Browse — Entity Type · Identity
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
45 terms
TermTypeDefinitionClassificationsUpdated
affected partynounThis role is focused on contracting parties who are affected by organizational activities. Any individual who is in a contract and is affected by organizational activities should be assigned to this role.IdentityRegulated
ApplicantnounThe subscriber is sometimes called an “applicant” after applying to a certification authority for a certificate, but before the certificate issuance procedure is completed.Identity
authorized usernounA person who has the authority or permission to manage access or make changes to an account.Identity
CardholdernounAn individual possessing an issued Personal Identity Verification (PIV) card.IdentityRegulatedCUI
ClaimantnounAn entity which is or represents a principal for the purposes of authentication, together with the functions involved in an authentication exchange on behalf of that entity. A claimant acting on behalf of a principal must include the functions necessary for engaging in an authentication exchange. (e.g., a smartcard [claimant] can act on behalf of a human user [principal])IdentityRegulatedPII
COMSEC AccountnounAdministrative entity, identified by an account number, used to maintain accountability, custody, and control of COMSEC material.IdentityRegulatedCUI
ConsumernounUsually refers to an individual engaged in non-commercial transactions.IdentityRegulatedPII
CustomernounFor purposes of the Information Security Standards, “customer” means a consumer with whom a financial institution has a continuing relationship under which the institution provides one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes. In the case of a credit union, a customer relationship will exist between a credit union and certain consumers that are not the credit union’s members.Identity
customer accountnounA client's formal contract with an individual or organization whereby the client receives goods or services.IdentityRegulatedPII
external usernounIndividuals that are non-workforce members or personnel who are authorized by customers, entity management, or other authorized persons to interact with the system.IdentityRegulated
identitynounThe set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity.IdentityRegulatedPII
individualnounA citizen of the United States or an alien lawfully admitted for permanent residence. Agencies may, consistent with individual practice, choose to extend the protections of the Privacy Act and E-Government Act to businesses, sole proprietors, aliens, etc.IdentityRegulatedPII
KOA AgentnounA user identity that is designated by a KOA manager to access PRSN product delivery enclaves for the purpose of retrieving wrapped products that have been ordered for user devices that are assigned to that KOA.IdentityRegulatedCUI
Organizational UsernounAn organizational employee or an individual the organization deems to have equivalent status of an employee (e.g., contractor, guest researcher, individual detailed from another organization, individual from allied nation).Identity
OriginatornounA person that has authorized an ODFI to transmit a credit or debit entry to the deposit account of a receiver at an RDFI.IdentityRegulatedPII
personnounThis role focuses on human individuals, partnerships, corporation, limited liability companies, trusts, estates, cooperatives, associations, sole proprietorships, joint stock companies, joint ventures, or other legal entity. Any process or activity that fits into one of these categories should be assigned to this role.IdentityPII
Principal Certification AuthoritynounThe Principal Certification Authority is a CA designated by an agency to interoperate with the FBCA. An agency may designate multiple Principal CAs to interoperate with the FBCA.IdentityRegulatedCUI
Privileged AccountnounAn information system account with approved authorizations of a privileged user.IdentityRestricted
ReceivernounAn individual, corporation, or other entity that has authorized a company or an originator to initiate a credit or debit entry to a transaction account belonging to the receiver held at its RDFI.IdentityRegulatedPII
Relying PartynounAn entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system.Identity
shared accountnounA single local account created for a group, with one user name and one password.IdentityRegulatedCUI
subjectnounAn active entity (generally an individual, process, or device) that causes information to flow among objects or changes the system state. See also Object.Identity
Subject Security LevelnounSensitivity label(s) of the objects to which the subject has both read and write access. Security level of a subject must always be dominated by the clearance level of the user associated with the subject.IdentityRegulatedCUI
SubscribernounA party who receives a credential or token from a CSP (Credentials Service Provider) and becomes a claimant in an authentication protocol.IdentityRegulated
third partynounA person or group besides the two primarily involved in a situation, agreement, business, etc.IdentityRegulated
Third-party sendernounA special subset of a technology service provider that is authorized to transmit ACH files on behalf of an originator. Typically, the ODFI must rely upon warranties by the third- party sender regarding the originators' identity and credit worthiness, which places additional risks on the ODFI.IdentityRegulated
Tradecraft IdentitynounAn identity used for the purpose of work-related interactions that may or may not be synonymous with an individual’s true identity.IdentityRestrictedCUI
U.S. PersonnounFederal law and Executive Order define a U.S. Person as: a citizen of the United States; an alien lawfully admitted for permanent residence; an unincorporated association with a substantial number of members who are citizens of the U.S. or are aliens lawfully admitted for permanent residence; and/or a corporation that is incorporated in the U.S.IdentityRegulatedPII
unauthorized personnelnounEmployees who do not have the right or permission to access data (or a facility containing data).Identity
usernounAn individual or a process (subject) acting on behalf of the individual that accesses a cryptographic module in order to obtain cryptographic services.Identity
user accountnounInformation that tells a computer which files and folders to access for a specific user, which personal preferences to have in place, and what can be accessed by the user.IdentityRegulated
User account activitynounAll events and processes executed including logons and logouts associated with a system user account.IdentityRegulated
User IDnounUnique symbol or character string used by an information system to identify a specific user.IdentityRegulatedPII
VerifiernounAn entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status.Identity