Browse — Entity Type · Physical
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
119 terms
TermTypeDefinitionClassificationsUpdated
Advanced Key ProcessornounA cryptographic device that performs all cryptographic functions for a management client node and contains the interfaces to 1) exchange information with a client platform, 2) interact with fill devices, and 3) connect a client platform securely to the primary services node (PRSN).PhysicalRegulatedCUI
Alternate facilitiesnounLocations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed Scope Note: Includes other buildings, offices or data processing centersPhysicalRestricted
Alternate Work SitenounGovernmentwide, national program allowing federal employees to work at home or at geographically convenient satellite offices for part of the work week (e.g., telecommuting).PhysicalRegulated
authorized devicenounA computer device that the organization has authorized to be used and connected to the system.Physical
Automated Teller Machine (ATM)nounAn electronic funds transfer (EFT) terminal that allows customers using a PIN-based debit (ATM) card to initiate transactions (e.g., deposits, withdrawals, account balance inquiries).PhysicalRegulatedPCI
Benign EnvironmentnounA non-hostile location protected from external hostile elements by physical, personnel, and procedural security countermeasures.Physical
buildingnounA structure that has a roof and walls and stands more or less permanently in one place.Physical
cablenounA wire or group of wires covered in a protective casing used for transmitting electricity or telecommunication signals.PhysicalRegulated
CanisternounType of protective package used to contain and dispense keying material in punched or printed tape form.PhysicalRegulatedCUI
Certification Authority FacilitynounThe collection of equipment, personnel, procedures and structures that are used by a Certification Authority to perform certificate issuance and revocation.PhysicalRestricted
Cold SitenounBackup site that can be up and operational in a relatively short time span, such as a day or two. Provision of services, such as telephone lines and power, is taken care of, and the basic office furniture might be in place, but there is unlikely to be any computer equipment, even though the building might well have a network infrastructure and a room ready to act as a server room. In most cases, cold sites provide the physical location and basic services.PhysicalRegulated
Cold/Warm/Hot Disaster Recovery Sitenoun* Hot site. It contains fully redundant hardware and software, with telecommunications, telephone and utility connectivity to continue all primary site operations. Failover occurs within minutes or hours, following a disaster. Daily data synchronization usually occurs between the primary and hot site, resulting in minimum or no data loss. Offsite data backup tapes might be obtained and delivered to the hot site to help restore operations. Backup tapes should be regularly tested to detect data corruption, malicious code and environmental damage. A hot site is the most expensive option. * Warm site. It contains partially redundant hardware and software, with telecommunications, telephone and utility connectivity to continue some, but not all primary site operations. Failover occurs within hours or days, following a disaster. Daily or weekly data synchronization usually occurs between the primary and warm site, resulting in minimum data loss. Offsite data backup tapes must be obtained and delivered to the warm site to restore operations. A warm site is the second most expensive option. * Cold site. Hardware is ordered, shipped and installed, and software is loaded. Basic telecommunications, telephone and utility connectivity might need turning on to continue some, but not all primary site operations. Relocation occurs within weeks or longer, depending on hardware arrival time, following a disaster. No data synchronization occurs between the primary and cold site, and could result in significant data loss. Offsite data backup tapes must be obtained and delivered to the cold site to restore operations. A cold site is the least expensive option.PhysicalRestricted
computer portnounA computer port is a connection point or interface between a computer and an external or internal device. Internal ports may connect such devices as hard drives and CD ROM or DVD drives; external ports may connect modems, printers, mice and other devices.Physical
computer roomnounA facility used to house computer systems and associated components, such as telecommunications and storage systems, generally including redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and various security devices.PhysicalRestricted
COMSEC AssemblynounGroup of parts, elements, subassemblies, or circuits that are removable items of COMSEC equipment.PhysicalRegulatedCUI
COMSEC ElementnounRemovable item of COMSEC equipment, assembly, or subassembly; normally consisting of a single piece or group of replaceable parts.PhysicalRegulatedCUI
COMSEC End-itemnounEquipment or combination of components ready for use in a COMSEC application.PhysicalRegulatedCUI
COMSEC EquipmentnounEquipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process. COMSEC equipment includes crypto-equipment, crypto-ancillary equipment, cryptographic production equipment, and authentication equipment.PhysicalRegulatedCUI
COMSEC FacilitynounAuthorized and approved space used for generating, storing, repairing, or using COMSEC material.PhysicalRegulatedCUI
COMSEC ModulenounRemovable component that performs COMSEC functions in a telecommunications equipment or system.PhysicalRegulatedCUI
