Browse — Entity Type · System
allDataSystemNetworkIdentityCredentialPhysicalProcessCapabilityOrganizationFrameworkEventMetricVulnerabilityThreatControlFindingRequirementRoleArtifactUnknown
227 terms
TermTypeDefinitionClassificationsUpdated
Account Balancing Monitoring System (ABMS)nounThe Federal Reserve's computing system providing reserve account information to the Federal Reserve Banks and depository institutions on an intraday basis. ABMS serves both as an informational source and a monitoring tool. This information includes opening balances, funds and securities transfers, accounting activity, and depository institutions cap and collateral limits.SystemRegulatedCUI
AppletnounJava programs; an application program that uses the client's web browser to provide a user interface.System
applicationnounSoftware program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges.System
Application systemnounAn integrated set of computer programs designed to serve a well- defined function and having specific input, processing, and output activities (e.g., general ledger, manufacturing resource planning, human resource management).System
Assured SoftwarenounComputer application that has been designed, developed, analyzed, and tested using processes, tools, and techniques that establish a level of confidence in it.System
Automated Clearing House (ACH)nounAn electronic clearing system in which a data processing center handles payment orders that are exchanged among financial institutions, primarily via telecommunications networks. ACH systems process large volumes of individual payments electronically. Typical ACH payments include salaries, consumer and corporate bill payments, interest and dividend payments, and Social Security payments.SystemRegulatedPCI
Bastion HostnounA special-purpose computer on a network specifically designed and configured to withstand attacks.SystemRegulated
Berkeley Internet Name DomainnounBIND stands for Berkeley Internet Name Domain and is an implementation of DNS. DNS is used for domain name to IP address resolution.System
BrowsernounA client computer program that can retrieve and display information from servers on the World Wide Web.System
Bulk Electric System Cyber SystemnounOne or more Bulk Electric System (BES) Cyber Assets logically grouped by a responsible entity to perform one or more reliability tasks for a functional entity.SystemRegulatedCUI
CachenounPronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching.System
Central Services NodenounThe Key Management Infrastructure core node that provides central security management and data management services.SystemRestrictedCUI
Certification Authority WorkstationnounCommercial off-the-shelf (COTS) workstation with a trusted operating system and special-purpose application software that is used to issue certificatesSystemRestricted
Clearing House Interbank Payment Systems (CHIPS)nounA "real time," multilateral, final payments system for large dollar value, business-to-business payment transactions between domestic or foreign institutions that have offices located in the United States. CHIPS is run by CHIP Co. LLC, a subsidiary of The Clearing House Payments Company, LLC.SystemRegulated
ClientnounIndividual or process acting on behalf of an individual who makes requests of a guard or dedicated server. The client’s requests to the guard or dedicated server can involve data transfer to, from, or through the guard or dedicated server.System
Client ApplicationnounA system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server.System
Closed Security EnvironmentnounEnvironment providing sufficient assurance that applications and equipment are protected against the introduction of malicious logic during an information system life cycle. Closed security is based upon a system's developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control.SystemRegulatedCUI
Cloud computingnounA model for enabling on-demand network access to a shared pool of configurable IT capabilities/ resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. It allows users to access technology-based services from the network cloud without knowledge of, expertise with, or control over the technology infrastructure that supports them. This cloud model is composed of five essential characteristics (on-demand self-service, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service); three service delivery models (Cloud Software as a Service [SaaS], Cloud Platform as a Service [PaaS], and Cloud Infrastructure as a Service [IaaS]); and four models for enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid cloud). Note: Both the user's data and essential security services may reside in and be managed within the network cloud.System
Cloud storagenounA model of data storage in which the digital data is stored in logical pools, the physical storage spans multiple servers (and often locations), and the physical environment is typically owned and managed by a hosting company.System
ClusteringnounConnecting two or more computers together in such a way that enables them to act as a single computer. Clustering is used for parallel processing, load balancing, and fault tolerance.System
Commercial off-the-shelf (COTS)nounCOTS products include software and hardware products that are ready-made and available for sale to the general public. COTS products are typically installed in existing systems and do not require customization. Also known as "shrink-wrap" applications.System
Computer Security SubsystemnounHardware/software designed to provide computer security features in a larger system environment.System
