neutral
IncludedBy:identification,
identity
IncludedBy:identification, user,
identity based access control
IncludedBy:access control, identification,
identity token
IncludedBy:tokens,
identity validation
Related:test, user,
identity-based security policy
IncludedBy:identification, policy,
IEEE 802.10
Related:networks, security,
IEEE P1363
Related:cryptography, digital signature, encryption, key,
illegal traffic
IncludedBy:firewall,
Related:bit forwarding rate, rule set,
Synonym:rejected traffic,
imaging system
IncludedBy:system,
IMAP4 AUTHENTICATE
Related:authentication, challenge/response, key,
imitative communications
IncludedBy:communications,
impact
Related:incident,
impersonating
impersonation
IncludedBy:attack,
Related:authentication,
Synonym:masquerade,
implant
Related:emanation, emanations security,
implementation
IncludedBy:target of evaluation,
Related:software,
implementation under test
IncludedBy:test,
implementation vulnerability
IncludedBy:vulnerability,
implicit key authentication from A to B
IncludedBy:authentication,
Related:key,
imprint
improved emergency message automatic transmission system
IncludedBy:system,
in the clear
Related:encryption,
inadvertent disclosure
IncludedBy:incident,
Related:exposure, risk,
inappropriate usage
incapacitation
IncludedBy:risk, threat consequence,
Related:critical infrastructure,
incident
IncludedBy:threat,
Includes:COMSEC incident, Computer Incident Advisory Capability, Forum of Incident Response and Security Teams, Guidelines and Recommendations for Security Incident Processing, attack, automated security incident measurement, compromise, computer incident assessment capability, computer intrusion, computer security incident, computer security incident response capability, computer security incident response team, contamination, data compromise, denial of service, flooding, inadvertent disclosure, incident handling, incident response capability, multiple component incident, probe, program automated information system security incident support team, security incident, security intrusion, suspicious event,
Related:COMSEC insecurity, communications security, computer emergency response team, event, failure access, handler, impact, indication, infrastructure assurance, joint task force-computer network defense, mitigation, precursor, protective technologies, response, security controls, security event, security policy, vulnerability,
incident handling
IncludedBy:incident,
PreferredFor:incident response,
incident response
HasPreferred:incident handling,
incident response capability
IncludedBy:incident,
Related:security,
incomplete parameter checking
IncludedBy:threat,
independence
Related:audit,
independent assessment
Related:security,
independent validation and verification
Related:analysis, software, test,
indication
Related:incident,
indicator
Related:attack,
indirect certificate revocation list
IncludedBy:public-key infrastructure,
Related:certificate,
indistinguishability
Related:encryption, security,
individual accountability
Related:user,
industry standard architecture
Related:automated information system,
infection
IncludedBy:threat,
Related:worm,
inference
IncludedBy:threat consequence,
informal
Antonym:formal,
Includes:informal specification,
informal specification
Antonym:formal specification,
IncludedBy:development process, informal,
information
Related:cryptography,
information and communications
IncludedBy:critical infrastructure,
information architecture
IncludedBy:automated information system,
information assurance
IncludedBy:assurance,
Related:authentication, availability, confidentiality, integrity, non-repudiation,
information center
IncludedBy:automated information system,
information engineering
IncludedBy:automated information system,
information environment
IncludedBy:automated information system,
information flow
IncludedBy:automated information system,
information flow control
Includes:object,
PreferredFor:flow control,
Related:security,
information operations
IncludedBy:automated information system,
information processing standard
Related:communications, software, test,
information protection policy
Related:assurance, security policy, threat,
information rate
HasPreferred:bandwidth,
information ratio
IncludedBy:automated information system,
information security
IncludedBy:security,
Includes:information systems security,
Related:National Institute of Standards and Technology, National Security Agency, availability, communications security, confidentiality,
information sharing and analysis center
IncludedBy:analysis,
Related:threat,
information superhighway
Related:communications,
information superiority
Related:exploit,
information system
IncludedBy:system,
information system security officer
IncludedBy:computer security, system security officer,
Related:system,
information systems audit and control association
IncludedBy:audit,
information systems audit and control foundation
IncludedBy:audit,
information systems security
IncludedBy:information security, threat, user,
Includes:network security, system security, system security engineering, telecommunications security,
Related:authentication, denial of service, encryption, identification, system, unauthorized access,
Synonym:computer security,
information systems security association
IncludedBy:computer security, system,
information systems security engineering
IncludedBy:computer security, requirements, system, threat,
Related:counter measures,
information systems security equipment modification
IncludedBy:computer security,
Includes:COMSEC modification,
information systems security manager
IncludedBy:computer security, system,
information systems security officer
IncludedBy:computer security,
Includes:network security officer,
information systems security policy
IncludedBy:computer security,
Includes:security policy,
Information Systems Security products and services catalogue
IncludedBy:computer security, system,
Includes:degausser products list, endorsed tools list, evaluated products list, preferred products list,
information systems/technology
IncludedBy:system,
information technology
IncludedBy:automated information system,
Related:communications, software,
Information Technology Security Evaluation Criteria
IncludedBy:computer security, evaluation,
information technology system
IncludedBy:automated information system, system,
Related:communications,
information warfare
IncludedBy:threat, warfare,
Related:exploit,
infrastructure
infrastructure assurance
IncludedBy:assurance,
Related:critical infrastructure, incident, risk, threat,
infrastructure protection
IncludedBy:critical infrastructure,
Related:assurance, risk, threat, vulnerability,
ingress filtering
Related:internet,
inheritance
initial transformation
Related:networks,
initialization value
Related:key,
Synonym:initialization vector,
initialization vector
IncludedBy:Data Encryption Standard,
Related:algorithm, encryption,
Synonym:initialization value,
initialize
Related:cryptography, encryption,
initializing value
Related:hash,
input
input data
IncludedBy:cryptographic module,
input/output
Related:automated information system,
insertion
IncludedBy:threat consequence,
insider attack
IncludedBy:attack,
Related:networks,
inspectable space
Related:TEMPEST,
instance
instantiate
Institute of Electrical and Electronics Engineers, Inc
institute of internal auditors
instrument
Related:test,
instrumentation
Related:analysis,
Integrated CASE tools
Related:analysis, software,
integrated logistics support
Integrated services digital network
IncludedBy:networks,
Related:communications,
integrated test facility
IncludedBy:test,
Related:software development,
integration test
IncludedBy:test,
Related:software development,
integrity
IncludedBy:quality of protection, security,
Includes:authenticity, check character, checksum, correctness, correctness integrity, data authentication code, data integrity, data integrity service, error detection code, integrity policy, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, secure hash algorithm, source integrity, system and data integrity, system integrity,
Related:access control, business process, computer emergency response team, digital signature, entry-level certification, hash, information assurance, levels of concern, mid-level certification, post-accreditation phase, security controls, software, top-level certification,
integrity check
Related:cryptography, hash,
integrity check value
integrity policy
IncludedBy:integrity, policy,
Related:security policy,
integrity-checking tools
IncludedBy:security software,
intelligent threat
IncludedBy:threat,
Related:cryptography, encryption, exploit, key,
intent
inter-TSF transfers
IncludedBy:TOE security functions, target of evaluation,
Related:trust,
interactive mode
interarea interswitch rekeying key
IncludedBy:key,
interception
IncludedBy:threat consequence,
interconnection security agreements
IncludedBy:security,
interdependence
Related:risk,
interdiction
HasPreferred:denial of service,
interface
Related:communications, cryptography,
interface control document
Related:baseline, evaluation,
interface control unit
IncludedBy:automated information system,
interface testing
IncludedBy:test,
interference
IncludedBy:threat consequence,
interim accreditation
IncludedBy:accreditation,
Related:security,
interim accreditation action plan
IncludedBy:accreditation,
Related:risk, security,
interleaving attack
IncludedBy:attack,
Related:authentication,
internal communication channel
IncludedBy:channel, communication channel, communications, target of evaluation,
internal control questionnaire
internal rate of return
internal security controls
IncludedBy:risk management, security controls,
Includes:subject,
Related:software,
internal subject
IncludedBy:subject,
internal system exposure
IncludedBy:exposure,
Related:security,
internal throughput time
internal TOE transfer
IncludedBy:target of evaluation,
International Data Encryption Algorithm
IncludedBy:algorithm, symmetric algorithm,
International organization for standardization
IncludedBy:automated information system,
Includes:Open Systems Interconnection Reference model,
Related:ITU-T,
international standards organization
international telecommunication union
Related:networks,
International Traffic in Arms Regulations
Related:TEMPEST, cryptography, security,
internet
Includes:ARPANET, Distributed Authentication Security Service, Generic Security Service Application Program Interface, IP address, IPsec Key Exchange, Identification Protocol, Internet Corporation for Assigned Names and Numbers, Internet Draft, Internet Message Access Protocol, version 4, Internet Protocol Security Option, Internet Protocol security, Internet Security Association and Key Management Protocol, Internet Society, Internet Standard, MIME Object Security Services, PKIX, POP3 AUTH, Post Office Protocol, version 3, Rexd, SOCKS, Secure/MIME, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, USENET, anonymous login, cyberspace, domain name service server, domain name system, e-banking, e-mail server, email, extranet, file transfer protocol, firewall, gateway server, internet control message protocol, internet protocol, internet service provider, internet vs. Internet, internetwork, internetwork private line, intranet, listserv, mailing list, management information base, markup language, point-to-point protocol, port, pretty good privacy, proxy server, router, secure hypertext transfer protocol, secure shell, simple mail transfer protocol, simple network management protocol, sniffer, telnet, traceroute, transmission control protocol, transmission control protocol/internet protocol, transport layer security, tunnel, uniform resource identifier, uniform resource locator, uniform resource name, user data protocol, user datagram protocol, virtual private network, virus, wide area information service, world wide web, worm,
Related:Green book, Guidelines and Recommendations for Security Incident Processing, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Message Security Protocol, On-line Certificate Status Protocol, Open Systems Interconnection Reference model, Secure Electronic Transaction, attack, bill payment, bill presentment, certification hierarchy, computer emergency response team, computer emergency response team/ coordination center, computer network, concept of operations, confidentiality, cookies, counter measures, dial-up line, domain, egress filtering, electronic commerce, electronic messaging services, end system, external system exposure, host, https, hypermedia, hypertext, ingress filtering, interoperability standards/protocols, lurking, network connection, network worm, networks, object identifier, one-time passwords, open systems security, packet assembly and disassembly, password sniffing, peer-to-peer communication, personal communications network, policy certification authority, pop-up box, port scanning, protocol, public-key forward secrecy, repudiation, rules of behavior, trojan horse, validate vs. verify, vendor,
Internet Architecture Board
IncludedBy:Internet Society,
Related:trust,
Internet Assigned Numbers Authority
IncludedBy:Internet Society,
Related:networks,
internet control message protocol
IncludedBy:internet, security,
Related:communications, networks,
Internet Corporation for Assigned Names and Numbers
IncludedBy:internet,
Related:key,
Internet Draft
IncludedBy:internet,
Internet Engineering Steering Group
IncludedBy:Internet Society,
Related:trust,
Internet Engineering Task Force
IncludedBy:Internet Society,
Related:authentication, security,
Internet Message Access Protocol, version 4
IncludedBy:internet,
Internet Policy Registration Authority
IncludedBy:Internet Society,
Related:certification, public-key infrastructure,
internet protocol
IncludedBy:internet,
Related:communications, networks,
Internet Protocol security
IncludedBy:communications security, internet, security protocol,
Includes:Authentication Header, encapsulating security payload, transport mode vs. tunnel mode, tunnel mode,
Related:access control, authentication, confidentiality, encryption, key,
Internet Protocol Security Option
IncludedBy:internet, security protocol,
Related:National Security Agency, classification level, networks,
Internet Security Association and Key Management Protocol
IncludedBy:internet, security protocol,
Related:authentication, cryptography, digital signature, encryption, key,
internet service provider
IncludedBy:internet,
Internet Society
IncludedBy:internet,
Includes:Internet Architecture Board, Internet Assigned Numbers Authority, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Policy Registration Authority, Internet Society Copyright, Request for Comment,
Related:trust,
Internet Society Copyright
IncludedBy:Internet Society,
Internet Standard
IncludedBy:internet,
Related:Request for Comment,
Internet Standards document
IncludedBy:Request for Comment,
internet vs. Internet
IncludedBy:internet,
Related:model, networks,
Internet worm
IncludedBy:worm,
Related:networks,
internetwork
IncludedBy:internet, networks,
Related:communications,
internetwork private line
IncludedBy:internet, networks,
Related:cryptography,
interoperability
Synonym:interoperable,
interoperability standards/protocols
Related:internet,
interoperable
Related:software,
Synonym:interoperability,
interoperate
interpersonal messaging
interpretation
interswitch rekeying key
IncludedBy:key,
interval estimate
interval variable
intranet
IncludedBy:internet,
Related:networks,
intruder
IncludedBy:threat,
Related:authorization,
intrusion
IncludedBy:threat, threat consequence,
Includes:computer intrusion, computer security intrusion, penetration,
Related:authorization, availability, confidentiality, intrusion detection, security intrusion, unauthorized access,
intrusion detection
IncludedBy:risk management,
Includes:Intrusion Detection In Our Time, intrusion detection system, intrusion detection tools,
Related:audit, authorization, intrusion, networks, software,
Intrusion Detection In Our Time
IncludedBy:intrusion detection, security software,
intrusion detection system
IncludedBy:intrusion detection, security software, system,
Related:audit, networks,
intrusion detection tools
IncludedBy:intrusion detection, security software,
Related:unauthorized access,
invalidity date
IncludedBy:public-key infrastructure,
Related:certificate, digital signature, key, non-repudiation,
IP address
IncludedBy:internet,
Related:networks,
IP splicing/hijacking
IncludedBy:attack,
Related:authentication, hijack attack, networks, session hijacking,
ip spoofing
IncludedBy:address spoofing, masquerade, spoofing,
Related:networks,
IPsec Key Exchange
IncludedBy:internet,
Related:authentication, key, security,
IS related risk
IncludedBy:risk,
Related:failure, threat, vulnerability,
IS security architecture
IncludedBy:computer security,
isolation
Includes:object, subject,
issue
Related:certificate, public-key infrastructure,
issuer
IncludedBy:Secure Electronic Transaction,
Related:certificate, public-key infrastructure,
IT security
IncludedBy:Automated Information System security,
Related:authentication, availability, confidentiality, non-repudiation,
Synonym:computer security,
IT security certification
IncludedBy:Automated Information System security, certification, computer security, target of evaluation,
IT Security Evaluation Criteria
IncludedBy:Automated Information System security, computer security, evaluation,
IT Security Evaluation Methodology
IncludedBy:Automated Information System security, computer security, evaluation,
IT security policy
IncludedBy:computer security, policy,
IT security product
IncludedBy:computer security,
Related:software,
IT system
HasPreferred:automated information system,
iteration
ITU-T
Includes:CCITT, Open Systems Interconnection Reference model,
Related:International organization for standardization,
Java
IncludedBy:software,
Related:networks,
joint task force-computer network defense
Related:incident, threat,
JTC1 Registration Authority
judgment sample
Related:analysis,
Kerberos
IncludedBy:Simple Authentication and Security Layer, distributed computing environment, security software,
Includes:key distribution center, session key, third party trusted host model,
Related:access control, networks, passwords, privacy, trust,
kernelized secure operating system
IncludedBy:system,
key
IncludedBy:Multilevel Information System Security Initiative, Secure Electronic Transaction, security,
Includes:Data Encryption Standard, MAC algorithm key, Programmable key storage device, S/Key, SAVILLE Advanced Remote Keying, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, area interswitch rekeying key, asymmetric cryptographic algorithm, automated key distribution, automated key management center, automated key management system, automatic key distribution center, automatic key distribution/rekeying control unit, automatic remote rekeying, block cipher key, cipher text auto-key, common interswitch rekeying key, compartment key, compromised key list, contingency key, cooperative key generation, crypto-ignition key, cryptographic functions, cryptographic ignition key, cryptographic key, cryptonet key, data encryption key, data key, digital certificate, digital key, digital signature, directly trusted CA key, effective key length, electronic key management, electronic key management system, electronically generated key, encrypted key, ephemeral key, exercise key, hard copy key, hardened unique storage Key, hardwired key, interarea interswitch rekeying key, interswitch rekeying key, key card, key distribution center, key list, key management, key management application service element, key management center, key management identification number, key management infrastructure, key management ordering and distribution center, key management protocol data unit, key management system, key management system Agent, key management user agent, key pair, key processor, key production key, key recovery, key storage device, key stream, key tag, key tape, key updating, key variable generator, key-auto-key, key-encrypting key, key-encryption-key, key-escrow, key-escrow system, keying material, keys used to encrypt and decrypt files, local management device/key processor, lock-and-key protection system, loop key generator, maintenance key, manual remote rekeying, master crypto-ignition key, operational key, over-the-air key distribution, over-the-air key transfer, over-the-air rekeying, per-call key, plaintext key, point-to-point key establishment, post-nuclear event key, pretty good privacy, private decipherment key, private key, private signature key, public encipherment key, public key, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key infrastructure, remote rekeying, reserve keying material, root key, secret key, secret-key cryptography, secure multipurpose internet mail extensions, security management infrastructure, seed key, session key, signature key, single point keying, split key, symmetric algorithm, symmetric key, test key, token storage key, tokens, traffic encryption key, training key, transmission security key, trusted key, unique interswitch rekeying key, verification key, virtual private network,
Related:Blowfish, CA certificate, CAPSTONE chip, COMSEC aid, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC system data, CRYPTO, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Clipper chip, Cryptographic Message Syntax, Data Authentication Algorithm, Data Encryption Algorithm, Diffie-Hellman, Escrowed Encryption Standard, FIPS PUB 140-1, FIREFLY, Federal Public-key Infrastructure, Federal Standard 1027, Fortezza, HMAC, IEEE P1363, IMAP4 AUTHENTICATE, IPsec Key Exchange, Internet Corporation for Assigned Names and Numbers, Internet Protocol security, Internet Security Association and Key Management Protocol, Key Exchange Algorithm, Key Management Protocol, MIME Object Security Services, MISSI user, OAKLEY, PKCS #10, PKCS #11, PKIX, POP3 APOP, Photuris, Rivest Cipher 2, Rivest Cipher 4, Rivest, Shamir, and Adleman, Rivest-Shamir-Adelman algorithm, Rivest-Shamir-Adleman, SET private extension, Secure Data Network System, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Skipjack, Standards for Interoperable LAN/MAN Security, The Exponential Encryption System, U.S.-controlled space, Wassenaar Arrangement, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate, access control center, archive, asymmetric cryptography, attribute certificate, authority revocation list, bind, binding, block cipher, break, brute force, certificate, certificate management, certificate policy, certificate policy qualifier, certificate rekey, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification hierarchy, certification path, certification request, certify, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, class 2, 3, 4, or 5, common name, communications security, compromise, counter measures, critical security parameters, cross-certification, cryptanalysis, cryptographic algorithm, cryptographic system, cryptographic token, cryptonet, cryptoperiod, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication service, decipher, dictionary attack, digital certification, digital envelope, digital id, distinguished name, distribution point, domain name system, dongle, dual signature, elliptic curve cryptography, encryption, encryption certificate, end entity, explicit key authentication from A to B, extension, fingerprint, hierarchy management, hybrid encryption, implicit key authentication from A to B, initialization value, intelligent threat, invalidity date, key agreement, key authentication, key center, key confirmation, key confirmation from A to B, key control, key derivation function, key distribution, key distribution centre, key distribution service, key establishment, key generating function, key generation, key generation exponent, key generator, key length, key lifetime, key material identifier, key space, key token, key translation center, key translation centre, key transport, key update, key validation, keyed hash, known-plaintext attack, link encryption, man-in-the-middle, merchant certificate, mesh PKI, message authentication code vs. Message Authentication Code, message integrity code, modulus, object, ohnosecond, one-time pad, one-time passwords, one-way encryption, organizational certificate, out of band, path discovery, personality label, policy approving authority, policy creation authority, privacy enhanced mail, private component, public component, public-key forward secrecy, random, registration, registration authority, rekey, repository, revocation date, root, root certificate, secret, secure hypertext transfer protocol, secure socket layer, security association identifier, security event, self-signed certificate, shared secret, signature certificate, signer, slot, smartcards, split knowledge, start-up KEK, stream cipher, strong authentication, subject, subordinate certification authority, symmetric cryptography, token copy, token management, triple DES, trust, trust-file PKI, trusted certificate, unforgeable, v1 certificate, v2 certificate, v3 certificate, validate vs. verify, validity period, web of trust, zeroize,
