Browse — Entity Type · Artifact
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
182 terms
TermTypeDefinitionClassificationsUpdated
Access ListnounRoster of individuals authorized admittance to a controlled area.ArtifactRestrictedPII
access lognounA log that lists who has been permitted to physically or logically gain access.ArtifactRegulatedCUI
Access MatrixnounAn Access Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell.ArtifactConfidential
Accounting NumbernounNumber assigned to an item of COMSEC material to facilitate its control.ArtifactRegulatedCDI
Accreditation PackagenounProduct comprised of a System Security Plan (SSP) and a report documenting the basis for the accreditation decision.ArtifactRegulatedCUI
action itemnounA documented event, task or action that needs to take place. Action items are discreet units that can be handled by a single person.ArtifactRegulated
action plannounSteps that must be taken, or activities that must be performed well, for a strategy to succeed. An action plan has three major elements: (1) Specific tasks: what will be done and by whom. (2) Time horizon: when will it be done. (3) Resource allocation: what specific funds are available for specific activities.ArtifactCUI
activity reportingnounThe action of providing an description of an account holder's activity.ArtifactRegulatedPII
AdvisorynounNotification of significant new trends or developments regarding the threat to the information systems of an organization. This notification may include analytical insights into trends, intentions, technologies, or tactics of an adversary targeting information systems.ArtifactInternal
Approval to OperatenounThe official management decision issued by a DAA or PAA to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.ArtifactRegulatedCUI
Assessment ObjectnounThe item (i.e., specifications, mechanisms, activities, individuals) upon which an assessment method is applied during an assessment.Artifact
asset inventorynounA complete list of all the resources owned by an organization that is used in operations or used to support operations.ArtifactInternal
Asset Reporting FormatnounSCAP data model for expressing the transport format of information about assets (components) and the relationships between assets and reports.ArtifactRegulatedCUI
Assurance CasenounA structured set of arguments and a body of evidence showing that an information system satisfies specific claims with respect to a given quality attribute.ArtifactConfidential
attack signaturenounA characteristic byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of malicious network activities.ArtifactInternal
Audit charternounA document approved by the board of directors that defines the IT audit function's responsibility, authority to review records, and accountability.ArtifactInternal
audit lognounA chronological record of system activities. Includes records of system accesses and operations performed in a given period.ArtifactRegulated
Audit Log eventnounAny of the various triggering actions that cause an application to write a new entry into the log.ArtifactRegulatedCUI
audit manualnounA compilation of current audit policies, procedures, and guidelines.ArtifactInternal
Audit plannounA high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited, the type of work planned, the high level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report, and its intended audience and other general aspects of the work.ArtifactInternal
audit recordnounAn individual entry in an audit log related to an audited event.ArtifactRegulatedCUI
audit reportnounA report issued by an independent Auditor that expresses an opinion about whether the financial statements present fairly a company's financial position, operating results, and cash flows in accordance with generally accepted accounting principles.ArtifactRegulated
audit schedulenounThe dates on which a planned, official examination of a system or equipment will be performed.ArtifactInternal
Audit trailnounA chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.ArtifactRegulated
audit universenounAn inventory of audit areas that is compiled and maintained to identify areas for audit during the audit planning process.ArtifactInternal
Audit Work PapernounThis record category contains records of working papers that are vital to the successful accomplishment of all audit assignments performed.ArtifactRegulated
Authentication TagnounA pair of bit strings associated to data to provide assurance of its authenticity.Artifact
authorization recordnounA document or identifier which provides evidence of authorization.ArtifactRegulatedCUI
Authorization to operatenounThe official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.ArtifactRegulatedCUI
backgroundnounA persons previous experience, education, or social circumstances.ArtifactRegulatedPII
BaselinenounHardware, software, databases, and relevant documentation for an information system at a given point in time.ArtifactRegulated
