Browse — Entity Type · Organization
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
127 terms
TermTypeDefinitionClassificationsUpdated
Accrediting AuthoritynounSynonymous with Designated Accrediting Authority (DAA). See also Authorizing Official.OrganizationRegulated
AgencynounAny executive department, military department, government corporation, government-controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include: 1) the Government Accountability Office; 2) the Federal Election Commission; 3) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or 4) government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.OrganizationRegulatedCUI
Agent BanknounA member of a bankcard company that agrees to participate in an acquirer's merchant processing program. The agent may be liable for losses incurred on its merchant accounts. An agent is usually a small financial institution that wants to offer merchant processing services as a customer service. Agent banks that only refer merchants to an acquiring financial institution's program are known as referral banks.OrganizationRegulated
Attribute AuthoritynounAn entity, recognized by the Federal Public Key Infrastructure (PKI) Policy Authority or comparable agency body as having the authority to verify the association of attributes to an identity.OrganizationRegulatedCUI
audit committeenounAn operating committee of the Board of Directors charged with oversight of audit operations, including appraising the performance of the CPA firm, financial reporting and disclosure. Committee members are drawn from members of the company's board of directors, with a Chairperson selected from among the committee members.OrganizationRegulated
AuthoritynounPerson(s) or established bodies with rights and responsibilities to exert control in an administrative sphere.Organization
Authorized VendornounManufacturer of information assurance equipment authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers. Eligible buyers are typically U.S. government organizations or U.S. government contractors.OrganizationRegulated
Bankcard CompaniesnounVisa and MasterCard International, Inc. are bankcard companies established as bank service companies. Financial institutions must be members of a bankcard company in order to offer their credit card services. The companies have established membership rights and obligations, and membership is limited to financial institutions.OrganizationInternalPCI
Blue Teamnoun1. The group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team). 2. The term Blue Team is also used for defining a group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture. The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness. Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer's cyber security readiness posture. Often times a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer's networks are as secure as possible before having the Red Team test the systems.Organization
boardnounIs the corporate board of directors or any other oversight authority for the organization.Organization
board committeenounA group consisting of the members of a board of directors that is mandated to carry out specified functions, programs, or projects assigned by the board.Organization
Board of DirectorsnounA group of persons chosen to govern the affairs of a corporation or other large institution.Organization
businessnounA usually commercial or mercantile activity engaged in as a means of livelihood.Organization
business unitnounA division or segment of an organization that operates as an independent enterprise representing a specific business function.Organization
buyernounA buyer is any person or organization who contracts to acquire an asset or service in return for some form of consideration.Organization
Card IssuernounA financial institution that issues general-purpose credit cards carrying one of the two bankcard company logos. The issuing financial institution establishes the credit relationship with the consumer.OrganizationRegulatedPCI
Central Office of RecordnounOffice of a federal department or agency that keeps records of accountable COMSEC material held by elements subject to its oversightOrganizationRegulatedCUI
Certification authoritynoun1. For Certification and Accreditation (C&A) (C&A Assessment): Official responsible for performing the comprehensive evaluation of the security features of an information system and determining the degree to which it meets its security requirements 2. For Public Key Infrastructure (PKI): A trusted third party that issues digital certificates and verifies the identity of the holder of the digital certificate.OrganizationRegulatedCUI
Clearing CorporationnounAlso known as a clearing house or clearing house association. A central processing mechanism whereby members agree to net, clear, and settle transactions involving financial instruments. Clearing corporations fulfill one or all of the following functions: Net many trades so that the number and the amount of payments that have to be made are minimized, determine money obligations among traders, and guarantee that trades will go through by legally assuming the risk of payments not made or securities not delivered. The latter function is implied when it is stated that the clearing corporation becomes the "counterpart" to all trades entered into its system.OrganizationRegulated
Clearing House AssociationsnounVoluntary associations, formed by financial institutions that establish an exchange for checks drawn on them. Typically, institutions participating in check clearing houses use the Federal Reserve's National Settlement Service for the checks exchanged each business day.OrganizationRegulated
