Dictionary · NIST Cybersecurity Framework

To consent to receive (something given or offered).

To exercise authority over; direct; regulate. This include exercising authority over the processesses of issuance and revocation, management, and auditing.

To confine or put a limit on; keep under control; restrain.

To make or become better; enhance in value or quantity.

To render target data recovery infeasible and media unusable for the storage of data.

To deal with an issue.

To bring the different elements of a complex activity into a relationship that will ensure efficiency.

To have or establish a mutual connection or relationship, in which one thing affects or depends on another.

To share or convey knowledge, information, news, or ideas.

To design, create, and put something into effect.

To convert plaintext into ciphertext using a cryptographic algorithm.

To give support to; come together in agreement or alliance.

To put a plan, policy, decision, agreement, etc. into action or effect.

To have something in common or use jointly.

To be given, presented with, paid, or come into possession of something.

To keep up; continue a condition or situation; carry on.

Give sanction to.

To state as having existence; affirm; postulate.

To estimate or determine the nature, value, ability, or quality of someone or something; evaluate.

To record something in detail through photography, writing, or other form.

To carry out an action, task, or function.

To provide aid or give assistance to.

To appoint someone to a job, duty, task, or organization; allocate a job, duty, or task.

To start something that will last for a long time, or to create or set something in a particular way.

To lay the groundwork for something and then put it into practice.

To lay the groundwork for something and uphold it or ensure continuation by requiring maintenance.

To handle or control the behavior, movement, or function of a person, animal, or thing.

To diagram data that is to be exchanged electronically, including how it is to be used and what business management systems need it; a preliminary step for developing an applications link.

To include, take in or contain something as part of a whole.

To carry out fully or put something completely into effect.

To lessen or to try to lessen the severity, pain, seriousness, extent, or gravity of.

To serve as a foundation, underlying support, or starting point for something.

To examine or evaluate formally with the intent of making changes if necessary.

To determine the order for dealing with a series of items or tasks according to their relative importance.

To make certain or prove that something is true or accurate; confirm; substantiate.

To move or be apart; detach; disconnect.

To perceive the intended meaning, significance, explanation, or cause of something.

To shield or defend from danger, harm, injury, loss, destruction, or damage.

To arrange or place in a particular class or group.

To modernize or bring up to date.

To make a comprehensive complete list of things.

To change possession of property, a right, or a responsibility to another.

To establish, indicate, or verify who or what someone or something is.

To have an understanding of or information concerning something.

The action of employing something or the state of being put into action for some purpose.

To restrict or assign boundaries to something.

To establish or ascertain exactly as a result of research or calculation.

To manage, control, or organize and carry out.

To act in accordance with a wish, command, law, standard, or contractual obligation.

To proofread.

To state or describe exactly the nature, scope, or meaning of something.

To have, hold, include, or be a part of.

To supply or make something available for use.

The activities undertaken to define a recovery process which consists of defining rules, processes, and disciplines to ensure that the critical business processes will continue to function if there is a failure of one or more of the information processing or telecommunications resources upon which their operations depends.

Bring something into existence and cause or enable it to continue.

Access to an organization's nonpublic information system by an authorized user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet).

Portable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information. Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage devices.

Any task performed by an organization in reaction to discovered risks.

A systematic plan of action consisting of documented procedures for mitigating and recovering from a disruptive event.

An asset available for use.

A document detailing the steps that must be taken, or the activities that must be performed well, in response to risk assessment or audit findings.

The beliefs, opinion, or social evaluation of the public about someone or something.

Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

An organized activity to restore something.

The level of risk an entity is willing to assume in order to achieve a potential desired result.

The systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analyzing, evaluating, treating,monitoring and reviewing risk

A plan of action for analyzing and prioritizing risks to organizational operations, assets, and personal in alignment with the organization's mission and business objectives.

Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations, resources, and other organizations.

A set of responsibilities defined in a process and assigned to a person or team.

The position and collection of tasks, duties, obligations that participants undertake to complete a project.

