Browse — Entity Type · Data
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
172 terms
TermTypeDefinitionClassificationsUpdated
Activation DatanounPrivate data, other than keys, that are required to access cryptographic modules.DataRegulatedCUI
active contentnounSoftware in various forms that is able to automatically carry out or trigger actions on a computer platform without the intervention of a user.Data
assetnounA major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems.Data
Audit DatanounChronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.DataRegulated
Bank Identification Number/Interbank Card Company (BIN/ICA)nounA series of assigned numbers used to identify the settling financial institution for both acquiring and issuing bankcard transactions.DataRegulatedPCI
BankcardnounA general-purpose credit card, issued by a financial institution under agreement with the bankcard associations (Visa and MasterCard), which customers can use to purchase goods and services and to obtain cash against a line of credit established by the bankcard issuer.DataRegulatedPCI
BitnounA contraction of the term Binary Digit. The smallest unit of information in a binary system of notation.Data
BlocknounSequence of binary bits that comprise the input, output, State, and Round Key. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes.DataRegulated
Bulk Electric System Cyber System InformationnounInformation about the BES Cyber System that could be used to gain unauthorized access or pose a security threat to the BES Cyber System. BES Cyber System Information does not include individual pieces of information that by themselves do not pose a threat or could not be used to allow unauthorized access to BES Cyber Systems, such as, but not limited to, device names, individual IP addresses without context, ESP names, or policy statements. Examples of BES Cyber System Information may include, but are not limited to, security procedures or security information about BES Cyber Systems, Physical Access Control Systems, and Electronic Access Control or Monitoring Systems that is not publicly available and could be used to allow unauthorized access or unauthorized distribution; collections of network addresses; and network topology of the BES Cyber System.DataRegulatedCUI
BytenounA fundamental unit of computer storage; the smallest addressable unit in a computer's architecture. Usually holds one character of information and usually means eight bits.Data
Check ImagenounElectronic or digital image of an original check that is created by a depositor, a bank or other participant in the check collection process. Check images can be exchanged electronically by financial institutions, printed for customer statement purposes, displayed on Internet banking websites, and used to create substitute checks.DataRegulatedPCI
Classified InformationnounInformation that has been determined: (i) pursuant to Executive Order 12958 as amended by Executive Order 13292, or any predecessor Order, to be classified national security information; or (ii) pursuant to the Atomic Energy Act of 1954, as amended, to be Restricted Data (RD).DataRestrictedCUI
Classified National Security InformationnounInformation that has been determined pursuant to Executive Order 13526 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.DataRegulatedCUI
codenounSystem of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length.Data
Code GroupnounGroup of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence.DataRegulatedCUI
COMSEC AidnounCOMSEC material that assists in securing telecommunications and is required in the production, operation, or maintenance of COMSEC systems and their components. COMSEC keying material, callsign/frequency systems, and supporting documentation, such as operating and maintenance manuals, are examples of COMSEC aids.DataRegulatedCUI
COMSEC MaterialnounItem designed to secure or authenticate telecommunications. COMSEC material includes, but is not limited to key, equipment, devices, documents, firmware, or software that embodies or describes cryptographic logic and other items that perform COMSEC functions.DataRegulatedCUI
COMSEC System DatanounInformation required by a COMSEC equipment or system to enable it to properly handle and control key.DataRegulatedCUI
Consumer AccountnounA deposit account held by a participating depository financial institution and established by a natural person primarily for personal, family, or household use and not for commercial purposes.DataRegulatedPII
Consumer informationnounFor purposes of the Information Security Standards, “consumer information” means any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report that is maintained by or on behalf of a financial institution for a business purpose, such as information that an institution obtains about a loan applicant or a prospective employee from a consumer report.DataRegulatedPII
contact informationnounInformation usually containing the person's telephone number(s), fax number, address, and electronic mail address(es).DataRegulatedPII
contentnounThe intellectual substance of a document, including text, data, symbols, numerals, images, and sound.Data
Control InformationnounInformation that is entered into a cryptographic module for the purposes of directing the operation of the module.DataRestrictedCUI