key agreement
Related:encryption, key, shared secret,
key authentication
IncludedBy:authentication,
Related:key,
key card
IncludedBy:key,
key center
Related:encryption, key,
key confirmation
Related:key,
key confirmation from A to B
Related:key,
key control
Related:key,
key derivation function
Related:key,
key distribution
Related:key,
key distribution center
IncludedBy:Kerberos, key, key management,
Related:communications security, encryption,
key distribution centre
Related:key, trust,
key distribution service
Related:key,
key establishment
Related:key,
Key Exchange Algorithm
Related:National Security Agency, key,
key generating function
Related:key,
key generation
Related:key,
key generation exponent
Related:key, trust,
key generator
Related:encryption, key,
key length
Related:key,
key lifetime
IncludedBy:Multilevel Information System Security Initiative,
Related:certificate, key, public-key infrastructure,
key list
IncludedBy:key,
key loader
IncludedBy:key management,
key management
IncludedBy:key, security,
Includes:Key Management Protocol, automated key distribution, electronic key entry, key distribution center, key loader, key management/exchange, key recovery, key-escrow, manual key distribution, manual key entry,
Related:audit, public-key infrastructure,
key management application service element
IncludedBy:key,
key management center
IncludedBy:key,
key management identification number
IncludedBy:key,
key management infrastructure
IncludedBy:key,
Related:software,
key management ordering and distribution center
IncludedBy:key,
Key Management Protocol
IncludedBy:key management, security protocol,
Related:key,
key management protocol data unit
IncludedBy:key,
key management system
IncludedBy:key, system,
key management system Agent
IncludedBy:key, system,
key management user agent
IncludedBy:key,
key management/exchange
IncludedBy:key management,
Related:privacy,
key material identifier
IncludedBy:Multilevel Information System Security Initiative,
Related:certificate, key, public-key infrastructure,
key pair
IncludedBy:key,
Related:digital signature, encryption,
key processor
IncludedBy:key,
key production key
IncludedBy:key,
key recovery
IncludedBy:key, key management, recovery,
Includes:data key, encrypted key, key-encrypting key, key-escrow system, plaintext key, session key, split knowledge,
Related:confidentiality, encryption, key-escrow, trust,
key space
Related:key,
key storage device
IncludedBy:key,
key stream
IncludedBy:key,
key tag
IncludedBy:key,
Related:identification,
key tape
IncludedBy:key,
key token
IncludedBy:tokens,
Related:key,
key translation center
Related:encryption, key,
key translation centre
Related:key, trust,
key transport
Related:encryption, key,
key update
Related:key,
key updating
IncludedBy:key,
key validation
Related:attack, key,
key variable generator
IncludedBy:key,
key-auto-key
IncludedBy:key,
key-encrypting key
IncludedBy:key, key recovery,
Related:encryption,
key-encryption-key
IncludedBy:encryption, key,
key-escrow
IncludedBy:key, key management, key-escrow system,
Related:audit, key recovery, trust,
key-escrow system
IncludedBy:key, key recovery, system,
Includes:key-escrow,
Related:algorithm, encryption,
keyed hash
IncludedBy:hash,
Related:authentication, encryption, key, threat,
keying material
IncludedBy:key,
Related:authentication,
keys used to encrypt and decrypt files
IncludedBy:key,
keystroke monitoring
IncludedBy:attack,
Related:audit, software,
killer packets
Related:networks,
kiosk
known-plaintext attack
IncludedBy:attack,
Related:analysis, cryptography, key,
label
IncludedBy:security label,
labeled security protections
IncludedBy:security,
Related:access control, trust,
laboratory attack
IncludedBy:attack,
Related:recovery,
language
Related:automated information system,
language of temporal ordering specification
Related:networks,
laptop computer
Related:automated information system,
large scale integration
Related:automated information system,
lattice
IncludedBy:Bell-LaPadula security model,
Related:test,
lattice model
IncludedBy:Bell-LaPadula security model, model,
Related:classification level, test,
Law Enforcement Access Field
IncludedBy:Clipper chip,
Related:encryption,
Layer 2 Forwarding Protocol
IncludedBy:security protocol,
Related:internet, networks,
Layer 2 Tunneling Protocol
IncludedBy:security protocol,
Related:internet, networks,
layer management entry
layer management interface
layered solution
IncludedBy:security,
Related:counter measures,
leakage
IncludedBy:threat,
leapfrog attack
IncludedBy:attack,
Related:passwords,
least privilege
IncludedBy:privilege,
Includes:need-to-know, subject,
Related:authorization, security,
legacy data
Related:automated information system,
legacy systems
IncludedBy:system,
Related:business process,
letterbomb
IncludedBy:email, threat,
Related:denial of service,
level of protection
Related:assurance, counter measures, networks, threat, vulnerability,
levels of concern
Related:availability, confidentiality, exposure, integrity, risk, security, threat,
liability
license
Related:software,
life cycle management
IncludedBy:automated information system,
life cycle stage
Lightweight Directory Access Protocol
IncludedBy:security protocol,
Related:authentication,
limited access
HasPreferred:access control,
limited maintenance
Related:communications security,
limited rate initial preproduction
line conditioning
Related:communications,
line conduction
Related:communications,
linear predictive coding
link
Related:communications, hyperlink, networks, world wide web,
link encryption
IncludedBy:encryption,
Related:key, networks,
list-oriented
Antonym:ticket-oriented,
IncludedBy:authorization,
Includes:object, subject,
listserv
IncludedBy:internet,
local authority
Related:user,
local loop
Related:communications,
local management device
local management device/key processor
IncludedBy:key,
Related:communications security, user,
local requirements
Antonym:global requirements,
IncludedBy:requirements, trusted computing base,
Related:analysis,
local-area netwokr
Related:communications, networks,
local-area network
IncludedBy:user,
lock-and-key protection system
IncludedBy:key, system,
Related:assurance, passwords,
lockout
logged in
Related:automated information system,
logging
IncludedBy:firewall,
Related:evidence, test,
Synonym:audit trail,
logic bomb
IncludedBy:threat,
Related:denial of service, time bomb,
logical access
Related:access control, security,
logical co-processing kernel
logical completeness measure
Related:access control,
logical system definition
IncludedBy:automated information system, system,
Related:networks,
login
Related:access control, audit, passwords,
login prompt
Related:passwords,
long title
Related:communications security,
loop
IncludedBy:risk,
loop key generator
IncludedBy:key,
loophole
IncludedBy:threat,
Related:software,
low probability of detection
Related:risk,
low probability of intercept
Related:risk,
low-cost encryption/authentication device
IncludedBy:authentication,
Related:encryption,
lurking
IncludedBy:threat,
Related:internet,
MAC algorithm key
IncludedBy:key,
macro virus
IncludedBy:virus,
magnetic remanence
IncludedBy:overwrite procedure,
Synonym:remanence,
mailbomb
IncludedBy:email, threat,
mailbombing
Related:attack,
mailing list
IncludedBy:internet,
maintainability
Related:availability,
maintenance
Related:fault, software,
maintenance hook
IncludedBy:risk,
Related:software,
maintenance key
IncludedBy:key,
major application
Related:risk, unauthorized access,
malicious applets
IncludedBy:threat,
malicious code
IncludedBy:threat,
Includes:worm,
Related:malicious logic, malware, software, virus,
malicious logic
IncludedBy:threat, threat consequence,
Related:malicious code, software, unauthorized access,
malicious program
IncludedBy:threat,
malware
IncludedBy:threat,
Related:malicious code, software,
man-in-the-middle
IncludedBy:attack,
Related:authentication, key,
management controls
Related:risk, security, security controls,
management engineering plan
management information base
IncludedBy:internet,
manager information systems
IncludedBy:system,
mandatory access control
IncludedBy:access control,
Synonym:non-discretionary access control,
mandatory modification
Related:communications security,
manipulation detection code
Related:attack,
manipulative communications
manual cryptosystem
IncludedBy:cryptography,
manual key distribution
IncludedBy:key management,
manual key entry
IncludedBy:key management,
manual remote rekeying
IncludedBy:key,
markup language
IncludedBy:internet, standard generalized markup language,
mask generation function
masquerade
IncludedBy:threat consequence,
Includes:DNS spoofing, address spoofing, ip spoofing, masquerade attack, masquerading, mimicking, spoofing, spoofing attack,
Related:alias, threat,
Synonym:impersonation,
masquerade attack
IncludedBy:attack, masquerade,
masquerading
IncludedBy:attack, masquerade,
Related:authentication,
mass-market software
IncludedBy:software, software product,
Related:COTS software,
master crypto-ignition key
IncludedBy:key,
master file
IncludedBy:automated information system,
material symbol
matrix
Related:hash,
MD2
Related:cryptography, hash,
MD4
Related:cryptography, hash,
MD5
Related:cryptography, hash,
meaconing, intrusion, jamming, and interference
IncludedBy:communications security,
mean
mean absolute deviation
mean-time-between-failure
IncludedBy:failure,
mean-time-between-outages
IncludedBy:failure,
mean-time-to-fail
IncludedBy:failure,
mean-time-to-repair
Related:failure,
mean-time-to-service-restoral
Related:failure,
measure
mechanism
media
media protection
Related:exposure, security,
median
MEI resource elements
IncludedBy:minimum essential infrastructure,
Related:vulnerability,
memorandum of agreement
HasPreferred:memorandum of understanding,
memorandum of understanding
PreferredFor:memorandum of agreement,
memory
memory scavenging
IncludedBy:automated information system,
memory space-time
merchant
IncludedBy:Secure Electronic Transaction,
merchant certificate
IncludedBy:Secure Electronic Transaction, certificate,
Related:digital signature, encryption, key,
merchant certification authority
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:certificate, certification,
merge access
IncludedBy:access,
mesh PKI
IncludedBy:public-key infrastructure,
Related:certificate, key, trust,
message
message authentication code
IncludedBy:authentication,
Related:cryptography, hash function,
Synonym:data authentication code,
message authentication code algorithm
IncludedBy:authentication,
Related:cryptography,
message authentication code vs. Message Authentication Code
IncludedBy:authentication,
Related:cryptography, email, encryption, hash, key, software,
message digest
Includes:message digest algorithm 5,
PreferredFor:digest,
Related:hash, test,
message digest algorithm 5
IncludedBy:algorithm, message digest,
message externals
message handling system
IncludedBy:system,
Related:email,
message identifier
message indicator
Related:communications, cryptography,
message integrity check
HasPreferred:message integrity code,
message integrity code
PreferredFor:message integrity check,
Related:authentication, email, encryption, hash, key, software,
message passing
message representative
Message Security Protocol
IncludedBy:security protocol,
Related:National Security Agency, internet,
metadata
IncludedBy:database management system,
metric
Related:algorithm, software,
metropolitan area networks
IncludedBy:networks,
microcode
IncludedBy:cryptographic module,
mid-level certification
IncludedBy:certification,
Related:availability, confidentiality, integrity,
million instruction per second
IncludedBy:automated information system,
MIME Object Security Services
IncludedBy:internet, security protocol,
Related:cryptography, digital signature, encryption, key,
mimicking
IncludedBy:attack, masquerade,
Synonym:spoofing,
miniature receiver terminal
miniature terminal
minimum essential emergency communications network
IncludedBy:minimum essential infrastructure, networks,
minimum essential infrastructure
Includes:MEI resource elements, minimum essential emergency communications network,
Related:access control, accountability, areas of potential compromise, availability, continuity of services and operations, segregation of duties,
minimum essential requirements
Minimum Interoperability Specification for PKI Components
IncludedBy:public-key infrastructure,
Related:certificate,
minimum level of protection
Related:assurance, risk,
mirroring
Related:availability, backup,
misappropriation
IncludedBy:threat consequence,
MISSI user
IncludedBy:Multilevel Information System Security Initiative, user,
Related:Fortezza, certificate, certification, key, public-key infrastructure,
mission critical
Related:vulnerability,
mission critical system
IncludedBy:system,
Related:business process,
mission needs statement
IncludedBy:threat,
misuse
IncludedBy:threat consequence,
misuse detection model
IncludedBy:model, security policy model,
Related:rules based detection,
mitigation
IncludedBy:risk management,
Related:incident,
mnemonic
mobile code
mobile subscriber equipment
mockingbird
IncludedBy:threat,
mode
HasPreferred:mode of operation,
mode of operation
PreferredFor:mode,
Related:classification level, encryption, security, user,
model
Includes:Bell-LaPadula security model, Biba Integrity model, Biba model, Clark Wilson integrity model, Open Systems Interconnection Reference model, TOE security policy model, anomaly detection model, as is process model, formal model of security policy, formal security policy model, lattice model, misuse detection model, modeling or flowcharting, open system interconnection model, security model, security policy model, simulation modeling, third party trusted host model, to be process model,
Related:*-property, CASE tools, OSI architecture, Standards for Interoperable LAN/MAN Security, analysis, client server, credentials, discrete event simulation, domain, energy-efficient computer equipment, finite state machine, formal development methodology, formal top-level specification, formal verification, internet vs. Internet, object, prototyping, secure hypertext transfer protocol, security, security policy, simple security condition, simple security property, ticket, top-level specification, tranquility, trusted subject, verification, world class organizations,
model experimental development model/exploratory development model
modeling or flowcharting
IncludedBy:model,
modem
modes of operation
Includes:automated information system, compartmented security mode, dedicated security mode, multilevel device, multilevel secure, multilevel security mode, multiuser mode of operation, partitioned security mode, protection ring, single-level device, stand-alone, shared system, stand-alone, single-user system, system high, system low, system-high security mode,
Related:classification level, security, software, trust,
modification/configuration control board
modular software
IncludedBy:software,
modularity
Related:software,
modulus
Related:key,
monitor
Related:evidence, trust,
Synonym:monitoring authority,
monitoring authority
Synonym:monitor,
Monitoring of Evaluations
IncludedBy:Common Criteria Testing Laboratory, evaluation,
Related:security,
monolithic TCB
IncludedBy:trusted computing base,
morris worm
IncludedBy:worm,
motivation
IncludedBy:security,
Related:unauthorized access,
multicast
Related:communications,
multihost based auditing
IncludedBy:audit, automated information system,
multilevel device
IncludedBy:modes of operation,
Related:risk, security, trust,
Multilevel Information System Security Initiative
IncludedBy:National Security Agency, computer security, system,
Includes:MISSI user, SSO PIN, SSO-PIN ORA, certificate, certificate rekey, certification, certification hierarchy, compromised key list, domain, key, key lifetime, key material identifier, no-PIN ORA, organizational certificate, organizational registration authority, personality label, policy approving authority, policy creation authority, root, root registry, slot, subordinate certification authority, user PIN, user-PIN ORA,
Related:networks,
multilevel information systems security initiative
IncludedBy:computer security, system,
multilevel mode
Related:user,
multilevel secure
IncludedBy:modes of operation,
Related:security,
multilevel security
IncludedBy:authorization, security,
Includes:controlled security mode,
Related:classification level,
multilevel security mode
IncludedBy:modes of operation, security,
Includes:system-high security mode,
Related:accreditation, classification level,
multimedia
multiple access rights terminal
multiple component incident
IncludedBy:incident,
multipurpose internet mail extensions
IncludedBy:email, security protocol,
Includes:secure multipurpose internet mail extensions,
multiuser mode of operation
IncludedBy:modes of operation, user,
mutation analysis
IncludedBy:analysis,
Related:error seeding, test,
mutation testing
IncludedBy:test,
mutual authentication
IncludedBy:authentication,
Related:unilateral authentication,
Synonym:mutual entity authentication,
mutual entity authentication
IncludedBy:authentication,
Synonym:mutual authentication,
mutual forward secrecy
IncludedBy:forward secrecy,
mutual recognition of certificates
mutual suspicion
IncludedBy:security,
Related:trust,
mutually suspicious
IncludedBy:security,
n-bit block cipher
nak attack
IncludedBy:attack,
narrowband network
IncludedBy:networks,
National Communications System
IncludedBy:system,
national computer security assessment program
IncludedBy:computer security,
Related:analysis, threat,
National Computer Security Center
IncludedBy:computer security,
Includes:trusted computer system,
Related:National Security Agency, availability, evaluation, networks, trust,
National Computer Security Center glossary
IncludedBy:computer security,
Related:networks, trust,
National COMSEC Advisory Memorandum
IncludedBy:communications security,
National COMSEC Information Memorandum
IncludedBy:communications security,
National COMSEC Instruction
IncludedBy:communications security,
National Cryptologic School
IncludedBy:cryptography,
National Industrial Security Advisory Committee
IncludedBy:security,
National Information Assurance partnership
IncludedBy:Common Criteria for Information Technology Security, National Institute of Standards and Technology, assurance,
Includes:Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Evaluation Methodology, NIAP Common Criteria Evaluation and Validation Scheme, NIAP Oversight Body, National Voluntary Laboratory Accreditation Program, accreditation body, approved technologies list, approved test methods list, degausser products list, deliverables list, designated laboratories list, endorsed tools list, evaluated products list, preferred products list, validated products list,
Related:National Security Agency, accreditation, quality, test,
National Information Infrastructure
Related:networks,
National Institute of Standards and Technology
Includes:Advanced Encryption Standard, Clipper chip, Common Criteria for Information Technology Security, Computer Security Objects Register, Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Criteria Vol. I, Federal Information Processing Standards, Federal Standard 1027, Fortezza, NIAP Common Criteria Evaluation and Validation Scheme, National Information Assurance partnership, data authentication code, object identifier, party, validate vs. verify,
Related:information security,
national quality award
IncludedBy:quality,
National Security Agency
IncludedBy:security,
Includes:CAPSTONE chip, Clipper chip, Fortezza, Multilevel Information System Security Initiative, Skipjack, degausser, degausser products list, evaluated products list, preferred products list, rainbow series,
Related:Common Criteria for Information Technology Security, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, Message Security Protocol, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, National Information Assurance partnership, Secure Data Network System, Type I cryptography, Type II cryptography, information security, party,
National Security Decision Directive 145
IncludedBy:security,
Includes:object, subcommittee on Automated Information System security, subcommittee on telecommunications security,
Related:computer security,
National Security Decision Directive
IncludedBy:security,
National Security Directive
IncludedBy:security,
National Security Emergency Preparedness
IncludedBy:security,
national security information
IncludedBy:security,
Related:access control,
national security system
IncludedBy:security, system,
Related:cryptography,
National Security Telecommunications Advisory Committee
IncludedBy:security,
National Security Telecommunications and Information Systems Security Advisory/Information Memorandum
IncludedBy:computer security, system,
National Security Telecommunications and Information Systems Security Committee
IncludedBy:computer security, system,
National Security Telecommunications and Information Systems Security Directive
IncludedBy:computer security, system,
National Security Telecommunications and Information Systems Security Instruction
IncludedBy:computer security, system,
National Security Telecommunications and Information Systems Security Policy
IncludedBy:computer security, system,
National Telecommunications and Information Administration
Related:networks,
national telecommunications and information system security directives
IncludedBy:computer security, system,
National Telecommunications and Information Systems Security Advisory Memoranda/Instructions
IncludedBy:computer security, system,
National Telecommunications and Information Systems Security Directive
IncludedBy:computer security, system,
National Telecommunications and Information Systems Security Instruction
IncludedBy:computer security, system,
National Telecommunications and Information Systems Security Policy
IncludedBy:computer security, system,
National Voluntary Laboratory Accreditation Program
IncludedBy:National Information Assurance partnership, accreditation,
Related:computer security, evaluation,
natural benchmark
natural disaster
IncludedBy:threat, threat consequence,
Related:critical infrastructure,
need-to-know
IncludedBy:access control, least privilege,
negative acknowledgment
negative tests
IncludedBy:test,
negotiated acquisition
net control station
net present value
network address translation
IncludedBy:firewall, networks,
network administrator
