Browse — Entity Type · Role
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
107 terms
TermTypeDefinitionClassificationsUpdated
Administrator privilegesnounComputer system access to resources that are unavailable to most users. Administrator privileges permit execution of actions that would otherwise be restricted.Role
affiliatenounThis role focuses on persons who are affiliated with other persons or organizations or on organizations or individuals that control or are controlled by a third party. Any person associated with another person or organization or any organization or individual being controlled by or controlling a third party should be assigned to this role.RoleRegulated
Alternate COMSEC CustodiannounIndividual designated by proper authority to perform the duties of the COMSEC custodian during the temporary absence of the COMSEC custodian.Role
auditornounA person who conducts audits from either inside or outside of the organization being audited.Role
authorized personnounThis role is focused on a person who has been given permission to do something by an authority. Any individual who has been granted permission to do something on behalf of their organization should be assigned to this role.Role
authorized personnelnounThis role is focused on employees who are granted access to the organizations assets, information, and/or certain areas, or permitted to conduct certain work. Any individual who is sanctioned by management should be assigned to this role.Role
Authorizing OfficialnounA senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.Role
Authorizing Official Designated RepresentativenounAn organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization.RoleRegulated
Automated Clearing House (ACH) OperatornounA central clearing facility that depository financial institutions use to transmit and receive ACH entries. ACH operators are typically a Federal Reserve Bank or a private-sector organization that operates on behalf of a depository financial institution.Role
be responsiblenounHave an obligation to do something, or have control over or care for someone, as part of one’s job or role.Role
Certification AnalystnounThe independent technical liaison for all stakeholders involved in the C&A process responsible for objectively and independently evaluating a system as part of the risk management process. Based on the security requirements documented in the security plan, performs a technical and non-technical review of potential vulnerabilities in the system and determines if the security controls (management, operational, and technical) are correctly implemented and effective.Role
Certified TEMPEST Technical AuthoritynounAn experienced, technically qualified U.S. government employee who has met established certification requirements in accordance with CNSS-approved criteria and has been appointed by a U.S. government department or agency to fulfill CTTA responsibilities.RoleRegulatedCUI
CertifiernounIndividual responsible for making a technical judgment of the system’s compliance with stated requirements, identifying and assessing the risks associated with operating the system, coordinating the certification activities, and consolidating the final certification and accreditation packages.Role
Chief Information OfficernounAgency official responsible for: 1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information systems are acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; 2) developing, maintaining, and facilitating the implementation of a sound and integrated information system architecture for the agency; and 3) promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency. Note: Organizations subordinate to federal agencies may use the term Chief Information Officer to denote individuals filling positions with similar security responsibilities to agency-level Chief Information Officers.RoleRegulated
Chief Information Security OfficernounThe person in charge of information security within the enterpriseRoleRegulated
Chief Security OfficernounThe person usually responsible for all security matters both physical and digital in an enterpriseRole
CIP Senior ManagernounA single senior management official with overall authority and responsibility for leading and managing implementation of and continuing adherence to the requirements within the NERC CIP Standards, CIP-002 through CIP-011.RoleRegulatedCUI
Command AuthoritynounIndividual responsible for the appointment of user representatives for a department, agency, or organization and their key ordering privileges.RoleRegulated
COMSEC CustodiannounIndividual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account.Role
contractornounA person or firm that undertakes a contract to provide materials or labor to perform a service or do a job.Role
Controlling AuthoritynounOfficial responsible for directing the operation of a cryptonet and for managing the operational use and control of keying material assigned to the cryptonet.RoleRegulatedCUI
critical employeenounAn employee whose skills and knowledge are vital to organization's operations.Role
Crypto OfficernounAn operator or process (subject), acting on behalf of the operator, performing cryptographic initialization or management functions.RoleRegulated
cybersecurity personnelnounAll people who are employed by an organization to perform cybersecurity activities.Role
cybersecurity roles and responsibilitiesnounThe functions and duties of personnel who are responsible for preventing cybersecurity events that disrupt operations or affected parties, assigned and performed in conformance with pertinent laws and standards.Role