CookienounA piece of state information supplied by a Web server to a browser, in a response for a requested resource, for the browser to store temporarily and return to the server on any subsequent visits or requests.Data
Credit CardnounA card indicating the holder has been granted a line of credit. It enables the holder to make purchases or withdraw cash up to a prearranged ceiling. The credit granted can be settled in full by the end of a specified period or can be settled in part, with the balance taken as extended credit. Interest is charged based on the terms of the credit card agreement and the holder is sometimes charged an annual fee.DataRegulatedPCI
Critical Security ParameternounSecurity-related information (e.g., secret and private cryptographic keys, and authentication data such as passwords and Personal Identification Numbers [PINs]) whose disclosure or modification can compromise the security of a cryptographic module.DataRestrictedCUI
Currency BalancenounAs at the time calculated, the current amount (positive or negative) of a particular eligible currency included in an account, as indicated on the books and records of CLS Bank. A currency balance is not a separate account.DataRegulated
customer informationnounA term used in the Information Security Standards to mean any record containing non-public personal information about a customer, whether in paper, electronic, or other form, that is maintained by or on behalf of a financial institution.DataRegulatedPII
datanounA subset of information in an electronic format that allows it to be retrieved or transmitted.Data
Data Assetnoun1. Any entity that is comprised of data. For example, a database is a data asset that is comprised of data records. A data asset may be a system or application output file, database, document, or Web page. A data asset also includes a service that may be provided to access data from an application. For example, a service that returns individual records from a database would be a data asset. Similarly, a Web site that returns data in response to specific queries (e.g., www.weather.com) would be a data asset. 2. An information-based resource.Data
data backupnounThe physical copying of data files to a removable storage device that allows the data to be stored in another location.DataRegulated
Data ElementnounA basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Examples of data elements include gender, race, and geographic location.DataPII
Data-At-RestnounRefers to all data stored on hard drives, thumb drives, DVDs, CDs, floppy diskettes, and similar storage media. It excludes data that is traversing a network or temporarily residing in computer memory to be read or updated.DataRegulated
data-in-motionnounData being transferred between devices, such as data being sent from one application to another.Data
DatagramnounRequest for Comment 1594 says, "a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network." The term has been generally replaced by the term packet. Datagrams or packets are the message units that the Internet Protocol deals with and that the Internet transports. A datagram or packet needs to be self-contained without reliance on earlier exchanges because there is no connection of fixed duration between the two communicating points as there is, for example, in most voice telephone conversations. (This kind of protocol is referred to as connectionless.)Data
Debit entrynounAn entry to the record of an account to represent the transfer or removal of funds from the account.DataRegulated
Deleted FilenounA file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence. Deleting files does not always necessarily eliminate the possibility of recovering all or part of the original data.Data
Digital EnvelopenounA digital envelope is an encrypted message with the encrypted session key.DataRegulated
Direct debitnounElectronic transfer, usually through ACH, out of an individual's checking (or savings) account to pay bills, such as mortgage payments, insurance premiums, and utility payments. Also referred to as "direct payment."DataRegulatedPII
Direct depositnounElectronic deposits or credit, usually through ACH, to an individual's deposit account. Common uses of direct deposit include payroll payments, Social Security benefits, and income from investments such as CDs, annuities, and mutual funds.DataRegulatedPII
electronic funds transfer activitynounAny transfer of funds which is initiated through an electronic terminal, telephonic instrument, computer, or magnetic tape so as to order, instruct, or authorize a financial institution to debit or credit an account. ... These are normally considered retail funds transfer systems.DataRegulatedPCI
Electronically-created payment ordersnounThese are payment orders received by merchants from consumers, typically by telephone or the Internet. These payment orders are processed through the check processing system although they were not initiated as paper checks. These payment orders are not subject to check law and are not warranted by the Federal Reserve Banks.DataRegulatedPCI
Expected OutputnounAny data collected from monitoring and assessments as part of the Information Security Continuous Monitoring (ISCM) strategy.DataInternalCUI
