Glossary · Nouns · S
L1 — paginated flat list. Pick a POS, pick a letter.
TermTypeDefinitionClassificationsUpdated
Secure CommunicationsnounMWETelecommunications deriving security through use of NSA-approved products and/or Protected Distribution Systems.CapabilityRegulatedCUI
secure development practicenounMWEA software development practice where the confidentiality, integrity, and availability of the software code is protected against threats and vulnerabilities.ProcessRegulatedIP
secure disposalnounMWEThe process of erasing or overwriting data stored on media before relinquishing control of said media when no longer required, in a manner that ensures that no data can be recovered from the media.ProcessRegulated
Secure DNSnounMWEConfiguring and operating DNS servers so that the security goals of data integrity and source authentication are achieved and maintained.Network
Secure Electronic TransactionnounMWEA standard that will ensure that credit card and associated payment order information travels safely and securely between the various involved parties on the Internet.FrameworkRegulatedPCI
Secure ErasenounMWEAn overwrite technology using firmware-based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.ControlRegulated
Secure Hash AlgorithmnounMWEA hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.Capability
Secure Hash StandardnounMWEThis Standard specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 264 bits (for SHA-1, SHA-224 and SHA-256) or less than 2128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm.FrameworkPublic
Secure Multipurpose Internet Mail ExtensionsnounMWEProvides cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption) to provide a consistent way to send and receive MIME data. (RFC 2311)Control
Secure ShellnounMWENetwork protocol that uses cryptography to secure communication, remote command line log-in, and remote command execution between two networked computers.Network
Secure Socket LayernounMWEA protocol used for protecting private information during transmission via the Internet. Note: SSL works by using a public key to encrypt data that's transferred over the SSL connection. Most Web browsers support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https:” instead of “http:.”NetworkRegulatedPCI
Secure Socket Layer (SSL)nounMWEA protocol that is used to transmit private documents through the Internet.Network
Secure Sockets LayernounMWEA protocol that is used to transmit private documents through the Internet Scope Note: The SSL protocol uses a private key to encrypt the data that are to be transferred through the SSL connection.NetworkRegulated
Secure StatenounMWECondition in which no subject can access any object in an unauthorized manner.Control
Secure SubsystemnounMWESubsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.SystemRegulated
Secure/Multipurpose Internet Mail ExtensionsnounMWEA set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard [MIME] and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s).ControlRegulated
Securely ProvisionnounMWEA NICE Workforce Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.Process
Securities MarketnounMWEan exchange where security trading is conducted by professional stockbrokersverified
SecuritynounA condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.Capability
security alertnounMWEAny form of notification or alert structure that something is amiss with the system's configuration, settings, etc.Event
Security architecturenounMWEA detailed description of all aspects of the system that relate to security, along with a set of principles to guide the design. A security architecture describes how the system is put together to satisfy the security requirements.Framework
Security as a ServicenounMWEThe next generation of managed security services dedicated to the delivery, over the Internet, of specialized information-security services.Capability
Security Assertion Markup LanguagenounMWEA framework for exchanging authentication and authorization information. Security typically involves checking the credentials presented by a party for authentication and authorization. SAML standardizes the representation of these credentials in an XML format called “assertions,” enhancing the interoperability between disparate applications.Framework
security assessment reportnounMWEAny published finding of security component audits such as a vulnerability assessment.ArtifactConfidential
Security AssociationnounMWEA relationship established between two or more entities to enable them to protect data they exchange.Control
Security AttributenounMWEAn abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy.DataRegulatedCUI
Security auditnounMWEAn independent review and examination of system records and activities to test for adequacy of system controls, ensure compliance with established policy and operational procedures, and recommend any indicated changes in control, policy, and procedures.ProcessRegulated
security automationnounMWEThe use of information technology in place of manual processes for cyber incident response and management.Capability
Security Automation DomainnounMWEAn information security area that includes a grouping of tools, technologies, and data.Capability
Security Awareness programnounMWEThe documented plan and documented activities to create well-informed interest in being free from danger or threat.ProcessRegulatedCUI
security awareness trainingnounMWEThe process of educating personnel on critical business processes.ProcessInternal
Security BannernounMWEA banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. Also can refer to the opening screen that informs users of the security implications of accessing a computer resource.ControlRegulatedCUI
Security BlanketnounMWEa blanket (or toy) that a child carries around in order to reduce anxietyverified
Security breachnounMWEA security event that results in unauthorized access of data, applications, services, networks, or devices by bypassing underlying security mechanisms.EventRegulated
Security CategorizationnounMWEThe process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.ProcessRegulatedCUI
Security CategorynounMWEThe characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the Nation.RequirementRegulated
Security Concept of OperationsnounMWEA security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.ArtifactRestrictedCUI
Security Content Automation ProtocolnounMWEA method for using specific standardized testing methods to enable automated vulnerability management, measurement, and policy compliance evaluation against a standardized set of security requirements.Framework
security controlnounMWEA safeguard or countermeasure to avoid, counteract or minimize security risks relating to personal property, or any company property. For business-to-business facing organizations whose service may affect the financial statements of the other company, the prospect may require successful audit reports of policy controls.ControlRegulated
Security Control AssessmentnounMWEThe testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.ControlRegulatedCUI