Controlled Access AreanounPhysical area (e.g., building, room, etc.) to which only authorized personnel are granted unrestricted access. All other personnel are either escorted by authorized personnel or are under continuous surveillance.PhysicalRegulated
Controlled AreanounAny area or space for which the organization has confidence that the physical and procedural protections provided are sufficient to meet the requirements established for protecting the information and/or information system.PhysicalRestricted
Controlled Cryptographic ItemnounSecure telecommunications or information system, or associated cryptographic component, that is unclassified and handled through the COMSEC Material Control System (CMCS), an equivalent material control system, or a combination of the two that provides accountability and visibility. Such items are marked “Controlled Cryptographic Item,” or, where space is limited, “CCI”.PhysicalRegulatedCUI
Controlled Cryptographic Item AssemblynounDevice embodying a cryptographic logic or other COMSEC design that NSA has approved as a Controlled Cryptographic Item (CCI). It performs the entire COMSEC function, but depends upon the host equipment to operate.PhysicalRegulatedCUI
Controlled Cryptographic Item ComponentnounPart of a Controlled Cryptographic Item (CCI) that does not perform the entire COMSEC function but depends upon the host equipment, or assembly, to complete and operate the COMSEC function.PhysicalRegulatedCUI
Controlled Cryptographic Item EquipmentnounTelecommunications or information handling equipment that embodies a Controlled Cryptographic Item (CCI) component or CCI assembly and performs the entire COMSEC function without dependence on host equipment to operate.PhysicalRegulatedCUI
Controlled SpacenounThree-dimensional space surrounding information system equipment, within which unauthorized individuals are denied unrestricted access and are either escorted by authorized individuals or are under continuous physical or electronic surveillance.PhysicalRegulated
Crossover CablenounA crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together.Physical
Cryptographic Ancillary EquipmentnounEquipment designed specifically to facilitate efficient or reliable operation of cryptographic equipment, without performing cryptographic functions itself.PhysicalRegulatedCUI
Cryptographic ComponentnounHardware or firmware embodiment of the cryptographic logic. A cryptographic component may be a modular assembly, a printed wiring assembly, a microcircuit, or a combination of these items.PhysicalRegulatedCUI
Data centernounA facility that houses an institution's most important information systems components, including computer systems, telecommunications components, and storage systems.PhysicalRegulated
data storage medianounThe physical form of how data is stored (e.g. magnetic tape, CD-ROM, paper).PhysicalRegulated
Data Transfer DevicenounFill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key, designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems.PhysicalRegulatedCUI
Debit cardnounA payment card issued as either a PIN-based debit (ATM) card or as a signature-based debit card from one of the bankcard associations. A payment card issued to a person for purchasing goods and services through an electronic transfer of funds from a demand deposit account rather than using cash, checks, or drafts at the point-of-sale.PhysicalRegulatedPCI
DepositorynounAn institution that holds funds or marketable securities for safekeeping. Depositories may be privately or publicly operated and allow securities transfers through book-entry and offer funds accounts permitting funds transfers as a means of payment.PhysicalRegulatedPCI
Direct access storage device (DASD)nounA magnetic disk storage device historically used in mainframe environments. DASD may also include hard drives used in personal computers.Physical
Electronic funds transfer point of sale equipmentnounAny, instruments or machinery required for an electric transfer of money to take place.PhysicalRegulatedPCI
Environment of OperationnounThe physical, technical, and organizational setting in which an information system operates, including but not limited to: missions/business functions; mission/business processes; threat space; vulnerabilities; enterprise and information security architectures; personnel; facilities; supply chain relationships; information technologies; organizational governance and culture; acquisition and procurement processes; organizational policies and procedures; organizational assumptions, constraints, risk tolerance, and priorities/trade-offs).Physical
Fill DevicenounCOMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment.PhysicalRegulatedCUI
Fixed COMSEC FacilitynounCOMSEC facility located in an immobile structure or aboard a ship.PhysicalRegulatedCUI
Hard Copy KeynounPhysical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories (PROM).PhysicalRegulatedCUI
hardwarenounThe physical components of an information system. See also Software and Firmware.Physical
Homing beaconsnounDevices that send messages to the institution when they connect to a network and that enable recovery of the device.PhysicalRegulated
Host bus adapter (HBA)nounA host bus adapter provides I/O processing and physical connectivity between a server and storage. As the only part of a storage area network that resides in a server, HBAs also provide a critical link between the storage area network and the operating system and application software.Physical
Hot SitenounBackup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on. Desks will have desktop PCs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully functioning element of an organization.PhysicalRegulated
Inspectable SpacenounThree dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. Synonymous with zone of control.PhysicalRegulatedCUI