Computing EnvironmentnounWorkstation or server (host) and its operating system, peripherals, and applications.System
COMSEC Material Control SystemnounLogistics and accounting system through which COMSEC material marked "CRYPTO" is distributed, controlled, and safeguarded. Included are the COMSEC central offices of record, crypto logistic depots, and COMSEC accounts. COMSEC material other than key may be handled through the CMCS.SystemRegulatedCUI
ConcentratornounIn data transmission, a concentrator is a functional unit that permits a common path to handle more data sources than there are channels currently available within the path. A device that connects a number of circuits, which are not all used at once, to a smaller group of circuits for economy.System
ContainernounThe file used by a virtual disk encryption technology to encompass and protect other files.SystemRestricted
Critical Financial MarketsnounFinancial markets whose operations are critical to the economy. Critical financial markets provide the means for financial institutions to adjust their cash and securities positions and those of their customers in order to manage liquidity, market, and other risks to their organizations. Critical financial markets also provide support for the provision of a wide range of financial services to businesses and consumers in the United States and support the implementation of monetary policy. Examples of "critical financial markets" include: • Federal funds, foreign exchange, and commercial paper; • U.S. Government and agency securities; and • Corporate debt and equity securities.SystemRegulated
Critical infrastructurenounSystem and assets, whether physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. [Critical Infrastructures Protection Act of 2001, 42 U.S.C. 5195c(e)]SystemRegulatedCUI
critical servicenounA service that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.SystemRestricted
Critical system (infrastructure)nounThe systems and assets, whether physical or virtual, that are so vital that the incapacity or destruction of such may have a debilitating impact.SystemRegulated
Cryptographic ModulenounThe set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module.SystemRegulated
Cryptographic SystemnounAssociated information assurance items interacting to provide a single means of encryption or decryption.SystemRegulated
customer information systemnounFor purposes of the Information Security Standards, “customer information systems” means any methods used to access, collect, store, use, transmit, protect, or dispose of customer information.SystemRegulatedPII
cybernounRefers to the interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.System
cyber assetnounProgrammable electronic devices and communication networks including hardware, software and data.SystemRegulatedCUI
cyber ecosystemnounThe interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.System
cyber infrastructurenounIncludes electronic information and communications systems and services and the information contained in these systems and services. Information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems (e.g., supervisory control and data acquisition–SCADA); networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure.SystemRegulated
DaemonnounA program which is often started at the time the system boots and runs continuously without intervention from any of the users on the system. The daemon program forwards the requests to other programs (or processes) as appropriate. The term daemon is a Unix term, though many other operating systems provide support for daemons, though they're sometimes called other names. Windows, for example, refers to daemons and System Agents and services.System
Data WarehousingnounData Warehousing is the consolidation of several previously independent databases into one location.System
development environmentnounThe set of processes and programming tools used to develop, test, and debug an application or program.System
devicenounA generic term for a server, storage, client platform, computer, or any part of a computer other than the CPU or working memory.System
Distributed environmentnounA computer system with data and program components physically distributed across more than one computer.System
Dynamic Link LibrarynounA collection of small programs, any of which can be called when needed by a larger program that is running in the computer. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (usually referred to as a DLL file).System
Dynamic SubsystemnounA subsystem that is not continually present during the execution phase of an information system. Service-oriented architectures and cloud computing architectures are examples of architectures that employ dynamic subsystems.System
E-BankingnounThe remote delivery of new and traditional banking products and services through electronic delivery channels.SystemRegulatedPCI
ecosystemnounA system or group of interconnected elements, formed linkages and dependencies. For an FMI, this may include participants, linked FMIs, service providers, vendors and vendor products.SystemRegulated
Electronic Benefits Transfer (EBT)nounA type of EFT system involving the transfer of public entitlement payments, such as welfare or food stamps, through direct deposit or point-of-sale technology (see POS). The recipient can be given an identification card, similar to a benefit card, and a PIN allowing access to the benefits through an electronic network.SystemRegulatedPII