network architecture
IncludedBy:networks, security architecture,
Includes:network component, object,
Related:communications, software,
network based
IncludedBy:networks,
Related:audit,
network component
IncludedBy:component, network architecture, networks,
Includes:network front-end, network reference monitor,
Related:access control, audit, authentication, evaluation, identification, trust, trusted computer system,
network configuration
IncludedBy:networks,
Related:communications,
network connection
IncludedBy:networks,
Related:internet,
network device
IncludedBy:networks,
Related:communications,
Network File System
IncludedBy:networks, system,
network front-end
IncludedBy:network component, networks,
Related:security,
network interface card
IncludedBy:networks,
Network Layer Security Protocol
IncludedBy:networks, security protocol,
network level firewall
IncludedBy:firewall, networks,
network management
IncludedBy:networks,
Related:fault, security,
network management architecture
IncludedBy:networks,
Related:communications, software,
network management protocol
IncludedBy:networks,
Related:communications,
network management software
IncludedBy:networks, software,
Related:security,
network monitoring tools
IncludedBy:networks, security software,
network protocol stack
Related:automated information system,
network reference monitor
IncludedBy:access control, network component, networks, reference monitor,
Includes:object, subject,
network security
IncludedBy:communications security, information systems security, networks,
Related:assurance, unauthorized access,
network security architecture
IncludedBy:communications security, networks,
network security architecture and design
IncludedBy:communications security,
network security officer
IncludedBy:communications security, information systems security officer, networks,
network services
IncludedBy:networks,
network size
IncludedBy:networks,
network sponsor
IncludedBy:networks,
Includes:functional proponent,
Related:communications security, security,
network system
IncludedBy:networks, system,
Related:security,
network topology
IncludedBy:networks,
network trusted computing base
IncludedBy:networks, trusted computing base,
Includes:NTCB partition,
Related:software,
network weaving
IncludedBy:networks,
Related:communications,
network worm
IncludedBy:networks,
Related:internet,
networking features of software
IncludedBy:networks, software,
networks
IncludedBy:automated information system,
Includes:ARPANET, Advanced Research Projects Agency Network, Defense Information System Network, Integrated services digital network, Network File System, Network Layer Security Protocol, Secure Data Network System, Trusted Network Interpretation Environment Guideline, advanced intelligence network, advanced intelligent network, automatic digital network, broadband network, centrally-administered network, communications, computer network, computer network attack, computer network defense, defense switched network, global network information environment, ground wave emergency network, internetwork, internetwork private line, metropolitan area networks, minimum essential emergency communications network, narrowband network, network address translation, network architecture, network based, network component, network configuration, network connection, network device, network front-end, network interface card, network level firewall, network management, network management architecture, network management protocol, network management software, network monitoring tools, network reference monitor, network security, network security architecture, network security officer, network services, network size, network sponsor, network system, network topology, network trusted computing base, network weaving, network worm, networking features of software, personal communications network, protected network, secure network server, simple network management protocol, subnetwork, trusted network interpretation, unprotected network, value-added network, virtual network perimeter, virtual private network, wide-area network,
Related:Chernobyl packet, Common Criteria for Information Technology Security, Defense Information Infrastructure, Estelle, Extensible Authentication Protocol, Guidelines and Recommendations for Security Incident Processing, IEEE 802.10, IP address, IP splicing/hijacking, Internet Assigned Numbers Authority, Internet Protocol Security Option, Internet worm, Java, Kerberos, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Multilevel Information System Security Initiative, NTCB partition, National Computer Security Center, National Computer Security Center glossary, National Information Infrastructure, National Telecommunications and Information Administration, OSI architecture, Open Systems Interconnection Reference model, Red book, Remote Authentication Dial-In User Service, SATAN, SOCKS, Secure Data Exchange, Secure Electronic Transaction, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, acceptable level of risk, acceptable use policy, access control, accreditation, accreditation range, address spoofing, alarm reporting, alarm surveillance, alert, application program interface, asynchronous transfer mode, auditing tool, authenticate, authentication service, automated key distribution, automated security incident measurement, bandwidth, bastion host, brand, break, brouters, cascading, cellular transmission, checksum, circuit switching, class hierarchy, communication channel, component, computer emergency response team, computer oracle and password system, computing security methods, confidentiality, connection, data source, datagram, designated approving authority, digital signature, diplomatic telecommunications service, distributed data, distributed database, distributed processing, downgrade, dual-homed gateway firewall, electronic benefit transfer, email security software, encrypt for transmission only, end system, end-to-end encryption, end-user, ethernet meltdown, evaluation assurance level, extranet, fault, file transfer, file transfer access management, file transfer protocol, filtering router, firewall, future narrow band digital terminal, gateway, global command and control system, global telecommunications service, goodput, gopher, government emergency telecommunications service, guard, hacker, hacking, homed, host, host-based firewall, hypertext transfer protocol, initial transformation, insider attack, international telecommunication union, internet, internet control message protocol, internet protocol, internet vs. Internet, intranet, intrusion detection, intrusion detection system, ip spoofing, killer packets, language of temporal ordering specification, level of protection, link, link encryption, local-area netwokr, logical system definition, non-technical countermeasure, object, octet, on-line transaction processing, open system environment, open system interconnection model, open systems interconnection, open systems security, overt channel, packet, packet filtering, packet sniffer, packet switching, packet transfer mode, passive, password sniffing, passwords, perimeter-based security, phreaking, point-to-point tunneling protocol, pretty good privacy, private branch exchange, private decipherment transformation, proprietary protocol, protocol, protocol suite, proxy, purge, queuing theory, remote access software, remote login, residual risk, rootkit, router, router-based firewall, routing control, rule set, sanitization, screened subnet firewall, screening router, secure profile inspector, secure shell, secure socket layer, security architecture, security gateway, security incident, security kernel, security management, security net control station, security range, security situation, security-compliant channel, server, signaling, signaling system 7, single sign-on, smurf, smurfing, sniffer, start-up KEK, state transition diagram, stealth probe, superuser, synchronous flood, synchronous transmission, tcpwrapper, technical countermeasure, technology area, telecommunications, telnet, threat, tinkerbell program, topology, trace packet, traffic load, transaction file, transfer device, transfer time, transmission, transmission control protocol, transmission medium, transmission security, trusted identification, trusted identification forwarding, trusted process, tunnel, tunneled VPN, tunneling, tunneling router, user, user data protocol, vulnerability, web browser cache, web of trust, web vs. Web, wiretapping, worm,
NIAP Common Criteria Evaluation and Validation Scheme
IncludedBy:National Information Assurance partnership, National Institute of Standards and Technology, evaluation,
Related:National Security Agency, trust,
NIAP Oversight Body
IncludedBy:National Information Assurance partnership,
Related:evaluation,
nibble
Related:automated information system,
no prior relationship
Related:digital signature,
no-lone zone
Related:authorized, security,
no-PIN ORA
IncludedBy:Multilevel Information System Security Initiative,
Related:Fortezza,
nominal variable
non-discretionary access control
Antonym:discretionary access control,
IncludedBy:access control,
Related:non-discretionary security,
Synonym:mandatory access control,
non-discretionary security
IncludedBy:security,
Related:classification level, non-discretionary access control,
non-recoverable part
Related:recovery,
non-repudiation
Antonym:repudiation,
IncludedBy:certification authority, quality of protection,
Includes:non-repudiation exchange, non-repudiation information, non-repudiation of creation, non-repudiation of delivery, non-repudiation of knowledge, non-repudiation of origin, non-repudiation of receipt, non-repudiation of sending, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation,
Related:Generic Security Service Application Program Interface, IT security, NRD token, NRO token, NRS token, NRT token, accountability, assurance, authentication, cryptography, defense-wide information assurance program, digital signature, distinguishing identifier, evidence, information assurance, invalidity date, notarization token, originator, proof, recipient, sandboxed environment, secure single sign-on,
non-repudiation exchange
IncludedBy:non-repudiation,
non-repudiation information
IncludedBy:non-repudiation,
Related:evidence,
non-repudiation of creation
IncludedBy:non-repudiation,
non-repudiation of delivery
IncludedBy:non-repudiation,
Includes:NRD token,
non-repudiation of knowledge
IncludedBy:non-repudiation,
non-repudiation of origin
IncludedBy:non-repudiation,
Includes:NRO token,
non-repudiation of receipt
IncludedBy:non-repudiation,
non-repudiation of sending
IncludedBy:non-repudiation,
non-repudiation of submission
IncludedBy:non-repudiation,
Includes:NRS token,
Related:evidence,
non-repudiation of transport
IncludedBy:non-repudiation,
Includes:NRT token,
Related:evidence,
non-repudiation policy
IncludedBy:non-repudiation,
Related:evidence, verification,
non-repudiation service
IncludedBy:non-repudiation,
Related:authentication, evidence, security, test, trust,
non-repudiation token
IncludedBy:non-repudiation, tokens,
Includes:NRD token, NRO token, NRS token, NRT token,
Related:evidence,
non-technical countermeasure
IncludedBy:counter measures, security,
Related:exploit, networks,
nonce
Related:attack,
noncomputing security methods
IncludedBy:security,
Related:software,
nonkernel security related
IncludedBy:security,
normal operation
notarization
Related:evidence, trust,
notarization token
IncludedBy:tokens,
Related:non-repudiation,
notary
Related:evidence, tokens, trust,
NRD token
IncludedBy:non-repudiation of delivery, non-repudiation token, tokens,
Related:non-repudiation,
NRO token
IncludedBy:non-repudiation of origin, non-repudiation token, tokens,
Related:non-repudiation,
NRS token
IncludedBy:non-repudiation of submission, non-repudiation token, tokens,
Related:non-repudiation,
NRT token
IncludedBy:non-repudiation of transport, non-repudiation token, tokens,
Related:non-repudiation,
NTCB partition
IncludedBy:network trusted computing base, trusted computing base,
Related:networks,
nuclear command and control document
IncludedBy:command and control,
null
NULL encryption algorithm
Related:confidentiality, encryption,
OAKLEY
Related:authentication, key, threat,
object
IncludedBy:Bell-LaPadula security model, National Security Decision Directive 145, TCB subset, TOE security policy, acceptance procedure, access, accountability, availability, candidate TCB subset, capability, category, component reference monitor, computer architecture, configuration control, default classification, dominated by, environment, functional component, granularity, granularity of a requirement, information flow control, isolation, list-oriented, network architecture, network reference monitor, object reuse, owner, package, passive, permissions, product rationale, protection philosophy, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource, scavenging, scope of a requirement, secure state, secure subsystem, security attribute, security enforcing, security function, security function policy, security label, security policy, sensitivity label, shall, should, simple security condition, simple security property, software requirement, storage object, subject security level, technical policy, technical security policy, ticket-oriented, tranquility, trusted subject, verification, write, write access,
Includes:TOE security functions, domain,
Related:key, model, networks,
UsedBy:subject,
object code
Related:automated information system,
object identifier
IncludedBy:Abstract Syntax Notation One, National Institute of Standards and Technology,
Related:internet, public-key infrastructure, security,
object reuse
Includes:object, subject,
object-oriented programming
Related:automated information system,
observation reports
IncludedBy:Common Criteria Testing Laboratory,
Related:computer security, evaluation, security,
obstruction
IncludedBy:threat consequence,
octet
Related:networks,
off-line cryptosystem
Related:encryption,
Office of Foreign Assets Control
ohnosecond
Related:key,
on ramp
On-line Certificate Status Protocol
IncludedBy:security protocol,
Related:certificate, internet,
on-line cryptosystem
Related:encryption,
on-line system
IncludedBy:system,
on-line transaction processing
Related:networks,
one-part code
one-time cryptosystem
IncludedBy:system,
one-time pad
Related:analysis, cryptography, encryption, key,
one-time passwords
IncludedBy:passwords,
Related:authentication, cryptography, hash, internet, key, threat,
one-time tape
Related:cryptography,
one-way encryption
IncludedBy:encryption,
Related:key,
one-way function
Related:cryptography, hash,
open security
IncludedBy:security,
open security environment
IncludedBy:security,
Related:assurance,
open storage
open system environment
IncludedBy:system,
Related:networks,
open system interconnection
IncludedBy:system,
open system interconnection model
IncludedBy:Open Systems Interconnection Reference model, model, security, system,
Related:communications, networks,
open systems
IncludedBy:system,
open systems interconnection
IncludedBy:Open Systems Interconnection Reference model, system,
Related:networks,
Open Systems Interconnection Reference model
IncludedBy:ITU-T, International organization for standardization, model,
Includes:OSI architecture, open system interconnection model, open systems interconnection,
Related:internet, networks, public-key infrastructure, security, system,
open systems security
IncludedBy:security, system,
Related:internet, networks,
operating procedure
IncludedBy:target of evaluation,
operating system
IncludedBy:system,
Related:software,
operation
IncludedBy:target of evaluation,
operational controls
Related:security, security controls,
operational data security
IncludedBy:security,
operational documentation
IncludedBy:target of evaluation,
operational environment
IncludedBy:target of evaluation,
operational integrity
IncludedBy:security,
operational key
IncludedBy:key,
operational testing
IncludedBy:test,
operational waiver
operations code
Related:communications,
operations manager
Related:cryptography, security,
operations security
IncludedBy:security,
Related:evidence, exploit,
operator
IncludedBy:cryptographic module,
optical character recognition
optical fiber
optical scanner
optional modification
Related:TEMPEST, communications security,
oracle
Related:test,
Orange book
IncludedBy:rainbow series,
Includes:A1, C2-protect,
Related:computer security, security,
order of an element in a finite commutative group
ordinal variable
organisational security policies
HasPreferred:organisational security policy,
organisational security policy
IncludedBy:policy, security policy,
PreferredFor:organisational security policies,
organizational certificate
IncludedBy:Multilevel Information System Security Initiative, certificate,
Related:key,
organizational maintenance
Related:user,
organizational registration
Related:user,
organizational registration authority
IncludedBy:Multilevel Information System Security Initiative,
Related:certificate,
origin authenticity
Related:authentication,
originating agency's determination required
originator
Related:non-repudiation,
OSI architecture
IncludedBy:Open Systems Interconnection Reference model,
Related:communications, model, networks,
out of band
Related:cryptography, key, security, shared secret,
outage
Related:communications, failure,
outcome
outlier
output
IncludedBy:trusted computing base,
output data
IncludedBy:cryptographic module,
output feedback
output transformation
Related:hash,
outside attack
IncludedBy:attack,
outsider attack
IncludedBy:attack,
outsourcing
over-the-air key distribution
IncludedBy:key,
over-the-air key transfer
IncludedBy:key,
Related:encryption,
over-the-air rekeying
IncludedBy:key,
Related:encryption,
overload
IncludedBy:threat consequence,
overt channel
Antonym:covert channel,
IncludedBy:channel,
Related:networks,
overwrite procedure
IncludedBy:erasure,
Includes:magnetic remanence, remanence,
Related:security,
overwriting
owner
IncludedBy:user,
Includes:object, subject,
package
Includes:object,
Related:assurance, security,
packet
Related:networks,
packet assembly and disassembly
Related:internet,
packet filter
IncludedBy:firewall,
Related:filtering router, packet filtering, security,
packet filtering
IncludedBy:firewall,
Includes:stateful packet filtering,
Related:networks, packet filter, proxy,
packet filtering firewall
IncludedBy:firewall,
packet sniffer
IncludedBy:sniffer,
Related:ethernet sniffing, networks, promiscuous mode,
packet switching
Related:networks, software,
packet transfer mode
Related:networks,
padding
pagejacking
IncludedBy:attack,
Related:hijack attack, world wide web,
parameter
pareto diagram
parity
IncludedBy:security,
partial order
partition rule base access control
IncludedBy:access control,
partitioned security mode
IncludedBy:modes of operation, security,
Related:accreditation, computer security,
partnership
Related:critical infrastructure,
party
IncludedBy:National Institute of Standards and Technology,
Related:National Security Agency, computer security, security,
passive
Includes:object,
Related:confidentiality, networks, threat,
passive attack
IncludedBy:attack,
passive threat
IncludedBy:threat,
passive wiretapping
IncludedBy:wiretapping,
passphrase
IncludedBy:passwords,
Password Authentication Protocol
IncludedBy:authentication, security protocol,
Related:passwords,
password cracker
IncludedBy:threat,
Related:dictionary attack, test,
password sniffing
IncludedBy:sniffing,
Related:internet, networks, passwords,
password system
IncludedBy:system,
Related:authentication, encryption,
password-locked screensaver
Related:passwords,
passwords
Includes:one-time passwords, passphrase, secure single sign-on, time-dependent password, virtual password,
Related:3-factor authentication, Extensible Authentication Protocol, Green book, Kerberos, Password Authentication Protocol, Terminal Access Controller Access Control System, anonymous login, auditing tool, authentication, check_password, community string, computer oracle and password system, crack, critical security parameters, default account, dictionary attack, encrypted key, ethernet sniffing, leapfrog attack, lock-and-key protection system, login, login prompt, networks, password sniffing, password-locked screensaver, personal identification number, print suppression, public-key forward secrecy, rootkit, salt, secret, security-relevant event, shared secret, simple authentication, simple network management protocol, smartcards, sniffer, third party trusted host model, ticket, tokens, user identifier,
patch
patch management
path coverage
Related:test,
path discovery
IncludedBy:public-key infrastructure,
Related:certificate, certification, key, trust,
path validation
IncludedBy:public-key infrastructure,
Related:certificate, certification,
payment
payment card
IncludedBy:Secure Electronic Transaction,
payment gateway
IncludedBy:Secure Electronic Transaction,
payment gateway certification authority
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:certificate, certification,
PC card
Related:cryptography,
PCA
PCMCIA
Related:automated information system,
peer access approval
peer access enforcement
peer entity authentication
IncludedBy:authentication,
peer entity authentication service
IncludedBy:authentication,
peer-to-peer communication
Related:internet,
penetration
IncludedBy:attack, intrusion, threat consequence,
Includes:penetration signature, penetration study, penetration test, penetration testing,
Related:unauthorized access, violation,
penetration signature
IncludedBy:penetration,
penetration study
IncludedBy:penetration, risk management,
penetration test
IncludedBy:penetration, test,
Related:certification, evaluation,
penetration testing
IncludedBy:penetration, security testing, target of evaluation, test,
Related:exploit, trust, user,
people
per-call key
IncludedBy:key,
Related:encryption,
perfect forward secrecy
HasPreferred:forward secrecy,
performance gap
Related:quality,
performance measurement
perimeter
HasPreferred:security perimeter,
perimeter-based security
IncludedBy:security perimeter,
Related:networks,
periods processing
peripheral equipment
permissions
IncludedBy:authorization,
Includes:object, subject,
Related:access control, public-key infrastructure,
permissive action link
permuter
Related:cryptography,
perpetrator
IncludedBy:attack,
personal communications network
IncludedBy:networks,
Related:internet,
personal computer
Related:automated information system,
personal computer memory card international association
Related:automated information system,
personal digital assistant
Related:automated information system,
personal identification number
IncludedBy:identification,
Related:3-factor authentication, Fortezza, authentication, passwords, shared secret,
personal security environment
IncludedBy:security,
Related:cryptography, personalization service, public-key infrastructure, tamper, tokens, trust,
personality
HasPreferred:personality label,
personality label
IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,
PreferredFor:personality,
Related:Fortezza, certificate, digital signature, encryption, key,
personalization service
Related:cryptography, personal security environment, security, trust,
personnel security
IncludedBy:security,
phage
IncludedBy:threat,
PHF
IncludedBy:threat,
PHF hack
IncludedBy:threat,
Photuris
Related:key,
phracker
IncludedBy:threat,
phreaker
IncludedBy:threat,
phreaking
IncludedBy:attack,
Related:networks,
physical and environmental protection
Related:security, threat, unauthorized access,
physical destruction
IncludedBy:threat consequence,
physical protection
IncludedBy:cryptographic boundary,
Related:assurance, security,
physical security
IncludedBy:Automated Information System security,
Related:counter measures, threat, unauthorized access,