A safeguard or countermeasure to avoid, counteract or minimize security risks relating to personal property, or any company property. For business-to-business facing organizations whose service may affect the financial statements of the other company, the prospect may require successful audit reports of policy controls.

Individuals who protect people, facilities, and information for an organization.

A series of actions that ensure the protection of data.

The statement of required protection of the information objects that documents an organization's philosophy of managing, protecting, and distributing its computing and information assets. The set of security rules enforced by the system's security features.

A long standing and top ranking member of the management of an organization.

Practice of dividing steps in a function among different individuals, so as to keep a single individual from being able to subvert the process.

An individual who has an interest in something, e.g., a corporation, and is affected by decisions and activities regarding that issue.

A major piece of software, as an operating system, an operating environment, or a database, under which various smaller application programs can be designed to run.

The place, person, or thing where something begins or comes into being.

Product and service providers used for an organization’s internal purposes (e.g., IT infrastructure) or integrated into the products of services provided to that organization’s Buyers.

A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers.

Activities that give the idea or impression that they are of questionable, dishonest, or of dangerous character or conditions.

The implementation through controls and structures of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.

A risk measured by the likelihood and severity of damage if an Information Technology or Operations Technology system is compromised by a supply chain attack, and takes into account the importance of the system and the impact of compromise on organizational operations and assets, individuals, other organizations, and the Nation. Supply chain attacks may involve manipulating computing system hardware, software, or services at any point during the life cycle. Supply chain attacks are typically conducted or facilitated by individuals or organizations that have access through commercial ties, leading to stolen critical data and technology, corruption of the system/ infrastructure, and/or disabling of mission-critical operations.

An interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.

A series of stages that the process of system development goes through in order to design and produce a system.

A structure or scheme used for classifying materials or concepts into a hierarchy of categories and subcategories.

Hardware, software, and methodologies for protecting computerized assets from, or resilience against, potential harm from external forces.

To ascertain the performance, reliability, or quality of something.

A controlled environment in which tests will be run on configuration items, builds, processes, IT services, etc.

A process that includes vulnerability assessments, vulnerability scanning, penetration testing. Also included in the process is the cataloging of the assets that are in scope, assigning value and importance to those resources, and mitigating or eliminating any vulnerabilities discovered during the process.

A formal document defining the subject of the test, the test plan, approach, analysis tools, and conclusions found during the testing process.

As quickly as is reasonable in a particular situation.

A person or group besides the two primarily involved in a situation, agreement, business, etc.

Means a contract or purchase order awarded by the Recipient or subrecipient to a vendor or contractor.

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

To teach a person or animal a particular skill or type of behavior through sustained practice and instruction.

An unsanctioned Information Technology resource.

A program (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics -- that has not been permitted by the controlling authority.

Occurs when a user, legitimate or unauthorized, accesses a resource that the user is not permitted to use.

This role focuses on the use or operation of a system, having an account on a system, accessing a cryptographic module to obtain cryptographic services, or receiving or using services from an automated information system facility. Any individual or organization that uses or operates a system, has an account on a system, accesses cryptographic modules to obtain cryptographic services, or uses or receives services from an automated information system facility should be assigned to this role.

Employees who do not have the right or permission to access data (or a facility containing data).

The individuals engaged in or available for work in a country, industry or organization.

This purpose of this plan is to establish the organization's assessment and testing process to ensure systems are less susceptible to cyber attack.

A weakness in an information system, administrative controls, internal controls, system security practices and procedures, implementation, or physical layout that could be accidentally triggered or intentionally exploited by a threat in order to gain unauthorized access to information or disrupt processing.

The check of a system for known vulnerabilities from beginning to end with resultant errors, and status information.

A secret authentication credential consisting of a string of characters.

Any information relating to an identified or identifiable natural person.

A system or measures that limit the retrieving, obtaining, or examining of information, or information processing resources, to persons or applications authorized by the system or data classification.

Authorization to gain access to something physically or logically.

Harmony of people's opinions or actions or characters.