Data AdministrationnounIn the NICE Workforce Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.Role
Data custodiannounThe individual(s) and department(s) responsible for the storage and safeguarding of computerized dataRole
Data ownernounThe individual(s), normally a manager or director, who has responsibility for the integrity, accurate reporting and use of computerized dataRole
Designated Approval AuthoritynounOfficial with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with authorizing official, designated accrediting authority, and delegated accrediting authority.Role
Device Registration ManagernounThe management role that is responsible for performing activities related to registering users that are devices.Role
employeenounThis role focuses on individuals who work directly for an organization, e.g. university, government, company. Any individual who works directly for an organization and is paid a wage or salary for their work should be assigned to this role.Role
End usernounThis role is focused on the consumers of a product or the access to and use of information systems and networks within the organization. Any individual who who uses the product should be assigned to this role.Role
Enrollment ManagernounThe management role that is responsible for assigning user identities to management and non-management roles.Role
external auditornounAn auditor who is independent of the legal entity whose financial statements they perform audits on.Role
Forensic SpecialistnounA professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered.Role
incident monitoring roles and responsibilitiesnounThe position and collection of tasks, duties, obligations that participants undertake to perform the daily and all special tasks associated with reviewing, trackIng, evaluatIng, and reportIng on the status of incidents..Role
incident response personnelnounPersonnel assigned by an organization to manage or engage in incident response tasks.Role
incident response team member's role and responsibilitynounThe functions and duties of individuals who are suppose to return service or operations back to normal after a disruption has occurred.Role
IndividualsnounAn assessment object that includes people applying specifications, mechanisms, or activities.Role
Information Assurance ProfessionalnounIndividual who works IA issues and has real-world experience plus appropriate IA training and education commensurate with their level of IA responsibility.Role
Information OwnernounOfficial with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. See Information Steward.Role
Information Security ArchitectnounIndividual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.Role
information security roles and responsibilitiesnounThe position and collection of tasks, duties, obligations that participants undertake to perform the daily and all special tasks in the role of information security.Role
Information StewardnounIndividual or group that helps to ensure the careful and responsible management of federal information belonging to the Nation as a whole, regardless of the entity or source that may have originated, created, or compiled the information. Information stewards provide maximum access to federal information to elements of the federal government and its customers, balanced by the obligation to protect the information in accordance with the provisions of FISMA and any associated security-related federal policies, directives, regulations, standards, and guidance.RoleRegulated
Information System OwnernounOfficial responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.Role
Information System Owner or Program ManagernounOfficial responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.Role
Information System Security OfficernounIndividual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for ensuring that the appropriate operational security posture is maintained for an information system or program.Role
Information Systems Security EngineernounIndividual assigned responsibility for conducting information system security engineering activities.Role
Information Systems Security ManagernounIndividual responsible for the information assurance of a program, organization, system, or enclave.Role
Information Systems Security OfficernounIndividual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program.Role
interested personnelnounThis role focuses on persons or organizations that have a recognizable stake in the outcome of a court matter or who are potentially being affected by a situation or hoping to make money off of the situation. Any individual or organization that has a recognizable stake in the outcome of a court matter, may be affected by a situation, or make money from the situation should be assigned to this role.Role
internal audit managernounMonitors the audit scope and risk assessments to ensure that audit coverage remains adequate.RoleInternal
internal auditornounThis role is focused on providing independent and objective evaluations of the organization's financial records, systems, or anything else being audited. Any individual who performs internal audits should be assigned to this role.Role
KOA ManagernounThe Management Role that is responsible for the operation of one or KOA’s (i.e., manages distribution of KMI products to the end cryptographic units, fill devices, and ADPs that are assigned to the manager’s KOA).RoleRegulatedCUI
KOA Registration ManagernounThe individual responsible for performing activities related to registering KOAs.RoleRegulated