Jump BagnounA Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.Physical
Key fobnounA small portable device equipped with chip technology allowing the holder the ability to access network systems, such as those used for payments, and to store personal data.PhysicalRegulatedPII
Key LoadernounA self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or a component of a key that can be transferred, upon request, into a cryptographic module.PhysicalRegulatedCUI
Key Management DevicenounA unit that provides for secure electronic distribution of encryption keys to authorized users.PhysicalRestricted
key resourcenounA publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.PhysicalRegulated
Key TapenounPunched or magnetic tape containing key. Printed key in tape form is referred to as a key list.PhysicalRegulatedCUI
live CDnounA live CD or live disk is a self-contained bootable and fully operational operating system (OS) on a disk, typically a CD or DVD or even a USB drive, depending on the size of the OS. This version of an OS can boot and run on a PC without ever needing to be installed on the computer's hard drive or changing the PC settings, allowing a user to recover files on a computer with a corrupted OS or to simply experiment on different things without fear of corrupting any files on the disk or the OS installation. Some versions of Linux are small and portable enough to function in a live CD.Physical
locally mounted hardwarenounHardware installed inside the perimeter of a defined location. This includes but is not limited to motion sensors, electronic lock control mechanisms, and badge readers.PhysicalRegulated
LockboxnounDeposit mechanism used by commercial firms and businesses to facilitate their deposit transaction volume. Typically, commercial firms and businesses direct customers to send payments directly to a financial institution address or post office box controlled by the institution. Financial institution personnel record payments received and prepare deposit slips, and subsequent processing proceeds as with other deposit taking activities.PhysicalRegulatedPCI
Master Cryptographic Ignition KeynounKey device with electronic logic and circuits providing the capability for adding more operational CIKs to a keyset.PhysicalRegulatedCUI
MedianounPhysical devices or writing surfaces including but not limited to magnetic tapes, optical disks, magnetic disks, Large Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.PhysicalRegulated
mobile devicenounPortable cartridge/disk-based, removable storage media (e.g., floppy disks, compact disks, USB flash drives, external hard drives, and other flash memory cards/drives that contain nonvolatile memory). Portable computing and communications device with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices).PhysicalRegulated
Mobile sitenounThe use of a mobile/temporary facility to serve as a business resumption location The facility can usually be delivered to any site and can house information technology and staff.PhysicalRegulated
MultiplexersnounA device that encodes or multiplexes information from two or more data sources into a single channel. They are used in situations where the cost of implementing separate channels for each data source is more expensive than the cost and inconvenience of providing the multiplexing/de-multiplexing functions.Physical
Network interface cardnounA communication card that when inserted into a computer, allows it to communicate with other computers on a network Scope Note: Most NICs are designed for a particular type of network or protocol.Physical
Network TapsnounNetwork taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices.Physical
One-time TapenounPunched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems.PhysicalRegulatedCUI
payment cardnounA range of different cards that can be used to access cash assets through point-of-sale terminals or other facilities in order to make payments, receive cash money, exchange currency and perform other actions determined by the card issuer and its terms.PhysicalRegulatedPCI
PermuternounDevice used in cryptographic equipment to change the order in which the contents of a shift register are used in various nonlinear combining circuits.PhysicalRestrictedCUI
Personal digital assistant (PDA)nounA pocket-sized, special-purpose personal computer that lacks a conventional keyboard.PhysicalRegulated
Personal Identity Verification CardnounPhysical artifact (e.g., identity card, “smart” card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation, etc.) such that a claimed identity of the cardholder may be verified against the stored credentials by another person (human-readable and verifiable) or an automated process (computer-readable and verifiable).PhysicalRegulatedCUI
physical environmentnounThe physical external surrounding and conditions in which something exists.Physical
physical security perimeternounA type of gate, door, wall, or fence system that is intended to restrict and control the physical access or egress of personnel.PhysicalRegulated
Portable Electronic DevicenounAny nonstationary electronic apparatus with singular or multiple capabilities of recording, storing, and/or transmitting data, voice, video, or photo images. This includes but is not limited to laptops, personal digital assistants, pocket personal computers, palmtops, MP3 players, cellular telephones, thumb drives, video cameras, and pagers.PhysicalRegulatedCUI
Positive Control MaterialnounGeneric term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material, or devices.PhysicalRegulatedCUI
QuadrantnounShort name referring to technology that provides tamper-resistant protection to cryptographic equipment.PhysicalRegulatedCUI