Common CarriernounIn a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services. Note: In the United States, such companies are usually subject to regulation by federal and state regulatory commissions.OrganizationRegulated
Compliance Enforcement AuthoritynounThe North American Electric Reliability Corporation (NERC) or the Regional Entity in their respective roles of monitoring and enforcing compliance with the NERC Reliability Standards.OrganizationRegulatedCUI
Computer emergency response teamnounA group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems.Organization
Computer Incident Response TeamnounGroup of individuals usually consisting of Security Analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents. Also called a Computer Security Incident Response Team (CSIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability, or Cyber Incident Response Team).Organization
Configuration Control BoardnounA group of qualified people with responsibility for the process of regulating and approving changes to hardware, firmware, software, and documentation throughout the development and operational life cycle of an information system.Organization
Core firmnounCore clearing and settlement organization that serves critical financial markets.OrganizationRegulated
Correspondent BanknounAn institution, acting on behalf of other institutions, that can settle the checks they collect for other institutions (respondents) by using accounts on their books or by sending a wire funds transfers. Generally, a provider of banking and payment services to other financial institutions.OrganizationRegulated
Covered EntitynounAny Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.OrganizationRegulated
Credential Service ProvidernounA trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use.OrganizationRegulated
Critical Market ParticipantsnounParticipants in the financial markets that perform critical operations or provide critical services. Their inability to perform these operations or services could result in major disruptions in the financial system.OrganizationRegulated
critical third partynounA necessary third party that is vital to an organization's operations.Organization
cybersecurity incident response groupnounA group of people that prepares for and resolves events that disrupt an organization's cybersecurity operations.Organization
Depository banknounThe institution at which a check is first deposited. While this term is often used interchangeably with "depository," "depositary" is a term of art in laws and regulations related to check processing.OrganizationRegulated
Depository bank (Check 21)nounAlso known as Bank of First Deposit (BOFD). The first bank to which a check is transferred even though it is also the paying bank or the payee. A check deposited in an account is deemed to be transferred to the financial institution holding the account into which the check is deposited, even though the check is physically received and endorsed first by another financial institution.OrganizationRegulatedPCI
Electricity Sector Information Sharing and Analysis CenternounThe Electricity Sector Information Sharing and Analysis Center (ES-ISAC) shares critical information with industry participants about infrastructure protection. The ES-ISAC serves the electricity sector by facilitating communications between electricity sector participants, federal governments, and other critical infrastructures. It is the job of the ES-ISAC to promptly disseminate threat indications, vulnerabilities, analyses, and warnings, together with interpretations, to help electricity sector participants take protective actions.OrganizationRegulatedCUI
EnterprisenounAn organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.Organization
Enterprise-widenounAcross an entire organization, rather than a single business department or function.Organization
Executive AgencynounAn executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.OrganizationRegulatedCUI
External Information System Service ProvidernounA provider of external information system services to an organization through a variety of consumer-producer relationships, including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges.OrganizationRegulated
external service providernounAn independent business that provides its services to other business.Organization
Federal Bridge Certification Authority Operational AuthoritynounThe Federal Bridge Certification Authority Operational Authority is the organization selected by the Federal Public Key Infrastructure Policy Authority to be responsible for operating the Federal Bridge Certification Authority.OrganizationRegulatedCUI
Federal Information Systems Security Educators’ AssociationnounAn organization whose members come from federal agencies, industry, and academic institutions devoted to improving the IT security awareness and knowledge within the federal government and its related external workforce.OrganizationInternal
Federal Reserve BanksnounThe Federal Reserve Banks provide a variety of financial services including retail and wholesale payments. The Federal Reserve Bank operates a nationwide system for clearing and settling checks drawn on depository institutions located in all regions of the United States.OrganizationRegulated
Financial AuthoritynounA supervisory organization that is responsible for safeguarding and maintaining consumer confidence in the financial system.OrganizationRegulated
Financial industry participantsnounFinancial institutions and other companies that are involved in the banking, securities, and/or insurance industry and are regulated by supervisory authorities.OrganizationRegulated
