Studied by 4 people
Authentication Mechanism –
Hardware-or software-based mechanisms that force users to prove their identity before accessing data on a device. Hardware or software-based mechanisms that forces users, devices, or processes to prove their identity before accessing data on an information system.
Authentication Mode –
A block cipher mode of operation that can provide assurance of the authenticity and, therefore, the integrity of data.
Authentication Period –
The maximum acceptable period between any initial authentication process and subsequent reauthentication processes during a single terminal session or during the period data is being accessed.
Authentication Protocol –
A defined sequence of messages between a Claimant and a Verifier that demonstrates that the Claimant has possession and control of a valid token to establish his/her identity, and optionally, demonstrates to the Claimant that he or she is communicating with the intended Verifier.
Authentication Tag –
A pair of bit strings associated to data to provide assurance of its authenticity.
Authentication Token –
Authentication information conveyed during an authentication exchange.
Authenticator –
The means used to confirm the identity of a user, process, or device (e.g., user password or token).
Authenticity –
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See Authentication.
Authority –
Person(s) or established bodies with rights and responsibilities to exert control in an administrative sphere.
Authorization –
Access privileges granted to a user, program, or process or the act of granting those privileges.
Authorization (to operate) –
The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
Authorization Boundary –
All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.
Authorize Processing –
See Authorization (to operate).
Authorized Vendor –
Manufacturer of information assurance equipment authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers. Eligible buyers are typically U.S. government organizations or U.S. government contractors.
Authorized Vendor Program(AVP) –
Program in which a vendor, producing an information systems security (INFOSEC) product under contract to NSA, is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers. Eligible buyers are typically U.S. government organizations or U.S. government contractors. Products approved for marketing and sale through the AVP are placed on the Endorsed Cryptographic Products List (ECPL).
Authorizing Official –
Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.
Designated Representative –
An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization.
Automated Key Transport –
The transport of cryptographic keys, usually in encrypted form, using electronic means such as a computer network (e.g., key transport/agreement protocols).
Automated Password Generator –
An algorithm which creates random passwords that have no association with a particular user.
Automated Security Monitoring –
Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system.
Note 
Flashcard (40)