Browse — Entity Type · Capability
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
228 terms
TermTypeDefinitionClassificationsUpdated
accessnounThe ability to physically or logically enter or make use of an IT system or area (secured or unsecured). The process of interacting with a system.Capability
actionable intelligencenounInformation that can be acted upon to address, prevent or mitigate a cyber threat. The sum of an information system’s characteristics in the broad categories (software, hardware, network, processes and human) which allows an attacker to probe, enter, attack or maintain a presence in the system and potentially cause damage to an FMI. A smaller attack surface means that the FMI is less exploitable and an attack less likely.CapabilityRestrictedCUI
Activity MonitorsnounActivity monitors aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.Capability
Address Verification Service (AVS)nounBankcard company service that verifies the customer-provided billing address matches the billing address on their credit card account. The bankcard companies will not support merchants that opt for not using AVS if those transactions are disputed and will charge the merchant an additional 1.25% on those sales.CapabilityRegulatedPCI
Agency Certification AuthoritynounA CA that acts on behalf of an agency and is under the operational control of an agency.CapabilityRegulatedCUI
AgilitynounIn IT systems, the ability to rapidly incorporate new technologies or changes to technologies allowing an organization to adapt to changing business needs.Capability
All Source IntelligencenounIn the NICE Workforce Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.CapabilityRestrictedCUI
Anomaly-Based DetectionnounThe process of comparing definitions of what activity is considered normal against observed events to identify significant deviations.Capability
antimalware softwarenounA program that monitors a computer or network to identify all major types of malware: virus, trojan horse, spyware, Adware, worms, rootkits, etc.Capability
antispyware softwarenounA program that specializes in detecting both malware and non-malware forms of spyware.Capability
Approved Security FunctionnounA security function (e.g., cryptographic algorithm, cryptographic key management technique, or authentication technique) that is either a) specified in an Approved Standard; b) adopted in an Approved Standard and specified either in an appendix of the Approved Standard or in a document referenced by the Approved Standard; or c) specified in the list of Approved security functions.CapabilityRegulated
AssurancenounGrounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. “Adequately met” includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass.Capability
Assured Information SharingnounThe ability to confidently share information with those who need it, when and where they need it, as determined by operational need and an acceptable level of security risk.CapabilityRegulatedCUI
Asymmetric CryptographynounPublic-key cryptography; A modern branch of cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.Capability
Attack Sensing and WarningnounDetection, correlation, identification, and characterization of intentional unauthorized activity with notification to decision makers so that an appropriate response can be developed.Capability
Audit functionnounThe purpose of this function is to provide an independent, objective assurance and consulting activity to evaluate and improve the effectiveness of risk management, control, and governance.Capability
Audit Reduction ToolsnounPreprocessors designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tools can remove many audit records known to have little security significance. These tools generally remove records generated by specified classes of events, such as records generated by nightly backups.Capability
AuthenticationnounThe process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.Capability
AuthenticitynounThe property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See Authentication.Capability
automated clearing house capturenounA service that allows a user to transmit automated clearing house data to a bank for posting and clearing.CapabilityRegulatedPCI
Automated Security MonitoringnounUse of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system.Capability
awarenessnounHaving or showing knowledge or perception about a situation, fact, or development.Capability
behavior monitoringnounObserving activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.Capability
BLACKnounDesignation applied to encrypted information and the information systems, the associated areas, circuits, components, and equipment processing that information. See also RED.CapabilityRestrictedCUI
Block ciphernounA symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block.Capability
Block Cipher AlgorithmnounA family of functions and their inverses that is parameterized by a cryptographic key; the function maps bit strings of a fixed length to bit strings of the same length.Capability
Build Security InnounA set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.Capability
Cipher SuitenounNegotiated algorithm identifiers. Cipher suites are identified in human-readable form using a pneumonic code.Capability
Collect & OperatenounA NICE Workforce Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.Capability
Commodity ServicenounAn information system service (e.g., telecommunications service) provided by a commercial service provider typically to a large and diverse set of consumers. The organization acquiring and/or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not in a position to require that the provider implement specific security controls.CapabilityInternal
competencenounThe state or quality of possessing the necessary ability, knowledge, or skill to do something successfully.Capability
Computer CryptographynounUse of a crypto-algorithm program by a computer to authenticate or encrypt/decrypt information.Capability