financial institutionnounAny bank licensed under the Banking Act (Cap. 19); any finance company licensed under the Finance Companies Act (Cap. 108); any person that is approved as a financial institution under section 28; any money-changer licensed to conduct money-changing business, or any remitter licensed to conduct remittance business, under the Money-changing and Remittance Businesses Act (Cap. 187); any insurer licensed or regulated under the Insurance Act (Cap. 142); any insurance intermediary registered or regulated under the Insurance Act; any licensed financial adviser under the Financial Advisers Act (Cap. 110); any approved holding company, securities exchange, futures exchange, recognised market operator, licensed trade repository, licensed foreign trade repository, approved clearing house, recognised clearing house or holder of a capital markets services licence under the Securities and Futures Act (Cap. 289); any trustee for a collective investment scheme authorised under section 286 of the Securities and Futures Act, that is approved under that Act; any trustee-manager of a business trust that is registered under the Business Trusts Act (Cap. 31A); any licensed trust company under the Trust Companies Act (Cap. 336); any holder of a stored value facility under the Payment Systems (Oversight) Act (Cap. 222A); any designated financial holding company under the Financial Holding Companies Act 2013 (Act 13 of 2013); any person licensed under the Banking Act (Cap. 19) to carry on the business of issuing credit cards or charge cards in Singapore; and any other person licensed, approved, registered or regulated by the Authority under any written law, but does not include such person or class of persons as the Authority may, by regulations made under this section, prescribe.OrganizationRegulated
Financial Services Information Sharing and Analysis Center (FS-ISAC)nounA nonprofit, information-sharing forum established by financial services industry participants to facilitate the public and private sectors' sharing of physical and cybersecurity threat and vulnerability information.OrganizationRegulated
GovernancenounIn computer security, governance means setting clear expectations for the conduct (behaviors and actions) of the entity being governed and directing, controlling, and strongly influencing the entity to achieve these expectations. Governance includes specifying a framework for decision making, with assigned decision rights and accountability, intended to consistently produce desired behaviors and actions.Organization
governance structurenounSpecifies the distribution of rights and responsibilities among different participants in the corporation, such as the board, managers, shareholders and other stakeholders, and spells out the rules and procedures for making decisions on corporate affairs.OrganizationInternal
government agencynounA state, county, or federal government organizations that enforce laws, rules, or regulations.OrganizationInternal
government bodynounThe government of any country or of any political subdivision of any country,including: any instrumentality of any such government; any other person or organization authorized by law to perform any executive, legislative, judicial, regulatory, administrative, military, or police functions of any such government, and; any intergovernmental organization.OrganizationRegulated
Health Information ExchangenounA health information organization that brings together healthcare stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community.OrganizationRegulatedPHI
Indemnifying bank (Check 21)nounA financial institution that transfers, presents, or returns a substitute check or a paper or electronic representation of a substitute check for which it receives consideration. The financial institution shall indemnify the recipient and any subsequent recipient (including a collecting or returning financial institution, the depository financial institution, the drawer, the drawee, the payee, the depositor, and any endorser) for any loss incurred by any recipient of a substitute check if that loss occurred due to the receipt of a substitute check instead of the original.OrganizationRegulated
Independent sales organizationnounA non-financial institution organization that provides a variety of merchant processing functions on behalf of the acquirer. These functions include soliciting new merchant accounts, arranging for terminal purchases or leases, and providing backroom services. An Independent sales organization is also referred to as a member service provider (MSP). The acquirer must register all Independent sales organization/MSPs with the bankcard associations.OrganizationRegulatedPCI
Independent Validation AuthoritynounEntity that reviews the soundness of independent tests and system compliance with all stated security controls and risk mitigation actions. IVAs will be designated by the Authorizing Official as needed.OrganizationRegulatedCUI
industry sectornounThe world of business and commerce is often divided up in to a selection of broad and commonly recognised groups, called sectors. Often a more general term, a sector represents a group of industries and markets that share common attributes.Organization
information technology suppliernounInformation systems, components and services providers used for an organization’s internal purposes (e.g., IT infrastructure) or integrated into the products of services provided to that organization’s buyers.Organization