Electronic bill presentment and payment (EBPP)nounAn electronic alternative to traditional bill payment, allowing a merchant or utility to present its customers with an electronic bill and the payer to pay the bill electronically. EBPP systems usually fall within two models: direct and consolidation-aggregation. In the direct model, the merchant or utility generates an electronic version of the consumer's billing information, and notifies the consumer of a pending bill, generally via e-mail. The consumer can initiate payment of the electronically presented bill using a variety of payment mechanisms, typically a credit card. In the consolidation-aggregation model, the consumer's bills are consolidated by a consolidator acting on behalf of merchants and utilities (or aggregated on behalf of the consumer), combining data from multiple bills and presenting a single source for the consumer to initiate payment. Some consolidators present bills at their own web sites, typically most support the aggregation of bills by consumer service providers such an Internet portals, financial institutions, and brokerage web sites.SystemRegulatedPCI
Electronic Key Management SystemnounInteroperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.SystemRegulatedCUI
Embedded Cryptographic SystemnounCryptosystem performing or controlling a function as an integral element of a larger system or subsystem.SystemRegulatedCUI
EnclavenounCollection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location.SystemRegulated
End Cryptographic UnitnounDevice that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted.SystemRegulatedCUI
Enterprise ServicenounA set of one or more computer applications and middleware systems hosted on computer hardware that provides standard information systems capabilities to end users and hosted mission applications and services.System
entry pointnounAn entry point is a memory address, corresponding to a point in the code of a computer program which is intended as destination of a long jump, be it internal or external.SystemRegulated
EnvironmentnounAggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system.System
external information systemnounAn information system or component of an information system that is outside of the accreditation boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.SystemRegulated
External Information System or ComponentnounAn information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.SystemRegulated
External Information System ServicenounAn information system service that is implemented outside of the authorization boundary of the organizational information system (i.e., a service that is used by, but not a part of, the organizational information system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.SystemRegulated
Fast File SystemnounThe first major revision to the Unix file system, providing faster read access and faster (delayed, asynchronous) write access through a disk cache and better file system layout on disk. It uses inodes (pointers) and data blocks.System
Federal Bridge Certification AuthoritynounThe Federal Bridge Certification Authority consists of a collection of Public Key Infrastructure components (Certificate Authorities, Directories, Certificate Policies and Certificate Practice Statements) that are used to provide peer-to-peer interoperability among Agency Principal Certification Authorities.SystemRegulatedCUI
Federal Bridge Certification Authority MembranenounThe Federal Bridge Certification Authority Membrane consists of a collection of Public Key Infrastructure components including a variety of Certification Authority PKI products, Databases, CA specific Directories, Border Directory, Firewalls, Routers, Randomizers, etc.SystemRegulatedCUI
Federal Information SystemnounAn information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency.SystemRegulatedCUI
Fedwire Funds ServicenounThe Federal Reserve Banks' high-speed electronic funds transfer system. As a real-time gross settlement system, the Fedwire® Funds Service processes and settles individual payments between participants immediately in central bank money. Once processed, these payments are final.SystemRegulated
Fedwire Securities ServicenounThe Federal Reserve Banks' high-speed electronic payments system for maintaining securities accounts and for effecting securities transfers. The Fedwire® Securities Service provides a real-time, delivery-versus-payment (DVP), gross settlement system that allows for the immediate, simultaneous transfer of securities against payment. Once processed, securities transfers are final.SystemRegulated
FIN (Financial Application)nounThe SWIFT application within which all SWIFT user-to-user messages are input and output.SystemRegulatedPCI
financial market infrastructurenounA multilateral system among participating institutions, including the operator of the system, used for the purposes of clearing, settling or recording payments, securities, derivatives or other financial transactions.SystemRegulated
FirmwarenounComputer programs and data stored in hardware - typically in read-only memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs.System
ForestnounA forest is a set of Active Directory domains that replicate their databases with each other.System
funds transfer terminalnounAn information processing device used for the purpose of executing deposit account transactions between financial institutions and their customers by either the direct transmission of electronic impulses or the recording of electronic impulses for delayed processing.SystemRegulatedPCI
General Support SystemnounAn interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. A system can be, for example, a local area network (LAN) including smart terminals that supports a branch office, an agency-wide backbone, a communications network, a departmental data processing center including its operating system and utilities, a tactical radio network, or a shared information processing service organization (IPSO).System