computer network defensenounActions taken to defend against unauthorized activity within computer networks. CND includes monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities.CapabilityRegulated
Computer Network Defense AnalysisnounIn the NICE Workforce Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.Capability
Computer Network Defense Infrastructure SupportnounIn the NICE Workforce Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities.Capability
Computer Network OperationsnounComprised of computer network attack, computer network defense, and related computer network exploitation enabling operations.CapabilityRestrictedCUI
Computer SecuritynounMeasures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.Capability
Computer Security Incident Response TeamnounA capability set up for the purpose of assisting in responding to computer security-related incidents; also called a Computer Incident Response Team (CIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability).Capability
Content filteringnounThe process of monitoring communications such as email and Web pages, analyzing them for suspicious content, and preventing the delivery of suspicious content to users.Capability
critical functionnounBusiness activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.CapabilityRestricted
Cross-Domain CapabilitiesnounThe set of functions that enable the transfer of information between security domains in accordance with the policies of the security domains involved.CapabilityRegulated
cryptanalysisnoun1) Operations performed in defeating cryptographic protection without an initial knowledge of the key employed in providing the protection. 2) The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.Capability
Cryptographic Hash FunctionnounA function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties: 1) (One-way) It is computationally infeasible to find any input which maps to any pre-specified output, and 2) (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.Capability
Cryptographic LogicnounThe embodiment of one (or more) cryptographic algorithm(s) along with alarms, checks, and other processes essential to effective and secure performance of the cryptographic process(es).CapabilityRegulated
Cryptographic Module Validation ProgramnounValidates cryptographic modules to Federal Information Processing Standard (FIPS) 140-2 and other cryptography-based standards. The CMVP is a joint effort between National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of the government of Canada. Products validated as conforming to FIPS 140-2 are accepted by the federal agencies of both countries for the protection of sensitive information (United States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated cryptographic modules and provide federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.CapabilityRegulatedCUI
Cryptographic RandomizationnounFunction that randomly determines the transmit state of a cryptographic logic.Capability
Cryptographic SecuritynounComponent of COMSEC resulting from the provision of technically sound cryptographic systems and their proper use.CapabilityRegulatedCUI
CryptographynounIs categorized as either secret key or public key. Secret key cryptography is based on the use of a single cryptographic key shared between two parties. The same key is used to encrypt and decrypt data. This key is kept secret by the two parties. Public key cryptography is a form of cryptography which makes use of two keys: a public key and a private key. The two keys are related but have the property that, given the public key, it is computationally infeasible to derive the private key [FIPS 140-1]. In a public key cryptosystem, each party has its own public/private key pair. The public key can be known by anyone; the private key is kept secret.Capability
cryptologynounThe science that deals with hidden, disguised, or encrypted communications. It includes communications security and communications intelligence.Capability
CryptosystemnounA pair of algorithms that take a key and convert plaintext to ciphertext and backCapability
Custom redirect servicenounThis service enables control over the location of incoming calls or the redirection of calls to various locations or pre-established phone numbers to ensure customer service continuity.CapabilityInternal
customer accessnounA customer’s ability and means to communicate or interact with a system, use system resources or to control system components and functions.CapabilityRegulated
Customer ServicenounThe purpose of this function is to provide and manage information delivery and support to an organization's clients regarding its products and/or services.Capability
Customer Service and Technical SupportnounIn the NICE Workforce Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support).Capability
Cyber OperationsnounIn the NICE Workforce Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.CapabilityRestrictedCUI
cyber resiliencenounThe ability of a system or domain to withstand cyber attacks or failures and, in such events, to reestablish itself quickly.Capability
cyber threat intelligencenounOrganized, analyzed and refined information about potential or current attacks that threaten an organization. The primary purpose of threat intelligence is helping organizations understand the risks of the most common and severe external threats, such as zero-day threats, advanced persistent threats (APTs) and exploits. Although threat actors also include internal (or insider) and partner threats, the emphasis is on the types that are most likely to affect a particular organization's environment. Threat intelligence includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage. In a military, business or security context, intelligence is information that provides an organization with decision support and possibly a strategic advantage. Threat intelligence is a component of security intelligence and, like SI, includes both the information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information. Threat intelligence services provide organizations with current information related to potential attack sources relevant to their businesses; some also offer consultation service.CapabilityRestricted