Extensible Markup Language (XML)nounXML (Extensible Markup Language) is a "metalanguage", a language for describing other languages – which lets you design your own customized markup languages for different types of documents. It is designed to improve the functionality of the Web by providing more flexible and adaptable information identification.Data
filenounCollections of data or information under unique identifying names kept in a computers memory or a storage device.Data
financial conditionnounThe status of a firm's assets, liabilities and equity positions at a specific point in time, often described in a financial statement.DataRegulated
Financial EDI (FEDI)nounFinancial electronic data interchange. An instrument for settling invoices by initiating payments, processing remittance data and automating reconciliation, through the exchange of electronic messages.DataRegulatedPII
FloatnounFunds held by an institution during the check-clearing process before being made available to a depositor. Interest may be earned on these funds.DataRegulated
FramesnounData that is transmitted between network points as a unit complete with addressing and necessary protocol control information. A frame is usually transmitted serial bit by bit and contains a header field and a trailer field that "frame" the data. (Some control frames contain no data.)Data
HashnounA fixed length cryptographic output of variables, such as a message, being operated on by a formula or cryptographic algorithm.Data
HeadernounA header is the extra information in a packet that is needed for the protocol stack to process the packet.Data
HyperlinknounAn item on a webpage that, when selected, transfers the user directly to another location in a hypertext document or to another webpage, perhaps on a different machine. Also simply called a "link."Data
Hypertext Markup LanguagenounThe set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page.Data
Hypertext Markup Language (HTML)nounA set of codes that can be inserted into text files to indicate special typefaces, inserted images, and links to other hypertext documents.Data
IdentifiernounA data object - often, a printable, non-blank character string - that definitively represents a specific identity of a system entity, distinguishing that identity from all others.DataPII
Image archive (Check 21)nounDatabase for storage and easy retrieval of check images.DataRegulatedPII
incomenounThe consumption and savings opportunity gained by an entity within a specified time frame, which is generally expressed in monetary terms.DataRegulated
informationnounAny communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.Data
information assetnounAny piece of data, device or other component of the environment that supports information-related activities. In the context of this report, information assets include data, hardware and software.25 Information assets are not limited to those that are owned by the entity. They also include those that are rented or leased, and those that are used by service providers to deliver their services.Data
Information ResourcesnounInformation and related resources, such as personnel, equipment, funds, and information technology.DataRegulated
Initialization VectornounA vector used in defining the starting point of an encryption process within a cryptographic algorithm.DataRestricted
intellectual propertynounCreations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Under intellectual property law, the holder of one of these abstract “properties” has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered.DataRestrictedIP
Interbank checksnounChecks that are not "on-us." They are cleared and settled either by direct presentment, a clearinghouse association, a correspondent bank, or a Federal Reserve Bank.DataRegulated
Key Generation MaterialnounRandom numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys.DataRegulatedCUI
Key StreamnounSequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key.DataRestrictedCUI
knowledgenounFacts, information, and skills acquired by a person through experience or education; the theoretical or practical understanding of a subject.Data
Magnetic ink character recognition (MICR)nounMagnetic codes found on the bottom of checks, deposit slips, and general ledger debit and credit tickets that allow a machine to scan (capture) the information. MICR encoding on a check includes the account number, the routing number, the serial number of the check, and the amount of the check. The amount of the check is encoded when the proof department processes the check.DataRegulatedPII
Message digestnounA digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated.Data
Message IndicatornounSequence of bits transmitted over a communications system for synchronizing cryptographic equipment.DataRegulatedCUI
multiple sourcesnounInformation classified based on two or more source documents, classification guides or combination of both.DataRegulatedCUI
National Security InformationnounInformation that has been determined pursuant to Executive Order 12958 as amended by Executive Order 13292, or any predecessor order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status.DataRegulatedCUI
objectnounPassive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See Subject.Data
Object codenounThe machine code generated by a source code language processor such as an assembler or compiler. A file of object code may be executable immediately or it may require linking with other object code files (e.g., libraries, to produce a complete executable program).DataIP