Global Information GridnounThe globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and National Security Systems. Non-GIG IT includes stand-alone, self-contained, or embedded IT that is not, and will not be, connected to the enterprise network.SystemRegulatedCUI
GNUnounGNU is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed. The GNU project was started in 1983 by Richard Stallman and others, who formed the Free Software Foundation.System
GnutellanounAn Internet file sharing utility. Gnutella acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.System
hardware integritynounThe assurance that any given hardware asset is not a counterfeit, or otherwise falsely represented as being whole and intact as measured against original specifications.SystemRegulated
Hierarchical storage management (HSM)nounHSM is used to dynamically manage the back-up and retrieval of files based on how often they are accessed using storage media and devices that vary in speed and cost.System
High Assurance GuardnounA guard that has two basic functional capabilities: a Message Guard and a Directory Guard. The Message Guard provides filter service for message traffic traversing the Guard between adjacent security domains. The Directory Guard provides filter service for directory access and updates traversing the Guard between adjacent security domains.SystemRegulatedCUI
high impact Bulk Electric System Cyber SystemnounA Bulk Electric System Cyber System in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of high.SystemRegulatedCUI
High-Impact SystemnounAn information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high.SystemRegulatedCUI
HoneymonkeynounAutomated system simulating a user browsing websites. The system is typically configured to detect web sites which exploit vulnerabilities in the browser. Also known as Honey Client.System
HoneypotnounA system (e.g., a Web server) or system resource (e.g., a file on a server) that is designed to be attractive to potential crackers and intruders and has no authorized users other than its administrators.System
HypervisornounA piece of software that provides abstraction of all physical resources (such as central processing units, memory, network, and storage) and thus enables multiple computing stacks (consisting of an operating system, middleware and application programs) called virtual machines to be run on a single physical host.System
IA InfrastructurenounThe underlying security framework that lies beyond an enterprise’s defined boundary, but supports its IA and IA-enabled products, its security posture and its risk management plan.SystemRegulatedCUI
IA-Enabled Information Technology ProductnounProduct or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities. Examples include such products as security-enabled Web browsers, screening routers, trusted operating systems, and security-enabled messaging systems.System
IA-Enabled ProductnounProduct whose primary role is not security, but provides security services as an associated feature of its intended operating capabilities. Note: Examples include such products as security-enabled Web browsers, screening routers, trusted operating systems, and security enabling messaging systems.System
ICTnounInformation and communications technologies. ICT can also be read as IT (information technology) in this document.System
in-house developed applicationnounAn application that has been developed within the organization.SystemRegulated
Incident Management SystemnounThe tools (software and otherwise), reports, and processes used to input, process, and close incident reports from input through resolution.SystemRegulated
Industrial Control SystnounAn information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.SystemRegulatedCUI
Industrial Control SystemnounAn information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include supervisory control and data acquisition systems (SCADA) used to control geographically dispersed assets, as well as distributed control systems (DCS) and smaller control systems using programmable logic controllers to control localized processes.SystemRegulatedCUI
InetdnounInetd (or Internet Daemon) is an application that controls smaller internet services like telnet, ftp, and POP.System
information and communication(s) technologynounAny information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.SystemRegulated
Information EnvironmentnounAggregate of individuals, organizations, and/or systems that collect, process, or disseminate information, also included is the information itself.System
Information Sharing Environmentnoun1. An approach that facilitates the sharing of terrorism and homeland security information; or 2. ISE in its broader application enables those in a trusted partnership to share, discover, and access controlled information.SystemRegulatedCUI
Information SystemnounA discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. [Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.]SystemRegulated
information system componentnounA discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial information technology products.SystemRegulated
information technologynounAny equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which— 1) requires the use of such equipment; or 2) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.SystemRegulated
Information Technology systemnounInformation technology systems are collectively the equipment used to create, store and transmit digital data and any related software owned (or otherwise controlled) and used by the State and its agencies to fulfill its service and obligations to the citizens of Arizona.SystemRegulated