Institute of Electrical and Electronics EngineersnounPronounced I-triple-E; IEEE is an organization composed of engineers, scientists and students Scope Note: Best known for developing standards for the computer and electronics industryOrganization
institutionnounAn organization founded for a specific purpose, such as religious, educational, professional, or social.Organization
International Organization for Standardization (ISO)nounAn independent, non-governmental, international organization that brings together experts to share knowledge and develop voluntary, consensus-based, market-relevant international standards.Organization
International Standards OrganizationnounThe world’s largest developer of voluntary International StandardsOrganization
Internet Assigned Numbers AuthoritynounResponsible for the global coordination of the DNS root, IP addressing, and other Internet protocol resourcesOrganization
Internet Engineering Task ForcenounThe body that defines standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). IETF members are drawn from the Internet Society's individual and organization membership.Organization
Internet service providernounA third party that provides individuals and enterprises with access to the Internet and a variety of other Internet-related servicesOrganization
Internet service provider (ISP)nounA company that provides its customers with access to the Internet (e.g., AT&T, Verizon, CenturyLink).Organization
ISOnounInternational Organization for Standardization, a voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations and non-voting observer organizations.Organization
ITU-TnounInternational Telecommunications Union, Telecommunication Standardization Sector (formerly "CCITT"), a United Nations treaty organization that is composed mainly of postal, telephone, and telegraph authorities of the member countries and that publishes standards called "Recommendations."Organization
KMI Operating AccountnounA KMI business relationship that is established 1) to manage the set of user devices that are under the control of a specific KMI customer organization, and 2) to control the distribution of KMI products to those devices.OrganizationRegulatedCUI
Law EnforcementnounThe purpose of this function is to protect people, places, and things from criminal activity due to noncompliance with applicable laws, including patrols, undercover operations, responses to emergency calls, as well as arrests, raids, and seizures of property.Organization
law enforcement authoritynounThe various government agencies responsible for preventing crime, apprehending criminals, and enforcing laws.OrganizationRestricted
Line of Businessnoun“Lines of business” or “areas of operation” describe the purpose of government in functional terms or describe the support functions that the government must conduct in order to effectively deliver services to citizens. Lines of business relating to the purpose of government and the mechanisms the government uses to achieve its purposes tend to be mission-based. Lines of business relating to support functions and resource management functions that are necessary to conduct government operations tend to be common to most agencies. The recommended information types provided in NIST SP 800-60 are established from the “business areas” and “lines of business” from OMB’s Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.3Organization
Local AuthoritynounOrganization responsible for generating and signing user certificates in a PKI-enabled environment.OrganizationRegulated
Local Registration AuthoritynounA Registration Authority with responsibility for a local community in a PKI-enabled environment.OrganizationRegulatedCUI
management structurenounThe hierarchical arrangement and relations of managerial roles, power, and responsibilities, how they are delegated, controlled, and coordinated, and how information flows between levels of management.Organization
Merchant acquirernounBankcard association members that initiate and maintain contractual agreements with merchants for the purpose of accepting and processing bankcard transactions.OrganizationRegulatedPCI
Mission/Business SegmentnounElements of organizations describing mission areas, common/shared business services, and organization-wide services. Mission/business segments can be identified with one or more information systems which collectively support a mission/business process.Organization
Naming AuthoritynounAn organizational entity responsible for assigning distinguished names (DNs) and for assuring that each DN is meaningful and unique within its domain.Organization
National Information Assurance PartnershipnounA U.S. government initiative established to promote the use of evaluated information systems products and champion the development and use of national and international standards for information technology security. NIAP was originally established as a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under P.L. 100-235 (Computer Security Act of 1987). NIST officially withdrew from the partnership in 2007 but NSA continues to manage and operate the program. The key operational component of NIAP is the Common Criteria Evaluation and Validation Scheme (CCEVS) which is the only U.S. government-sponsored and endorsed program for conducting internationally recognized security evaluations of commercial off-the-shelf (COTS) Information Assurance (IA) and IA-enabled information technology products. NIAP employs the CCEVS to provide government oversight or “validation” to U.S. CC evaluations to ensure correct conformance to the International Common Criteria for IT Security Evaluation (ISO/IEC 15408).OrganizationRegulated
