The following baseline terms have been defined by the National Institute on Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). They are included in this document to enhance the reader’s understanding of the concepts presented in this book. They are quoted from NIST documentation.
Adequate Security, Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to modification of information. This includes assuring that systems and applications used by the agency operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls.