Browse — Entity Type · Credential
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
124 terms
TermTypeDefinitionClassificationsUpdated
access codenounNumeric or alphanumeric data which, when entered correctly, authorizes entry into a secure area.CredentialRegulated
Asymmetric keynounA cipher technique in which different cryptographic keys are used to encrypt and decrypt a message Scope Note: See Public key encryption.CredentialRestricted
Authentication CodenounA cryptographic checksum based on an Approved security function (also known as a Message Authentication Code [MAC]).CredentialRegulated
Authentication TokennounAuthentication information conveyed during an authentication exchange.Credential
AuthenticatornounThe means used to confirm the identity of a user, process, or device (e.g., user password or token).CredentialRestricted
Automated Password GeneratornounAn algorithm which creates random passwords that have no association with a particular user.Credential
Basic AuthenticationnounBasic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request.CredentialRestrictedPII
BiometricnounA measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics.Credential
Biometric InformationnounThe stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g., patterns.)Credential
Biometric SystemnounAn automated system capable of: 1) capturing a biometric sample from an end user; 2) extracting biometric data from that sample; 3) comparing the extracted biometric data with data contained in one or more references; 4) deciding how well they match; and 5) indicating whether or not an identification or verification of identity has been achieved.Credential
Brute Force Password AttacknounA method of accessing an obstructed device through attempting multiple combinations of numeric and/or alphanumeric passwords.Credential
Card Verification Code (CVC2)nounNumeric security code printed on the back of MasterCard credit cards. CVC2 reduces credit card fraud and chargeback instances significantly when used in conjunction with AVS. (See Address verification service).CredentialRegulatedPCI
Card Verification Value (CVV2)nounThree-digit security number that is printed on the back of most Visa credit cards. CVV2 reduces credit card fraud and chargeback instances significantly when used in conjunction with AVS.CredentialRegulatedPCI
CertificatenounA digitally signed representation of information that 1) identifies the authority issuing it, 2) identifies the subscriber, 3) identifies its valid operational period (date issued / expiration date). In the information assurance (IA) community, certificate usually implies public key certificate and can have the following types: cross certificate – a certificate issued from a CA that signs the public key of another CA not within its trust hierarchy that establishes a trust relationship between the two CAs. encryption certificate – a certificate containing a public key that can encrypt or decrypt electronic messages, files, documents, or data transmissions, or establish or exchange a session key for these same purposes. Key management sometimes refers to the process of storing, protecting, and escrowing the private component of the key pair associated with the encryption certificate. identity certificate – a certificate that provides authentication of the identity claimed. Within the National Security Systems (NSS) PKI, identity certificates may be used only for authentication or may be used for both authentication and digital signatures.Credential
Certificate ManagementnounProcess whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed.Credential
Certificate Management AuthoritynounA Certification Authority (CA) or a Registration Authority (RA).Credential
Certificate PolicynounA specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.Credential
Certificate revocation listnounA list of revoked public key certificates created and digitally signed by a Certification Authority.Credential
Certificate Status AuthoritynounA trusted entity that provides online verification to a Relying Party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate.Credential
Certificate-Based AuthenticationnounCertificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic.Credential
Certificate-Related InformationnounInformation, such as a subscriber's postal address, that is not included in a certificate. May be used by a Certification Authority (CA) managing certificates.Credential
Challenge-Handshake Authentication ProtocolnounThe Challenge-Handshake Authentication Protocol uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks.Credential
ClearancenounFormal certification of authorization to have access to classified information other than that protected in a special access program (including SCI). Clearances are of three types: confidential, secret, and top secret. A top secret clearance permits access to top secret, secret, and confidential material; a secret clearance, to secret and confidential material; and a confidential clearance, to confidential material.CredentialRegulatedCUI
Common Access CardnounStandard identification/smart card issued by the Department of Defense that has an embedded integrated chip storing public key infrastructure (PKI) certificates.CredentialRegulatedCUI
Contingency KeynounKey held for use under specific operational conditions or in support of specific contingency plans. See Reserve Keying Material.CredentialRegulatedCUI
credentialnounAn object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber.CredentialRestricted
Cross-CertificatenounA certificate used to establish a trust relationship between two Certification Authorities.Credential
Cryptographic Ignition KeynounDevice or electronic key used to unlock the secure mode of crypto-equipment.CredentialRegulatedCUI
Cryptographic KeynounA parameter used in conjunction with a cryptographic algorithm that determines - the transformation of plaintext data into ciphertext data, - the transformation of ciphertext data into plaintext data, - a digital signature computed from data, - the verification of a digital signature computed from data, - an authentication code computed from data, or - an exchange agreement of a shared secret.Credential
Cryptographic MaterialnounCOMSEC material used to secure or authenticate information.CredentialRegulatedCUI
Cryptographic ProductnounA cryptographic key (public, private, or shared) or public key certificate, used for encryption, decryption, digital signature, or signature verification; and other items, such as compromised key lists (CKL) and certificate revocation lists (CRL), obtained by trusted means from the same source which validate the authenticity of keys or certificates. Protected software which generates or regenerates keys or certificates may also be considered a cryptographic product.CredentialRestrictedCUI
Cryptographic TokennounA portable, user-controlled physical device (e.g., smart card or PCMCIA card) used to store cryptographic information and possibly also perform cryptographic functions.Credential
Decryption keynounA digital piece of information used to recover plaintext from the corresponding ciphertext by decryptionCredentialRestricted
default passwordnounPassword on system administration, user, or service accounts predefined in a system, application, or device; usually associated with default account. Default accounts and passwords are published and well known, and therefore easily guessed.Credential
Digital certificatenounThe electronic equivalent of an ID card that authenticates the originator of a digital signature.Credential
Digital signaturenounAn asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.CredentialRegulated
Distinguished NamenounA unique name or character string that unambiguously identifies an entity according to the hierarchical naming conventions of X.500 directory service.Credential
Distinguishing IdentifiernounInformation which unambiguously distinguishes an entity in the authentication process.CredentialRestrictedPII
Dual-Use CertificatenounA certificate that is intended for use with both digital signature and data encryption services.Credential
Electronic CredentialsnounDigital documents used in authentication that bind an identity or an attribute to a subscriber's token.CredentialRestrictedCUI
electronic signaturenounThe process of applying any mark in electronic form with the intent to sign a data object. See also Digital Signature.CredentialRegulated
Electronically Generated KeynounKey generated in a COMSEC device by introducing (either mechanically or electronically) a seed key into the device and then using the seed, together with a software algorithm stored in the device, to produce the desired key.CredentialRegulatedCUI
Encrypted KeynounA cryptographic key that has been encrypted using an Approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key.CredentialRegulatedCUI
Encryption CertificatenounA certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.Credential
Encryption keynounA piece of information, in a digitized form, used by an encryption algorithm to convert the plaintext to the ciphertextCredentialRestrictedCUI
Ephemeral KeynounA cryptographic key that is generated for each execution of a key establishment process and that meets other requirements of the key type (e.g., unique to each message or session). In some cases, ephemeral keys are used more than once within a single session (e.g., broadcast applications) where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key.CredentialRestricted
Escrow PasswordsnounEscrow Passwords are passwords that are written down and stored in a secure location (like a safe) that are used by emergency personnel when privileged personnel are unavailable.CredentialRestricted
Exercise KeynounCryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises.CredentialRegulatedCUI
Extensible Authentication ProtocolnounA framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences.Credential
Federal Public Key Infrastructure Policy AuthoritynounThe Federal PKI Policy Authority is a federal government body responsible for setting, implementing, and administering policy decisions regarding interagency PKI interoperability that uses the FBCA.Credential
Group AuthenticatornounUsed, sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.CredentialRestricted
Identity TokennounSmart card, metal key, or other physical object used to authenticate identity.Credential
keynounA parameter used in conjunction with a cryptographic algorithm that determines its operation. Examples applicable to this Standard include: 1. The computation of a digital signature from data, and 2. The verification of a digital signature.CredentialRestrictedCUI
Key BundlenounThe three cryptographic keys (Key1, Key2, Key3) that are used with a Triple Data Encryption Algorithm (TDEA) mode.CredentialRestricted
key pairnounTwo mathematically related keys having the properties that (1) one key can be used to encrypt a message that can only be decrypted using the other key, and 2) even knowing one key, it is computationally infeasible to discover the other key.CredentialRestricted
Key Production KeynounKey used to initialize a keystream generator for the production of other electronically generated key.CredentialRestrictedCUI
Key-Encryption-KeynounKey that encrypts or decrypts other key for transmission or storage.CredentialRestricted
Keying MaterialnounKey, code, or authentication information in physical, electronic, or magnetic form.CredentialRestrictedCUI
Minimum password lengthnounThis policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps "pass phrase" is a better term than "password." In Microsoft Windows 2000 or later, pass phrases can be quite long and can include spaces. Therefore, a phrase such as "I want to drink a $5 milkshake" is a valid pass phrase; it is a considerably stronger password than an 8 or 10 character string of random numbers and letters, and yet is easier to remember. Users must be educated about the proper selection and maintenance of passwords, especially with regard to password length. In enterprise environments, the ideal value for the Minimum password length setting is 14 characters, however you should adjust this value to meet your organization's business requirements.Credential
Online Certificate Status ProtocolnounAn online protocol used to determine the status of a public key certificate.Credential
Operational KeynounKey intended for use over-the-air for protection of operational information or for the production or secure electrical transmission of key streams.CredentialRegulatedCUI
passwonounA string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.CredentialRestricted
passwordnounA protected/private string of letters, numbers, and/or special characters used to authenticate an identity or to authorize access to data.CredentialRestricted
Password Authentication ProtocolnounPassword Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear.Credential
password complexitynounA set of rules that defines what set of characters and the amount of characters a password must contain.Credential
Password crackernounA tool that tests the strength of user passwords by searching for passwords that are easy to guess It repeatedly tries words from specially crafted dictionaries and often also generates thousands (and in some cases, even millions) of permutations of characters, numbers and symbols.Credential
Password CrackingnounThe process of recovering secret passwords stored in a computer system or transmitted over a network.Credential
password parameternounA setting that defines a condition or requirement that a password must match.Credential
Password ProtectednounThe ability to protect a file using a password access control, protecting the data contents from being viewed with the appropriate viewer unless the proper password is entered.Credential
Password SniffingnounPassive wiretapping, usually on a local area network, to gain knowledge of passwords.Credential
Per-Call KeynounUnique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. See Cooperative Key Generation.CredentialRegulatedCUI
Personal identification numbernounA secret that a claimant memorizes and uses to authenticate his or her identity. PINs are generally only decimal digits.CredentialRegulatedPII
private keynounA cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key is associated with a public key. Depending on the algorithm, the private key may be used, for example, to: 1) Compute the corresponding public key, 2) Compute a digital signature that may be verified by the corresponding public key, 3) Decrypt keys that were encrypted by the corresponding public key, or 4) Compute a shared secret during a key-agreement transaction.Credential
Private key infrastructure (PKI)nounThe use of public key cryptography in which each customer has a key pair (e.g., a unique electronic value called a public key and a mathematically-related private key). The private key is used to encrypt (sign) a message that can only be decrypted by the cor-responding public key or to decrypt a message previously encrypted with the public key. The public key is used to decrypt a message previously encrypted (signed) using an individual's private key or to encrypt a message so that it can only be decrypted (read) using the intended recipient's private key.Credential
Pseudonymnoun1. A subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing. 2. An assigned identity that is used to protect an individual’s true identity.CredentialRestrictedPII
public keynounA cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and may be made public. In an asymmetric (public) cryptosystem, the public key is associated with a private key. The public key may be known by anyone and, depending on the algorithm, may be used, for example, to: 1) Verify a digital signature that is signed by the corresponding private key, 2) Encrypt keys that can be decrypted by the corresponding private key, or 3) Compute a shared secret during a key-agreement transaction.Credential
Public Key Asymmetric Cryptographic AlgorithmnounA cryptographic algorithm that uses two related keys, a public key and a private key. The two keys have the property that deriving the private key from the public key is computationally infeasible.Credential
Public Key CertificatenounA digital document issued and digitally signed by the private key of a Certificate authority that binds the name of a Subscriber to a public key. The certificate indicates that the Subscriber identified in the certificate has sole control and access to the private key.Credential
public key cryptographynounEncryption system that uses a public-private key pair for encryption and/or digital signature.Credential
Public Key EnablingnounThe incorporation of the use of certificates for security services such as authentication, confidentiality, data integrity, and non-repudiation.Credential
Public key encryptionnounA cryptographic system that uses two keys: one is a public key, which is known to everyone, and the second is a private or secret key, which is only known to the recipient of the message See also Asymmetric Key.Credential
Public key infrastructurenounThe framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates. Components include the personnel, policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and revoke public key certificates.Credential
Renew a certificatenounThe act or process of extending the validity of the data binding asserted by a public key certificate by issuing a new certificate.Credential
Reserve Keying MaterialnounKey held to satisfy unplanned needs. See Contingency Key.CredentialRegulatedCUI
Root Certification AuthoritynounIn a hierarchical Public Key Infrastructure, the Certification Authority whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain.CredentialRestricted
Round KeynounRound keys are values derived from the Cipher Key using the Key Expansion routine; they are applied to the State in the Cipher and Inverse Cipher.CredentialRestricted
S/KeynounA security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. The client generates a one-time password by applying the MD4 cryptographic hash function multiple times to the user's secret key. For each successive authentication of the user, the number of hash applications is reduced by one.CredentialRegulated
SaltnounA non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an Attacker.Credential
secret keynounA cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.CredentialRestrictedCUI
Secret Key symmetric Cryptographic AlgorithmnounA cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption.CredentialRestricted
Secret SeednounA secret value used to initialize a pseudorandom number generator.CredentialRestrictedCUI
Session KeynounIn the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.CredentialRestricted
Shadow Password FilesnounA system file in which encryption user password are stored so that they aren't available to people who try to break into the system.Credential
Shared SecretnounA secret used in authentication that is known to the Claimant and the Verifier.CredentialRestricted
Signature CertificatenounA public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions.Credential
Split KeynounA cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items.CredentialRestricted
Start-Up KEKnounKey-encryption-key held in common by a group of potential communicating entities and used to establish ad hoc tactical networks.CredentialRegulatedCUI
Static KeynounA key that is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establish schemeCredentialRegulated
symmetric keynounA cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt and decrypt, or create a message authentication code and to verify the code.CredentialRestrictedCUI
Time-Dependent PasswordnounPassword that is valid only at a certain time of day or during a specified interval of time.Credential
TokennounSomething that the claimant possesses and controls (such as a key or password) that is used to authenticate a claim. See also Cryptographic Token.Credential
Token RingnounA token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time.Credential
Token-Based Access ControlnounToken based access control associates a list of objects and their privileges with each user. (The opposite of list based.)Credential
Token-Based DevicesnounA token-based device is triggered by the time of day, so every minute the password changes, requiring the user to have the token with them when they log in.Credential
Traffic Encryption KeynounKey used to encrypt plain text or to superencrypt previously encrypted text and/or to decrypt cipher text.CredentialRestrictedCUI
Trust AnchornounAn established point of trust (usually based on the authority of some person, office, or organization) from which an entity begins the validation of an authorized process or authorized (signed) package. A "trust anchor" is sometimes defined as just a public key used for different purposes (e.g., validating a Certification Authority, validating a signed software package or key, validating the process [or person] loading the signed software or key).CredentialRestricted
Trusted CertificatenounA certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a "trust anchor."Credential
Type 1 KeynounGenerated and distributed under the auspices of NSA for use in a cryptographic device for the protection of national security information.CredentialRegulatedCUI
Type 2 KeynounGenerated and distributed under the auspices of NSA for use in a cryptographic device for the protection of unclassified information.CredentialRegulatedCUI
Type 3 KeynounUsed in a cryptographic device for the protection of unclassified sensitive information, even if used in a Type 1 or Type 2 product.CredentialRegulatedCUI
Type 4 KeynounUsed by a cryptographic device in support of its Type 4 functionality, i.e., any provision of key that lacks U.S. government endorsement or oversight.CredentialRegulatedCUI
Update a CertificatenounThe act or process by which data items bound in an existing public key certificate, especially authorizations granted to the subject, are changed by issuing a new certificate.Credential
X.509 CertificatenounThe X.509 public-key certificate or the X.509 attribute certificate, as defined by the ISO/ITU-T X.509 standard. Most commonly (including in this document), an X.509 certificate refers to the X.509 public-key certificate.Credential
X.509 Public Key CertificatenounA digital certificate containing a public key for entity and a name for the entity, together with some other information that is rendered unforgeable by the digital signature of the certification authority that issued the certificate, encoded in the format defined in the ISO/ITU-T X.509 standard.Credential