InfrastructurenounDescribes what has been implemented by IT architecture and often include support facilities such as power, cooling, ventilation, server and data redundancy and resilience, and telecommunications lines. Specific architecture types may exist for the following: enterprise, data (information), technology, security, and application.System
InterfacenounCommon boundary between independent systems or modules where interactions take place.System
Intermediate Certification AuthoritynounA Certification Authority that is subordinate to another CA, and has a CA subordinate to itself.SystemRegulated
intermediate systemnounA Cyber Asset or collection of Cyber Assets performing access control to restrict Interactive Remote Access to only authorized users. The Intermediate System must not be located inside the Electronic Security Perimeter.SystemRegulatedCUI
Intrusion prevention systemnounSystem(s) which can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets.System
Intrusion prevention systems (IPS)nounA system that can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its target.System
KernelnounThe essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands. Kernel and shell are terms used more frequently in Unix and some other operating systems than in IBM mainframe systems.System
Kernel modenounUsed for execution of privileged instructions for the internal operation of the system. In kernel mode, there are no protections from errors or malicious activity and all parts of the system and memory are accessible.System
Key Distribution CenternounCOMSEC facility generating and distributing key in electronic form.SystemRegulatedCUI
Key Escrow SystemnounA system that entrusts the two components comprising a cryptographic key (e.g., a device unique key) to two key component holders (also called "escrow agents").SystemRegulatedCUI
Key Management InfrastructurenounAll parts – computer hardware, firmware, software, and other equipment and its documentation; facilities that house the equipment and related functions; and companion standards, policies, procedures, and doctrine that form the system that manages and supports the ordering and delivery of cryptographic material and related information products and services to users.SystemRegulatedCUI
KiosknounA publicly accessible computer terminal that permits customers to directly communicate with the financial institution via a network.SystemInternalPCI
KMI-Aware DevicenounA user device that has a user identity for which the registration has significance across the entire KMI (i.e., the identity’s registration data is maintained in a database at the PRSN level of the system, rather than only at an MGC) and for which a product can be generated and wrapped by a PSN for distribution to the specific device.SystemRegulatedCUI
Large value funds transfer systemnounA wholesale payment system used primarily by financial institutions in which large values of funds are transferred between parties. Fedwire® and CHIPS are the two large-value transfer systems in the United States.SystemRegulated
Loadable Kernel ModulesnounLoadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running.System
Local Management Device/Key ProcessornounEKMS platform providing automated management of COMSEC material and generating key for designated users.SystemRegulatedCUI
Logic GatenounA logic gate is an elementary building block of a digital circuit. Most logic gates have two inputs and one output. As digital circuits can only understand binary, inputs and outputs can assume only one of two states, 0 or 1.System
Logical PerimeternounA conceptual perimeter that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system without a reliable human review by an appropriate authority. The location of such a review is commonly referred to as an “air gap.”System
low impact Bulk Electric System Cyber SystemnounA Bulk Electric System Cyber System in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of low, and none are assigned a potential impact value of medium or high.SystemRegulatedCUI
Low Impact Bulk Electric System Cyber System Electronic Access PointnounA Cyber Asset interface that controls Low Impact External Routable Connectivity. The Cyber Asset containing the LEAP may reside at a location external to the asset or assets containing low impact Bulk Electric System (BES) Cyber Systems.SystemRegulatedCUI
Low-Impact SystemnounAn information system in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low.SystemRegulated
Mail relay servernounAn electronic mail (e-mail) server that relays messages so that neither the sender nor the recipient is a local userSystem
MainframenounAn industry term for a large computer, typically used for the commercial applications of businesses and other large-scale computing purposes. Generally, a mainframe is associated with centralized rather than distributed computing.System
Major ApplicationnounAn application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All federal applications require some level of protection. Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate.SystemRegulatedCUI
Major Information SystemnounAn information system that requires special management attention because of its importance to an agency mission; its high development, operating, or maintenance costs; or its significant role in the administration of agency programs, finances, property, or other resources.SystemRegulatedCUI