Activities are the major tasks performed by the organization to accomplish each of its functions. Activities are usually defined as part of processes or plans, and are documented in procedures. Several activities may be associated with each function. An activity is identified by the name it is given and its scope (or definition). The scope of the activity encompasses all of the transactions that take place in relation to it. Depending on the nature of the transactions involved, an activity may be performed in relation to one function, or it may be performed in relation to many functions. In cost accounting, an activity is the actual work task or step performed in producing and delivering products and services. An aggregation of activities performed within an organization that is useful for purposes of activity-based costing.

This role is focused on contracting parties who are affected by organizational activities. Any individual who is in a contract and is affected by organizational activities should be assigned to this role.

This limits a Control or Mandate's secondary verb to be put into play once the event taking place has concluded.

Be in accord; be in agreement.

This record category contains records of mutual understandings, written or verbal, made by two or more parties regarding a matter of opinion or their rights and obligations toward each other.

To examine methodically, typically for purposes of explanation and interpretation.

Any actions that are outside of what is expected, as measured against what "normally" should be happening, occur.

The relevant or appropriate necessary condition or conditions.

A computer program designed to help people perform a certain type of work, including specific functions, such as payroll, inventory control, accounting, and mission support. Depending on the work for which it was designed, an application can manipulate text, numbers, graphics, or a combination of these elements. An application contrasts with systems program, such as an operating system or network control program, and with utility programs, such as copy or sort.

A detected and evaluated risk. An assessed risk of material misstatement at the assertion level is a significant risk.

Anything of material value or usefulness that is owned by a person or company.

A weakness in any of the organization's property of material value or usefulness or physical layout that could be accidentally triggered or intentionally exploited by a threat in order to gain unauthorized access to information or disrupt processing.

Something that is accepted as true without proof.

A security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.

A letter or message containing information or news.

A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

Hardware or software-based mechanisms that forces users, devices, or processes to prove their identity before accessing data on an information system.

A computer device that the organization has authorized to be used and connected to the system.

A person who has the authority or permission to manage access or make changes to an account.

A documented set of specifications for an information system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures.

A copy of files, data, or programs that is generally used for restoration in the event of damage or loss to the original files, data, or programs.

The process of associating two related elements of information.

Information passed from one entity to another that is used to establish the sending entity's access rights.

System and assets, whether physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.

The financial, reputational or operational consequences to the business.

The act of performing a test to evaluate the effectiveness of an organization's business continuity plan.

A buyer is any person or organization who contracts to acquire an asset or service in return for some form of consideration.

The process of providing such access, plus additional work to prepare the materials for use, such as labeling, marking, and maintenance of authority files.

How much a business is worth. Business value is a highly subjective measure because it involves estimating the value of intangible assets like trade secrets and brand recognition. It adds to this the value of tangible assets like machinery and stockholder equity. Business value is especially important for potential investors or buyers.

The maximum amount that something can contain.

The act of distributing things into classes or categories of the same type.

Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.

A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function. (NIST SP 800-60).

A mutual or reciprocal action; interacting.

An action that is taken or performed to systematically manage all changes made to an asset's arrangement, system configuration, or security configuration in order to prevent unnecessary disruptions, vulnerabilities, and mitigate threats. Its purpose is to ensure that all changes to a complex system are performed with the knowledge and consent of management.

The setting of various switches and jumpers for hardware and the defining of values of parameters for software. Each parameter specifies a preferred or required setting or policy for a computer system, or a configuration control such as a particular registry key, file, or GPO setting. Every parameter includes descriptive elements in a human-understandable manner.

Establish the truth or correctness of something previously believed to be the case.

The state of being restricted or prevented.

A statement of a necessary condition to provide continuity.

A course of action or conditions that someone is legally bound to because they signed a contract.

A plan that includes confidentiality, integrity, and availability controls for mitigating the risks associated with the distributed and interconnected nature of IT/OT product and service supply chains. It covers the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may intentionally or unintentionally compromise an IT/OT product or service at any stage.

Security controls that are specific to the realm of Cybersecurity.

A representation of the outcomes that a particular system or organization has selected from the Framework Categories and Subcategories.