Security Control AssessornounMWEThe individual, group, or organization responsible for conducting a security control assessment.Role
Security Control BaselinenounMWEOne of the sets of minimum security controls defined for federal information systems in NIST Special Publication 800-53 and CNSS Instruction 1253.ControlRegulated
Security Control EffectivenessnounMWEThe measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.Metric
Security Control EnhancementsnounMWEStatements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control.Control
Security Control InheritancenounMWEA situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control.Control
Security Controls BaselinenounMWEThe set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.RequirementRegulatedCUI
Security DepartmentnounMWEa department responsible for the security of the institution's property and workersverified
Security DepositnounMWEthe amount of collateral a customer deposits with a broker when borrowing from the broker to buy securitiesverified
Security DomainnounMWEA collection of entities to which applies a single security policy executed by a single authority.Framework
Security EngineeringnounMWEAn interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.Capability
security eventnounMWEAn event that potentially compromises the confidentiality, integrity, availability, or accountability of an information system.EventRegulated
Security Event LognounMWEThis record contains records of any security-related and auditing-related events.EventRegulatedCUI
Security Fault AnalysisnounMWEAn assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.Process
Security Features Users GuidenounMWEGuide or manual explaining how the security mechanisms in a specific system work.ArtifactInternal
Security FilternounMWEA secure subsystem of an information system that enforces security policy on the data passing through it.Control
Security ForcenounMWEa privately employed group hired to protect the security of a business or industryverified
Security FunctionsnounMWEThe hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.Capability
Security GoalsnounMWEThe five security goals are confidentiality, availability, integrity, accountability, and assurance.Requirement
Security Impact AnalysisnounMWEThe analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.ProcessInternal
security incidentnounMWEAn adverse event where a threat or exploit may compromise a computer system and cause: loss of data confidentiality, disruption of system or data integrity, or disruption or denial of availability of the system and/or data.EventRegulated
security incident response plannounMWEThe steps taken during an incident. An incident response plan brings together and organizes the resources for dealing with any event that harms or threatens the security of information assets. Such an event may be a malicious code attack, an unauthorized access to information or systems, the unauthorized use of services, a denial of service attack, or a hoax.ProcessRegulated
Security Information and Event ManagementnounMWEApplication that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.Capability
Security InspectionnounMWEExamination of an information system to determine compliance with security policy, procedures, and practices.Process
Security IntelligencenounMWEintelligence on the identity and capability and intentions of hostile individuals or organizations that may be engaged in espionage or sabotage or subversion or terrorismverified
Security InterestnounMWEany interest in a property that secures the payment of an obligationverified
Security KernelnounMWEHardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.SystemRegulated
Security LabelnounMWEInformation that represents or designates the value of one or more security relevant-attributes (e.g., classification) of a system resource.ControlRegulated
Security LevelnounMWEA hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy being enforced, a specific level of protection.Metric
Security lognounMWEA record that contains log-in and logout activity and other security-related events and that is used to track security-related information on a computer system.ArtifactRegulated
Security Management DashboardnounMWEA tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders.Capability
Security MarkingnounMWEHuman-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings.ArtifactRegulatedCUI
Security MeasuresnounMWEmeasures taken as a precaution against theft or espionage or sabotage etc.verified
Security MechanismnounMWEA device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design.Control
Security metricsnounMWEA standard of measurement used in management of security-related activitiesMetric
Security Net Control StationnounMWEManagement system overseeing and controlling implementation of network security policy.SystemRegulatedCUI
security operations centrenounMWEA function or service responsible for monitoring, detecting and isolating incidents.Capability
security patchnounMWEComputer code intended to repair or lessen the impact of vulnerabilities within application software.ControlRegulated
security patchingnounMWEThe purpose of this task is to distribute patches to apply security patches to organizational operating systems and applications.ProcessRegulated
security patching processnounMWEThe series of steps taken to acquire, test, and distribute security patches to the appropriate administrators and users throughout the organization.ProcessRegulated
Security perimeternounMWEA physical or logical boundary that is defined for a system, domain, or enclave, within which a particular security policy or security architecture is applied.Control
security personnelnounMWEIndividuals who protect people, facilities, and information for an organization.Role
Security PlannounMWEFormal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. See ‘System Security Plan’ or ‘Information Security Program Plan.’ArtifactRestricted
security policynounMWEA set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data.Requirement
Security PosturenounMWEThe security status of an enterprise’s networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.MetricInternal
security practicenounMWEThe actions an organization takes to initiate, implement, and maintain organizational security.ProcessRegulated
Security procedure agreementnounMWEAn agreement between a financial institution and a Federal Reserve Bank whereby the financial institution agrees to certain security procedures if it uses an encrypted communications line with access controls for the transmission or receipt of a payment order to or from a Federal Reserve Bank.Requirement
Security Program ManagementnounMWEIn the NICE Workforce Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).Process
Security Program PlannounMWEFormal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements.ArtifactRestrictedCUI
Security RangenounMWEHighest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network.RequirementRegulatedCUI