NIST Revising Glossary of Infosec Terms

Defined Terms Found in NIST, Defense Dept. Publications

By , December 11, 2012.
NIST Revising Glossary of Infosec Terms

Looking for a holiday gift for your boss who doesn't quite understand information security lingo? The National Institute of Standards and Technology has one you can give, and it's free.

See Also: Alerts that Matter: Prioritizing and Triaging Alert Data

NIST has issued a draft of Interagency Report 7298 Revision 2: NIST Glossary of Key Information Security Terms.

The glossary includes most of the terms found in NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009, an information assurance glossary issued by the Defense Department's Committee on National Security Systems, a forum that helps set the federal government's information assurance policy.

The publication contains 215 pages of definitions, from "Access" - the ability to make use of any information system resource - to "Zone of Control" - a three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. (TEMPEST is defined as a name referring to the investigation, study and control of compromising emanations from telecommunications and automated information systems equipment.)

"As we are continuously refreshing our publication suite, terms included in the glossary come from our more recent publications," publication editor Richard Kissell writes. "The NIST publications referenced are the most recent versions of those publications. It is our intention to keep the glossary current by providing updates online. New definitions will be added to the glossary as required, and updated versions will be posted on the Computer Security Resource Center website.

NIST is seeking comments and suggestions on the revised glossary, and they should be sent by Jan. 15 to secglossary@nist.gov.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE PCI Issues Security Awareness Guidance

In new guidance from the PCI Council, its leaders outline why businesses that handle card data need...

Latest Tweets and Mentions

ARTICLE PCI Issues Security Awareness Guidance

In new guidance from the PCI Council, its leaders outline why businesses that handle card data need...

The ISMG Network