Glossary

This glossary is adapted from the National Institute of Standards and Technology (NIST) Special Publications to make it nonspecific to the government domain (NIST, 2009).

Attribute-Based Access Access control based on attributes associated with and about subjects, objects, targets, initiators, resources, or the environment. An access control ruleset defines the combination of attributes under which an access may take place.

Authentication Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.

Authorization (to operate) The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, based on the implementation of an agreed-upon set of security controls.

Availability The capability to ensure timely and reliable access to and use of systems and information.

Boundary Protection Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications through the use of boundary protection devices (e.g., proxies, gateways, routers, firewalls, guards, and encrypted tunnels).

Boundary Protection Device A device with appropriate mechanisms that: (i) facilitates the adjudication of different ...