National Institute for Standards and TechnologynounDevelops tests, test methods, reference data, proof-of concept implementations, and technical analyses to advance the development and productive use of information technology Scope Note: NIST is a US government entity that creates mandatory standards that are followed by federal agencies and those doing business with them.Organization
National Institute of Standards and TechnologynounNational Institute of Standards and Technology, a unit of the US Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standards.Organization
National Institute of Standards and Technology (NIST)nounAn agency of the U.S. Department of Commerce that works to develop and apply technology, measurements, and standards. NIST developed a voluntary cybersecurity framework based on existing standards, guidelines, and practices for reducing cyber risks to critical infrastructures.Organization
National Settlement Service (NSS)nounAlso referred to as Deferred Net Settlement. The Federal Reserve Banks' multilateral settlement service. NSS is offered to depository institutions that settle for participants in clearinghouses, financial exchanges, and other clearing and settlement groups. Settlement agents acting on behalf of those depository institutions electronically submit settlement files to the Federal Reserve Banks. Files are processed on receipt, and entries are automatically posted to the depository institutions' Reserve Bank accounts. Entries are final when posted.OrganizationRegulated
NSA-Approved CryptographynounCryptography that consists of: (i) an approved algorithm; (ii) an implementation that has been approved for the protection of classified information in a particular environment; and (iii) a supporting key management infrastructure.Organization
Office of Foreign Asset Control (OFAC)nounThe Office of Foreign Assets Control, United States Department of the Treasury, administers and enforces economic sanctions programs primarily against countries and groups of individuals such as terrorists and narcotics traffickers. The sanctions can be either comprehensive or selective, using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals.OrganizationRegulated
Office of Foreign Assets Control (OFAC)nounThe Office of Foreign Assets Control, Department of the Treasury, administers and enforces economic sanctions programs primarily against countries and groups of individuals such as terrorists and narcotics traffickers. The sanctions can be either comprehensive or selective, using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals.OrganizationRegulated
Open Web Application Security ProjectnounAn open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trustedOrganization
organizationnounAn entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency, or, as appropriate, any of its operational elements).Organization
Organizational Registration AuthoritynounEntity within the PKI that authenticates the identity and the organizational affiliation of the users.OrganizationRegulatedPII
Originating depository financial institution (ODFI)nounA participating financial institution that originates entries at the request of and by agreement with its originators in accordance with the provisions of the NACHA rules.OrganizationRegulated
Paying banknounA paying bank is the institution where a check is payable and to which it is sent for payment.OrganizationRegulated
PCI Security Standards CouncilnounThe governing body, representing key participants of the payment card industry, which establishes and maintains security standards for payment cards.OrganizationRegulatedPCI
Personal Identity Verification IssuernounAn authorized identity card creator that procures FIPS-approved blank identity cards, initializes them with appropriate software and data elements for the requested identity verification and access control application, personalizes the cards with the identity credentials of the authorized subjects, and delivers the personalized card to the authorized subjects along with appropriate instructions for protection and use.OrganizationRegulatedCUI
Personal Identity Verification RegistrarnounAn entity that establishes and vouches for the identity of an applicant to a PIV Issuer. The PIV RA authenticates the applicant’s identity by checking identity source documents and identity proofing, and that ensures a proper background check has been completed, before the credential is issued.OrganizationRegulatedPII
Policy Certification AuthoritynounSecond level of the PKI Certification Management Authority that formulates the security policy under which it and its subordinate CAs will issue public key certificates.OrganizationRegulated
Policy Management AuthoritynounBody established to oversee the creation and update of Certificate Policies, review Certification Practice Statements, review the results of CA audits for policy compliance, evaluate non-domain policies for acceptance within the domain, and generally oversee and manage the PKI certificate policies. For the FBCA, the PMA is the Federal PKI Policy Authority.OrganizationRegulated
Public RelationsnounThe professional maintenance of a favorable public image by a company or other organization or a famous person.Organization
Receiving depository financial institution (RDFI)nounAny financial institution qualified to receive debits or credits through its ACH operator in accordance with the ACH rules.OrganizationRegulated
