Glossary of Key Information Security Terms (NIST) part 39 M

Media –

Physical devices or writing surfaces including but not limited to magnetic tapes, optical disks, magnetic disks, Large Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.

Media Sanitization –

A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means. The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.

Memorandum of Understanding/Agreement – (MOU/A)

A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission. In this guide, an MOU/A defines the responsibilities of two or more organizations in establishing, operating, and securing a system interconnection. A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission, e.g., establishing, operating, and securing a system interconnection.

Memory Scavenging –

The collection of residual information from data storage.

Message Authentication Code – (MAC)

A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. MACs provide authenticity and integrity protection, but not non-repudiation protection.

Message Authentication Code – (MAC)

A cryptographic checksum that results from passing data through a message authentication algorithm. 1. See Checksum. 2. A specific ANSI standard for a checksum.

Message Digest –

The result of applying a hash function to a message. Also known as a “hash value” or “hash output”. A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated. A cryptographic checksum, typically generated for a file that can be used to detect changes to the file. Synonymous with hash value/result.

Message Externals –

Information outside of the message text, such as the header, trailer, etc.

Message Indicator –

Sequence of bits transmitted over a communications system for synchronizing cryptographic equipment.

Metrics –

Tools designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data.

MIME –

See Multipurpose Internet Mail Extensions.

Min-Entropy –

A measure of the difficulty that an Attacker has to guess the most commonly chosen password used in a system.

Minimalist Cryptography –

Cryptography that can be implemented on devices with very limited memory and computing capabilities, such as RFID tags.

Minor Application –

An application, other than a major application, that requires attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Minor applications are typically included as part of a general support system.

Misnamed Files –

A technique used to disguise a file’s content by changing the file’s name to something innocuous or altering its extension to a different type of file, forcing the examiner to identify the files by file signature versus file extension.

Mission Assurance Category – (MAC)

A Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) term primarily used to determine the requirements for availability and integrity.

Mission Critical –

Any telecommunications or information system that is defined as a national security system (Federal Information Security Management Act of 2002 - FISMA) or processes any information the loss, misuse, disclosure, or unauthorized access to or modification of, would have a debilitating impact on the mission of an agency.

Mission/Business Segment –

Elements of organizations describing mission areas, common/shared business services, and organization-wide services. Mission/business segments can be identified with one or more information systems which collectively support a mission/business process.

Mobile Code –

Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient. A program (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics. Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient. Note: Some examples of software technologies that provide the mechanisms for the production and use of mobile code include Java, JavaScript, ActiveX, VBScript, etc.

Mobile Code Technologies –

Software technologies that provide the mechanisms for the production and use of mobile code (e.g., Java, JavaScript, ActiveX, VBScript).