Body of EvidencenounThe set of data that documents the information system’s adherence to the security controls applied. The BoE will include a Requirements Verification Traceability Matrix (RVTM) delineating where the selected security controls are met and evidence to that fact can be found. The BoE content required by an Authorizing Official will be adjusted according to the impact levels selected.ArtifactRegulatedCUI
Business Continuity Plan (BCP)nounA comprehensive written plan to maintain or resume business in the event of a disruption. BCP includes both the technology recovery capability (often referred to as disaster recovery) and the business unit(s) recovery capability.ArtifactInternal
CalendarnounThis record category contains a document organized chronologically, especially in tabular form, indicating the day of week, date, and month or contains a chronological listing of documents in a collection, which may be comprehensive or selective, and which may include details about the writer, recipient, date, place, summary of content, type of document, and page or leaf count.Artifact
Call TreenounA documented list of employees and external entities that should be contacted in the event of an emergency declaration.ArtifactInternalPII
Cash LetternounA group of checks accompanied by a paper listing sent to a clearinghouse, a Federal Reserve Bank, or another institution. A cash letter contains a number of negotiable items, mostly checks, accompanied by a letter that lists the amounts and instructions for transmittal to another bank. May also be called a transmittal letter. An incoming cash letter is one that is received by an institution from a clearinghouse, a Federal Reserve Bank, or another institution and contains checks written on accounts at the institution that were cashed elsewhere. An outgoing cash letter is one that is being sent to a clearinghouse, a Federal Reserve Bank, or another institution and contains checks deposited at the institution, which are written on accounts at other institutions.ArtifactRegulatedPII
Certification PackagenounProduct of the certification effort documenting the detailed results of the certification activities.ArtifactRegulatedCUI
Certification Practice StatementnounA statement of the practices that a Certification Authority employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this Certificate Policy, or requirements specified in a contract for services).ArtifactInternal
ChecknounA written order from one party (payer) to another (payee) requiring the payer's financial institution to pay a specified sum on demand to the payee or to a third party specified by the payeeArtifactRegulatedPCI
Code BooknounDocument containing plain text and code equivalents in a systematic arrangement, or a technique of machine encryption using a word substitution technique.ArtifactRestrictedCUI
Code VocabularynounSet of plain text words, numerals, phrases, or sentences for which code equivalents are assigned in a code system.Artifact
Compliance documentsnounPolicies, standard and procedures that document the actions that are required or prohibited. Violations may be subject to disciplinary actions.ArtifactInternal
Computer Security Objects RegisternounA collection of Computer Security Object names and definitions kept by a registration authority.ArtifactInternal
COMSEC ProfilenounStatement of COMSEC measures and materials used to protect a given operation, system, or organization.ArtifactRegulatedCUI
COMSEC SurveynounOrganized collection of COMSEC and communications information relative to a given operation, system, or organization.ArtifactRestrictedCUI
contractnounA document that records the terms and conditions of a legally binding agreement.ArtifactConfidential
Correctness ProofnounA mathematical proof of consistency between a specification and its implementation.ArtifactIP
Credit EntrynounAn entry to the record of an account that represents the transfer or placement of funds into the account.ArtifactRegulatedPCI
customer educational materialnounEducational materials used to inform customers about topics regarding the products and/or services that they use.ArtifactInternal
Cybersecurity ProfilenounA representation of the outcomes that a particular system or organization has selected from the Framework Categories and Subcategories.ArtifactInternal
data flow diagramnounA simplified drawing of how data moves throughout an application, system, or network.Artifact
DeliverablenounA project goal or expectation. Deliverables include broadly-defined, project or phase requirements and specifically-defined tasks within project phases.Artifact
documentationnounInstructions, specifications, and other descriptive information relating to the installation and use of hardware, software, systems, or files.Artifact
Duplicate Digital EvidencenounA duplicate is an accurate digital reproduction of all data objects contained on the original physical item and associated media.ArtifactRegulatedCUI
DurationnounA field within a certificate that is composed of two subfields; “date of issue” and “date of next issue.”ArtifactRestricted
Electronic EvidencenounInformation and data of investigative value that is stored on or transmitted by an electronic device.ArtifactRegulated