A detailed description of the steps necessary to mitigating the risks associated with the distributed and interconnected nature of IT/OT product and service supply chains. It covers the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may intentionally or unintentionally compromise an IT/OT product or service at any stage.

The subdivision of a Function into groups of cybersecurity outcomes, closely tied to programmatic needs and particular activities. Examples of Cybersecurity Categories include “Asset Management,” “Identity Management and Access Control,” and “Detection Processes.”.

Any act or attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an Information System or information stored on such Information System.

The subdivision of a Cybersecurity Category into specific outcomes of technical and/or management activities. Examples of Subcategories include “External information systems are catalogued,” “Data-at-rest is protected,” and “Notifications from detection systems are investigated.”.

A lens through which to view the characteristics of an organization’s approach to risk—how an organization views cybersecurity risk and the processes in place to manage that risk.

One of the main components of the Cybersecurity Framework. Cybersecurity functions provide the highest level of structure for organizing basic cybersecurity activities into Cybersecurity Categories and Cybersecurity Subcategories. The five Cybersecurity functions are the Identify function, Protect function, Detect function, Respond function, and Recover function.

Any federal, state, or local statute or ordinance or any rule or regulation adopted according to any federal, state, or local statute or ordinance that deals specifically with the topic of protecting or defending computerized environments, organizational computerized assets, and user’s computerized assets.

Actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein.

A set of cybersecurity activities and references that are common across critical infrastructure sectors and are organized around particular outcomes. The Framework Core comprises four types of elements: Functions, Categories, Subcategories, and Informative References.

The foundational task in the cyber supply chain risk assessment process, cyber supply chain risk assessments are aimed at identifying and assessing applicable risk of Information and operational technology (IT/OT) outsourcing, diverse distribution routes, assorted technologies, laws, policies, procedures, and practices.

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment. The general security objectives comprise the following: - Availability - Integrity, which may include authenticity and non-repudiation - Confidentiality

A Cybersecurity outcome is the business need defined and tiered implementation of the outcomes listed in either the Categories or Subcategories section of Table 2 in the NIST Cybersecurity Framework.

Organized, analyzed and refined information about potential or current attacks that threaten an organization. The primary purpose of threat intelligence is helping organizations understand the risks of the most common and severe external threats, such as zero-day threats, advanced persistent threats (APTs) and exploits. Although threat actors also include internal (or insider) and partner threats, the emphasis is on the types that are most likely to affect a particular organization's environment. Threat intelligence includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage. In a military, business or security context, intelligence is information that provides an organization with decision support and possibly a strategic advantage. Threat intelligence is a component of security intelligence and, like SI, includes both the information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information. Threat intelligence services provide organizations with current information related to potential attack sources relevant to their businesses; some also offer consultation service.

A risk to organizational operations, (including mission, functions, image, and reputation), resources, and other organizations due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information, Information Technology, and/or Operations Technology.

The process of identifying risks and vulnerabilities and applying administrative actions and comprehensive solutions to ensure that the organization is adequately protected.

The documented series of steps on how to establish and maintain the confidentiality, integrity, and availability of information.

A discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial information technology products.

The functions and duties of personnel who are responsible for preventing cybersecurity events that disrupt operations or affected parties, assigned and performed in conformance with pertinent laws and standards.

The activities associated with establishing and maintaining the confidentiality, integrity, and availability of data and information.

Activities that are used to teach people about tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.

A subset of information in an electronic format that allows it to be retrieved or transmitted. (CNSSI-4009)

The position and collection of tasks, duties, obligations that participants undertake to perform the daily and all special tasks in the role of information security.

An assembly in which participants share problems, solutions, updates, and data on topics relevant to its discourse.

An unauthorized data transfer out of a computer or data center.

Data being transferred between devices, such as data being sent from one application to another.

The path of data from input to output, which includes the traveling of data through the communication lines, routers, switches and firewalls as well as processing through various applications on servers that process the data from user input to storage in the organizations central database.

Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

Refers to all data stored on hard drives, thumb drives, DVDs, CDs, floppy diskettes, and similar storage media. It excludes data that is traversing a network or temporarily residing in computer memory to be read or updated.

Discover, investigate, or discern the existence or presence of something.

The supply or provision of something.

A relationship between processes or activities that directly or indirectly relies upon another process or activity to occur, begin, or finish.

An activity designed to identify undesirable events that do occur and alert management about what has happened. This enables management to take corrective action promptly.

A generic term for a server, storage, client platform, computer, or any part of a computer other than the CPU or working memory.

The set of processes and programming tools used to develop, test, and debug an application or program.

A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.

Get rid of by throwing away or giving or selling to someone else.

The degree to which information is relevant and pertinent to the business process as well as delivered in a timely, correct, consistent, and usable manner.

This limits a Control or Mandate's secondary verb to be put into play as the event is happening.

Any data that you want to measure about an event.

The data fields and information that needs to be captured during monitoring so that the organization knows what happened when the event was triggered.

Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring. (CNSSI-4009).

Any software, hardware, or methodology that checks a program, system, or records for unauthorized modifications.

An information system or component of an information system that is outside of the accreditation boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.

A place, amenity, or piece of equipment provided for a particular purpose.

An independent business that provides its services to other business.

As it relates to information security, the application of investigative tools and analysis techniques to gather evidence from computer resources to determine the cause of data compromises.

The overall structure of procedures of how an organization is controlled and directed , how an organization identifies and mitigates risk, and how the organization adheres to pertinent rules, standards, and regulations that defines the scope, objectives, and activities regrading such procedures.

A specific section of standards, guidelines, and practices common among critical infrastructure sectors that illustrates a method to achieve the outcomes associated with each Cybersecurity Subcategory. An example of an Informative Reference is ISO/IEC 27001 Control A.10.8.3, which supports the “Data-in-transit is protected” Subcategory of the “Data Security” Category in the “Protect” function.

The assurance that any given hardware asset is not a counterfeit, or otherwise falsely represented as being whole and intact as measured against original specifications.

Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

The steps necessary to support the general management of the organizational workforce, including staffing, employee compensation and benefits, and defining/designing work.

The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager's responsibility, is sufficient to distinguish that entity from any other entity.

The magnitude or intensity that must be exceeded before a detected incident triggers an alert, who receives the alert, and the priority of the alert.

An established or official method for implementing the policy for incident monitoring or performing the tasks, processes, or operations to monitor for incidents which must be executed in the same manner in order to obtain the same results in the same circumstances.

The documented activities, policies, and procedures within an organization for organizing and directing all activities undertaken to review, track, evaluate, and report on the status of incidents.

The position and collection of tasks, duties, obligations that participants undertake to perform the daily and all special tasks associated with reviewing, trackIng, evaluatIng, and reportIng on the status of incidents..

Establish, indicate, or verify who or what someone or something is and record that in detail through photography, writing, or other form.

An established or official method for implementing the policy for incident containment or performing the tasks, processes, or operations to limit and prevent further damage from happening after an incident occurs, along with ensuring that there is no destruction of forensic evidence that may be needed for future legal actions which must be executed in the same manner in order to obtain the same results in the same circumstances.

A measure of the effect of an incident, problem, or change on business processes; often based on how service levels will be affected; used with urgency to assign priority.

An event that disrupts the service or operations of an organization.

Any form of security alert, security alarm, or logged event notification that has been triggered by any form of detection. The triggering of an incident alert begins the incident response process.

An activity undertaken to direct personnel and resources to respond to an incident.

Make part of a whole or set.

A human being.

Give someone facts or information.

Information systems, components and services providers used for an organization’s internal purposes (e.g., IT infrastructure) or integrated into the products of services provided to that organization’s buyers.

An established or official method for implementing the policy for incident response or performing the tasks, processes, or operations to address and manage the aftermath of a disaster or other significant event that may affect the organization’s people or ability to function productively which must be executed in the same manner in order to obtain the same results in the same circumstances.