legal staffnounThe branch of an organization's personnel that is responsible for anything pertaining to law or legalities. Lawyers.Role
managementnounThis role focuses on administering, organizing, and overseeing the organization. Any individuals who are involved in the administration, organization, supervision, and oversight of the organization should be assigned to this role.Role
Network administratornounThe individual responsible for the installation, management, and control of a network.Role
Network SponsornounIndividual or organization responsible for stating the security policy enforced by the network, designing the network security architecture to properly enforce that policy, and ensuring that the network is implemented in such a way that the policy is enforced.Role
Personal Identity Verification Authorizing OfficialnounAn individual who can act on behalf of an agency to authorize the issuance of a credential to an applicant.RoleRegulatedCUI
Personal Identity Verification SponsornounAn individual who can act on behalf of a department or agency to request a PIV Card for an applicant.RoleRegulatedCUI
Personnel Registration ManagernounThe management role that is responsible for registering human users, i.e., users that are people.Role
Point Of ContactnounThis role is focused on being a representative of a group who facilitates communications between two or more groups, organizations, etc. on certain issues. Any individual who coordinates communications between groups, organizations, etc. on certain issues that they work on should be assigned to this role.Role
Policy Approving AuthoritynounFirst level of the PKI Certification Management Authority that approves the security policy of each PCA.RoleRegulated
Principal Accrediting AuthoritynounSenior official with authority and responsibility for all intelligence systems within an agency.RoleRestrictedCUI
privileged usernounA user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.Role
qualificationnounAn attribute or accomplishment that makes someone suitable for a particular job or activity.Role
qualified personnelnounA person who is certified or licensed to work in a specific field; competent person.Role
Red TeamnounA group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment.Role
responsible entitynounAny group or even individual with an organization that has been given a particular responsibility for a particular process.RoleRegulated
Risk AssessornounThe individual, group, or organization responsible for conducting a risk assessment.Role
Risk ExecutivenounAn individual or group within an organization that helps to ensure that: (i) security risk-related considerations for individual information systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing risk from individual information systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.Role
Risk Executive FunctionnounAn individual or group within an organization that helps to ensure that: (i) security risk-related considerations for individual information systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing risk from individual information systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.Role
rolenounA group attribute that ties membership to function. When an entity assumes a role, the entity is given certain rights that belong to that role. When the entity leaves the role, those rights are removed. The rights given are consistent with the functionality that the entity needs to perform the expected tasks.Role
Security Control AssessornounThe individual, group, or organization responsible for conducting a security control assessment.Role
security personnelnounIndividuals who protect people, facilities, and information for an organization.Role
Senior Agency Information Security OfficernounOfficial responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. SP 800-53 Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.RoleRegulated
senior executivenounA long standing and top ranking member of the management of an organization.Role
senior managementnounThis group focuses on directing and controlling the organization at the highest level. Any individuals or group that is involved in directing and controlling an organization should be assigned to this role.Role
senior managernounA manager who has responsibilities and authority broader in scope than a front-line manager and typically reports into a director or general manager level role. They manage the day-to-day activities of the business by setting direction in-line with the overall business strategy, setting goals and objectives and managing communication throughout their group.Role
System AdministratornounIndividual responsible for the installation and maintenance of an information system, providing effective information system utilization, adequate security parameters, and sound implementation of established Information Assurance policy and procedures.Role
System OwnernounPerson or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.Role
Trusted AgentnounEntity authorized to act as a representative of an agency in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities.RoleRestrictedCUI
User RepresentativenounIndividual authorized by an organization to order COMSEC keying material and interface with the keying system, provide information to key users, and ensure the correct type of key is ordered.RoleRegulatedCUI
User Representative for Risk ManagementnounThe person that defines the system’s operational and functional requirements, and who is responsible for ensuring that user operational interests are met throughout the systems authorization process.Role