Engagement LetternounThis record contains formal agreements to perform services in exchange for compensation.ArtifactConfidential
escrownounSomething (e.g., a document, an encryption key) that is "delivered to a third person to be given to the grantee only upon the fulfillment of a condition."ArtifactRegulated
Evaluation Products ListnounList of validated products that have been successfully evaluated under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS).ArtifactPublicPublicInfo
event informationnounThe data fields and information that needs to be captured during monitoring so that the organization knows what happened when the event was triggered.Artifact
event lognounA basic resource that helps provide information about network traffic, usage and other conditions. An event log stores these data for retrieval by security professionals or automated security systems to help network administrators manage various aspects such as security, performance and transparency.ArtifactRegulated
event loggingnounThe purpose of this task is to record the actions performed on a system.ArtifactRegulated
Exculpatory EvidencenounEvidence that tends to decrease the likelihood of fault or guilt.ArtifactRestricted
FlowchartsnounTraditional flowcharts involve the use of geometric symbols, such as diamonds, ovals, and rectangles to represent the sequencing of program logic. Software packages are available that automatically chart programs or enable a programmer to chart a program without the need to draw it manually.ArtifactIP
Forensic CopynounAn accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.ArtifactRegulated
Formal ProofnounComplete and convincing mathematical argument presenting the full logical justification for each proof step and for the truth of a theorem or set of theorems.Artifact
help filenounA help file (sometimes called a help system ) is a documentation component of a software program that explains the features of the program and helps the user understand its capabilities. A bit like an extensive, organized, and thorough collection of FAQ s (frequently asked questions), the help system's purpose is to provide the answers that a user needs to understand to use the program effectively.Artifact
ImagenounAn exact bit-stream copy of all electronic data on a device, performed in a manner that ensures that the information is not altered.ArtifactRegulated
Implementation plannounA plan that details project management requirements and issues to be addressed during the period between the execution of an outsourcing agreement and the full production use of the outsourced services.ArtifactInternal
Incident ReportnounA record containing the details of an incident. Each incident record documents the lifecycle of a single incident.ArtifactRegulated
Inculpatory EvidencenounEvidence that tends to increase the likelihood of fault or guilt.ArtifactRestricted
Information Security Program PlannounFormal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.ArtifactRestrictedCUI
Informative ReferencenounA specific section of standards, guidelines, and practices common among critical infrastructure sectors that illustrates a method to achieve the outcomes associated with each Cybersecurity Subcategory. An example of an Informative Reference is ISO/IEC 27001 Control A.10.8.3, which supports the “Data-in-transit is protected” Subcategory of the “Data Security” Category in the “Protect” function.Artifact
Intangible assetnounAn asset that is not physical in nature Scope Note: Examples include: intellectual property (patents, trademarks, copyrights, processes), goodwill, and brand recognitionArtifactConfidentialIP
Interface Control DocumentnounTechnical document describing interface controls and identifying the authorities and responsibilities for ensuring the operation of such controls. This document is baselined during the preliminary design review and is maintained throughout the information system life cycle.ArtifactRegulatedCUI
Interim Approval to OperatenounTemporary authorization granted by a DAA for an information system to process information based on preliminary results of a security evaluation of the system. (To be replaced by ATO and POA&M)ArtifactRegulatedCUI
internal audit reportnounA report issued by an independent auditor within an organization that expresses an opinion about whether the financial statements present fairly a company's financial position, operating results, and cash flows in accordance with generally accepted accounting principles.ArtifactConfidential
IT strategic plannounA comprehensive blueprint that guides the organization's technology management and contains high-level goals and plans for all areas of information technology that affect the business, not just the infrastructure. The plan should include areas that impact technology management, including cost management, human capital management, hardware and software management, third-party management, risk management, and all other considerations in the enterprise IT environment.ArtifactInternal
IT system inventorynounA list containing information about the information resources owned or operated by an organization.ArtifactInternal