Management ClientnounA configuration of a client node that enables a KMI external operational manager to manage KMI products and services by either 1) accessing a PRSN, or 2) exercising locally provided capabilities. An MGC consists of a client platform and an advanced key processor (AKP).SystemRegulatedCUI
Management information systems (MIS)nounA general term for the computer systems in an enterprise that provide information about its business operations.System
Manual CryptosystemnounCryptosystem in which the cryptographic processes are performed without the use of crypto-equipment or auto-manual devices.SystemRegulatedCUI
medium impact Bulk Electric System Cyber SystemnounA Bulk Electric System Cyber System in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of medium, and none are assigned a potential impact value of high.SystemRegulatedCUI
MiddlewarenounSoftware that connects two or more software components or applications. It is another term for an application programmer interface or API, and it allows programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.System
MidrangenounComputers that are more powerful and capable than personal computers but less powerful and capable than mainframe computers.System
Minor ApplicationnounAn application, other than a major application, that requires attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Minor applications are typically included as part of a general support system.SystemRegulated
Mirrored sitenounAn alternate site that contains the same information as the original Scope Note: Mirrored sites are set up for backup and disaster recovery and to balance the traffic load for numerous download requests. Such download mirrors are often placed in different locations throughout the Internet.System
Mobile Software AgentnounPrograms that are goal-directed and capable of suspending their execution on one platform and moving to another platform where they resume execution.System
Moderate-Impact SystemnounAn information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high.SystemRegulated
Multilateral netting settlement systemnounMultilateral netting is an arrangement among three or more parties to net their obligations. In these settlement systems transfers are irrevocable but are only final after the completion of end-of-day-settlement.SystemRegulated
Multilevel DevicenounEquipment trusted to properly maintain and separate data of different security domains.SystemRegulatedCUI
National Security SystemnounAny information system (including any telecommunications system) used or operated by an agency or by a contractor of any agency, or other organization on behalf of an agency, the function, operation, or use of which: I. involves intelligence activities; II. involves cryptologic activities related to national security; III. Involves command and control of military forces; IV. involves equipment that is an integral part of a weapon or weapon system; or V. subject to subparagraph (B), is critical to the direct fulfillment of military or intelligence missions; or is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. Subparagraph (B). Does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications). (Title 44 U.S. Code Section 3542, Federal Information Security Management Act of 2002.)SystemRegulatedCUI
Net-centric ArchitecturenounA complex system of systems composed of subsystems and services that are part of a continuously evolving, complex community of people, devices, information and services interconnected by a network that enhances information sharing and collaboration. Subsystems and services may or may not be developed or owned by the same entity, and, in general, will not be continually present during the full life cycle of the system of systems. Examples of this architecture include service-oriented architectures and cloud computing architectures.System
Network attached storage (NAS)nounNAS systems usually contain one or more hard disks that are arranged into logical, redundant storage containers much like traditional file servers. NAS provides readily available storage resources and helps alleviate the bottlenecks associated with access to storage devices.System
Network SystemnounSystem implemented with a collection of interconnected components. A network system is based on a coherent security architecture and design.System
online terminalnounA web-browser-based access to an acquirer, processor or third party service provider website to authorize payment card transactions, where the merchant manually enters payment card data via a securely connected web browser. Unlike physical terminals, virtual payment terminals do not read data directly from a payment card. Because payment card transactions are entered manually, virtual payment terminals are typically used instead of physical terminals in merchant environments with low transaction volumes.SystemRegulatedPCI
Operating systemnounThe software 'master control application' that runs the computer. It is the first program loaded when the computer is turned on, and its principal component, the kernel, resides in memory at all times. The OS sets the standards for all application programs (such as the mail server) that run in the computer. The applications communicate with the OS for most user interface and file management operations.System
Operating System FingerprintingnounAnalyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identify the operating system in use on the target.System
Operations TechnologynounThe hardware and software systems used to operate industrial control devices.SystemRegulated
outsourced applicationnounAn application that is contracted out to an external provider for the development, deployment, and management.SystemRegulated
