Standards of Security Definitions

The following definitions for security terms hold:

1. Authentication proves the identity of an entity during communication or transfer of data.
2. Access control designates the resources a user or service may access on the system or network.
3. Data confidentiality protects data from unauthorized disclosure using encryption methods.
4. Data integrity verifies the consistency of information transferred over the Internet.
5. Non-repudiation provides proof of origin and proof of delivery.

1. Access: Ability to make use of any information system (IS) resource. Ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
2. Access Authority: An entity responsible for monitoring and granting access privileges for other authorized entities.
3. Access Control: The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).
4. Access Control List (ACL):
   1. A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
   2. A mechanism that implements access control for a system resource by enumerating the system entities that are permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each entity.
5. Access Control Mechanism: Security safeguards (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access and permit authorized access to an information system.
6. Access Level: A category within a given security classification limiting entry or system connectivity to only authorized persons.
7. Access List: Roster of individuals authorized admittance to a controlled area.
8. Access Point: A device that logically connects wireless client devices operating in infrastructure to one another and provides access to a distribution system, if connected, which is typically an organization's enterprise wired network.
9. Access Profile: Association of a user with a list of protected objects the user may access.
10. Access Type: Privilege to perform action on an object. Read, write, execute, append, modify, delete, and create are examples of access types. See Write.
11. Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.
12. (ALC) Accounting Legend Code: Numeric code used to indicate the minimum accounting controls required for items of accountable communications security (COMSEC) material within the COMSEC Material Control System.
13. Active Attack: An attack that alters a system or data.An attack on the authentication protocol where the Attacker transmits data to the Claimant, Credential Service Provider, Verifier, or Relying Party. Examples of active attacks include man-in-the-middle, impersonation, and session hijacking.
14. Active Content: Electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user.
15. Active Security Testing: Security testing that involves direct interaction with a target, such as sending packets to a target.
16. Ad Hoc Network: A wireless network that dynamically connects wireless client devices to each other without the use of an infrastructure device, such as an access point or a base station.
17. Add-on Security: Incorporation of new hardware, software, or firmware safeguards in an operational information system.
18. Adequate Security: Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information.
19. Administrative Safeguards: Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic health information and to manage the conduct of the covered entity's workforce in relation to protecting that information.
20. Advanced Encryption Standard: The Advanced Encryption Standard specifies a U.S. government-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.