Key ListnounPrinted series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format.ArtifactRegulatedCUI
Key TagnounIdentification information associated with certain types of electronic key.ArtifactRegulatedCUI
lessons learnednounA set of statements captured after completion of a project or a portion of a project that describes in a neutral way what did or did not work, along with a statement regarding the risk of ignoring the lesson.Artifact
lognounTo record an event or transaction in an organized record-keeping system, usually sequenced in the order they occurred.Artifact
manualnounA book of instructions, especially for operating a machine or learning a subject.ArtifactInternal
Matched instructionsnounTwo Instructions in which the information set forth in a specific CLS Bank Rule is matched in accordance with the parameters and procedures set forth in the CLS Bank Rules.ArtifactRegulated
Memorandum of Understanding/AgreementnounA document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission. In this guide, an MOU/A defines the responsibilities of two or more organizations in establishing, operating, and securing a system interconnection.ArtifactInternalCUI
MnemonicnounA symbol or expression that can help someone remember something. For example, the phrase "Hello! My name is Bill. I'm 9 years old." might help an individual remember a secure 10-character password of "H!MniBI9yo."ArtifactRestricted
namenounThe word or phrase by which an individual, family, organization, or thing is known or referred to.ArtifactPII
network activity baselinenounEstablishing a trusted baseline document involves identifying the following: - network data points of interest - length of the baseline data collection period - methods and tools used to collect and store data Suggested network data points of interest include the following: - a list of predetermined devices a given workstation or server should communicate with - VPN usage, including access times, bandwidth and resources used, source IP addresses, and geolocation information - the known set of ports and protocols in use by the network - firewall and intrusion detection system logs - normal traffic patterns and flows.ArtifactInternalCUI
network diagramnounA description of any kind of locality in terms of its physical layout. In the context of communication networks, a topology describes pictorially the configuration or arrangement of a network, including its nodes and connecting communication lines.ArtifactConfidential
noticenounAny documented (in print or electronic format) notice or notification to another person by taking such steps as may be reasonably required to inform the other person in ordinary course, whether or not the other person actually comes to know of it.ArtifactRegulated
Object IdentifiernounA specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the federal government PKI, they are used to uniquely identify each of the four policies and cryptographic algorithms supported.ArtifactRegulatedCUI
Object ProgramnounA program that has been translated into machine language and is ready to be run (i.e., executed) by the computer.ArtifactIP
One-part CodenounCode in which plain text elements and their accompanying code groups are arranged in alphabetical, numerical, or other systematic order, so one listing serves for both encoding and decoding. One-part codes are normally small codes used to pass small volumes of low-sensitivity information.Artifact
operational performance reportnounA report that details the findings of a performance review of a business's operations.ArtifactInternal
Operations CodenounCode composed largely of words and phrases suitable for general communications use.ArtifactRegulatedCUI
outputnounData or information produced by computer processing, such as graphic display on a terminal or hard copy.Artifact
Outsourcing Service ContractnounThis record contains acquisition or outsourcing contracts for IT services.ArtifactConfidential
patchnounAn update to an operating system, application, or other software issued specifically to correct particular problems with the software.Artifact
patch lognounA list that shows patches that been installed and need to be installed to update software.ArtifactInternal
Path HistoriesnounMaintaining an authenticatable record of the prior platforms visited by a mobile software agent, so that a newly visited platform can determine whether to process the agent and what resource constraints to apply.ArtifactInternalCUI
physical security plannounA formal document that provides an overview of the security requirements for a physical security program and describes the security controls in place or planned for meeting those requirements.ArtifactRegulatedCUI
Plan of Action and MilestonesnounA document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.ArtifactRegulatedCUI
Practice StatementnounA formal statement of the practices followed by an authentication entity (e.g., RA, CSP, or Verifier). It usually describes the policies and practices of the parties and can become legally binding.ArtifactInternal