Payment systemnounThe mechanism, the rules, institutions, people, markets, and agreements that make the exchange of payments possible.SystemRegulatedPCI
Perimeternoun(C&A) Encompasses all those components of the system that are to be accredited by the DAA, and excludes separately accredited systems to which the system is connected. (Authorization) Encompasses all those components of the system or network for which a Body of Evidence is provided in support of a formal approval to operate.SystemRegulatedCUI
PlatformnounThe underlying computer system on which applications programs run. A platform consists of an operating system, the computer system's coordinating program, which in turn is built on the instruction set for a processor or microprocessor, and the hardware that performs logic operations and manages data movement in the computer.System
Platform as a ServicenounOffers the capability to deploy onto the cloud infrastructure customer-created or -acquired applications that are created using programming languages and tools supported by the providerSystem
PortalnounA high-level remote access architecture that is based on a server that offers teleworkers access to one or more applications through a single centralized interface.System
Preproduction ModelnounVersion of INFOSEC equipment employing standard parts and suitable for complete evaluation of form, design, and performance. Preproduction models are often referred to as beta models.System
Primary Services NodenounA Key Management Infrastructure core node that provides the users’ central point of access to KMI products, services, and information.SystemRegulatedCUI
Privacy SystemnounCommercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack.SystemRegulated
Private branch exchange (PBX)nounA telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines.System
privileged utility programnounSpecialized system software used to perform a particular function or system maintenance that requires the ability to bypass, modify, or disable the technical or operational system security controls.SystemRestricted
Product Source NodenounThe Key Management Infrastructure core node that provides central generation of cryptographic key material.SystemRegulatedCUI
production environmentnounProduction environment is a term used mostly by developers to describe the setting where software and other products are actually put into operation for their intended uses by end users. A production environment can be thought of as a real-time setting where programs are run and hardware setups are installed and relied on for organization or commercial daily operations.System
Protective Distribution SystemnounWire line or fiber optic system that includes adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of unencrypted information.SystemRegulatedCUI
Real time gross settlement (RTGS) SystemnounA type of payments system operating in real time rather than batch processing mode. It provides immediate finality of transactions. Gross settlement refers to the settlement of each transfer individually rather than netting. FedwireÒ is an example of a real time gross settlement system.SystemRegulated
Redundant array of independent disks (RAID)nounThe use of multiple hard disks to store the same data in different places. By placing data on multiple disks, I/O operations can overlap in a balanced way, improving performance. Since multiple disks increase the mean time between failures (MTBF), storing data redundantly also increases fault-tolerance.System
RegistrynounThe Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.System
Remote access servicenounRefers to any combination of hardware and software to enable the remote access to tools or information that typically reside on a network of IT devices Scope Note: Originally coined by Microsoft when referring to their built-in NT remote access tools, RAS was a service provided by Windows NT which allowed most of the services that would be available on a network to be accessed over a modem link. Over the years, many vendors have provided both hardware and software solutions to gain remote access to various types of networked information. In fact, most modern routers include a basic RAS capability that can be enabled for any dial-up interface.SystemRegulated
Remote control softwarenounSoftware that is used to obtain access to a computer or network from a remote distance.SystemRestricted
SandboxnounA restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized.SystemInternal
Satellite technologynounThese links efficiently extend the reach of typical communication systems to distant areas and provide alternative traffic routing in an emergency.SystemRegulated
Secure SubsystemnounSubsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.SystemRegulated
Security KernelnounHardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.SystemRegulated
Security Net Control StationnounManagement system overseeing and controlling implementation of network security policy.SystemRegulatedCUI
ServernounA computer or other device that manages a network service. An example is a print server, which is a device that manages network printing.System
Shadow ITnounA term used to describe IT systems or applications used inside institutions without explicit approval.SystemInternal
ShellnounA Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its "C:" prompts and user commands such as "dir" and "edit").System
softwarenounComputer programs and associated data that may be dynamically written or modified during execution.System
Software as a servicenounOffers the capability to use the provider’s applications running on cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web- based e-mail).System