A documented approach for organizing and directing all activities undertaken to handle known security breaches or attacks in such a way as to limit damage and reduce the time it takes for the organization to recover time and costs.

The position and collection of tasks, duties, obligations that participants undertake to perform the daily and all special tasks associated with managing the aftermath of a disaster or other significant event that may affect the organization's people or ability to function productively..

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

The world of business and commerce is often divided up in to a selection of broad and commonly recognised groups, called sectors. Often a more general term, a sector represents a group of industries and markets that share common attributes.

The rules and guidelines of an organization on how to ensure the confidentiality, integrity, and availability of the organization's information.

This role focuses on persons or organizations that have a recognizable stake in the outcome of a court matter or who are potentially being affected by a situation or hoping to make money off of the situation. Any individual or organization that has a recognizable stake in the outcome of a court matter, may be affected by a situation, or make money from the situation should be assigned to this role.

To carry out a formal or systematic inquiry to discover and examine the facts of an event, incident, etc. in order to establish the truth.

In information security, computer science, and configuration management the limiting of access to only that information and resources that are necessary for its legitimate purpose.

The various government agencies responsible for preventing crime, apprehending criminals, and enforcing laws.

A set of statements captured after completion of a project or a portion of a project that describes in a neutral way what did or did not work, along with a statement regarding the risk of ignoring the lesson.

The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.

The state or fact of something's being likely; probability.

To record an event or transaction in an organized record-keeping system, usually sequenced in the order they occurred.

The process of making repairs and keeping components of an asset in good condition so that the asset may remain in operating condition and last its entire useful life.

The purpose of this task is to examine and identify the risks to the system, determine the probability of occurrence, analyze the related vulnerabilities of the system, the resulting impact, and the additional safeguards that mitigate this impact.

Software or firmware designed to infiltrate or damage a computer system without the owner's knowledge or consent, with the intent of compromising the confidentiality, integrity, or availability of the owner’s data, applications, or operating system. Such software typically enters a network during many business-approved activities, which results in the exploitation of system vulnerabilities. Examples include viruses, worms, Trojans (or Trojan horses), spyware, adware, and rootkits.

Fulfill or satisfy (a need, requirement, or condition).

A statement of what an organization will achieve.

A program (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics.

To watch and check the progress or quality of something over a period of time; keep under regular surveillance.

Information classified based on two or more source documents, classification guides or combination of both.

Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.

Establishing a trusted baseline document involves identifying the following: - network data points of interest - length of the baseline data collection period - methods and tools used to collect and store data Suggested network data points of interest include the following: - a list of predetermined devices a given workstation or server should communicate with - VPN usage, including access times, bandwidth and resources used, source IP addresses, and geolocation information - the known set of ports and protocols in use by the network - firewall and intrusion detection system logs - normal traffic patterns and flows.

Developing and enforcing a ruleset controlling which computing devices are permitted to communicate with which other computing devices.

The state of a computer network where it is performing its intended functions without being degraded or impaired by changes or disruptions in its internal or external environments. A network is functioning properly when several things occur: applications and client get enough network availability, applications and clients get proper bandwidth, network security does its job during both peacetime and attack, and network management has complete control of the entire network.

A projected state of affairs that a person or a system plans or intends to achieve a personal or organizational desired end-point in some sort of assumed development. Many people endeavor to reach goals within a finite time by setting deadlines.

The level of risk an organization is willing to take in order to achieve a potential desired result.

An organized activity involving multiple people.

This group focuses on corporate bodies, businesses, federal agencies and their operational elements, and any entity that has people, resources, and budgets. Any of these bodies should be assigned to this group.

Performance targets set by an organization.

Distinct operating modes (which typically include specific Information Technology and Operations Technology configurations as well as alternate or modified procedures) that have been designed and implemented for the function and can be invoked by a manual or automated process in response to an event, a changing risk environment, or other sensory and awareness data to provide greater safety, resiliency, reliability, and/or cybersecurity. For example, a shift from the normal state of operation to a high-security operating mode may be invoked in response to a declared cybersecurity incident of sufficient severity. The high-security operating state may trade off efficiency and ease of use in favor of increased security by blocking remote access and requiring a higher level of authentication and authorization for certain commands until a return to the normal state of operation is deemed safe.

