Glossary of Key Information Security Terms (NIST) part 5

studied byStudied by 6 people
5.0(1)
Get a hint
Hint

Authentication Mechanism –

1 / 19

flashcard set

Earn XP

20 Terms

1

Authentication Mechanism –

Hardware-or software-based mechanisms that force users to prove their identity before accessing data on a device. Hardware or software-based mechanisms that forces users, devices, or processes to prove their identity before accessing data on an information system.

New cards
2

Authentication Mode –

A block cipher mode of operation that can provide assurance of the authenticity and, therefore, the integrity of data.

New cards
3

Authentication Period –

The maximum acceptable period between any initial authentication process and subsequent reauthentication processes during a single terminal session or during the period data is being accessed.

New cards
4

Authentication Protocol –

A defined sequence of messages between a Claimant and a Verifier that demonstrates that the Claimant has possession and control of a valid token to establish his/her identity, and optionally, demonstrates to the Claimant that he or she is communicating with the intended Verifier.

New cards
5

Authentication Tag –

A pair of bit strings associated to data to provide assurance of its authenticity.

New cards
6

Authentication Token –

Authentication information conveyed during an authentication exchange.

New cards
7

Authenticator –

The means used to confirm the identity of a user, process, or device (e.g., user password or token).

New cards
8

Authenticity –

The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See Authentication.

New cards
9

Authority –

Person(s) or established bodies with rights and responsibilities to exert control in an administrative sphere.

New cards
10

Authorization –

Access privileges granted to a user, program, or process or the act of granting those privileges.

New cards
11

Authorization (to operate) –

The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.

New cards
12

Authorization Boundary –

All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.

New cards
13

Authorize Processing –

See Authorization (to operate).

New cards
14

Authorized Vendor –

Manufacturer of information assurance equipment authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers. Eligible buyers are typically U.S. government organizations or U.S. government contractors.

New cards
15

Authorized Vendor Program(AVP) –

Program in which a vendor, producing an information systems security (INFOSEC) product under contract to NSA, is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers. Eligible buyers are typically U.S. government organizations or U.S. government contractors. Products approved for marketing and sale through the AVP are placed on the Endorsed Cryptographic Products List (ECPL).

New cards
16

Authorizing Official –

Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.

New cards
17

Designated Representative –

An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization.

New cards
18

Automated Key Transport –

The transport of cryptographic keys, usually in encrypted form, using electronic means such as a computer network (e.g., key transport/agreement protocols).

New cards
19

Automated Password Generator –

An algorithm which creates random passwords that have no association with a particular user.

New cards
20

Automated Security Monitoring –

Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system.

New cards

Explore top notes

note Note
studied byStudied by 54 people
... ago
5.0(2)
note Note
studied byStudied by 3 people
... ago
5.0(1)
note Note
studied byStudied by 81 people
... ago
5.0(1)
note Note
studied byStudied by 36 people
... ago
4.5(2)
note Note
studied byStudied by 12 people
... ago
5.0(1)
note Note
studied byStudied by 21676 people
... ago
4.7(21)
note Note
studied byStudied by 39 people
... ago
5.0(1)
note Note
studied byStudied by 159 people
... ago
5.0(1)

Explore top flashcards

flashcards Flashcard (53)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (43)
studied byStudied by 7 people
... ago
5.0(1)
flashcards Flashcard (28)
studied byStudied by 15 people
... ago
5.0(1)
flashcards Flashcard (42)
studied byStudied by 4 people
... ago
5.0(1)
flashcards Flashcard (71)
studied byStudied by 4 people
... ago
4.0(1)
flashcards Flashcard (76)
studied byStudied by 3 people
... ago
5.0(1)
flashcards Flashcard (21)
studied byStudied by 7 people
... ago
5.0(1)
flashcards Flashcard (36)
studied byStudied by 126 people
... ago
5.0(3)
robot