piggyback
IncludedBy:between-the-lines-entry,
Related:unauthorized access,
piggyback attack
IncludedBy:attack,
piggyback entry
IncludedBy:threat,
Related:unauthorized access,
pilot testing
IncludedBy:test,
Related:software,
ping of death
IncludedBy:attack,
Related:denial of service,
ping sweep
IncludedBy:attack,
PKCS #10
IncludedBy:public-key cryptography standards, public-key infrastructure,
Related:certificate, key,
PKCS #11
IncludedBy:public-key cryptography standards,
Related:key, software, tokens,
PKCS #7
IncludedBy:public-key cryptography standards,
Related:digital signature,
PKIX
IncludedBy:internet, public-key infrastructure,
Related:certificate, key, trust,
PKIX private extension
IncludedBy:public-key infrastructure,
plain text
HasPreferred:cleartext,
Related:cryptography,
plaintext key
IncludedBy:key, key recovery,
plan, do, check, act
platform
Related:software,
plug-in
plug-in modules
Related:software, world wide web,
point estimate
point of control and observation
Related:test,
point-of-sale
point-to-point key establishment
IncludedBy:key,
point-to-point protocol
IncludedBy:internet,
Includes:point-to-point tunneling protocol,
Related:authentication,
point-to-point tunneling protocol
IncludedBy:point-to-point protocol, security protocol, virtual private network,
Includes:private communication technology,
Related:networks,
policy
Includes:IT security policy, TOE security policy, acceptable use policy, corporate security policy, cryptographic module security policy, designation policy, formal model of security policy, identity-based security policy, integrity policy, organisational security policy, policy management authority, public-key infrastructure, rule-based security policy, secrecy policy, security function policy, security policy, system security policy, technical policy, technical security policy, term rule-based security policy, usage security policy,
Related:TOE security policy model, certificate, firewall, formal security policy model, rule set, secure configuration management, security, security association, security audit, security domain, security policy information file, security policy model, security requirements, source selection, verification,
policy approving authority
IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,
Related:certificate, certification, key,
policy certification authority
IncludedBy:public-key infrastructure,
Related:certification, internet,
policy creation authority
IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,
Related:certificate, certification, key,
policy management authority
IncludedBy:policy, public-key infrastructure,
policy mapping
Related:certificate, public-key infrastructure,
polling
polymorphism
pop-up box
Related:internet, world wide web,
POP3 APOP
Related:attack, authentication, hash, key, shared secret,
POP3 AUTH
IncludedBy:internet,
Related:authentication, challenge/response,
population
Related:audit,
port
IncludedBy:internet,
Related:cryptography,
port protection device
Related:assurance,
port scan
IncludedBy:attack,
Related:exploit,
port scanning
Related:internet,
portability
Related:software,
portfolio management
positive control material
positive enable system
IncludedBy:system,
POSIX
Related:access control, security,
Post Office Protocol, version 3
IncludedBy:internet,
Related:authentication, security,
post-accreditation phase
IncludedBy:accreditation,
Related:availability, confidentiality, integrity, risk, security, threat,
post-nuclear event key
IncludedBy:key,
practices dangerous to security
IncludedBy:security,
pre-authorization
Related:certification, public-key infrastructure,
pre-certification phase
IncludedBy:certification,
Related:accreditation, risk, security, verification,
pre-signature
Related:digital signature,
precision
Related:sampling error,
precondition
precursor
Related:attack, incident,
preferred products list
IncludedBy:Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency,
Includes:TEMPEST,
Related:computer security,
prefix free representation
preliminary design review
preproduction model
Related:evaluation,
pretty good privacy
IncludedBy:email security software, encryption, internet, key, privacy, security protocol, web of trust,
Includes:certificate,
Related:authentication, digital signature, email, networks, software,
primary account number
IncludedBy:Secure Electronic Transaction,
Related:cryptography, identification,
primitive
IncludedBy:trusted computing base,
principal
print suppression
Related:passwords, security,
privacy
IncludedBy:quality of protection,
Includes:confidentiality, data privacy, pretty good privacy, privacy enhanced mail, privacy programs, privacy protection, privacy system, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, speech privacy, virtual private network,
Related:Diffie-Hellman, Generic Security Service Application Program Interface, Kerberos, Samurai, anonymous, cookies, cryptography, key management/exchange, private communication technology, private key, public law 100-235, sandboxed environment, secure hypertext transfer protocol, secure single sign-on, secure socket layer, security, sensitive information, simple key management for IP,
privacy enhanced mail
IncludedBy:email, privacy, security protocol,
Includes:certificate, encryption,
Related:authentication, certification, confidentiality, key, public-key infrastructure,
privacy programs
IncludedBy:privacy,
Related:confidentiality, software,
privacy protection
IncludedBy:privacy,
Related:assurance, confidentiality, security, threat,
privacy system
IncludedBy:privacy,
Related:attack, communications, encryption,
privacy, authentication, integrity, identification, non-repudiation
IncludedBy:authentication, identification, integrity, non-repudiation, privacy,
privacy, authentication, integrity, non-repudiation
IncludedBy:authentication, availability, integrity, non-repudiation, privacy,
private accreditation exponent
IncludedBy:accreditation,
private accreditation information
IncludedBy:accreditation,
private branch exchange
Related:networks,
private communication technology
IncludedBy:communications, point-to-point tunneling protocol,
Related:privacy,
private component
Related:key,
private decipherment key
IncludedBy:key,
private decipherment transformation
Related:networks,
private extension
HasPreferred:extension,
private key
IncludedBy:asymmetric algorithm, key, public-key infrastructure,
Related:privacy, secret,
private signature key
IncludedBy:key,
Related:digital signature,
private-key cryptography
HasPreferred:secret-key cryptography,
privilege
IncludedBy:authorization,
Includes:least privilege,
privilege management infrastructure
Related:certificate,
privileged access
Related:user,
privileged instructions
IncludedBy:executive state,
privileged process
Related:security, trust,
probability-proportional-to-size
probe
IncludedBy:incident,
Related:unauthorized access,
problem
Related:failure, fault,
procedural security
IncludedBy:security,
PreferredFor:administrative security,
Related:communications security, computer security, emanation, emanations security,
procedure
process
IncludedBy:subject,
Related:software,
process assurance
IncludedBy:assurance,
process management approach
Related:business process, quality,
process owner
producers
Related:security,
product
Includes:software product,
Related:software,
product rationale
IncludedBy:protection profile,
Includes:object,
Related:assurance, threat,
production
IncludedBy:target of evaluation,
production model
profile
Includes:protection profile, protection profile family,
Related:security,
profile assurance
IncludedBy:assurance,
profiling
program
program automated information system security incident support team
IncludedBy:computer security, incident, system,
program evaluation and review technique
IncludedBy:evaluation,
program manager
Related:security,
Programmable key storage device
IncludedBy:key,
programmable read only memory
programming languages and compilers
IncludedBy:software, target of evaluation,
promiscuous mode
IncludedBy:threat,
Related:ethernet sniffing, packet sniffer,
proof
Related:evidence, non-repudiation,
proprietary
proprietary information
proprietary protocol
Related:networks,
protected checksum
Related:attack,
protected communications
IncludedBy:communications,
Related:encryption,
protected communications zone
protected distribution systems
IncludedBy:system,
Related:encryption,
protected network
Antonym:unprotected network,
IncludedBy:demilitarized zone, firewall, networks,
Related:rule set, unauthorized access,
protected services list
protected wireline distribution system
IncludedBy:system,
protection needs elicitation
IncludedBy:requirements, security,
Related:assurance,
protection philosophy
Includes:object,
Related:assurance, evaluation, security,
protection profile
IncludedBy:Common Criteria for Information Technology Security Evaluation, Federal Criteria Vol. I, profile, requirements, security,
Includes:assignment, decomposition, external security controls, functional protection requirements, product rationale, protection profile family, refinement, trusted computing base,
Related:assurance, computer security, test,
protection profile family
IncludedBy:profile, protection profile,
Related:assurance,
protection ring
IncludedBy:modes of operation,
Related:assurance, user,
protection-critical portions of the TCB
IncludedBy:trusted computing base,
Includes:object, subject,
Related:assurance,
protective packaging
Related:communications security,
protective technologies
Related:incident, tamper,
protocol
Includes:security protocol,
Related:communications, internet, networks,
protocol data unit
protocol suite
Related:communications, networks,
prototyping
Related:model,
prove a correspondence
prowler
IncludedBy:threat,
proxy
IncludedBy:firewall, user,
Includes:application proxy, circuit proxy, proxy server,
Related:authentication, networks, packet filtering, software, stateful packet filtering,
proxy server
IncludedBy:internet, proxy,
Related:access control, authentication, world wide web,
pseudo-flaw
IncludedBy:risk management, threat,
pseudo-random
IncludedBy:random,
pseudo-random number generator
IncludedBy:random,
Related:software, test,
psychological operations
IncludedBy:threat,
public accreditation verification exponent
IncludedBy:accreditation,
Related:verification,
public component
Related:key,
public confidence
Related:trust,
public cryptography
Related:encryption,
public encipherment key
IncludedBy:key, public-key infrastructure,
public encipherment transformation
IncludedBy:public-key infrastructure,
public key
IncludedBy:asymmetric algorithm, key, public-key infrastructure,
public key derivation function
IncludedBy:asymmetric cryptography, public-key infrastructure,
Related:identification,
public key information
IncludedBy:asymmetric cryptography, public-key infrastructure,
public key system
IncludedBy:asymmetric cryptography, public-key infrastructure, system,
public law 100-235
Related:computer security, privacy, security,
public verification key
IncludedBy:public-key infrastructure,
public-key algorithm
IncludedBy:key,
public-key certificate
IncludedBy:certificate, key,
Related:certification, digital signature, test,
public-key cryptography
IncludedBy:key,
Includes:Rivest-Shamir-Adleman,
Related:encryption, public-key infrastructure,
public-key cryptography standards
IncludedBy:Rivest-Shamir-Adleman, asymmetric algorithm, key,
Includes:PKCS #10, PKCS #11, PKCS #7,
Related:public-key infrastructure,
public-key forward secrecy
IncludedBy:forward secrecy,
Related:authentication, encryption, hash, internet, key, passwords, security,
public-key infrastructure
IncludedBy:key, policy, security,
Includes:Federal Public-key Infrastructure, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, PKIX private extension, RA domains, SET private extension, SET qualifier, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, X.509, X.509 authority revocation list, X.509 certificate revocation list, account authority digital signature, attribute authority, bilateral trust, brand CRL identifier, brand certification authority, cardholder certification authority, certificate authority, certificate creation, certificate directory, certificate management, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate status responder, certificate update, certificate validation, certification authorities, certification authority, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification practice statement, certification request, certification service, class 2, 3, 4, or 5, common name, compromised key list, delta CRL, digital id, digital signature, directly trusted CA, directly trusted CA key, distinguished name, distribution point, extension, hierarchical PKI, hierarchy management, hierarchy of trust, indirect certificate revocation list, invalidity date, merchant certification authority, mesh PKI, path discovery, path validation, payment gateway certification authority, personality label, policy approving authority, policy certification authority, policy creation authority, policy management authority, private key, public encipherment key, public encipherment transformation, public key, public key derivation function, public key information, public key system, public verification key, registration authority, revocation date, root, subordinate certification authority, top CA, trust-file PKI, v1 CRL, v2 CRL, validity period,
Related:Abstract Syntax Notation One, Cryptographic Message Syntax, Internet Policy Registration Authority, MISSI user, Open Systems Interconnection Reference model, X.500 Directory, archive, authenticate, authority, bind, capability, certificate chain, certificate chain validation, certificate domain parameters, certificate expiration, certificate management services, certification, certification policy, certify, common security, confidentiality, critical, cryptoperiod, directory service, directory vs. Directory, domain, end entity, end-user, geopolitical certificate authority, issue, issuer, key lifetime, key management, key material identifier, object identifier, permissions, personal security environment, policy mapping, pre-authorization, privacy enhanced mail, public-key cryptography, public-key cryptography standards, registration, registration service, relying party, repository, secure hypertext transfer protocol, security event, slot, software, strong authentication, subject, tokens, trust, trust chain, trust hierarchy, trusted key, trusted third party, tunnel, unforgeable, valid signature, validate vs. verify, web of trust,
purge
Related:assurance, networks, risk,
purging
push technology
Related:world wide web,
QUADRANT
Related:cryptography, tamper,
quality
Includes:European quality award, business process improvement, continuous process improvement, national quality award, quality assurance, quality attributes, quality control, quality function deployment, quality of protection, software quality assurance, total quality management,
Related:Forum of Incident Response and Security Teams, National Information Assurance partnership, accountability, attribute, benchmarking, business process reengineering, data integrity, evaluation, evaluation authority, performance gap, process management approach, security, standard, stretch goal, system integrity, value analysis,
quality assurance
IncludedBy:assurance, quality,
quality assurance/control
IncludedBy:assurance,
quality attributes
IncludedBy:quality,
Related:software,
quality control
IncludedBy:quality,
quality function deployment
IncludedBy:quality,
quality of protection
IncludedBy:evaluation, quality,
Includes:authentication, encryption strength, integrity, non-repudiation, privacy,
Related:assurance, security,
questions on controls
Related:security controls,
queuing theory
Related:networks,
RA domains
IncludedBy:public-key infrastructure,
Related:certificate, certification,
radix
rainbow series
IncludedBy:National Security Agency, Trusted Computer System Evaluation Criteria,
Includes:Green book, Orange book, Red book, Yellow book,
random
Includes:pseudo-random, pseudo-random number generator, random number, random number generator, randomized, randomizer,
Related:cryptography, key, security, test,
random access memory
IncludedBy:automated information system,
random number
IncludedBy:random,
random number generator
IncludedBy:FIPS PUB 140-1, random,
random number sampling
random selection
randomized
IncludedBy:random,
randomizer
IncludedBy:random,
range
rapid application development
Related:software,
rapid automatic cryptographic equipment
IncludedBy:cryptography,
rating
IncludedBy:assurance,
Related:security target,
rating maintenance program
ratio estimate
ratio variable
read
Includes:object, subject,
read access
IncludedBy:access,
Includes:object, subject,
read-only memory
Related:automated information system,
real time
real-time processing
real-time reaction
real-time system
IncludedBy:system,
realm
Related:authentication,
recipient
Related:non-repudiation,
reciprocal agreement
recommended practices
IncludedBy:risk management,
Related:best practices,
reconstitution
Related:disaster recovery,
record
recoverable part
recovery
IncludedBy:availability,
Includes:archive, backup, backup procedures, disaster recovery, disaster recovery plan, key recovery, recovery point objectives, recovery procedures, recovery site, recovery time objectives, recovery vendors, trusted recovery,
Related:accountability, contingency plan, contingency planning, continuity of services and operations, emergency services, failure control, general controls, laboratory attack, non-recoverable part, run manual, sanitize, security management infrastructure, system testing, vaulting, zeroization, zeroize,
recovery point objectives
IncludedBy:recovery,
recovery procedures
IncludedBy:contingency plan, recovery,
Related:failure,
recovery site
IncludedBy:recovery,
Related:business process,
recovery time objectives
IncludedBy:recovery,
recovery vendors
IncludedBy:recovery,
RED
Related:communications security, security,
Red book
IncludedBy:rainbow series,
Related:evaluation, networks, trust,
RED signal
IncludedBy:threat,
Related:emissions security,
Synonym:emanation,
RED team
Related:threat,
RED/BLACK concept
Related:RED/BLACK separation,
RED/BLACK separation
Related:RED/BLACK concept, communications security, cryptography,
reduction-function
Related:hash,
redundancy
IncludedBy:contingency plan,
Related:risk,
redundant array of inexpensive disks
redundant identity
Related:identification,
reference monitor
IncludedBy:reference monitor concept, target of evaluation,
Includes:network reference monitor, object, subject,
Related:access control, analysis, security, test,
reference monitor concept
Includes:object, reference monitor, security kernel, subject,
Related:access control,
reference validation mechanism
IncludedBy:trusted computing base, validation,
Includes:object, subject,
Related:analysis, tamper, test,
refinement
IncludedBy:protection profile,
reflection attack
IncludedBy:attack,
register
Related:registration,
register entry
registration
Related:authentication, certificate, key, public-key infrastructure, register,
registration authority
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:authentication, certificate, identification, key, tokens, trust,
registration service
Related:public-key infrastructure,
regrade
IncludedBy:authorization,
Related:classification level,
regression testing
IncludedBy:test,
Related:software,
rejected traffic
IncludedBy:firewall,
Related:bit forwarding rate, rule set,
Synonym:illegal traffic,
rekey
Related:cryptography, key,
release
Related:baseline, software,
release prefix
reliability
IncludedBy:risk management,
Includes:software reliability,
Related:availability,
reliability qualification tests
IncludedBy:test,
relying party
Related:certificate, public-key infrastructure,
remanence
IncludedBy:overwrite procedure,
Synonym:magnetic remanence,
remediation
IncludedBy:risk management,
Related:availability, business process,
remote access
IncludedBy:access,
Related:communications,
remote access software
IncludedBy:software,
Related:networks, remote login, secure socket layer, telnet,
Remote Authentication Dial-In User Service
IncludedBy:Simple Authentication and Security Layer, security protocol, security software, user,
Related:networks, shared secret,
remote job entry
IncludedBy:automated information system,
remote login
Related:networks, remote access software,
remote procedure call
Related:automated information system,
remote rekeying
IncludedBy:key,
remote terminal emulation
IncludedBy:automated information system,
Related:communications, test,
renew
HasPreferred:certificate renewal,
repair action
Related:communications security, identification,
replay attack
IncludedBy:attack,
Related:authentication,
replicator
Related:worm,
repository
Related:certificate, key, public-key infrastructure, trust,
repudiation
Antonym:non-repudiation,
IncludedBy:threat consequence,
Related:internet,
Request for Comment
IncludedBy:Internet Society,
Includes:Internet Standards document, draft RFC,
Related:Internet Standard,
request for information
request for proposal
requirements
IncludedBy:certification, software development, target of evaluation,
Includes:DoD Information Technology Security Certification and Accreditation Process, certification and accreditation, construction of TOE requirements, development assurance requirements, downgrade, evaluation assurance level, global requirements, granularity of a requirement, information systems security engineering, local requirements, protection needs elicitation, protection profile, requirements for content and presentation, requirements for evidence, requirements for procedures and standards, sanitization, scope of a requirement, software requirement, strength of a requirement, system requirement, system security authorization agreement,
Related:security,
requirements analysis
IncludedBy:analysis,
requirements for content and presentation
IncludedBy:requirements,
Related:evaluation,
requirements for evidence
IncludedBy:evidence, requirements,
Related:evaluation,
requirements for procedures and standards
IncludedBy:requirements, target of evaluation,
Related:availability, confidentiality, security,
requirements traceability matrix
reserve account
reserve keying material
IncludedBy:key,
reserve requirements
residual risk
IncludedBy:threat,
Related:computer security, counter measures, networks,
residue
IncludedBy:risk,
resource
IncludedBy:target of evaluation,
Includes:TOE security functions, object,
resource encapsulation
Includes:subject,
response
Related:incident,
response time
restart
restricted area
Includes:subject,
Related:security,
restructuring
retro-virus
IncludedBy:threat,
Related:availability,
reusability
Related:automated information system,
reusable software asset
IncludedBy:software,
reverse engineering
IncludedBy:threat, threat consequence,
Includes:reverse software engineering,
reverse software engineering
IncludedBy:reverse engineering, software,
review board
revision
Related:baseline,
revocation
IncludedBy:certificate revocation,
Related:certificate,
revocation date
IncludedBy:public-key infrastructure,
Related:certificate, digital signature, key,
revocation list
IncludedBy:certificate revocation list,
Related:certificate,
revoke
HasPreferred:certificate revocation,
Rexd
IncludedBy:internet,
risk
Antonym:security software,
IncludedBy:Secure Electronic Transaction, security,
Includes:IS related risk, acceptable risk, attack, certification and accreditation, compromising emanation performance requirement, contamination, critical, debilitated, defect, designated approving authority, destruction, electromagnetic interference, failure, false negative, false positive, incapacitation, loop, maintenance hook, residue, risk assessment, risk management, risk plane, security-relevant event, shared account, threat, total risk, unauthorized disclosure, undesired signal data emanations, untrusted process,