Radio Frequency IdentificationnounA form of automatic identification and data capture (AIDC) that uses electric or magnetic fields at radio frequencies to transmit information.Physical
Recovery sitenounAn alternate location for processing information (and possibly conducting business) in an emergency. Usually distinguished as "hot" sites that are fully configured centers with compatible computer equipment and "cold" sites that are operational computer centers without the computer equipment.PhysicalInternal
Removable medianounPortable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information. Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage devices.PhysicalRegulated
removable storage medianounPortable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information. Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage devices.PhysicalRegulated
Sensitive Compartmented Information FacilitynounAccredited area, room, or group of rooms, buildings, or installation where SCI may be stored, used, discussed, and/or processed.PhysicalRegulatedCUI
Shielded EnclosurenounRoom or container designed to attenuate electromagnetic radiation, acoustic signals, or emanations.PhysicalRegulatedCUI
Simulated loss of data center site(s) test/exercisenounA type of disaster recovery test that involves the simulation of the loss of the primary, alternate, and/or tertiary data processing sites to verify that the institution can continue its data processing activities.PhysicalInternal
Smart cardnounA credit card-sized card with embedded integrated circuits that can store, process, and communicate information.PhysicalRegulated
Special Access Program FacilitynounFacility formally accredited by an appropriate agency in accordance with DCID 6/9 in which SAP information may be processed.PhysicalRegulatedCDI
Store cardnounA credit card issued by a financial institution for a specific merchant or vendor that does not carry a bankcard association logo. Store cards can only be used at the merchant or vendor whose name appears on the front of the card.PhysicalRegulatedPCI
Stored-value cardnounA card-based payment system that assigns a value to the card. The card's value can be stored on the card itself (i.e., on the magnetic stripe or in a computer chip) or in a network database. As the card is used for transactions, the transaction amounts are subtracted from the card's balance. As the balance approaches zero, some cards can be "reloaded" through various methods and others are designed to be discarded. These cards are often used in closed systems for specific types of purchases.PhysicalRegulatedPCI
SubassemblynounMajor subdivision of an assembly consisting of a package of parts, elements, and circuits that perform a specific function.Physical
TEMPEST ZonenounDesignated area within a facility where equipment with appropriate TEMPEST characteristics (TEMPEST zone assignment) may be operated.PhysicalRegulatedCUI
terminalnounAn input or output device that operates independently of the system to which it is linked.Physical
transmission equipmentnounAny instruments required to electronically transfer data over a network.PhysicalRegulated
Trusted FoundrynounFacility that produces integrated circuits with a higher level of integrity assurance.PhysicalRegulatedCDI
Trusted Platform Module ChipnounA tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys.PhysicalRestricted
Type 1 ProductnounCryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting national security information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms. Used to protect systems requiring the most stringent protection mechanisms.PhysicalRegulatedCUI
Type 2 ProductnounCryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified information.PhysicalRegulatedCUI
Type 3 ProductnounUnclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST-approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP).PhysicalRegulatedCUI
U.S.-Controlled FacilitynounBase or building to which access is physically controlled by U.S. individuals who are authorized U.S. government or U.S. government contractor employees.PhysicalRegulatedCUI
U.S.-Controlled SpacenounRoom or floor within a facility that is not a U.S.-controlled facility, access to which is physically controlled by U.S. individuals who are authorized U.S. government or U.S. government contractor employees. Keys or combinations to locks controlling entrance to U.S.-controlled spaces must be under the exclusive control of U.S. individuals who are U.S. government or U.S. government contractor employees.PhysicalRegulatedCUI
Uninterruptible power supply (UPS)nounA device that allows your computer to keep running for at least a short time when the primary power source is lost. A UPS may also provide protection from power surges. A UPS contains a battery that "kicks in" when the device senses a loss of power from the primary source allowing the user time to save any data they are working on and to exit before the secondary power source (the battery) runs out. When power surges occur, a UPS intercepts the surge so that it doesn't damage your computer.Physical
Wallet cardnounPortable information cards that provide emergency communications information for customers and employees.PhysicalInternal
Warm sitenounBackup site which typically contains the data links and preconfigured equipment necessary to rapidly start operations, but does not contain live data. Thus commencing operations at a warm site will (at a minimum) require the restoration of current data.PhysicalInternal
Write blockernounA devices that allows the acquisition of information on a drive without creating the possibility of accidentally damaging the drivePhysicalRegulated
Zone Of ControlnounThree-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists.PhysicalRestrictedCUI