software platformnounA major piece of software, as an operating system, an operating environment, or a database, under which various smaller application programs can be designed to run.System
Storage virtualizationnounThe process of taking many different physical storage networks and devices, and making them appear as one "virtual" entity for purposes of management and administration.System
Stovepipe applicationnounStand-alone programs that may not easily integrate with other applications or systems.System
Subordinate Certification AuthoritynounIn a hierarchical PKI, a Certification Authority whose certificate signature key is certified by another CA, and whose activities are constrained by that other CA.SystemRegulatedCUI
SubsystemnounA major subdivision or component of an information system consisting of information, information technology, and personnel that perform one or more specific functions.System
Superior Certification AuthoritynounIn a hierarchical PKI, a Certification Authority who has certified the certificate signature key of another CA, and who constrains the activities of that CA.SystemRestrictedCUI
Supervisory control and data acquisitionnounA generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (delays, data integrity, etc.) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.SystemRegulatedCUI
systemnounAny organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions.System
System AssetsnounAny software, hardware, data, administrative, physical, communications, or personnel resource within an information system.System
Terminal servicesnounA component of Microsoft Windows operating systems (both client and server versions) that allows a user to access applications or data stored on a remote computer over a network connection.SystemRestricted
test environmentnounA controlled environment in which tests will be run on configuration items, builds, processes, IT services, etc.System
transient cyber assetnounA Cyber Asset that (i) is capable of transmitting or transferring executable code, (ii) is not included in a BES Cyber System, (iii) is not a Protected Cyber Asset (PCA), and (iv) is directly connected (e.g., using Ethernet, serial, Universal Serial Bus, or wireless, including near field or Bluetooth communication) for 30 consecutive calendar days or less to a BES Cyber Asset, a network within an ESP, or a PCA. Examples include, but are not limited to, Cyber Assets used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.SystemRegulatedCUI
Trusted Computer SystemnounA system that employs sufficient hardware and software assurance measures to allow its use for processing simultaneously a range of sensitive or classified information.SystemRegulatedCUI
Trusted Computing BasenounTotality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.System
Trustworthy SystemnounComputer hardware, software and procedures that— 1) are reasonably secure from intrusion and misuse; 2) provide a reasonable level of availability, reliability, and correct operation; 3) are reasonably suited to performing their intended functions; and 4) adhere to generally accepted security procedures.System
unapproved Information Technology resourcenounAn unsanctioned Information Technology resource.SystemRegulated
UnixnounA popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. Created by just a handful of programmers, Unix was designed to be a small, flexible system used exclusively by programmers.System
UtilitynounA program used to configure or maintain systems, or to make changes to stored or transmitted data.System
Virtual MachinenounSoftware that allows a single host to run one or more guest operating systems.System
Virtual MallnounAn Internet website offering products and services from multiple vendors or suppliers.System
Web hostingnounThe business of providing the equipment and services required to host and maintain files for one or more web sites and provide fast Internet connections to those sites Scope Note: Most hosting is shared, which means that web sites of multiple companies are on the same server to share/reduce costs.System
Web servernounUsing the client-server model and the World Wide Web's HyperText Transfer Protocol (HTTP), Web Server is a software program that serves web pages to users.System
WebsitenounA webpage or set of webpages designed, presented, and linked together to form a logical information resource and/or transaction initiation function.System
Website hostingnounThe service of providing ongoing support and monitoring of an Internet-addressable computer that stores webpages and processes transactions initiated over the Internet.SystemRegulated
WikinounWeb applications or similar tools that allow identifiable users to add content (as in an Internet forum) and allow anyone to edit that content collectively.System
WindowingnounA windowing system is a system for sharing a computer's graphical display presentation resources among multiple applications at the same time. In a computer that has a graphical user interface (GUI), you may want to use a number of applications at the same time (this is called task). Using a separate window for each application, you can interact with each application and go from one application to another without having to reinitiate it. Having different information or activities in multiple windows may also make it easier for you to do your work. A windowing system uses a window manager to keep track of where each window is located on the display screen and its size and status. A windowing system doesn't just manage the windows but also other forms of graphical user interface entities.System