NIST Revising Glossary of Infosec TermsDefined Terms Found in NIST, Defense Dept. Publications
Looking for a holiday gift for your boss who doesn't quite understand information security lingo? The National Institute of Standards and Technology has one you can give, and it's free.
NIST has issued a draft of Interagency Report 7298 Revision 2: NIST Glossary of Key Information Security Terms.
The glossary includes most of the terms found in NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009, an information assurance glossary issued by the Defense Department's Committee on National Security Systems, a forum that helps set the federal government's information assurance policy.
The publication contains 215 pages of definitions, from "Access" - the ability to make use of any information system resource - to "Zone of Control" - a three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. (TEMPEST is defined as a name referring to the investigation, study and control of compromising emanations from telecommunications and automated information systems equipment.)
"As we are continuously refreshing our publication suite, terms included in the glossary come from our more recent publications," publication editor Richard Kissell writes. "The NIST publications referenced are the most recent versions of those publications. It is our intention to keep the glossary current by providing updates online. New definitions will be added to the glossary as required, and updated versions will be posted on the Computer Security Resource Center website.
NIST is seeking comments and suggestions on the revised glossary, and they should be sent by Jan. 15 to firstname.lastname@example.org.