CybersecuritynounThe ability to protect or defend the use of cyberspace from cyber attacks.Capability
Cybersecurity architecturenounDescribes the structure, components and topology (connections and layout) of security controls within an enterprise's IT infrastructure Scope Note: The security architecture shows how defense-in-depth is implemented and how layers of control are linked and is essential to designing and implementing security controls in any complex environment.Capability
cybersecurity awarenessnounThe extent to which individuals of an organization or those who have access to an organizations information understand their individual responsibilities regarding cybersecurity risks and the need to identify, assess, and mitigate these risks in light of the increasing volume and sophistication of cyber threats.CapabilityInternal
cybersecurity functionnounOne of the main components of the Cybersecurity Framework. Cybersecurity functions provide the highest level of structure for organizing basic cybersecurity activities into Cybersecurity Categories and Cybersecurity Subcategories. The five Cybersecurity functions are the Identify function, Protect function, Detect function, Respond function, and Recover function.Capability
data loss preventionnounA set of procedures and mechanisms to stop sensitive data from leaving a security boundary.Capability
data processing servicenounWork performed by an organization to fulfill a need for a customer or client regarding data processing.Capability
Data SecuritynounProtection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure.Capability
Deep packet inspectionnounThe capability to analyze network traffic to compare vendor-developed profiles of benign protocol activity against observed events to identify deviations.Capability
Defense in depthnounThe practice of layering defenses to provide added protection Defense in depth increases security by raising the effort needed in an attack. This strategy places multiple barriers between an attacker and an enterprise's computing and information resources.Capability
Detect FunctionnounDevelop and implement the appropriate activities to identify the occurrence of a cybersecurity event.Capability
detectionnounThe identifying the existence of malicious content (by signature or heuristic).Capability
Detection devicenounA device designed to recognize an event and alert management when events occur.Capability
Deterministic Random Bit GeneratornounA Random Bit Generator (RBG) that includes a DRBG mechanism and (at least initially) has access to a source of entropy input. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator. Source of entropy input. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator.CapabilityRegulated
Deterministic Random Bit Generator MechanismnounThe portion of an RBG that includes the functions necessary to instantiate and uninstantiate the RBG, generate pseudorandom bits, (optionally) reseed the RBG and test the health of the DRBG mechanism.CapabilityRegulated
Diffie-HellmannounA key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman. Diffie-Hellman does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography.Capability
Distributed ScansnounDistributed Scans are scans that use multiple source addresses to gather information.Capability
DumpSecnounDumpSec is a security tool that dumps a variety of information about a system's users, file system, registry, permissions, password policy, and services.Capability
dynamic attack surfacenounThe automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary.Capability
E-GovernmentnounThe use by the U.S. government of Web-based Internet applications and other information technology.CapabilityRegulatedCUI
Education Information SecuritynounEducation integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge . . . and strives to produce IT security specialists and professionals capable of vision and proactive response.Capability
electronic funds transfer functionnounAny activity that corresponds with or relates to the transfer of funds electronicallyCapabilityRegulated
Electronic Messaging ServicesnounServices providing interpersonal messaging capability; meeting specific functional, management, and technical requirements; and yielding a business-quality electronic mail service suitable for the conduct of official government business.CapabilityRegulatedCUI
Elliptical curve cryptographynounAn algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller keys compared to traditional methods, such as RSA, which primarily use algebraic factoring. Scope Note: Smaller keys are more suitable to mobile devices.Capability
Emanations AnalysisnounGaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data.CapabilityRestrictedCUI
End-point securitynounRefers to a methodology of protecting the corporate network when accessed with remote devices, such as laptops, or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry (or exit) point for security threats.Capability
End-to-end recoverabilitynounThe ability of an institution to recover a business process from initiation, such as customer contact, through process finalization, such as transaction closure.CapabilityRegulated
FailovernounThe capability to switch over automatically (typically without human intervention or warning) to a redundant or standby information system upon the failure or abnormal termination of the previously active system.Capability
forensic readinessnounThe ability of an FMI to maximise the use of digital evidence to identify the nature of a cyber attack.CapabilityRegulated
Formatting FunctionnounThe function that transforms the payload, associated data, and nonce into a sequence of complete blocks.Capability
Government Emergency Telecommunications Service (GETS)nounAcronym for the Government Emergency Telecommunications Service card program. GETS cards provide emergency access and priority processing for voice communications services in emergency situations.CapabilityRegulatedCUI
High AvailabilitynounA failover feature to ensure availability during device or component interruptions.Capability
Host-Based IDnounHost-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. This analysis of the audit trail imposes potentially significant overhead requirements on the system because of the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability.Capability
Host=based Intrusion Detection SystemsnounIDSs which operate on information collected from within an individual computer system. This vantage point allows host-based IDSs to determine exactly which processes and user accounts are involved in a particular attack on the Operating System. Furthermore, unlike network-based IDSs, host-based IDSs can more readily “see” the intended outcome of an attempted attack, because they can directly access and monitor the data files and system processes usually targeted by attacks.Capability
IA ProductnounProduct whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, non-repudiation of data); correct known vulnerabilities; and/or provide layered defense against various categories of non-authorized or malicious penetrations of information systems or networks.Capability
Identification and AuthenticationnounThe purpose of this function is to verify the identity of an entity through the use of specific credentials as a prerequisite for granting access to resources in an IT system.CapabilityRegulated
Identify FunctionnounDevelop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.Capability
identity and access managementnounThe methods and processes used to manage subjects and their authentication and authorizations to access specific objects.Capability
identity managementnounThe purpose of this task is to implement a set of functions and capabilities used for assurance of identity information (e.g., identifiers, credentials, attributes).CapabilityRegulatedPII
information assurancenounMeasures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.Capability
Information Assurance CompliancnounIn the NICE Workforce Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.CapabilityRegulated
Information Assurance ComponentnounAn application (hardware and/or software) that provides one or more Information Assurance capabilities in support of the overall security and operational objectives of a system.CapabilityRegulatedCUI
Information OperationsnounThe integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial human and automated decision-making process, information, and information systems while protecting our own.CapabilityRegulatedCUI
Information SecuritynounProtecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide— 1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; 2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and 3) availability, which means ensuring timely and reliable access to and use of information.Capability
Information Security Continuous MonitoringnounMaintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. [Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.]Capability
information sharing forumnounAn assembly in which participants share problems, solutions, updates, and data on topics relevant to its discourse.Capability
information system resiliencenounThe ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.Capability
Information Systems SecuritynounProtection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.CapabilityRegulated
Information Systems Security OperationsnounIn the NICE Workforce Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer).Capability
Information Systems Security ProductnounItem (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security.Capability
Information Technology servicenounA service provided to one or more customers by an Information Technology (IT) service provider. An IT service is based on the use of information technology and supports the customer’s business processes. An IT service is made up from a combination of people, processes, and technology and should be defined in a service level agreement.Capability
Infrastructure as a ServicenounOffers the capability to provision processing, storage, networks and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating systems (OSs) and applicationsCapability
internal audit functionnounAn appraisal activity established or provided as a service to the entity. Its functions include, amongst other things, examining, evaluating and monitoring the adequacy and effectiveness of internal control.CapabilityInternal
interoperabilitynounFor the purposes of this standard, interoperability allows any government facility or information system, regardless of the PIV Issuer, to verify a cardholder’s identity using the credentials on the PIV Card.Capability
Intrusion detectionnounTechniques that attempt to detect unauthorized entry or access into a computer or network by observation of actions, security logs, or audit data; detection of break-ins or attempts, either manually or via software expert systems that operate on logs or other information available on the network.Capability
Intrusion Detection and Prevention SystemnounSoftware that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidents.Capability
Intrusion detection systemnounInspects network and host security activity to identify suspicious patterns that may indicate a network or system attackCapability
Intrusion detection system (IDS)nounSoftware or hardware product that detects and logs inappropriate, incorrect, or anomalous activity. It gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organizations) and misuse (attacks from within the organizations). IDS are typically characterized based on the source of the data they monitor: host or network. A host-based IDS uses system log files and other electronic audit data to identify suspicious activity. A network-based IDS uses a sensor to monitor packets on the network to which it is attached.Capability
Intrusion preventionnounA preemptive approach to network security used to identify potential threats and respond to them to stop, or at least limit, damage or disruptionCapability
Inverse CiphernounSeries of transformations that converts ciphertext to plaintext using the Cipher Key.Capability
IP ForwardingnounIP forwarding is an Operating System option that allows a host to act as a router. A system that has more than 1 network interface card must have IP forwarding turned on in order for the system to be able to act as a router.Capability
IT Security AwarenessnounThe purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.Capability
IT Security InvestmentnounAn IT application or system that is solely devoted to security. For instance, intrusion detection systems (IDS) and public key infrastructure (PKI) are examples of IT security investments.Capability
KerberosnounA widely used authentication protocol developed at the Massachusetts Institute of Technology (MIT). In “classic” Kerberos, users share a secret password with a Key Distribution Center (KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is furnished a “ticket” by the KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-to-KDC exchange. Longer password length and complexity provide some mitigation to this vulnerability, although sufficiently long passwords tend to be cumbersome for users.Capability
Legal Advice and AdvocacynounIn the NICE Workforce Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings.Capability
Local AccessnounAccess to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network.Capability
machine learning and evolutionnounA field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems.Capability
Message digest algorithmnounMessage digest algorithms are SHA1, MD2, MD4 and MD5. These algorithms are one-way functions unlike private and public key encryption algorithms. Scope Note: All digest algorithms take a message of arbitrary length and produce a 128-bit message digest.Capability
Minimalist CryptographynounCryptography that can be implemented on devices with very limited memory and computing capabilities, such as RFID tags.Capability
Mobile Code TechnologiesnounSoftware technologies that provide the mechanisms for the production and use of mobile code (e.g., Java, JavaScript, ActiveX, VBScript).Capability
Mobile financial servicesnounThe products and services that a financial institution provides to its customers through mobile devices.CapabilityRegulatedPII
Multilevel SecuritynounConcept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.CapabilityRegulatedCUI
Multiple Security LevelsnounCapability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains.CapabilityRegulatedCUI
National Security Emergency Preparedness Telecommunications ServicesnounTelecommunications services that are used to maintain a state of readiness or to respond to and manage any event or crisis (local, national, or international) that causes or could cause injury or harm to the population, damage to or loss of property, or degrade or threaten the national security or emergency preparedness posture of the United States.CapabilityRegulatedCUI
Network AccessnounAccess to an organizational information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).Capability
network resiliencenounA computing infrastructure that provides continuous business operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged), rapid recovery if failure does occur, and the ability to scale to meet rapid or unpredictable demands.Capability
network securitynounThe protection of computer networks and their services from unauthorized entry, modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and that there are no harmful side effects. Network security includes providing for data integrity.Capability
Network ServicesnounIn the NICE Workforce Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.Capability
Network traffic analysisnounIdentifies patterns in network communications Scope Note: Traffic analysis does not need to have the actual content of the communication but analyzes where traffic is taking place, when and for how long communications occur and the size of information transferred.Capability
Network-Based IDSnounA network-based IDS system monitors the traffic on its network segment as a data source. This is generally accomplished by placing the network interface card in promiscuous mode to capture all network traffic that crosses its network segment. Network traffic on other segments, and traffic on other means of communication (like phone lines) can't be monitored. Network-based IDS involves looking at the packets on the network as they pass by some sensor. The sensor can only see the packets that happen to be carried on the network segment it's attached to. Packets are considered to be of interest if they match a signature.Network-based intrusion detection passively monitors network activity for indications of attacks. Network monitoring offers several advantages over traditional host-based intrusion detection systems. Because many intrusions occur over networks at some point, and because networks are increasingly becoming the targets of attack, these techniques are an excellent method of detecting many attacks which may be missed by host-based intrusion detection mechanisms.Capability
Network-Based Intrusion Detection SystemsnounIDSs which detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment.Capability
Non-deterministic Random Bit GeneratornounAn RBG that (when working properly) produces outputs that have full entropy. Contrast with a DRBG. Other names for non-deterministic RBGs are True Random Number (or Bit) Generators and, simply, Random Number (or Bit) Generators.Capability
Off-line CryptosystemnounCryptographic system in which encryption and decryption are performed independently of the transmission and reception functions.Capability
Online CryptosystemnounCryptographic system in which encryption and decryption are performed in association with the transmitting and receiving functions.CapabilityRegulated
operational resiliencenounThe ability of an FMI to: (i) maintain essential operational capabilities under adverse conditions or stress, even if in a degraded or debilitated state; and (ii) recover to effective operational capability in a time frame consistent with the provision of critical economic services.CapabilityRegulated
Organizational Information Security Continuous MonitoringnounOngoing monitoring sufficient to ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, by assessing security control implementation and organizational security status in accordance with organizational risk tolerance – and within a reporting structure designed to make real-time, data-driven risk management decisions.Capability
Oversight & DevelopmentnounA NICE Workforce Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.Capability
Practical Extraction and Reporting LanguagenounA script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.Capability
Pretty Good PrivacynounTrademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.Capability
Privileged accessnounIndividuals with the ability to override system or application controls.CapabilityRestricted
Protect & DefendnounA NICE Workforce Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.Capability
Protect FunctionnounA Cybersecurity Function that focuses on developing and implementing the appropriate safeguards to ensure delivery of critical infrastructure services.Capability
Pseudorandom number generatornounAn algorithm that produces a sequence of bits that are uniquely determined from an initial value called a seed. The output of the PRNG “appears” to be random, i.e., the output is statistically indistinguishable from random values. A cryptographic PRNG has the additional property that the output is unpredictable, given that the seed is not known.Capability
Quality of ServicenounThe measurable end-to-end performance properties of a network service, which can be guaranteed in advance by a Service-Level Agreement between a user and a service provider, so as to satisfy specific customer application requirements. Note: These properties may include throughput (bandwidth), transit delay (latency), error rates, priority, security, packet loss, packet jitter, etc.Capability
Random Bit GeneratornounA device or algorithm that outputs a sequence of binary bits that appears to be statistically independent and unbiased. An RBG is either a DRBG or an NRBG.Capability
Random Number GeneratornounRandom Number Generators (RNGs) used for cryptographic applications typically produce a sequence of zero and one bits that may be combined into sub-sequences or blocks of random numbers. There are two basic classes: deterministic and nondeterministic. A deterministic RNG consists of an algorithm that produces a sequence of bits from an initial value called a seed. A nondeterministic RNG produces output that is dependent on some unpredictable physical source that is outside human control.CapabilityRestricted
RandomizernounAnalog or digital source of unpredictable, unbiased, and usually independent bits. Randomizers can be used for several different functions, including key generation or to provide a starting state for a key generator.CapabilityRegulated
ReadnounFundamental operation in an information system that results only in the flow of information from an object to a subject.Capability
Real-time network monitoringnounImmediate response to a penetration attempt that is detected and diagnosed in time to prevent access.Capability
remote accessnounAccess to an organization's nonpublic information system by an authorized user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet).CapabilityRegulated
Remote deletionsnounUse of a technology to remove data from a portable device without touching the device.CapabilityRegulated
Remote deposit capture (RDC)nounA service that enables users at remote locations to scan digital images of checks and transmit the captured data to a financial institution or a merchant that is a customer of a financial institution.CapabilityRegulatedPCI
resiliencenounThe ability to quickly adapt and recover from any known or unknown changes to the environment through holistic implementation of risk management, contingency, and continuity planning.Capability
Reverse LookupnounFind out the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name.Capability
Rivest-Shamir-AdlemannounAn algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.Capability
RloginnounRemote login. A UNIX utility that allows a user to login to a remote host on a network, as if it were directly connected, and make use of various services. Remote login is an information exchange between network-connected devices where the information cannot be reliably protected end-to-end by a single organization's security controls.CapabilityRegulated
RobustnessnounThe ability of an Information Assurance entity to operate correctly and reliably across a wide range of operational conditions, and to fail gracefully outside of that operational range.Capability
RSAnounA public key cryptosystem developed by R. Rivest, A. Shamir and L. Adleman used for both encryption and digital signatures Scope Note: The RSA has two different keys, the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization. For applications with high- level security, the number of the decryption key bits should be greater than 512 bits.Capability
