Studied by 2 people
Records –
The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items).
Records Management –
The process for tagging information for records-keeping requirements as mandated in the Federal Records Act and the National Archival and Records Requirements.
Recovery Point Objective –
The point in time to which data must be recovered after an outage.
Recovery Time Objective –
The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business functions.
Recovery Procedures –
Actions necessary to restore data files of an information system and computational capability after a system failure.
RED –
In cryptographic systems, refers to information or messages that contain sensitive or classified information that is not encrypted. See also BLACK.
Red Signal –
Any electronic emission (e.g., plain text, key, key stream, subkey stream, initial fill, or control signal) that would divulge national security information if recovered.
Red Team –
A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment.
Red Team Exercise –
An exercise, reflecting real-world conditions, that is conducted as a simulated adversarial attempt to compromise organizational missions and/or business processes to provide a comprehensive assessment of the security capability of the information system and organization.
Red/Black Concept –
Separation of electrical and electronic circuits, components, equipment, and systems that handle unencrypted information (Red), in electrical form, from those that handle encrypted information (Black) in the same form.
Reference Monitor –
The security engineering term for IT functionality that— 1) controls all access, 2) cannot be bypassed, 3) is tamper-resistant, and 4) provides confidence that the other three items are true. Concept of an abstract machine that enforces Target of Evaluation (TOE) access control policies.
Registration –
The process through which a party applies to become a subscriber of a Credentials Service Provider (CSP) and a Registration Authority validates the identity of that party on behalf of the CSP. The process through which an Applicant applies to become a Subscriber of a CSP and an RA validates the identity of the Applicant on behalf of the CSP.
Registration Authority (RA) –
A trusted entity that establishes and vouches for the identity of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).
Registration Authority – (RA)
Organization responsible for assignment of unique identifiers to registered objects.
Rekey –
To change the value of a cryptographic key that is being used in a cryptographic system/application.
Rekey (a certificate) –
To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key.
Release Prefix –
Prefix appended to the short title of U.S.-produced keying material to indicate its foreign releasability. "A" designates material that is releasable to specific allied nations, and "U.S." designates material intended exclusively for U. S. use.
Relying Party –
An entity that relies upon the subscriber’s credentials, typically to process a transaction or grant access to information or a system. An entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system.
Remanence –
Residual information remaining on storage media after clearing. See Magnetic Remanence and Clearing.
Remediation –
The act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application. The act of mitigating a vulnerability or a threat.
Note 
Flashcard (40)