Privacy Impact AssessmentnounAn analysis of how information is handled: 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.ArtifactConfidentialPII
Proof of deposit (POD)nounThe verification of the dollar amount written on a negotiable instrument being deposited.ArtifactRegulated
protocols, ports, applications, and services listnounA compilation of all protocols, ports, applications, and services that are available.ArtifactInternal
receiptnounA written or printed acknowledgment that something has been paid for or that goods have been received.ArtifactInternal
recordnounAnything that is put down in permanent form and preserved as evidence.ArtifactRegulatedPII
regulatory noticenounAny documented (in print or electronic format) notice used to inform affected parties regarding regulatory issues.ArtifactRegulated
Release PrefixnounPrefix appended to the short title of U.S.-produced keying material to indicate its foreign releasability. "A" designates material that is releasable to specific allied nations, and "U.S." designates material intended exclusively for U. S. use.ArtifactRegulatedCUI
Remediation PlannounA plan to perform the remediation of one or more threats or vulnerabilities facing an organization’s systems. The plan typically includes options to remove threats and vulnerabilities and priorities for performing the remediation.ArtifactInternal
reportnounTo give a spoken or written account of something that has been seen, done etc.ArtifactRegulated
Report of ExaminationnounThe report prepared by the Board, or other federal or state financial institution supervisory agency, concerning the examination of a financial institution, and includes reports of inspection and reports of examination of U.S. branches or agencies of foreign banks and representative offices of foreign organizations, and other institutions examined by the Federal Reserve System.ArtifactRegulated
Request for CommentnounA series of notes about the Internet, started in 1969 (when the Internet was the ARPANET). An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard.ArtifactPublicPublicInfo
Return (ACH)nounAny ACH entry that has been returned to the ODFI by the RDFI or by the ACH operator because it cannot be processed. The reason for each return is included with the return in the form of a "return reason code." (See the NACHA "Operating Rules and Guidelines" for a complete reason code listing.)ArtifactRegulatedPCI
Risk Assessment ReportnounThe report which contains the results of performing a risk assessment or the formal output from the process of assessing risk.ArtifactConfidential
risk decisionnounA decision by the leadership of an organization to accept an option having a given risk function in preference to another, or in preference to taking no action.Artifact
Risk ProfilenounThis record contains an outline of the number, type, and potential effects of risks to which an asset or organization are exposed.ArtifactRegulated
Safeguarding StatementnounStatement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized individual. Synonymous with banner.ArtifactRegulatedCUI
SAS 70 reportnounAn audit report of a servicing institution prepared in accordance with guidance provided in the American Institute of Certified Public Accountant's Statement of Auditing Standards Number 70. Replaced by SSAE 16.ArtifactRegulated
SchedulesnounThis record category contains ordered lists of times at which things are planned to occur.ArtifactInternal
ScriptnounA file containing active content; for example, commands or instructions to be executed by the computer.Artifact
security assessment reportnounAny published finding of security component audits such as a vulnerability assessment.ArtifactConfidential
Security Concept of OperationsnounA security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.ArtifactRestrictedCUI
Security Features Users GuidenounGuide or manual explaining how the security mechanisms in a specific system work.ArtifactInternal
Security lognounA record that contains log-in and logout activity and other security-related events and that is used to track security-related information on a computer system.ArtifactRegulated
Security MarkingnounHuman-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings.ArtifactRegulatedCUI
Security PlannounFormal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. See ‘System Security Plan’ or ‘Information Security Program Plan.’ArtifactRestricted
Security Program PlannounFormal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements.ArtifactRestrictedCUI
Security Requirements Traceability MatrixnounMatrix that captures all security requirements linked to potential risks and addresses all applicable C&A requirements. It is, therefore, a correlation statement of a system’s security features and compliance methods for each security requirement.ArtifactRegulatedCUI
Short TitlenounIdentifying combination of letters and numbers assigned to certain COMSEC materials to facilitate handling, accounting, and controlling.ArtifactRegulatedCUI
signaturenounA recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.Artifact
