Glossary of key information security terms [report]

Richard Kissel
2013 unpublished
This publication is intended to be informative, guiding users to term definitions that exist in various NIST standards and guidelines (along with terms in external publications like . This document is out-of-date, and does not reflect additions, deletions, or modifications of term definitions that have occurred since May 2013. Although this publication is being reviewed and updated, NIST encourages users to review the more up-to-date online glossary, available at
more » ... The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in Federal information systems. Abstract The National Institute of Standards and Technology (NIST) has received numerous requests to provide a summary glossary for our publications and other relevant sources, and to make the glossary available to practitioners. As a result of these requests, this glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009). This glossary includes most of the terms in the NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009. This glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications. For a given term, we do not include all definitions in NIST documentsespecially not from the older NIST publications. Since draft documents are not stable, we do not refer to terms/definitions in them. Each entry in the glossary points to one or more source NIST publications, and/or CNSSI-4009, and/or supplemental sources where appropriate. The NIST publications referenced are the most recent versions of those publications (as of the date of this document). Keywords
doi:10.6028/ fatcat:ga7kpnrlorgxbfks22zgitt3uy