Related:Common Criteria for Information Technology Security Evaluation, accreditation, accreditation disapproval, accreditation phase, accreditation range, adequate security, association, authorize processing, business case, business continuity plan, capability, certification agent or certifier, clean system, confinement, denial time, effectiveness, fault tolerance, inadvertent disclosure, infrastructure assurance, infrastructure protection, interdependence, interim accreditation action plan, levels of concern, low probability of detection, low probability of intercept, major application, management controls, minimum level of protection, multilevel device, post-accreditation phase, pre-certification phase, purge, redundancy, risk evaluation, risk identification, risk treatment, rules of behavior, safety, security controls, security purpose, separation of duties, simulation modeling, strengths, weaknesses, opportunities, threats, technical vulnerability, test plan, trusted gateway, trusted process, vaulting, virus scanner, virus-detection tool, work factor,
risk analysis
IncludedBy:analysis, risk management,
Includes:business impact analysis, cost-risk analysis, gap analysis, security fault analysis, security objective, security requirements, security specifications, security testing, threat analysis, vulnerability analysis,
Related:counter measures, evaluation, fault analysis, identification, risk assessment, threat,
risk assessment
IncludedBy:risk,
Related:analysis, counter measures, critical infrastructure, exposure, risk analysis, threat,
risk evaluation
IncludedBy:evaluation,
Related:risk,
risk identification
IncludedBy:identification,
Related:analysis, risk, threat,
risk index
IncludedBy:risk management,
Includes:security range,
Related:classification level, user,
risk management
IncludedBy:risk, security,
Includes:Automated Information System security, access control, automated security monitoring, availability, best practices, configuration management, consequence management, continuity of services and operations, control objectives, counter measures, crisis management, critical infrastructure, disaster recovery, entrapment, environmental failure protection, external security controls, failure control, flaw hypothesis methodology, internal security controls, intrusion detection, mitigation, penetration study, pseudo-flaw, recommended practices, reliability, remediation, risk analysis, risk index, risk-based management, security enforcing, security evaluation, security measures, security mechanism, security policy, security-critical mechanisms, segregation of duties, test, threat consequence, threat monitoring, user profile,
Related:analysis, evaluation, security software, strengths, weaknesses, opportunities, threats,
risk plane
IncludedBy:risk,
risk treatment
Related:computer security, evaluation, risk, security,
risk-based management
IncludedBy:risk management,
Rivest Cipher 2
IncludedBy:symmetric algorithm,
Related:key,
Rivest Cipher 4
IncludedBy:symmetric algorithm,
Related:key,
Rivest, Shamir, and Adleman
Related:key,
Rivest-Shamir-Adelman algorithm
IncludedBy:algorithm,
Related:encryption, key,
Rivest-Shamir-Adleman
IncludedBy:asymmetric algorithm, public-key cryptography,
Includes:RSA algorithm, public-key cryptography standards,
Related:authentication, digital signature, encryption, hash, key, security, test,
robustness
IncludedBy:assurance,
Related:software reliability,
role
IncludedBy:target of evaluation, user,
role-based access control
IncludedBy:access control,
rolling cost forecasting technique
IncludedBy:business process,
root
IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,
Related:certificate, certification, key, trust,
root CA
IncludedBy:certification authority,
root cause analysis
IncludedBy:analysis,
root certificate
IncludedBy:certificate,
Related:certification, key,
root key
IncludedBy:key,
root registry
IncludedBy:Multilevel Information System Security Initiative,
rootkit
IncludedBy:attack,
Related:networks, passwords, software,
rotational delay
Related:automated information system,
round-function
Related:hash,
router
IncludedBy:internet,
Includes:filtering router, screening router,
Related:bridge, networks,
router-based firewall
IncludedBy:firewall,
Related:networks, security,
routing
routing control
Related:networks,
RSA algorithm
IncludedBy:Rivest-Shamir-Adleman,
rule set
IncludedBy:firewall,
Related:access control, allowed traffic, demilitarized zone, illegal traffic, networks, policy, protected network, rejected traffic, security association, test, unprotected network,
rule-based security policy
IncludedBy:policy, security,
rules based detection
Related:misuse detection model, security software,
rules of behavior
Related:internet, risk, security,
run
run manual
Related:recovery,
S/Key
IncludedBy:key,
Related:authentication, hash,
safeguarding statement
safeguards
HasPreferred:security safeguards,
safety
Related:risk, software,
safety-critical software
Related:automated information system,
salami technique
IncludedBy:threat,
salt
Related:access control, attack, encryption, passwords,
sample
Related:test,
sampling distribution
sampling error
Related:precision,
sampling frame
Samurai
Related:hacker, privacy,
sandboxed environment
IncludedBy:access control,
Related:authentication, non-repudiation, privacy,
sanitization
IncludedBy:requirements, security,
Related:networks,
sanitize
Related:classification level, recovery, security,
sanitizing
sas 70 report
Related:audit,
SATAN
IncludedBy:security software,
Related:networks,
SAVILLE Advanced Remote Keying
IncludedBy:key,
scalability
Related:software,
scaling
scanning
IncludedBy:attack,
scavenging
IncludedBy:attack, threat consequence,
Includes:object,
Related:cryptography,
scheme
scope of a requirement
IncludedBy:requirements, trusted computing base,
Includes:object, subject,
Scope of Accreditation
IncludedBy:Common Criteria Testing Laboratory, accreditation,
Related:computer security, evaluation, security, test,
scratch pad store
screen scraping
Related:automated information system,
screened host firewall
IncludedBy:automated information system, firewall,
screened subnet firewall
IncludedBy:firewall,
Related:networks,
screening router
IncludedBy:router,
Related:firewall, networks, security,
Synonym:filtering router,
script
seal
Related:cryptography, digital signature,
secrecy policy
IncludedBy:policy,
Related:security, security policy,
secret
IncludedBy:TOE security functions, classification level,
Related:authentication, key, passwords, private key, shared secret, tokens,
secret and below interoperability
secret key
IncludedBy:key, secret-key cryptography, symmetric algorithm,
secret-key cryptography
IncludedBy:key,
Includes:secret key,
PreferredFor:private-key cryptography,
Related:encryption,
sector
sector coordinator
Related:critical infrastructure,
sector liaison
Related:critical infrastructure,
secure channel
Related:security,
secure communications
Related:security,
secure configuration management
IncludedBy:configuration management,
Related:policy, software,
Secure Data Exchange
IncludedBy:security protocol,
Related:communications security, networks,
Secure Data Network System
IncludedBy:networks, security protocol, system,
Related:National Security Agency, email, key,
secure digital net radio interface unit
Related:security,
Secure Electronic Transaction
Includes:SET private extension, SET qualifier, acquirer, authorize, baggage, bank identification number, brand, brand CRL identifier, brand certification authority, cardholder, cardholder certificate, cardholder certification authority, certificate, certificate policy, certification, certification hierarchy, dual signature, electronic commerce, encryption, geopolitical certificate authority, issuer, key, merchant, merchant certificate, merchant certification authority, payment card, payment gateway, payment gateway certification authority, primary account number, registration authority, risk, tokens, tunnel,
Related:authentication, confidentiality, internet, networks,
secure envelope
Related:evidence, security,
secure hash algorithm
IncludedBy:algorithm, hash, integrity,
Related:Digital Signature Algorithm,
Secure Hash Standard
IncludedBy:hash,
Related:cryptography,
secure hypertext transfer protocol
IncludedBy:internet, security protocol,
Related:certificate, communications, key, model, privacy, public-key infrastructure, trust,
secure hyptertext transfer protocol
IncludedBy:world wide web,
secure mobile unit
Related:security,
secure multipurpose internet mail extensions
IncludedBy:email, encryption, key, multipurpose internet mail extensions, security protocol,
Synonym:Secure/MIME,
secure network server
IncludedBy:networks, security,
secure operating system
IncludedBy:system,
Related:software,
secure profile inspector
IncludedBy:security,
Related:networks,
secure shell
IncludedBy:internet,
Related:authentication, confidentiality, encryption, networks,
secure single sign-on
IncludedBy:authorization, passwords,
Related:audit, non-repudiation, privacy, single sign-on,
secure socket layer
IncludedBy:security protocol, world wide web,
Related:authentication, communications, confidentiality, encryption, hash, hypertext transfer protocol, key, networks, privacy, remote access software, transport layer security,
secure state
IncludedBy:access control,
Includes:object, subject,
secure subsystem
IncludedBy:system,
Includes:object, subject,
Related:security,
secure telephone unit
Related:security,
secure terminal equipment
Related:security,
Secure/MIME
IncludedBy:internet,
Related:digital signature, encryption,
Synonym:secure multipurpose internet mail extensions,
security
IncludedBy:accreditation,
Includes:C2-protect, Common Criteria for Information Technology Security, Common IP Security Option, Cryptographic Application Program Interface, Generic Upper Layer Security, Guidelines and Recommendations for Security Incident Processing, National Industrial Security Advisory Committee, National Security Agency, National Security Decision Directive, National Security Decision Directive 145, National Security Directive, National Security Emergency Preparedness, National Security Telecommunications Advisory Committee, Simple Distributed Security Infrastructure, Standard Security Label, Standards for Interoperable LAN/MAN Security, TEMPEST, access control, accountability, add-on security, adequate security, adversary, application program interface, application-level firewall, assurance, asynchronous transfer mode, attack, audit, authentication, automated information system, baseline, binding of security functionality, biometrics, call back, call back security, closed security environment, code division multiple access, communications deception, compartmented security mode, computer emergency response team, computer security, concept of operations, confidentiality, contractor special security officer, control zone, correctness proof, data security, dedicated security mode, defense-in-depth, developer security, dial-up security, downgrade, dual control, economy of mechanism, electronic security, end-to-end security, entity-wide security, formal model of security policy, front-end security filter, functional security requirements specification, future narrow band digital terminal, generally accepted system security principles, global command and control system, global information grid, global network information environment, guard, hash, host-based security, information security, integrity, interconnection security agreements, internet control message protocol, key, key management, labeled security protections, layered solution, motivation, multilevel security, multilevel security mode, mutual suspicion, mutually suspicious, national security information, national security system, non-discretionary security, non-technical countermeasure, noncomputing security methods, nonkernel security related, open security, open security environment, open system interconnection model, open systems security, operational data security, operational integrity, operations security, parity, partitioned security mode, personal security environment, personnel security, practices dangerous to security, procedural security, protection needs elicitation, protection profile, public-key infrastructure, risk, risk management, rule-based security policy, sanitization, secure network server, secure profile inspector, security architecture, security attribute, security authority, security awareness, training, and education, security certificate, security certification level, security class, security clearance, security compromise, security controls, security domain, security element, security environment, security event, security fault analysis, security filter, security flaw, security flow analysis, security function, security gateway, security goals, security information object, security information object class, security inspection, security intrusion, security label, security level, security management, security model, security net control station, security objective, security officer, security parameters index, security perimeter, security plan, security policy information file, security program manager, security protocol, security purpose, security range, security relevant, security requirements review, security service, security situation, security software, security specifications, security tag, security target, security test & evaluation, security testing, security-compliant channel, semantic security, separation of duties, signals security, signature, software security, special security officer, strength of mechanisms, subject security level, system integrity service, system security management, system security officer, system security plan, systems security steering group, tamper, technical countermeasure, term rule-based security policy, time division multiple access, top-level security objectives, traffic-flow security, transmission security, transport layer security, trusted computing system, tunneling router, virtual network perimeter,
Related:Abrams, Jojodia, Podell essays, BLACK, British Standard 7799, Defense Information Infrastructure, Defensive Information Operations, Evaluation Work Plan, FIPS PUB 140-1, Federal Information Processing Standards, Federal Standard 1027, IEEE 802.10, IPsec Key Exchange, International Traffic in Arms Regulations, Internet Engineering Task Force, Monitoring of Evaluations, Open Systems Interconnection Reference model, Orange book, POSIX, Post Office Protocol, version 3, RED, Rivest-Shamir-Adleman, Scope of Accreditation, Wassenaar Arrangement, Yellow book, access, accreditation disapproval, accreditation phase, accreditation range, aggregation, alert, anonymous, approval/accreditation, availability, benign environment, beyond A1, binding, binding of functionality, breach, category, certificate domain, certification agent or certifier, certification phase, classification level, classified, clean system, clearance level, command and control warfare, compromise, concealment system, confidence, conformant validation certificate, connectionless data integrity service, contingency planning, control, control class, control family, control identification list, criteria, critical elements, critical mechanism, database management system, declassification of AIS storage media, deliverable, designated, designation policy, domain of interpretation, domain parameter, dominated by, dominates, element, enhanced hierarchical development methodology, evaluated system, evaluation, exploitation, facility manager, family, filtering router, formal top-level specification, formal verification, full accreditation, functionality, functionality class, hardware and system software maintenance, https, incident response capability, independent assessment, indistinguishability, information flow control, interim accreditation, interim accreditation action plan, internal system exposure, least privilege, levels of concern, logical access, management controls, media protection, mode of operation, model, modes of operation, multilevel device, multilevel secure, network front-end, network management, network management software, network sponsor, network system, no-lone zone, non-repudiation service, object identifier, observation reports, operational controls, operations manager, out of band, overwrite procedure, package, packet filter, party, personalization service, physical and environmental protection, physical protection, policy, post-accreditation phase, pre-certification phase, print suppression, privacy, privacy protection, privileged process, producers, profile, program manager, protection philosophy, public law 100-235, public-key forward secrecy, quality, quality of protection, random, reference monitor, requirements, requirements for procedures and standards, restricted area, risk treatment, router-based firewall, rules of behavior, sanitize, screening router, secrecy policy, secure channel, secure communications, secure digital net radio interface unit, secure envelope, secure mobile unit, secure subsystem, secure telephone unit, secure terminal equipment, sensitive label, signed applet, simple network management protocol, single-level device, site certification, sneaker, special information operations, suitability of functionality, system development and acquisition, system files, system interconnection, system low, system testing, technology area, tiger team, top-level specification, trusted network interpretation, trusted third party, trustworthy system, two-person control, unauthorized access, validate vs. verify, verification techniques, vulnerability, vulnerability analysis, work factor,
security architecture
IncludedBy:security,
Includes:computer architecture, network architecture,
Related:communications security, computer security, emanation, emanations security, networks, threat,
security association
IncludedBy:security protocol,
Related:connection establishment, policy, rule set,
security association identifier
IncludedBy:security protocol,
Related:authentication, key,
security attribute
IncludedBy:security,
Includes:TOE security functions, object, subject,
security audit
IncludedBy:audit,
Related:attack, counter measures, policy,
security audit trail
IncludedBy:audit trail,
Related:evidence,
security authority
IncludedBy:security,
security awareness, training, and education
IncludedBy:security,
security breach
IncludedBy:threat,
security certificate
IncludedBy:security,
security certification level
IncludedBy:certification, security,
Related:test, verification,
security class
IncludedBy:security,
security clearance
IncludedBy:security,
PreferredFor:clearance,
Related:clearance level,
security compromise
IncludedBy:compromise, security,
Related:unauthorized access,
security controls
IncludedBy:security,
Includes:external security controls, internal security controls,
Related:application controls, authentication, availability, baseline controls, computer related controls, confidentiality, incident, integrity, management controls, operational controls, questions on controls, risk, technical controls,
security counter measures
IncludedBy:counter measures,
security domain
IncludedBy:security,
Related:domain, policy,
security element
IncludedBy:security,
security enforcing
IncludedBy:risk management, target of evaluation,
Includes:object,
security environment
IncludedBy:security,
security evaluation
IncludedBy:evaluation, risk management,
Related:accreditation, assurance, software, trust,
security event
IncludedBy:security,
Related:availability, certificate, certification, confidentiality, cryptography, incident, key, public-key infrastructure, security-relevant event, software, test,
security fault analysis
IncludedBy:analysis, fault, risk analysis, security,
security features
IncludedBy:security safeguards,
Related:audit, software,
security features users guide
IncludedBy:user,
security filter
IncludedBy:security,
Includes:firewall,
Related:trust,
security flaw
IncludedBy:security, threat,
security flow analysis
IncludedBy:analysis, security,
security function
IncludedBy:security, target of evaluation,
Includes:object,
Related:test,
security function policy
IncludedBy:policy, security policy,
Includes:object,
security gateway
IncludedBy:security,
Related:networks, trust,
security goals
IncludedBy:security,
Related:assurance, availability, confidentiality,
security incident
IncludedBy:incident,
Related:communications security, networks, unauthorized access,
security information object
IncludedBy:security,
security information object class
IncludedBy:security,
security inspection
IncludedBy:security,
security intrusion
IncludedBy:incident, security,
Related:intrusion,
security kernel
IncludedBy:access control, reference monitor concept,
Related:networks, software, trust,
security label
IncludedBy:security,
Includes:label, object, sensitivity label,
Related:classification level,
security level
IncludedBy:security,
Includes:access level,
Related:classification level,
security management
IncludedBy:security,
Related:networks,
security management infrastructure
IncludedBy:key,
Related:attack, encryption, recovery,
security measures
IncludedBy:risk management,
Related:software,
security mechanism
IncludedBy:risk management,
Related:authentication, digital signature, encryption, software,
security model
IncludedBy:model, security,
Includes:Bell-LaPadula security model,
security net control station
IncludedBy:security,
Related:communications security, networks,
security objective
IncludedBy:risk analysis, security, target of evaluation,
Related:threat,
security officer
IncludedBy:security,
security parameters index
IncludedBy:security,
security perimeter
IncludedBy:security,
Includes:perimeter-based security,
PreferredFor:perimeter,
Related:trust,
security plan
IncludedBy:security,
security policy
IncludedBy:component operations, information systems security policy, policy, risk management, security-relevant event, user,
Includes:FIPS approved security method, TOE security policy, corporate security policy, critical security parameters, cryptographic module security policy, formal security policy model, object, organisational security policy, security function policy, security policy model, system security policy, technical security policy, trusted functionality, trusted process, trusted subject, usage security policy,
Related:availability, confidentiality, incident, information protection policy, integrity policy, model, secrecy policy, software, threat,
security policy information file
IncludedBy:security,
Related:policy,
security policy model
IncludedBy:model, security policy,
Includes:anomaly detection model, misuse detection model,
Related:evaluation, policy, trust, trusted computer system,
security program manager
IncludedBy:security,
Related:certification,
Security Protocol 3
IncludedBy:security protocol,
Security Protocol 4
IncludedBy:security protocol,
security protocol
IncludedBy:protocol, security,
Includes:Authentication Header, Challenge Handshake Authentication Protocol, Distributed Authentication Security Service, Extensible Authentication Protocol, Generic Security Service Application Program Interface, Identification Protocol, Internet Protocol Security Option, Internet Protocol security, Internet Security Association and Key Management Protocol, Key Management Protocol, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Lightweight Directory Access Protocol, MIME Object Security Services, Message Security Protocol, Network Layer Security Protocol, On-line Certificate Status Protocol, Password Authentication Protocol, Remote Authentication Dial-In User Service, Secure Data Exchange, Secure Data Network System, Security Protocol 3, Security Protocol 4, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, Transport Layer Security Protocol, encapsulating security payload, multipurpose internet mail extensions, point-to-point tunneling protocol, pretty good privacy, privacy enhanced mail, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure socket layer, security association, security association identifier, simple key management for IP, virtual private network,
