Glossary of Key Information Security Terms (NIST) part 21 / D

Depth –

An attribute associated with an assessment method that addresses the rigor and level of detail associated with the application of the method. The values for the depth attribute, hierarchically from less depth to more depth, are basic, focused, and comprehensive.

Specification (DTLS) –

A natural language descriptive of a system’s security requirements, an informal design notation, or a combination of the two.

Designated Approval Authority – (DAA)

Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with authorizing official, designated accrediting authority, and delegated accrediting authority.

Deterministic Random Bit Generator (DRBG) –

A Random Bit Generator (RBG) that includes a DRBG mechanism and (at least initially) has access to a source of entropy input. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator.

Deterministic Random Bit Generator (DRBG) Mechanism –

The portion of an RBG that includes the functions necessary to instantiate and uninstantiate the RBG, generate pseudorandom bits, (optionally) reseed the RBG and test the health of the DRBG mechanism.

Device Distribution Profile –

An approval-based Access Control List (ACL) for a specific product that 1) names the user devices in a specific key management infrastructure (KMI) Operating Account (KOA) to which PRSNs distribute the product, and 2) states conditions of distribution for each device.

Device Registration Manager –

The management role that is responsible for performing activities related to registering users that are devices.

Dial Back –

Synonymous with call back.

Differential Power Analysis – (DPA)

An analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm.

Digital Evidence –

Electronic information stored or transferred in digital form.

Digital Forensics –

The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Digital Signature 1 –

An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.

Digital Signature 2 –

A nonforgeable transformation of data that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data.

Digital Signature 3 –

The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation. The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism for verifying origin authentication, data integrity, and signatory non-repudiation. The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, data integrity, and signatory non-repudiation. Cryptographic process used to assure data object originator authenticity, data integrity, and time stamping for prevention of replay.

Digital Signature Algorithm –

Asymmetric algorithms used for digitally signing data.

Direct Shipment –

Shipment of COMSEC material directly from NSA to user COMSEC accounts.

Disaster Recovery Plan (DRP) –

A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities. Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days. See Continuity of Operations Plan and Contingency Plan.

Disconnection –

The termination of an interconnection between two or more IT systems. A disconnection may be planned (e.g., due to changed business needs) or unplanned (i.e., due to an attack or other contingency).

Discretionary Access Control –

The basis of this kind of security is that an individual user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user’s control. A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).

Disk Imaging –

Generating a bit-for-bit copy of the original media, including free space and slack space.