Off-CardnounRefers to data that is not stored within the PIV card or computation that is not done by the Integrated Circuit Chip (ICC) of the PIV card.DataRegulatedCUI
Official InformationnounAll information in the custody and control of a U.S. government department or agency that was acquired by U.S. government employees as a part of their official duties or because of their official status and has not been cleared for public release.DataRegulatedCUI
On-CardnounRefers to data that is stored within the PIV card or computation that is done by the ICC of the PIV card.DataRegulatedCUI
On-us checksnounChecks that are deposited into the same institution on which they are drawn.DataRegulatedPII
overdraftnounThe amount by which withdrawals exceed deposits, or the extension of credit by a lending institution to allow for such a situation.DataRegulatedPII
PayloadnounThe input data to the CCM generation-encryption process that is both authenticated and encrypted.DataRestricted
Payroll card accountnounA bank account that is established directly or indirectly by an employer on behalf of an employee to which an electronic funds transfers the employee's wages or compensation on a recurring basis. The payroll card, often branded by one of the credit/debit card associations, provides the employee access to the funds.DataRegulatedPII
Perishable DatanounInformation whose value can decrease substantially during a specified time. A significant decrease in value occurs when the operational circumstances change to the extent that the information is no longer useful.Data
personal identification number informationnounInformation containing an account-holder's secret code that is used to verify the identity of their identity when trying to access a computer system, network, credit card account, ATM, etc.DataRegulatedPII
Personal Identifying Information / Personally Identifiable InformationnounThe information that permits the identity of an individual to be directly or indirectly inferred.DataRegulatedPII
Personally identifiable financial informationnounFor purposes of the Information Security Standards, personally identifiable financial information means information (i) a consumer provides to a financial institution to obtain a financial product or service; (ii) about a consumer resulting from any transaction involving a financial product or service between the financial institution and a consumer; or (iii) that a financial institution otherwise obtains about a consumer in connection with providing a financial product or service, such as account balance information, payment history, overdraft history, and credit or debit card purchase information; or the fact that an individual is one of the financial institution’s customers.DataRegulatedPII
Personally Identifiable InformationnounAny information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.DataRegulatedPII
plaintextnounIntelligible data that has meaning and can be understood without the application of decryption.DataRegulated
previous residencenounA location where someone was living before where that person is currently living.DataRegulatedPII
Proprietary InformationnounMaterial and information relating to or associated with a company's products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that has been clearly identified and properly marked by the company as proprietary information, trade secrets, or company confidential information. The information must have been developed by the company and not be available to the government or to the public without restriction from another source.DataRestrictedIP
Protocol Data UnitnounA unit of data specified in a protocol and consisting of protocol information and, possibly, user data.Data
Public Domain SoftwarenounSoftware not protected by copyright laws of any nation that may be freely used without permission of, or payment to, the creator, and that carries no warranties from, or liabilities to the creator.DataPublicPublicInfo
Public SeednounA starting value for a pseudorandom number generator. The value produced by the random number generator may be made public. The public seed is often called a “salt.”DataPublic
REDnounIn cryptographic systems, refers to information or messages that contain sensitive or classified information that is not encrypted. See also BLACK.DataRegulatedCUI
Remittance cardsnounPayment cards that are typically used to facilitate cross-border movement of funds by individuals and for person-to-person transactions.DataRegulatedPCI
Remotely created check (RCC)nounA check that is drawn on a customer account at a financial institution, is created by the payee, and does not bear a signature in the format agreed to by the paying financial institution and customer. RCCs are also known as "demand drafts," "telechecks," "preauthorized drafts," "paper drafts," or "digital checks."DataRegulatedPCI
RepositorynounA database containing information and data relating to certificates as specified in a CP; may also be referred to as a directory.DataRegulated
Reserve accountnounA non-interest-earning balance account institutions maintain with the Federal Reserve Bank or with a correspondent bank to satisfy the Federal Reserve's reserve requirements. Reserve account balances play a central role in the exchange of funds between depository institutions.DataRegulated