security purpose
IncludedBy:security,
Related:computer security, risk,
security range
IncludedBy:risk index, security,
Related:networks,
security relevant
IncludedBy:security, target of evaluation,
Includes:security-relevant event,
security requirements
IncludedBy:risk analysis, security target,
Includes:security requirements baseline,
Related:computer security, policy, test,
security requirements baseline
IncludedBy:baseline, security requirements,
security requirements review
IncludedBy:security,
security safeguards
IncludedBy:Automated Information System security,
Includes:security features,
PreferredFor:safeguards,
Related:security software, software,
security service
IncludedBy:security,
Related:security software,
security situation
IncludedBy:security,
PreferredFor:situation,
Related:classification level, networks,
security software
Antonym:attack, risk, threat, vulnerability,
IncludedBy:security, software,
Includes:Intrusion Detection In Our Time, Kerberos, Remote Authentication Dial-In User Service, SATAN, Tiger, Tripwire, activity analysis, anomaly detection, antivirus software, attack signature recognition, authentication tools, automated security incident measurement, automated security monitoring, computer oracle and password system, email security software, encryption tools, firewall, integrity-checking tools, intrusion detection system, intrusion detection tools, network monitoring tools, security support programming interface, service-filtering tools, tcpwrapper, tinkerbell program, vaccines, virus scanner, virus-detection tool,
Related:Automated Information System security, alarm reporting, alarm surveillance, anti-spoof, audit, computer security object, counter measures, risk management, rules based detection, security safeguards, security service, software security, trap, trusted computing system,
security specifications
IncludedBy:development process, risk analysis, security,
security support programming interface
IncludedBy:Generic Security Service Application Program Interface, security software, software,
security tag
IncludedBy:security,
security target
IncludedBy:Common Criteria for Information Technology Security Evaluation, component extensibility, construction of TOE requirements, functional package, security, target of evaluation,
Includes:functional component, security requirements,
Related:assurance, baseline, computer security, correctness, deliverable, deliverables list, effectiveness, evidence, rating, suitability of functionality, test, threat, vulnerability assessment,
security test & evaluation
IncludedBy:security, test,
Related:certification,
security test and evaluation
IncludedBy:software security, software system test and evaluation process, test,
Includes:security testing,
Related:analysis,
security testing
IncludedBy:risk analysis, security, security test and evaluation, test,
Includes:functional testing, penetration testing, verification,
security threat
IncludedBy:threat,
Related:exploit,
security token
IncludedBy:tokens,
security violation
IncludedBy:threat,
PreferredFor:violation,
Related:threat consequence, unauthorized access,
security-compliant channel
Antonym:covert channel,
IncludedBy:channel, security,
Related:computer security, evaluation, networks, trust,
Synonym:trusted channel,
security-critical mechanisms
IncludedBy:risk management,
security-relevant event
IncludedBy:risk, security relevant,
Includes:access control, security policy, subject, user,
Related:passwords, security event,
seed key
IncludedBy:key,
seek time
segregation of duties
IncludedBy:risk management,
Related:minimum essential infrastructure, unauthorized access,
selection
self-signed certificate
IncludedBy:certificate,
Related:key,
semantic security
IncludedBy:security,
Related:cryptography, encryption,
semiformal
sensitive
IncludedBy:classification level,
sensitive but unclassified
IncludedBy:classification level, sensitive information,
sensitive compartmented information
sensitive compartmented information facility
sensitive information
Includes:sensitive but unclassified,
Related:computer security, privacy, unauthorized access,
sensitive label
Related:security,
sensitivity analysis
IncludedBy:analysis,
Related:test,
sensitivity label
IncludedBy:access control, security label,
Includes:object,
Related:classification level, trust,
sensor or monitor
separation of duties
IncludedBy:security,
Related:risk,
sequence number
serial number
HasPreferred:certificate serial number,
server
Related:networks,
service-filtering tools
IncludedBy:security software,
session hijacking
IncludedBy:threat,
Related:IP splicing/hijacking, hijack attack,
session key
IncludedBy:Kerberos, key, key recovery, trust, virtual private network,
Related:encryption,
SET private extension
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:certificate, encryption, hash, key,
SET qualifier
IncludedBy:Secure Electronic Transaction, public-key infrastructure,
Related:certificate, certification, email, hash,
settlement
shall
Includes:object,
shared account
IncludedBy:risk,
shared secret
Related:Challenge-Response Authentication Mechanism, POP3 APOP, Remote Authentication Dial-In User Service, cryptography, key, key agreement, out of band, passwords, personal identification number, secret,
shielded enclosure
short title
Related:communications security,
should
Includes:object,
shoulder surfing
IncludedBy:attack,
Related:eavesdropping,
shrink-wrapped software
IncludedBy:software,
sign
Related:digital signature,
signaling
Related:communications, networks,
signaling system 7
IncludedBy:system,
Related:networks,
signals analysis
IncludedBy:analysis, threat consequence,
signals security
IncludedBy:security,
signature
IncludedBy:security,
Includes:digital signature, electronic signature,
Related:attack, unauthorized access, virus,
signature certificate
IncludedBy:certificate,
Related:digital signature, encryption, key,
signature equation
Related:digital signature,
signature function
Related:digital signature,
signature key
IncludedBy:key,
Related:digital signature,
signature process
Related:digital signature,
signature system
IncludedBy:system,
Related:digital signature,
signed applet
IncludedBy:software,
Related:security, tamper, trusted applet,
signed message
signer
Related:digital signature, key,
silver bullet
simple authentication
IncludedBy:authentication,
Related:passwords,
Simple Authentication and Security Layer
IncludedBy:authentication, internet, security protocol,
Includes:Kerberos, Remote Authentication Dial-In User Service,
Related:key,
Simple Distributed Security Infrastructure
IncludedBy:Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, security,
simple key management for IP
IncludedBy:security protocol,
Related:privacy,
Simple Key-management for Internet Protocols
IncludedBy:internet, security protocol,
Related:encryption, key,
simple mail transfer protocol
IncludedBy:internet,
Related:email,
simple network management protocol
IncludedBy:internet, networks,
Related:access control, authentication, communications, confidentiality, cryptography, passwords, security, software,
Simple Public Key Infrastructure
IncludedBy:Simple Public Key Infrastructure/Simple Distributed Security Infrastructure,
Simple Public Key Infrastructure/Simple Distributed Security Infrastructure
IncludedBy:key, public-key infrastructure,
Includes:Simple Distributed Security Infrastructure, Simple Public Key Infrastructure,
Related:networks,
simple random sample
simple security condition
IncludedBy:Bell-LaPadula security model, simple security property,
Includes:object, subject,
Related:model,
simple security property
IncludedBy:Bell-LaPadula security model,
Includes:object, simple security condition, subject,
Related:model,
simulation modeling
IncludedBy:model,
Related:business process, risk, test,
single point keying
IncludedBy:key,
single sign-on
Related:authentication, networks, secure single sign-on, trust,
single-level device
IncludedBy:modes of operation,
Related:security, trust,
site accreditation
IncludedBy:accreditation,
Related:baseline,
site certification
IncludedBy:certification,
Related:accreditation, security,
situation
HasPreferred:security situation,
Skipjack
IncludedBy:National Security Agency, symmetric algorithm,
Related:key,
slot
IncludedBy:Multilevel Information System Security Initiative,
Related:Fortezza, certificate, key, public-key infrastructure,
smart testing
IncludedBy:test,
smartcards
IncludedBy:tokens,
Related:key, passwords, tamper,
smurf
IncludedBy:attack,
Related:denial of service, exploit, networks, smurfing, software,
smurfing
IncludedBy:attack,
Related:networks, smurf,
snake oil
snarf
IncludedBy:threat,
sneaker
IncludedBy:threat,
Related:security, test, tiger team,
sniffer
IncludedBy:internet, threat,
Includes:packet sniffer,
Related:audit, networks, passwords, sniffing, software,
sniffing
IncludedBy:threat,
Includes:ethernet sniffing, password sniffing,
Related:sniffer,
social engineering
IncludedBy:attack, user,
Related:tokens,
SOCKS
IncludedBy:internet,
Related:authentication, networks, unauthorized access,
SOF-basic
IncludedBy:strength of function, target of evaluation,
Related:analysis, attack,
SOF-high
IncludedBy:strength of function, target of evaluation,
Related:analysis, attack,
SOF-medium
IncludedBy:strength of function, target of evaluation,
Related:analysis, attack,
soft TEMPEST
IncludedBy:TEMPEST,
Related:software,
software
Includes:CGI scripts, COTS software, Java, application, application program interface, application software, audit software, commercial software, computer-aided software engineering, cryptographic application programming interface, email security software, encryption software, mass-market software, modular software, network management software, networking features of software, programming languages and compilers, remote access software, reusable software asset, reverse software engineering, security software, security support programming interface, shrink-wrapped software, signed applet, software architecture, software build, software development, software development life cycle, software development methodologies, software engineering, software enhancement, software library, software life cycle, software maintenance, software operation, software performance engineering, software product, software quality assurance, software reengineering, software release, software reliability, software repository, software requirement, software security, software system test and evaluation process, support software, system software, systems software, trusted software, virus,
Related:Automated Information System security, CASE tools, Clark Wilson integrity model, Common Criteria for Information Technology Security, FIPS PUB 140-1, Fortezza, HMAC, IT security product, Integrated CASE tools, PKCS #11, TCB subset, TOE security functions, Tiger, Tripwire, Trusted Computer System Evaluation Criteria, acceptance inspection, access control, access control mechanism, add-on security, anomaly, application generator, application programming interface, approval/accreditation, authentication, authentication code, automated data processing system, automated information system, automated security monitoring, availability, back door, baseline, bastion host, benchmark, black-box testing, bomb, candidate TCB subset, cardholder, clean system, coding, completeness, component, computer architecture, computer fraud, computer oracle and password system, computer security, computer security technical vulnerability reporting program, computer-assisted audit technique, computing security methods, configuration, configuration control, configuration item, configuration management, controlled security mode, conversion, correctness, cryptographic module, cryptographic service, data driven attack, database management system, debug, development process, domain name system, dongle, ethernet sniffing, evaluated products list, executive state, fail safe, fail soft, failure, failure access, failure control, fault tolerance, firmware, formal specification, front-end security filter, group of users, host, host-based firewall, implementation, independent validation and verification, information processing standard, information technology, integrity, internal security controls, interoperable, intrusion detection, key management infrastructure, keystroke monitoring, license, loophole, maintenance, maintenance hook, malicious code, malicious logic, malware, message authentication code vs. Message Authentication Code, message integrity code, metric, modes of operation, modularity, network architecture, network management architecture, network trusted computing base, noncomputing security methods, operating system, packet switching, pilot testing, platform, plug-in modules, portability, pretty good privacy, privacy programs, process, product, proxy, pseudo-random number generator, public-key infrastructure, quality attributes, rapid application development, regression testing, release, rootkit, safety, scalability, secure configuration management, secure operating system, security evaluation, security event, security features, security kernel, security measures, security mechanism, security policy, security safeguards, simple network management protocol, smurf, sniffer, soft TEMPEST, software publisher certificate, source code, source code generator, system, system development methodologies, system life, system low, system safety, system-high security mode, tcpwrapper, technical attack, technical countermeasure, technical security policy, technical vulnerability, technological attack, telecommuting, test coverage, test plan, testability, trap door, trojan horse, trust-file PKI, trusted channel, trusted computer system, trusted computing base, trusted distribution, trusted gateway, trusted path, trustworthy system, unit, unit testing, utility programs, validation, verification, verification and validation, version, virus scanner, virus-detection tool, vulnerability, web server, wedged, workgroup computing,
software architecture
IncludedBy:software, software development,
software build
IncludedBy:software, software development,
software configuration management
IncludedBy:software development,
software development
IncludedBy:software, software product,
Includes:acceptance procedure, advanced development model, architectural design, change control and life cycle management, closed security environment, compiler, configuration management, detailed design, development process, requirements, software architecture, software build, software configuration management, software development life cycle, software development methodologies, software engineering, software enhancement, software life cycle, software performance engineering, software quality assurance, software reengineering, software system test and evaluation process, software verification and validation, source code,
Related:integrated test facility, integration test, test, test case, test design, test facility, white-box testing,
software development life cycle
IncludedBy:software, software development,
software development methodologies
IncludedBy:development assurance, software, software development, system development methodologies,
Includes:Gypsy verification environment, enhanced hierarchical development methodology, formal development methodology, hierarchical development methodology,
software engineering
IncludedBy:software, software development,
software enhancement
IncludedBy:software, software development,
software error
Related:threat consequence,
software library
IncludedBy:software,
Related:baseline,
software life cycle
IncludedBy:software, software development, software product,
Related:test,
software maintenance
IncludedBy:software,
software operation
IncludedBy:software,
software performance engineering
IncludedBy:software, software development,
software product
IncludedBy:product, software,
Includes:mass-market software, software development, software life cycle, software requirement,
software publisher certificate
Related:software,
software quality assurance
IncludedBy:assurance, quality, software, software development,
software reengineering
IncludedBy:software, software development,
software release
IncludedBy:software,
software reliability
IncludedBy:reliability, software,
Related:failure, fault, robustness,
software repository
IncludedBy:software,
software requirement
IncludedBy:requirements, software, software product,
Includes:object, software security, testability,
software security
IncludedBy:security, software, software requirement,
Includes:security test and evaluation,
Related:security software,
software system test and evaluation process
IncludedBy:evaluation, software, software development, system, test,
Includes:security test and evaluation,
Related:baseline,
software verification and validation
IncludedBy:software development,
sole source acquisition
solicitation
source authentication
IncludedBy:authentication,
source code
IncludedBy:software development,
Includes:source code generator,
Related:compiler, software,
source code generator
IncludedBy:source code,
Related:software,
source data automation
source data entry
source integrity
IncludedBy:integrity,
Related:trust,
source program
source selection
Related:evaluation, policy,
spam
IncludedBy:email, threat,
Related:denial of service, spamming,
spamming
IncludedBy:threat,
Related:spam,
special access office
special access program
special information operations
Related:security,
special intelligence
special mission modification
special security officer
IncludedBy:security,
specific SIO class
specification
speech privacy
IncludedBy:privacy,
split key
IncludedBy:key,
split knowledge
IncludedBy:key recovery,
Related:key,
sponsor
Related:evaluation,
spoof
IncludedBy:spoofing, threat consequence,
spoofing
Antonym:anti-spoof,
IncludedBy:attack, masquerade,
Includes:DNS spoofing, address spoofing, ip spoofing, spoof,
Related:access control, authentication, hijack attack,
Synonym:mimicking,
spoofing attack
IncludedBy:attack, masquerade,
spread
SSO PIN
IncludedBy:Multilevel Information System Security Initiative,
Related:Fortezza, certification, identification,
SSO-PIN ORA
IncludedBy:Multilevel Information System Security Initiative,
Related:Fortezza,
stakeholder
stand-alone, shared system
IncludedBy:modes of operation, system,
stand-alone, single-user system
IncludedBy:modes of operation, system, user,
standard
Related:quality,
standard deviation
standard error of the mean
standard generalized markup language
Includes:hypertext markup language, markup language,
Related:automated information system, hypertext, wireless application protocol,
Standard Security Label
IncludedBy:security,
Standards for Interoperable LAN/MAN Security
IncludedBy:security,
Related:key, model,
star (*) property
HasPreferred:*-property,
Star Trek attack
IncludedBy:attack,
start-up KEK
Related:encryption, key, networks,
starting variable
state
state delta verification system
IncludedBy:system,
state transition diagram
Related:networks,
state variable
stateful inspection
stateful packet filtering
IncludedBy:firewall, packet filtering,
Related:proxy,
statement coverage
Related:test,
static analysis
IncludedBy:analysis,
static binding
statistic
statistical estimate
Related:evidence,
statistical process control
status information
Related:cryptography,
stealth probe
IncludedBy:threat,
Related:networks,
steganography
Related:cryptography,
storage channel
HasPreferred:covert channel,
storage object
Includes:object,
stovepipe systems
IncludedBy:system,
strata
stratified random sample
stream cipher
Related:encryption, key,
strength of a requirement
IncludedBy:evaluation, requirements,
Related:attack, failure,
strength of encryption
HasPreferred:encryption strength,
strength of function
IncludedBy:TOE security functions, target of evaluation,
Includes:SOF-basic, SOF-high, SOF-medium,
Related:attack,
strength of mechanisms
IncludedBy:security, target of evaluation,
Related:attack,
strengths, weaknesses, opportunities, threats
Includes:SWOT analysis,
Related:risk, risk management, threat,
stress testing
IncludedBy:test,
Related:black-box testing, boundary value,
stretch goal
Related:quality,
strong authentication
IncludedBy:authentication,
Related:certificate, cryptography, key, public-key infrastructure,
structural testing
IncludedBy:test,
structured query language
Related:automated information system,
sub-registration authority
subassembly
subclass
subcommittee on Automated Information System security
IncludedBy:National Security Decision Directive 145, computer security, system,
Includes:Automated Information System security,
Subcommittee on Information Systems Security
IncludedBy:computer security, system,
subcommittee on telecommunications security
IncludedBy:National Security Decision Directive 145, communications security,
Related:computer security,
subject
IncludedBy:Bell-LaPadula security model, TCB subset, access, candidate TCB subset, component reference monitor, covert storage channel, declassification of AIS storage media, exploitable channel, granularity of a requirement, internal security controls, isolation, least privilege, list-oriented, network reference monitor, object reuse, owner, permissions, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource encapsulation, restricted area, scope of a requirement, secure state, secure subsystem, security attribute, security-relevant event, simple security condition, simple security property, technical policy, ticket-oriented, transaction, write,
Includes:domain, internal subject, process, subject security level, trusted subject,
Related:certificate, key, public-key infrastructure,
Uses:object,
subject security level
IncludedBy:security, subject,
Includes:object,
Related:user,
subnetwork
IncludedBy:networks,
Related:communications,
subordinate certification authority
IncludedBy:Multilevel Information System Security Initiative, public-key infrastructure,
Related:certificate, certification, key,
subordinate distinguished name
IncludedBy:distinguished name,
subprocess
subset-domain
IncludedBy:trusted computing base,
Related:evaluation,
substitution
IncludedBy:threat consequence,
subsystem
subtest
IncludedBy:test,
subversion
IncludedBy:attack,
suitability of functionality
IncludedBy:target of evaluation,
Related:security, security target, threat,
superclass
superencryption
IncludedBy:encryption,
supersession
Related:communications security,
superuser
IncludedBy:user,
Related:networks,
supervisor state
HasPreferred:executive state,
supplementary character
PreferredFor:supplementary check character,
supplementary check character
HasPreferred:supplementary character,
support software
IncludedBy:software,
suppression measure
Related:emanation, emanations security,
surrogate access
IncludedBy:discretionary access control,
survivability
Related:attack,
suspicious activity report
Related:assurance, threat,
suspicious event
IncludedBy:incident, threat,
Related:computer security,
switched multi-megabit data service
SWOT analysis
IncludedBy:analysis, strengths, weaknesses, opportunities, threats,
Related:threat,
syllabary
symbolic execution
Related:analysis,
symmetric algorithm
IncludedBy:algorithm, encryption, key,
Includes:Data Encryption Standard, International Data Encryption Algorithm, Rivest Cipher 2, Rivest Cipher 4, Skipjack, secret key,
symmetric cryptographic technique