software releasenounThe public or private distribution of an initial or upgraded version of a computer software product.Artifact
Source programnounA program written in a programming language (such as C, Pascal, or COBOL). A compiler translates the source code into a machine-language object program.ArtifactIP
SpecificationnounAn assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, and architectural designs) associated with an information system.Artifact
stipulationnoun(law) an agreement or concession made by parties in a judicial proceeding (or by their attorneys) relating to the business before the court; must be in writing unless they are part of the court record.ArtifactRegulated
Substitute check (Check 21)nounAlso known as the Image Replacement Document (IRD). A paper reproduction of an original check that (1) contains an image of the front and back of the original check; (2) bears a MICR line that, except as provided under ANS X9.100-140, contains all the information appearing on the MICR line of the original check when it was issued and any additional information that was encoded on the original check's MICR line before an image of the original check was captured; (3) conforms in paper stock, dimension, and otherwise with ANS X9.100-140; and (4) is suitable for automated processing in the same manner as the original check. The Federal Reserve Board of Governors can by rule or order determine different standards.ArtifactRegulatedPCI
Suspicious activity report (SAR)nounReports required to be filed by the Bank Secrecy Act when a financial institution identifies or suspects fraudulent activity.ArtifactRegulated
SyllabarynounList of individual letters, combination of letters, or syllables, with their equivalent code groups, used for spelling out words or proper names not present in the vocabulary of a code. A syllabary may also be a spelling table.Artifact
system documentationnounDetailed information about a computer system its architecture, design, data flow, and programming logic.ArtifactInternalIP
System ProfilenounDetailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an information system.ArtifactRegulatedCUI
Test plannounA document that is based on the institution's test scope and objectives and includes various testing methods.ArtifactInternal
test resultnounA formal document defining the subject of the test, the test plan, approach, analysis tools, and conclusions found during the testing process.ArtifactRegulated
Test scenarionounA potential event, identified as the operating environment for a business continuity or disaster recovery test, which the institution's recovery and resumption plan must address.ArtifactInternal
Test scriptsnounDocuments that define the specific activities, tasks, and steps that test participants will conduct during the testing process.Artifact
Third Party Service Provider ListnounThis record contains lists of all third party service providers and their contacts within each organization.ArtifactInternal
Threat ModelnounA threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.Artifact
ticketnounIn access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.ArtifactRestricted
TimelinesnounChronological graphs where events related to an incident can be mapped to look for relationships in complex cases Scope Note: Timelines can provide simplified visualization for presentation to management and other non- technical audiences.Artifact
Trust ListnounThe collection of trusted certificates used by Relying Parties to authenticate other certificates.ArtifactRegulated
Trusted TimestampnounA digitally signed assertion by a trusted authority that a specific digital object existed at a particular time.ArtifactRegulated
Two-Part CodenounCode consisting of an encoding section, in which the vocabulary items (with their associated code groups) are arranged in alphabetical or other systematic order, and a decoding section, in which the code groups (with their associated meanings) are arranged in a separate alphabetical or numeric order.Artifact
Type 4 ProductnounUnevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor’s commercial practices. These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS.ArtifactRegulatedCUI
unposted suspense itemnounA transaction that has not yet been processed, but may affect the amount of credit available.ArtifactRegulatedPCI
user manualnounA user guide or user's guide, also commonly known as a manual, is a technical communication document intended to give assistance to people using a particular system.Artifact
visitor lognounA paper or electronic record of any non-employee entering a facility, construction site, structure or website.ArtifactRegulatedCUI
WEB SEC codenounAn ACH debit entry initiated by an originator resulting from the receiver's authorization through the Internet to make a transfer of funds from a consumer account of the receiver.ArtifactRegulatedPII
work papernounThe written record of the basis for the auditor's conclusions that provides the support for the auditor's representations, whether those representations are contained in the auditor's report or otherwise.ArtifactRegulated