ResiduenounData left in storage after information-processing operations are complete, but before degaussing or overwriting has taken place.DataRegulatedCUI
Restricted DatanounAll data concerning (i) design, manufacture, or utilization of atomic weapons; (ii) the production of special nuclear material; or (iii) the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category pursuant to Section 142 [of the Atomic Energy Act of 1954].DataRestrictedCUI
Retail paymentsnounPayments, typically small, made in the goods and services market.DataRegulatedPCI
Routing numbernounAlso referred to as the ABA number. A nine-digit number (eight digits and a check digit) that identifies a specific financial institution.DataRegulated
Security AttributenounAn abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy.DataRegulatedCUI
Security TagnounInformation unit containing a representation of certain security-related information (e.g., a restrictive attribute bit map).DataRegulatedCUI
Security-Relevant InformationnounAny information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data.DataRestrictedCUI
Sensitive Compartmented InformationnounClassified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.DataRegulatedCUI
Sensitive customer informationnounA customer’s name, address, or telephone number, in conjunction with the customer’s social security number, driver’s license number, account number, credit or debit card number, or personal identification number or password that would permit access to the customer’s account. Sensitive customer information also includes any combination of components of customer information that would allow someone to log into or access the customer’s account, such as user name and password or password and account number.DataRegulatedPII
sensitive datanounInformation whose loss, misuse, unauthorized access to, modification, or destruction, could adversely affect the national interest or the conduct of federal programs, or privacy to which individuals are entitled, but which has not been specifically authorized to be kept secret in the interest of national defense or foreign policy, etc.DataRegulatedCUI
Sensitive InformationnounInformation, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (Systems that are not national security systems, but contain sensitive information, are to be protected in accordance with the requirements of the Computer Security Act of 1987 [P.L.100-235].)DataRegulatedCUI
Sensitivity LabelnounInformation representing elements of the security label(s) of a subject and an object. Sensitivity labels are used by the trusted computing base (TCB) as the basis for mandatory access control decisions. See Security Label.DataRegulatedCUI
Settlement date (ACH)nounThe date on which an exchange of funds with respect to an entry is reflected on the books of the Federal Reserve Bank.DataRegulated
Single-Entry (ACH)nounA one-time transfer of funds initiated by an originator in accordance with the receiver's authorization for a single ACH credit or debit to the receiver's consumer account.DataRegulatedPCI
Source codenounSoftware program instructions written in a format (language) readable by humans.DataConfidentialIP
Standard Entry Class (SEC) codenounThree-character code in an ACH company/batch header record used to identify the payment type within an ACH batch.DataRegulated
StatenounIntermediate Cipher result that can be pictured as a rectangular array of bytes.DataRegulated
Static Host TablesnounStatic host tables are text files that contain hostname and address mapping.Data
system configurationnounThe setting of various switches and jumpers for hardware and the defining of values of parameters for software.Data
System IndicatornounSymbol or group of symbols in an off-line encrypted message identifying the specific cryptosystem or key used in the encryption.DataRegulatedCUI
System Of RecordsnounA group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.DataRegulatedPII
Tracking CookienounA cookie placed on a user’s computer to track the user’s activity on different Web sites, creating a detailed profile of the user’s behavior.DataRegulatedPII
transactionnounIn Computing: data and operations related to a specific task that must be processed completely or rejected.Data
transaction filenounA group of one or more computerized records containing current business activity and processed with an associated master file. Transaction files are sometimes accumulated during the day and processed in batch production overnight or during off-peak processing periods.DataRegulated
Triple-WrappednounS/MIME usage: data that has been signed with a digital signature, and then encrypted, and then signed again.DataRegulated
Uniform Resource IdentifiernounThe generic term for all types of names and addresses that refer to objects on the World Wide Web.Data
Unsigned datanounData included in an authentication token, in addition to a digital signature.DataRestricted
Valid Data ElementnounA payload, an associated data string, or a nonce that satisfies the restrictions of the formatting function.Data
Volatile datanounData that changes frequently and can be lost when the system's power is shut downData
whitelistnounA list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system.Data