Related:symmetric cryptography,
symmetric cryptography
Includes:Advanced Encryption Standard, Blowfish, CAST, Data Encryption Algorithm,
Related:confidentiality, digital signature, encryption, key, symmetric cryptographic technique, symmetric encipherment algorithm, symmetric encryption algorithm,
symmetric encipherment algorithm
Related:symmetric cryptography,
symmetric encryption algorithm
Related:symmetric cryptography,
symmetric key
IncludedBy:key,
Related:encryption,
symmetric measure of association
SYN flood
IncludedBy:attack, synchronous flood,
Related:denial of service,
synchronous crypto-operation
IncludedBy:cryptography,
synchronous flood
Includes:SYN flood,
Related:networks,
synchronous transmission
Related:networks,
syntax
syntax testing
IncludedBy:test,
synthetic benchmarks
Related:test,
system
Includes:Automated Information System security, COMSEC Material Control System, Defense Information System Network, DoD Trusted Computer System, DoD Trusted Computer System Evaluation Criteria, Information Systems Security products and services catalogue, Multilevel Information System Security Initiative, National Communications System, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Network File System, Secure Data Network System, Subcommittee on Information Systems Security, Terminal Access Controller Access Control System, The Exponential Encryption System, asymmetric encipherment system, asymmetric signature system, authentication system, auto-manual system, automated data processing system, automated information system, automated key management system, automated office support systems, bulletin board services (systems), certified information systems security professional, check character system, clean system, coded switch system, computer oracle and password system, computer security subsystem, concealment system, cryptographic system, cryptosystem, cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, database management system, decision support systems, defense communications system, defense message system, domain name system, electronic document management system, electronic funds transfer system, electronic generation, accounting, and distribution system, electronic key management system, elliptic curve cryptosystem, embedded system, end system, evaluated system, executive information systems, federal telecommunications system, general-purpose system, generally accepted system security principles, global command and control system, global positioning system, imaging system, improved emergency message automatic transmission system, information system, information systems security association, information systems security engineering, information systems security manager, information systems/technology, information technology system, intrusion detection system, kernelized secure operating system, key management system, key management system Agent, key-escrow system, legacy systems, lock-and-key protection system, logical system definition, manager information systems, message handling system, mission critical system, multilevel information systems security initiative, national security system, national telecommunications and information system security directives, network system, on-line system, one-time cryptosystem, open system environment, open system interconnection, open system interconnection model, open systems, open systems interconnection, open systems security, operating system, password system, positive enable system, program automated information system security incident support team, protected distribution systems, protected wireline distribution system, public key system, real-time system, secure operating system, secure subsystem, signaling system 7, signature system, software system test and evaluation process, stand-alone, shared system, stand-alone, single-user system, state delta verification system, stovepipe systems, subcommittee on Automated Information System security, system acquisition plan, system administrator, system assets, system design review, system development, system development life cycle, system entity, system entry, system files, system profile, system security management, system security plan, system software, system verification, systems security steering group, triĀ­service tactical communications system, trusted computer system, trusted computing system, trustworthy system, user interface system,
Related:Open Systems Interconnection Reference model, Trusted Computer System Evaluation Criteria, Trusted Systems Interoperability Group, information system security officer, information systems security, software, system administrator privileges, system development methodologies, system high, system integrity, system integrity service, system life, system life cycle, system low, system parameter, system requirement, system safety, system security authorization agreement, system security officer, system security policy, system-high security mode, systematic selection with a random start, systems administrator, systems engineering, systems software,
system accreditation
IncludedBy:accreditation,
system acquisition plan
IncludedBy:system,
system administrator
IncludedBy:system,
system administrator privileges
Related:system,
system and data integrity
IncludedBy:integrity,
system assets
IncludedBy:system,
system boundary
system design review
IncludedBy:system,
system development
IncludedBy:system,
Related:analysis,
system development and acquisition
Related:security,
system development life cycle
IncludedBy:system,
Related:test,
system development methodologies
Includes:software development methodologies,
Related:analysis, software, system,
system entity
IncludedBy:system,
PreferredFor:entity,
Related:authentication,
system entry
IncludedBy:access control, system,
Related:authentication,
system files
IncludedBy:system,
Related:security,
system high
Antonym:system low,
IncludedBy:modes of operation, system-high security mode,
Related:system,
system high mode
Related:computer security, user,
system indicator
Related:cryptography, encryption,
system integrity
IncludedBy:integrity,
Related:quality, system,
system integrity service
IncludedBy:security,
Related:system,
system interconnection
Related:security,
system life
Related:software, system,
system life cycle
Related:system,
system low
Antonym:system high,
IncludedBy:modes of operation,
Related:security, software, system,
system owner
system parameter
Related:system,
system profile
IncludedBy:system,
system requirement
IncludedBy:requirements,
Related:system,
system resources
Related:automated information system,
system safety
Related:software, system,
system security
IncludedBy:information systems security,
system security authorization agreement
IncludedBy:authorization, requirements,
Related:system,
system security engineering
IncludedBy:information systems security,
system security evaluation
IncludedBy:evaluation,
Related:threat,
system security management
IncludedBy:security, system,
system security officer
IncludedBy:security,
Includes:information system security officer,
Related:audit, system,
system security plan
IncludedBy:security, system,
system security policy
IncludedBy:policy, security policy,
Related:system,
system software
IncludedBy:software, system,
system testing
IncludedBy:test,
Related:recovery, security,
system under test
IncludedBy:test,
system verification
IncludedBy:system, verification,
system-high security mode
IncludedBy:modes of operation, multilevel security mode,
Includes:system high,
Related:accreditation, classification level, software, system, trust,
systematic selection with a random start
Related:system,
systems administrator
Related:system,
systems engineering
Related:system, test,
systems security steering group
IncludedBy:security, system,
Related:communications security, computer security,
systems software
IncludedBy:software,
Related:system,
t-1 line
tactical terminal
tactical trunk encryption device
Related:encryption,
tamper
IncludedBy:encryption, security, threat consequence,
Includes:tampering,
Related:Clipper chip, Federal Standard 1027, QUADRANT, TCB subset, computer security, denial of service, personal security environment, protective technologies, reference validation mechanism, signed applet, smartcards,
tampering
IncludedBy:attack, tamper,
target of evaluation
IncludedBy:evaluation, trusted computing base,
Includes:European Information Technology Security Evaluation Criteria, IT security certification, SOF-basic, SOF-high, SOF-medium, TOE resource, TOE security functions, TOE security functions interface, TOE security policy, TOE security policy model, TSF data, TSF scope of control, acceptance procedure, administration documentation, administrator, architectural design, asset, assurance, binding of functionality, component, configuration, configuration control, connectivity, construction, construction of TOE requirements, critical mechanism, deliverables list, delivery, detailed design, developer, development environment, development process, documentation, ease of use, end-user, external it entity, formal model of security policy, functionality, functionality class, human user, implementation, inter-TSF transfers, internal TOE transfer, internal communication channel, operating procedure, operation, operational documentation, operational environment, penetration testing, production, programming languages and compilers, reference monitor, requirements, requirements for procedures and standards, resource, role, security enforcing, security function, security objective, security relevant, security target, strength of function, strength of mechanisms, suitability of functionality, tool, transfers outside TSF control, user documentation, vulnerability, vulnerability assessment,
Related:user,
task
TCB subset
IncludedBy:trusted computing base,
Includes:object, subject,
Related:access control, analysis, software, tamper, test,
tcpwrapper
IncludedBy:security software,
Related:networks, software,
technical attack
IncludedBy:attack,
Related:software, user,
technical controls
Related:security controls,
technical countermeasure
IncludedBy:counter measures, security,
Related:networks, software,
technical policy
IncludedBy:access control, policy,
Includes:object, subject,
Related:trust,
technical review board
technical security policy
IncludedBy:policy, security policy,
Includes:object,
Related:software, threat,
technical surveillance countermeasures
IncludedBy:counter measures,
technical vulnerability
IncludedBy:vulnerability,
Related:exploit, risk, software, user,
technological attack
IncludedBy:attack,
Related:access control, software,
technology
Related:counter measures,
technology area
Related:computer security, evaluation, networks, security,
technology gap
IncludedBy:threat,
telecommunications
IncludedBy:communications,
Related:emissions security, networks,
telecommunications security
IncludedBy:communications security, information systems security,
telecommuting
Related:communications, software,
teleprocessing
Related:communications,
telnet
IncludedBy:internet,
Related:networks, remote access software,
TEMPEST
IncludedBy:preferred products list, security,
Includes:Certified TEMPEST Technical Authority, Endorsed TEMPEST Products List, TEMPEST Endorsement Program, TEMPEST advisory group, TEMPEST shielded, TEMPEST test, TEMPEST zone, certified TEMPEST technical, compromising emanations, emanation, emanations security, emissions security, equipment radiation TEMPEST zone, soft TEMPEST,
Related:International Traffic in Arms Regulations, approval/accreditation, inspectable space, optional modification,
TEMPEST advisory group
IncludedBy:TEMPEST,
TEMPEST Endorsement Program
IncludedBy:TEMPEST,
TEMPEST shielded
IncludedBy:TEMPEST,
TEMPEST test
IncludedBy:TEMPEST, test,
Related:emanation, emanations security,
TEMPEST zone
IncludedBy:TEMPEST,
term rule-based security policy
IncludedBy:policy, security,
Terminal Access Controller Access Control System
IncludedBy:access control, internet, security protocol, system,
Related:authentication, encryption, networks, passwords,
terminal hijacking
IncludedBy:attack,
Related:TTY watcher, derf, hijack attack,
terminal identification
IncludedBy:identification,
test
IncludedBy:assurance, audit, risk management,
Includes:Common Criteria Testing Laboratory, Common Criteria Testing Program, TEMPEST test, acceptance testing, ad hoc testing, ad-lib test, approved test methods list, black-box testing, boundary value testing, certification test and evaluation, environmental failure testing, exhaustive testing, functional test case desgin, functional testing, implementation under test, integrated test facility, integration test, interface testing, mutation testing, negative tests, operational testing, penetration test, penetration testing, pilot testing, regression testing, reliability qualification tests, security test & evaluation, security test and evaluation, security testing, smart testing, software system test and evaluation process, stress testing, structural testing, subtest, syntax testing, system testing, system under test, test bed, test bed configuration, test case, test case generator, test case specification, test case suite, test coverage, test cycle, test design, test driver, test environment, test execution, test facility, test generator, test item, test key, test log, test method, test plan, test procedure, test report, test result analyzer, test strategy, test suite, testability, tester, testing, unit testing, white-box testing,
Related:CASE tools, FIPS PUB 140-1, National Information Assurance partnership, Rivest-Shamir-Adleman, Scope of Accreditation, TCB subset, abend, acceptance inspection, accreditation, allowed traffic, approved technologies list, authentication, bebugging, benchmark, bit forwarding rate, boundary value analysis, boundary value coverage, branch coverage, certificate, certificate authority, certification, change management, code coverage, component, computer-assisted audit technique, concurrent connections, configuration management, connection establishment, connection teardown, coverage, development assurance, error guessing, exercised, flaw hypothesis methodology, goodput, homed, identity validation, independent validation and verification, information processing standard, instrument, lattice, lattice model, logging, message digest, mutation analysis, non-repudiation service, oracle, password cracker, path coverage, point of control and observation, protection profile, pseudo-random number generator, public-key certificate, random, reference monitor, reference validation mechanism, remote terminal emulation, rule set, sample, security certification level, security event, security function, security requirements, security target, sensitivity analysis, simulation modeling, sneaker, software development, software life cycle, statement coverage, synthetic benchmarks, system development life cycle, systems engineering, tiger team, time-stamping service, trusted certificate, trusted process, unit, unit of transfer, user, validate vs. verify, validation,
Synonym:analysis,
test bed
IncludedBy:test,
test bed configuration
IncludedBy:test,
Related:test case generator, test case specification,
test case
IncludedBy:test,
Related:software development, test procedure,
test case generator
IncludedBy:test,
Related:test bed configuration, test generator,
test case specification
IncludedBy:test,
Related:test bed configuration,
test case suite
IncludedBy:test,
test coverage
IncludedBy:test,
Related:software,
test cycle
IncludedBy:test,
Related:user,
test design
IncludedBy:test,
Related:software development,
test driver
IncludedBy:test,
test environment
IncludedBy:test,
test execution
IncludedBy:test,
test facility
IncludedBy:test,
Related:software development,
test generator
IncludedBy:test,
Related:test case generator,
test item
IncludedBy:test,
test key
IncludedBy:key, test,
Related:communications security,
test log
IncludedBy:test,
test method
IncludedBy:test,
Related:evaluation,
test plan
IncludedBy:test,
Related:risk, software,
test procedure
IncludedBy:test,
Related:evaluation, test case,
test report
IncludedBy:test,
test result analyzer
IncludedBy:test,
test strategy
IncludedBy:test,
test suite
IncludedBy:test,
testability
IncludedBy:software requirement, test,
Related:software,
tester
IncludedBy:test,
testing
IncludedBy:test,
Related:dynamic analysis, evaluation,
The Exponential Encryption System
IncludedBy:system,
Related:authentication, digital signature, encryption, key,
theft
IncludedBy:threat consequence,
theft of data
IncludedBy:threat consequence,
theft of functionality
IncludedBy:threat consequence,
theft of service
IncludedBy:threat consequence,
thermostat
think time
third party trusted host model
IncludedBy:Kerberos, model, trust,
Includes:ticket,
Related:authentication, passwords,
thrashing
threat
Antonym:security software,
IncludedBy:component operations, risk,
Includes:CGI scripts, Chernobyl packet, PHF, PHF hack, RED signal, abuse of privilege, acceptable level of risk, ankle-biter, attack, back door, blue box devices, bomb, breach, buffer overflow, bug, code amber, code red, compromise, compromised key list, compromising emanations, computer abuse, computer fraud, computer related crime, counter measures, crack, crash, dangling threat, dark-side hacker, deadlock, deadly embrace, derf, dumpster diving, emanation, ethernet meltdown, exploit, exploitable channel, failure access, fault, flaw, fork bomb, generic threat, hacking, incident, incomplete parameter checking, infection, information systems security, information systems security engineering, information warfare, intelligent threat, intruder, intrusion, leakage, letterbomb, logic bomb, loophole, lurking, mailbomb, malicious applets, malicious code, malicious logic, malicious program, malware, mission needs statement, mockingbird, natural disaster, passive threat, password cracker, phage, phracker, phreaker, piggyback entry, promiscuous mode, prowler, pseudo-flaw, psychological operations, residual risk, retro-virus, reverse engineering, salami technique, security breach, security flaw, security threat, security violation, session hijacking, snarf, sneaker, sniffer, sniffing, spam, spamming, stealth probe, suspicious event, technology gap, threat action, threat agent, threat analysis, threat assessment, threat event, threat monitoring, threat source, time bomb, traffic analysis, trap, trap door, trojan horse, troll, unauthorized access, vulnerability, war dialer, wedged,
Related:Common Criteria for Information Technology Security, IS related risk, OAKLEY, RED team, SWOT analysis, adversary, advisory, anonymous login, computer emergency response team, defense, disaster plan, effectiveness, electronic warfare support, emergency plan, emergency response, evaluation assurance, firewall, information protection policy, information sharing and analysis center, infrastructure assurance, infrastructure protection, joint task force-computer network defense, keyed hash, level of protection, levels of concern, masquerade, national computer security assessment program, networks, one-time passwords, passive, physical and environmental protection, physical security, post-accreditation phase, privacy protection, product rationale, risk analysis, risk assessment, risk identification, security architecture, security objective, security policy, security target, strengths, weaknesses, opportunities, threats, suitability of functionality, suspicious activity report, system security evaluation, technical security policy, threat consequence, tiger team,
threat action
IncludedBy:threat,
Related:threat consequence,
threat agent
IncludedBy:threat,
Related:exploit, vulnerability,
threat analysis
IncludedBy:analysis, risk analysis, threat,
threat assessment
IncludedBy:threat,
Related:evaluation,
threat consequence
IncludedBy:risk management,
Includes:corruption, cryptanalysis, deception, deliberate exposure, disruption, emanations analysis, exposure, false denial of origin, false denial of receipt, falsification, hardware or software error, human error, incapacitation, inference, insertion, interception, interference, intrusion, malicious logic, masquerade, misappropriation, misuse, natural disaster, obstruction, overload, penetration, physical destruction, repudiation, reverse engineering, scavenging, signals analysis, spoof, substitution, tamper, theft, theft of data, theft of functionality, theft of service, traffic analysis, trespass, usurpation, violation of permissions, wiretapping,
Related:access control, attack, encryption, hardware error, security violation, software error, threat, threat action,
threat event
IncludedBy:threat,
Related:analysis,
threat monitoring
IncludedBy:risk management, threat,
Includes:audit trail,
Related:analysis, audit,
threat source
IncludedBy:threat,
thumbprint
IncludedBy:biometric authentication,
Related:hash,
ticket
IncludedBy:credentials, third party trusted host model,
Related:access control, certificate, cryptography, model, passwords,
ticket-oriented
Antonym:list-oriented,
IncludedBy:authorization,
Includes:object, subject,
Tiger
IncludedBy:security software,
Related:software,
tiger team
Related:attack, security, sneaker, test, threat,
time bomb
IncludedBy:threat,
Related:logic bomb,
time compliance data
time division multiple access
IncludedBy:security,
time stamp
Includes:time-stamp requester, time-stamp token, time-stamp verifier, time-stamping authority, time-stamping service, trusted time stamp, trusted time stamping authority,
time variant parameter
time-and-materials contract
time-compliance date
Related:communications security,
time-dependent password
IncludedBy:passwords,
time-stamp requester
IncludedBy:time stamp,
Related:trust,
time-stamp token
IncludedBy:time stamp, tokens,
Related:cryptography,
time-stamp verifier
IncludedBy:time stamp,
Related:trust,
time-stamping authority
IncludedBy:time stamp,
Related:evidence, trust,
time-stamping service
IncludedBy:time stamp,
Related:evidence, test, validation,
time-to-recover
timing attacks
IncludedBy:attack,
timing channel
HasPreferred:covert channel,
tinkerbell program
IncludedBy:security software,
Related:networks,
to be process model
IncludedBy:model,
Related:business process,
TOE resource
IncludedBy:target of evaluation,
TOE security functions
IncludedBy:object, resource, security attribute, target of evaluation,
Includes:TOE security functions interface, TSF data, TSF scope of control, inter-TSF transfers, secret, strength of function, transfers outside TSF control, trusted path, user data,
Related:software, trusted channel,
TOE security functions interface
IncludedBy:TOE security functions, target of evaluation,
TOE security policy
IncludedBy:policy, security policy, target of evaluation,
Includes:object, trusted path,
TOE security policy model
IncludedBy:model, target of evaluation,
Related:policy,
token backup
IncludedBy:availability, tokens,
PreferredFor:card backup,
token copy
IncludedBy:tokens,
Related:key,
token device
IncludedBy:tokens,
Related:identification,
token management
IncludedBy:tokens,
Related:availability, certificate, key,
token restore
IncludedBy:tokens,
token storage key
IncludedBy:key, tokens,
tokens
IncludedBy:Secure Electronic Transaction, key,
Includes:NRD token, NRO token, NRS token, NRT token, authentication token, cryptographic card, cryptographic token, hash token, identity token, key token, non-repudiation token, notarization token, security token, smartcards, time-stamp token, token backup, token copy, token device, token management, token restore, token storage key,
PreferredFor:hardware token,