ScalabilitynounA term that refers to how well a hardware and software system can adapt to increased demands. For example, a scalable network system would be one that can start with just a few nodes but can easily expand to thousands of nodes. Scalability can be a very important feature because it means the entity can invest in a system with confidence they will not quickly outgrow it.Capability
Secure CommunicationsnounTelecommunications deriving security through use of NSA-approved products and/or Protected Distribution Systems.CapabilityRegulatedCUI
Secure Hash AlgorithmnounA hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.Capability
SecuritynounA condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.Capability
Security as a ServicenounThe next generation of managed security services dedicated to the delivery, over the Internet, of specialized information-security services.Capability
security automationnounThe use of information technology in place of manual processes for cyber incident response and management.Capability
Security Automation DomainnounAn information security area that includes a grouping of tools, technologies, and data.Capability
Security EngineeringnounAn interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.Capability
Security FunctionsnounThe hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.Capability
Security Information and Event ManagementnounApplication that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.Capability
Security Management DashboardnounA tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders.Capability
security operations centrenounA function or service responsible for monitoring, detecting and isolating incidents.Capability
Security ServicenounA capability that supports one, or more, of the security requirements (Confidentiality, Integrity, Availability). Examples of security services are key management, access control, and authentication.Capability
servicenounSomething of value provided to a customer such as banking, legal support, IT support, etc. that is not a physical thing with material value.Capability
Signals AnalysisnounGaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.CapabilityRegulated
situational awarenessnounWithin a volume of time and space, the perception of an enterprise’s security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future.Capability
SniffernounA sniffer is a tool that monitors network traffic as it received in a network interface.Capability
software assurancenounLevel of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner.CapabilityRegulated
Software Assurance and Security EngineeringnounIn the NICE Workforce Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.Capability
spam filtering softwarenounA program that analyzes emails to look for characteristics of spam, and typically places messages that appear to be spam in a separate email folder.Capability
Spread SpectrumnounTelecommunications techniques in which a signal is transmitted in a bandwidth considerably greater than the frequency content of the original information. Frequency hopping, direct sequence spreading, time scrambling, and combinations of these techniques are forms of spread spectrum.Capability
SteganalysisnounSteganalysis is the process of detecting and defeating the use of steganography.Capability
Store-and-ForwardnounStore-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it.Capability
Stream CiphernounA stream cipher works by encryption a message a single bit, byte, or computer word at a time.Capability
symmetric cryptographynounA branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).Capability
Symmetric Encryption AlgorithmnounEncryption algorithms using the same secret key for encryption and decryption.Capability
Synchronous Crypto-OperationnounEncryption algorithms using the same secret key for encryption and decryption.CapabilityRegulated
system and network monitoringnounSystem and Network Monitoring supports all activities related to the real-time monitoring of systems and networks for optimal performance. System and network monitoring describes the use of tools and observation to determine the performance and status of information systems and is closely tied to other Information and Technology Management sub-functions.Capability
Threat intelligencenounThe acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities that offer courses of action to enhance decision-making.Capability
threat intelligence servicenounA service that provides threat intelligence so that organizations can mitigate threats and remediate vulnerabilities.Capability
Threat MonitoringnounAnalysis, assessment, and review of audit trails and other information collected for the purpose of searching out system events that may constitute violations of system security.Capability
TOE Security FunctionsnounSet consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TOE Security Policy (TSP).CapabilityRegulatedCUI
TraceroutenounTraceroute is a tool the maps the route a packet takes from the local machine to a remote destination.Capability
Ultra forward servicenounThis service allows control over the re-routing of incoming phone calls to pre-determined alternate locations in the event of a telecommunications outage.CapabilityInternal
user access privilegenounAn identified entitlement that an end-user has to a particular system resource, such as a file folder, the use of certain system commands, or an amount of storage.Capability
Vertical defense-in depthnounControls are placed at different system layers – hardware, operating system, application, database or user levelsCapability
Voice Intrusion Prevention SystemnounVoice IPS is a security management system for voice networks which monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, Denial of Service, telecom attacks, service abuse, and other anomalous activity.Capability
WindumpnounWindump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.Capability
WritenounFundamental operation in an information system that results only in the flow of information from a subject to an object. See Access Type.Capability