Reconverting bank (Check 21)nounThe financial institution that creates a substitute check. With respect to a substitute check that was created by a person that is not a financial institution, the reconverting bank is the first financial institution that transfers, presents, or returns that substitute check or, in lieu thereof, the first paper or electronic representation of that substitute check. The reconverting bank warrants that (1) the substitute check is the legal equivalent of the original check; and (2) the original check cannot be presented again in any form so the customer pays the check only once.OrganizationRegulated
Recovery vendorsnounOrganizations that provide recovery sites and support services for a fee.Organization
Registration authoritynounA trusted entity that establishes and vouches for the identity of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).OrganizationRegulatedPII
regulatornounA person or body that supervises a particular industry, business activity, or legal body.Organization
regulatory agencynounGovernment body formed or mandated under the terms of a legislative act to ensure compliance with the provisions of the act, and in carrying out its purpose.OrganizationInternal
response teamnounResponse teams include business, IT, emergency management, public affairs, communications, and continuity personnel.Organization
self-regulatory organizationnounAn organization that exercises some degree of regulatory authority over an industry or profession.Organization
service providernounFor purposes of the Information Security Standards, service provider means any person or entity that maintains, processes, or otherwise is permitted access to customer information or consumer information through its provision of services directly to a financial institution.OrganizationRegulatedPII
Significant firmsnounFirms that process a significant share of transactions in critical financial markets.OrganizationRegulated
stakeholdernounAn individual who has an interest in something, e.g., a corporation, and is affected by decisions and activities regarding that issue.Organization
supervisory agencynounThis role focuses on the examination or auditing of financial records of financial institutions. Any state authority that is required by law to examine or audit financial records should be assigned to this role.OrganizationRegulated
suppliernounProduct and service providers used for an organization’s internal purposes (e.g., IT infrastructure) or integrated into the products of services provided to that organization’s Buyers.OrganizationInternal
Third Party Service ProvidernounAs defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms, a service provider is a business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that control or could impact the security of cardholder data. There are many types of businesses that could fall into the category of “service provider,” dependent on the services provided. Most commonly, a TPSP could be a legally separate entity; but it can also be a separate business unit or component of the entity under assessment—for example, an internal service provider—where the provider is outside the direct management control of the entity assessed.OrganizationRegulatedPCI
Third-party service provider (ACH)nounA third party, other than the ODFI or RDFI, that performs any function on behalf of the ODFI or the RDFI related to ACH processing. These functions would include the creation and sending of ACH files or acting as a sending or receiving point on behalf of a participating depository financial institution.OrganizationRegulatedPCI
Truncating bank (Check 21)nounThe financial institution that truncates the original check. If a person other than a financial institution truncates the original check, the truncating bank is the first financial institution that transfers, presents, or returns, in lieu of such original check, a substitute check or, by agreement with the recipient, information relating to the original check (including data taken from the MICR line of the original check or an electronic image of the original check), whether with or without the subsequent delivery of the original check.OrganizationRegulatedPCI
U.S. Computer Emergency Readiness Team (US-CERT)nounUS-CERT is part of the U.S. Department of Homeland Security's National Cybersecurity and Communications Integration Center. US-CERT is a partnership between the Department of Homeland Security and the public and private sectors, established to protect the nation's Internet infrastructure. US-CERT coordinates defense against and responses to cyber attacks across the nation.Organization
US-CERTnounA partnership between the Department of Homeland Security and the public and private sectors, established to protect the nation's Internet infrastructure. US-CERT coordinates defense against and responses to cyber attacks across the nation.Organization
White Teamnoun1. The group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of their enterprise’s use of information systems. In an exercise, the White Team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender's mission. The White Team helps to establish the rules of engagement, the metrics for assessing results and the procedures for providing operational security for the engagement. The White Team normally has responsibility for deriving lessons-learned, conducting the post engagement assessment, and promulgating results. 2. Can also refer to a small group of people who have prior knowledge of unannounced Red Team activities. The White Team acts as observers during the Red Team activity and ensures the scope of testing does not exceed a predefined threshold.Organization
wire servicernounA financial institution that offers electronic funds transfer serviceOrganizationRegulatedPCI
workforcenounThe individuals engaged in or available for work in a country, industry or organization.Organization