Related:3-factor authentication, Europay, MasterCard, Visa, Fortezza, Generic Security Service Application Program Interface, PKCS #11, authentication, capability, cardholder certificate, cardholder certification authority, challenge/response, class 2, 3, 4, or 5, cryptographic ignition key, domain parameter, notary, passwords, personal security environment, public-key infrastructure, registration authority, secret, social engineering, witness,
tolerable error
tool
IncludedBy:target of evaluation,
top CA
IncludedBy:public-key infrastructure,
Related:certification, trust,
top-level certification
IncludedBy:certification,
Related:availability, confidentiality, integrity,
top-level security objectives
IncludedBy:security, top-level specification,
top-level specification
IncludedBy:development process,
Includes:descriptive top-level specification, formal top-level specification, top-level security objectives,
Related:model, security,
topical areas
topology
Related:networks,
total quality management
IncludedBy:quality,
Related:business process,
total risk
IncludedBy:risk,
trace a correspondence
trace packet
Related:networks,
traceability
Related:attack,
traceroute
IncludedBy:internet,
traditional
Related:communications security,
traffic analysis
IncludedBy:analysis, threat, threat consequence,
Related:cryptography, encryption, traffic flow confidentiality, traffic padding,
traffic encryption key
IncludedBy:key,
traffic flow confidentiality
IncludedBy:confidentiality,
Related:analysis, traffic analysis,
traffic load
Related:networks,
traffic padding
Related:cryptography, traffic analysis,
traffic-flow security
IncludedBy:security,
Related:cryptography,
trailer
training key
IncludedBy:key,
tranquility
IncludedBy:Bell-LaPadula security model,
Includes:object,
Related:model,
tranquility property
HasPreferred:Bell-LaPadula security model,
transaction
IncludedBy:database management system,
Includes:subject,
transaction file
Related:networks,
transfer device
Related:networks,
transfer time
Related:networks,
transfers outside TSF control
IncludedBy:TOE security functions, target of evaluation,
transmission
Related:networks,
transmission control protocol
IncludedBy:internet,
Related:networks,
transmission control protocol/internet protocol
IncludedBy:internet,
transmission medium
Related:networks,
transmission security
IncludedBy:security,
Related:analysis, communications security, confidentiality, networks,
transmission security key
IncludedBy:key,
transport layer security
IncludedBy:internet, security,
Related:secure socket layer,
Transport Layer Security Protocol
IncludedBy:security protocol,
Related:encryption,
transport mode vs. tunnel mode
IncludedBy:Internet Protocol security,
transportation
IncludedBy:critical infrastructure,
trap
IncludedBy:threat,
Related:fault, security software,
trap door
IncludedBy:threat,
Related:cryptography, software,
Synonym:back door,
tree diagram
trespass
IncludedBy:threat consequence,
tri-homed
IncludedBy:homed,
triple DES
Related:digital signature, encryption, key,
Tripwire
IncludedBy:security software,
Related:software, triĀ­service tactical communications system
triĀ­service tactical communications system
IncludedBy:system,
trojan horse
IncludedBy:threat,
Includes:virus,
Related:exploit, internet, software, worm,
troll
IncludedBy:threat,
trunk
trunk encryption device
Related:encryption,
trust
Includes:Canadian Trusted Computer Product Evaluation Criteria, DoD Trusted Computer System, DoD Trusted Computer System Evaluation Criteria, Trusted Computer System Evaluation Criteria, Trusted Network Interpretation Environment Guideline, Trusted Products Evaluation Program, Trusted Systems Interoperability Group, bilateral trust, certification authority, directly trusted CA, directly trusted CA key, hierarchy of trust, session key, third party trusted host model, trust chain, trust hierarchy, trust level, trust-file PKI, trusted applet, trusted certificate, trusted facility manual, trusted functionality, trusted identification, trusted identification forwarding, trusted key, trusted network interpretation, trusted operating system, trusted process, trusted recovery, trusted system, trusted third party, trusted time stamp, trusted time stamping authority, trustworthy system, tunneling router, untrusted process, virtual network perimeter, web of trust,
Related:A1, Biba model, Common Criteria for Information Technology Security, Federal Criteria for Information Technology Security, Internet Architecture Board, Internet Engineering Steering Group, Internet Society, Kerberos, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, National Computer Security Center glossary, PKIX, Red book, Yellow book, accountability, accreditation, accreditation authority, accreditation range, analysis, attention character, attribute authority, authentic signature, authentication, authenticity, authorization, binding, certificate policy, certificate status responder, certificate validation, certification, certification path, certification practice statement, clean system, common security, confidence, controlled access protection, criteria, data integrity, delivery authority, descriptive top-level specification, design documentation, digital notary, domain modulus, dominated by, endorsed tools list, evaluated products list, evidence requester, external it entity, guard, inter-TSF transfers, key, key distribution centre, key generation exponent, key recovery, key translation centre, key-escrow, labeled security protections, mesh PKI, modes of operation, monitor, multilevel device, mutual suspicion, network component, non-repudiation service, notarization, notary, path discovery, penetration testing, personal security environment, personalization service, privileged process, public confidence, public-key infrastructure, registration authority, repository, root, secure hypertext transfer protocol, security evaluation, security filter, security gateway, security kernel, security perimeter, security policy model, security-compliant channel, sensitivity label, single sign-on, single-level device, source integrity, system-high security mode, technical policy, time-stamp requester, time-stamp verifier, time-stamping authority, top CA, tunneled VPN, user, valid certificate, validate vs. verify, web vs. Web,
trust chain
IncludedBy:trust,
Related:certification, public-key infrastructure,
trust hierarchy
IncludedBy:trust,
Related:certification, public-key infrastructure,
trust level
IncludedBy:classification level, trust,
Related:analysis,
trust-file PKI
IncludedBy:public-key infrastructure, trust,
Related:certificate, certification, key, software,
trusted applet
IncludedBy:trust,
Related:signed applet,
trusted certificate
IncludedBy:certificate, trust,
Related:certification, key, test,
trusted channel
IncludedBy:channel, trusted computing base,
Related:TOE security functions, software,
Synonym:security-compliant channel,
trusted computer system
IncludedBy:National Computer Security Center, system, trusted computing base,
Includes:beyond A1,
Related:accreditation, accreditation range, assurance, evaluated products list, network component, security policy model, software, trusted network interpretation,
Synonym:trusted computing system, trusted operating system, trusted system,
Trusted Computer System Evaluation Criteria
IncludedBy:Common Criteria for Information Technology Security Evaluation, criteria, evaluation, trust,
Includes:rainbow series, trusted computing base,
Related:computer security, software, system,
trusted computing base
IncludedBy:Trusted Computer System Evaluation Criteria, protection profile,
Includes:NTCB partition, TCB subset, access control, candidate TCB subset, dependency, depends, exploitable channel, formal security policy model, global requirements, granularity of a requirement, local requirements, monolithic TCB, network trusted computing base, output, primitive, protection-critical portions of the TCB, reference validation mechanism, scope of a requirement, subset-domain, target of evaluation, trusted channel, trusted computer system, trusted computing system, trusted distribution, trusted gateway, trusted path, trusted software, trusted subject,
Related:software,
trusted computing system
IncludedBy:security, system, trusted computing base,
Related:assurance, security software,
Synonym:trusted computer system,
trusted distribution
IncludedBy:trusted computing base,
Related:software,
trusted facility manual
IncludedBy:trust,
trusted functionality
IncludedBy:security policy, trust,
trusted gateway
IncludedBy:Common Criteria for Information Technology Security Evaluation, firewall, gateway, trusted computing base,
Related:communications, risk, software,
trusted identification
IncludedBy:identification, trust,
Related:authentication, networks, user,
trusted identification forwarding
IncludedBy:identification, trust,
Related:authentication, networks,
trusted key
IncludedBy:key, trust,
Related:certificate, certification, public-key infrastructure,
trusted network interpretation
IncludedBy:networks, trust,
Related:computer security, evaluation, security, trusted computer system,
Trusted Network Interpretation Environment Guideline
IncludedBy:networks, trust,
trusted operating system
IncludedBy:trust,
Synonym:trusted computer system,
trusted path
IncludedBy:TOE security functions, TOE security policy, trusted computing base,
Related:communications security, cryptography, software,
trusted process
Antonym:untrusted process,
IncludedBy:security policy, trust,
Related:attack, networks, risk, test,
Trusted Products Evaluation Program
IncludedBy:evaluation, trust,
trusted recovery
IncludedBy:recovery, trust,
trusted software
IncludedBy:software, trusted computing base,
trusted subject
IncludedBy:Bell-LaPadula security model, security policy, subject, trusted computing base,
Includes:object,
Related:model,
trusted system
IncludedBy:trust,
Synonym:trusted computer system,
Trusted Systems Interoperability Group
IncludedBy:trust,
Related:system,
trusted third party
IncludedBy:trust,
Related:authentication, public-key infrastructure, security,
trusted time stamp
IncludedBy:time stamp, trust,
trusted time stamping authority
IncludedBy:time stamp, trust,
Related:evidence,
trustworthy system
IncludedBy:system, trust,
Related:availability, security, software,
TSEC nomenclature
Related:communications security,
TSF data
IncludedBy:TOE security functions, target of evaluation,
TSF scope of control
IncludedBy:TOE security functions, target of evaluation,
TTY watcher
IncludedBy:attack,
Related:terminal hijacking,
tunnel
IncludedBy:Secure Electronic Transaction, internet,
Related:communications, encryption, networks, public-key infrastructure,
tunnel
tunnel mode
IncludedBy:Internet Protocol security,
tunneled VPN
IncludedBy:virtual private network,
Related:networks, trust,
tunneling
IncludedBy:virtual private network,
Related:networks,
tunneling attack
IncludedBy:attack,
tunneling router
IncludedBy:security, trust,
Related:networks,
turnaround time
Related:availability,
twisted-pair wire
two-part code
two-person control
Related:cryptography, security,
two-person integrity
Related:communications security,
type 1 product
Related:user,
type 2 product
type 3 algorithm
type 4 algorithm
type accreditation
IncludedBy:accreditation,
Type I cryptography
Related:National Security Agency,
Type II cryptography
Related:National Security Agency,
Type III cryptography
IncludedBy:cryptography,
type time
U.S. person
U.S.-controlled facility
U.S.-controlled space
Related:key,
unauthorized access
IncludedBy:threat,
Related:SOCKS, access control, access control mechanism, access control service, adequate security, administrative security, between-the-lines-entry, computer intrusion, computer security intrusion, covert channel analysis, data compromise, failure access, fetch protection, file protection, firewall, information systems security, intrusion, intrusion detection tools, major application, malicious logic, motivation, network security, penetration, physical and environmental protection, physical security, piggyback, piggyback entry, probe, protected network, security, security compromise, security incident, security violation, segregation of duties, sensitive information, signature, vulnerability,
unauthorized disclosure
IncludedBy:risk,
Related:exposure,
unclassified
Antonym:classified,
underflow
undesired signal data emanations
IncludedBy:emanations security, risk,
unencrypted
Related:encryption,
unforgeable
Related:certificate, cryptography, digital signature, key, public-key infrastructure,
uniform resource identifier
IncludedBy:internet,
Related:identification,
uniform resource locator
IncludedBy:internet,
uniform resource name
IncludedBy:internet,
Related:availability,
unilateral authentication
IncludedBy:authentication,
Related:mutual authentication,
uninterruptible power supply
Related:failure,
unique interswitch rekeying key
IncludedBy:key,
unit
Related:software, test,
unit of transfer
Related:bit forwarding rate, firewall, test,
unit testing
IncludedBy:test,
Related:software,
unprotected network
Antonym:protected network,
IncludedBy:demilitarized zone, firewall, networks,
Related:rule set,
untrusted process
Antonym:trusted process,
IncludedBy:risk, trust,
update access
IncludedBy:access,
updating
Related:communications security, cryptography,
upload
usage security policy
IncludedBy:policy, security policy,
USENET
IncludedBy:internet,
user
IncludedBy:accountability, data source, security-relevant event,
Includes:Advanced Mobile Phone Service, MISSI user, Remote Authentication Dial-In User Service, access control, anonymity, authorization, certificate, certificate revocation list, certificate user, challenge/response, closed user group, compromised key list, consumers, denial of service, end-user, end-user computing, frequency division multiple access, graphical-user interface, group of users, hacker, human user, identity, information systems security, local-area network, multiuser mode of operation, owner, proxy, role, security features users guide, security policy, social engineering, stand-alone, single-user system, superuser, user PIN, user agent, user data, user documentation, user id, user identifier, user interface, user partnership program, user profile, user representative, user-PIN ORA, wide-area network,
PreferredFor:customer,
Related:attention character, authenticate, authentication, availability, availability of data, certification authority, classification level, cold start, compartmented mode, dedicated mode, direct shipment, identity validation, individual accountability, local authority, local management device/key processor, mode of operation, multilevel mode, networks, organizational maintenance, organizational registration, penetration testing, privileged access, protection ring, risk index, subject security level, system high mode, target of evaluation, technical attack, technical vulnerability, test, test cycle, trust, trusted identification, type 1 product, vendor, vulnerability,
user agent
IncludedBy:user,
user data
IncludedBy:TOE security functions, user,
user data protocol
IncludedBy:internet,
Related:communications, networks,
user datagram protocol
IncludedBy:internet,
user documentation
IncludedBy:target of evaluation, user,
user id
IncludedBy:user,
Synonym:user identifier,
user identifier
IncludedBy:user,
Related:authentication, passwords,
Synonym:user id,
user interface
IncludedBy:user,
user interface system
IncludedBy:system,
user partnership program
IncludedBy:user,
Related:cryptography,
user PIN
IncludedBy:Multilevel Information System Security Initiative, user,
Related:Fortezza, identification,
user profile
IncludedBy:risk management, user,
user representative
IncludedBy:user,
Related:communications security,
user-PIN ORA
IncludedBy:Multilevel Information System Security Initiative, user,
Related:Fortezza,
usurpation
IncludedBy:threat consequence,
UTCTime
Related:GeneralizedTime, coordinated universal time,
utility
IncludedBy:critical infrastructure,
utility programs
Related:software,
v1 certificate
IncludedBy:certificate,
Related:key,
v1 CRL
IncludedBy:public-key infrastructure,
Related:certificate,
v2 certificate
IncludedBy:certificate,
Related:key,
v2 CRL
IncludedBy:public-key infrastructure,
Related:certificate,
v3 certificate
IncludedBy:certificate,
Related:key,
vaccines
IncludedBy:security software,
Related:virus-detection tool,
valid certificate
IncludedBy:certificate,
Related:trust,
valid signature
Related:certificate, digital signature, public-key infrastructure,
validate vs. verify
IncludedBy:National Institute of Standards and Technology,
Related:authentication, certificate, certification, cryptography, digital signature, evidence, identification, internet, key, public-key infrastructure, security, test, trust, validation, verification,
validated products list
IncludedBy:National Information Assurance partnership,
validation
IncludedBy:development process, evaluation,
Includes:reference validation mechanism, validation report,
Related:assurance, conformant validation certificate, evidence, software, test, time-stamping service, validate vs. verify,
Synonym:verification,
Validation Certificate
IncludedBy:Common Criteria Testing Laboratory,
Related:evaluation,
validation report
IncludedBy:validation,
Related:evidence,
validity period
IncludedBy:public-key infrastructure,
Related:certificate, key,
value analysis
IncludedBy:analysis,
Related:quality,
value-added
value-added network
IncludedBy:networks,
Related:electronic data interchange,
variable sampling
variance
variant
vaulting
Related:availability, backup, recovery, risk,
vendor
Related:internet, user,
verification
IncludedBy:development process, evaluation, security testing,
Includes:formal verification, object, system verification, verification procedure refinements, verification techniques,
Related:certification phase, domain verification exponent, identification, model, non-repudiation policy, policy, pre-certification phase, public accreditation verification exponent, security certification level, software, validate vs. verify, verification function, verification key, verification process, verifier,
Synonym:validation,
verification and validation
Related:software,
verification function
Related:verification,
verification key
IncludedBy:key,
Related:verification,
verification procedure refinements
IncludedBy:verification,
verification process
Related:verification,
verification techniques
IncludedBy:verification,
Related:security,
verified design
verifier
Related:authentication, evidence, verification,
version
Related:baseline, software,
victim
Related:attack,
view
IncludedBy:database management system,
view definition
IncludedBy:database management system,
violation
HasPreferred:security violation,
Related:penetration,
violation of permissions
IncludedBy:threat consequence,
virtual departments or divisions
virtual mall
IncludedBy:world wide web,
virtual network perimeter
IncludedBy:networks, security, trust,
virtual password
IncludedBy:passwords,
virtual private network
IncludedBy:internet, key, networks, privacy, security protocol,
Includes:point-to-point tunneling protocol, session key, tunneled VPN, tunneling,
Related:communications, encryption, extranet,
virus
IncludedBy:internet, software, trojan horse,
Includes:boot sector virus, file infector virus, macro virus, virus hoax,
Related:antivirus software, malicious code, signature, virus scanner, virus-detection tool, worm,
virus hoax
IncludedBy:virus,
virus scanner
IncludedBy:security software,
Related:risk, software, virus,
Synonym:virus-detection tool,
virus signature
IncludedBy:attack signature recognition,
virus-detection tool
IncludedBy:security software,
Related:risk, software, vaccines, virus,
Synonym:virus scanner,
vision
vulnerability
Antonym:security software,
IncludedBy:target of evaluation, threat,
Includes:areas of potential compromise, common vulnerabilities and exposures, dangling vulnerability, implementation vulnerability, technical vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit,
Related:IS related risk, MEI resource elements, analysis, attack, authentication, authorization, availability, confidentiality, counter measures, critical asset, exploit, exploitation, failure, incident, infrastructure protection, level of protection, mission critical, networks, security, software, threat agent, unauthorized access, user,
vulnerability analysis
IncludedBy:analysis, risk analysis, vulnerability,
Related:audit, gap analysis, security,
Synonym:vulnerability assessment,
vulnerability assessment
IncludedBy:target of evaluation, vulnerability,
Related:attack, security target,
Synonym:vulnerability analysis,
vulnerability audit
IncludedBy:audit, vulnerability,
war dialer
IncludedBy:threat,
warehouse attack
IncludedBy:attack,
warfare
Includes:command and control warfare, electronic warfare, electronic warfare support, information warfare,
Wassenaar Arrangement
Related:key, security,
water supply system
IncludedBy:critical infrastructure,
watermarking
HasPreferred:digital watermarking,
web browser cache
IncludedBy:world wide web,
Related:networks,
web of trust
IncludedBy:trust,
Includes:certificate, pretty good privacy,
Related:key, networks, public-key infrastructure,
web server
IncludedBy:world wide web,
Related:software,
web vs. Web
IncludedBy:world wide web,
Related:networks, trust,
weblinking
IncludedBy:world wide web,
website
IncludedBy:world wide web,
website hosting
IncludedBy:world wide web,
wedged
IncludedBy:threat,
Related:software,
white-box testing
IncludedBy:test,
Related:software development,
wide area information service
IncludedBy:internet,
wide-area network
IncludedBy:networks, user,
Related:communications,
wireless application protocol
Related:standard generalized markup language,
wireless gateway server
wiretapping
IncludedBy:attack, threat consequence,
Includes:active wiretapping, passive wiretapping,
Related:networks,
witness
Related:evidence, hash, tokens,
word
Related:hash,
work breakdown structure
work factor
Related:counter measures, cryptography, risk, security,
work product
work program
Related:audit,
workflow
Related:automated information system,
workgroup computing
Related:software,
workload
Related:automated information system, business process,
workstation
IncludedBy:automated information system,
world class organizations
Related:business process, model,
world wide web
IncludedBy:internet,
Includes:CGI scripts, browser, common gateway interface, hyperlink, hypertext markup language, hypertext transfer protocol, secure hyptertext transfer protocol, secure socket layer, virtual mall, web browser cache, web server, web vs. Web, weblinking, website, website hosting,
Related:applet, certificate, certificate owner, cookies, hypertext, link, pagejacking, plug-in modules, pop-up box, proxy server, push technology,
worm
IncludedBy:internet, malicious code,
Includes:Internet worm, morris worm,
Related:infection, networks, replicator, trojan horse, virus,
wrap
Related:confidentiality, cryptography, encryption,
write
Includes:object, subject,
write access
Includes:object,
X.400
Related:email,
X.500
HasPreferred:X.500 Directory,
X.500 Directory
PreferredFor:X.500,
Related:certificate, key, public-key infrastructure,
X.509
IncludedBy:public-key infrastructure,
Related:authentication, certificate, key,
X.509 attribute certificate
IncludedBy:certificate,
Related:digital signature, key,
X.509 authority revocation list
IncludedBy:public-key infrastructure,
Related:certificate,
X.509 certificate
IncludedBy:certificate,
Related:key,
X.509 certificate revocation list
IncludedBy:public-key infrastructure,
Related:certificate, digital signature, key,
X.509 public-key certificate
IncludedBy:certificate,
Related:digital signature, key,
Yellow book
IncludedBy:rainbow series,
Related:computer security, evaluation, security, trust,
zero fill
Related:zeroize,
zeroization
Related:FIPS PUB 140-1, recovery,
Synonym:zeroize,
zeroize
Related:FIPS PUB 140-1, cryptography, key, recovery, zero fill,
Synonym:zeroization,