An associate in an activity or endeavor or sphere of common interest.

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: • the adverse impacts that would arise if the circumstance or event occurs; and • the likelihood of occurrence. Note: Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and consider the adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.

A decision by the leadership of an organization to accept an option having a given risk function in preference to another, or in preference to taking no action.

The ability of people to physically gain access to a computer system or facility.

A mechanism, system, or barrier that prevents unauthorized physical access to an area or a facility.

People who are employed by and work directly within an organization.

The physical external surrounding and conditions in which something exists.

Statutes, regulations, safe harbors, audit guidelines, best practices, Service Level Agreements, Contractual Obligations, organizational policies and procedures, and any other documents that defines the temperatures, humidity levels, electromagnetic levels, vibration levels, power levels, and space required for any device to operate properly.

Any duty or action performed by a staff member.

The loss of confidentiality, integrity, or availability could be expected to have: • a limited adverse effect (FIPS 199 low); • a serious adverse effect (FIPS 199 moderate); or • a severe or catastrophic adverse effect (FIPS 199 high) on organizational operations, organizational assets, or individuals.

A physical environment, point, or position; portion of space; location.

A series of operations performed by a computer.

An official expression of principles that direct an organization's operations.

A set of policies are principles, rules, and guidelines formulated or adopted by an organization to reach its long-term goals and typically published in a booklet or other form that is widely accessible. Policies and procedures are designed to influence and determine all major decisions and actions, and all activities take place within the boundaries set by them. Procedures are the specific methods employed to express policies in action in day-to-day operations of the organization. Together, policies and procedures ensure that a point of view held by the governing body of an organization is translated into steps that result in an outcome compatible with that view.

A category based on impact and urgency used to identify the relative importance of an incident, problem, or change and the required time for action to be taken. For example, the SLA may state that priority 2 incidents must be resolved within 12 hours.

The activity of keeping someone or something safe from harm or injury.

An established or official method for implementing a policy or performing a task or operation which must be executed in the same manner in order to obtain the same results in the same circumstances.

Production environment is a term used mostly by developers to describe the setting where software and other products are actually put into operation for their intended uses by end users. A production environment can be thought of as a real-time setting where programs are run and hardware setups are installed and relied on for organization or commercial daily operations.

Any user account with greater than basic access privileges. Typically, these accounts have elevated or increased privileges with more rights than a standard user account. However, the extent of privileges across different privileged accounts can vary greatly depending on the organization, job function or role, and the technology in use.

The professional maintenance of a favorable public image by a company or other organization or a famous person.

A Cybersecurity Function that focuses on developing and implementing the appropriate safeguards to ensure delivery of critical infrastructure services.

Any precautionary action, procedure or installation conceived or undertaken to guard or defend from harm persons, property or the environment.

Special tamper-evident features and materials employed for the purpose of detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material.

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

The steps taken to restore a service, configurable item, etc. to a working state.

A service that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.

Anything that is put down in permanent form and preserved as evidence.

An action that is undertaken to return something to a normal state.

The written expression of a recovery process which consists of defining rules, processes, and disciplines to ensure that the critical business processes will continue to function if there is a failure of one or more of the information processing or telecommunications resources upon which their operations depends. The following are key elements to a disaster recovery plan: 1) Establish a planning group, 2) Perform risk assessment and audits, 3) Establish priorities for applications and networks, 4) Develop recovery strategies, 5) Prepare inventory and documentation of the plan, 6) Develop verification criteria and procedures, 5) Implement the plan.

A strategy to resume the minimum set of critical services identified in the business impact analysis (e.g. use of another delivery channel to provide the same service.

Restore something damaged, faulty, or worn to a good condition.

To give a spoken or written account of something that has been seen, done etc.

Offsite monitor, service, repair, and diagnostic activities on assets performed by secure communication through an external network.