CV banner

Cyber Glossary - R

Radio Frequency Identification – (RFID) A form of automatic identification and data capture (AIDC) that uses electric or magnetic fields at radio frequencies to transmit information. SOURCE: SP 800-98

Random Bit Generator (RBG) – A device or algorithm that outputs a sequence of binary bits that appears to be statistically independent and unbiased. An RBG is either a DRBG or an NRBG. (SP 800-90A) (NISTIR)

Random Number Generator – (RNG) A process used to generate an unpredictable series of numbers. Each individual value is called random if each of the values in the total population of values has an equal probability of being selected. (CNSSI-4009) (NISTIR)

Random Number Generators (RNGs) used for cryptographic applications typically produce a sequence of zero and one bits that may be combined into sub-sequences or blocks of random numbers. There are two basic classes: deterministic and nondeterministic. (NISTIR)

A deterministic RNG consists of an algorithm that produces a sequence of bits from an initial value called a seed. A nondeterministic RNG produces output that is dependent on some unpredictable physical source that is outside human control. (FIPS 140-2) (NISTIR)

Randomizer – Analog or digital source of unpredictable, unbiased, and usually independent bits. Randomizers can be used for several different functions, including key generation or to provide a starting state for a key generator. (CNSSI-4009) (NISTIR)

Ransomware – malicious software that denies the user access to their les, computer or device until a ransom is paid. (UK 2016)

RBAC – See Role-Based Access Control. (NISTIR)

Read – Fundamental operation in an information system that results only in the flow of information from an object to a subject. (CNSSI-4009) (NISTIR)

Read Access – Permission to read information in an information system. (CNSSI-4009) (NISTIR)

Real-Time Reaction – Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access. (CNSSI-4009) (NISTIR)

Recipient Usage Period – The period of time during the cryptoperiod of a symmetric key when protected information is processed. (SP 800-57) (NISTIR)

Reciprocity – Mutual agreement among participating enterprises to accept each other’s security assessments in order to reuse information system resources and/or to accept each other’s assessed security posture in order to share information. (CNSSI-4009) (NISTIR)

Mutual agreement among participating organizations to accept each other’s security assessments in order to reuse information system resources and/or to accept each other’s assessed security posture in order to share information. (SP 800-37; SP 800-53; SP 800-53A; SP 800-39) (NISTIR)

Reconnaissance – the phase of an attack where an attacker gathers information on, and maps networks, as well as probing them for exploitable vulnerabilities in order to hack them. (UK 2016)

Records – The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items). (SP 800-53; SP 800-53A; CNSSI-4009) (NISTIR)

All books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the United States government under federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the government or because of the informational value of the data in them. [44 U.S.C. SEC. 3301] (FIPS 200) (NISTIR)

Records Management – The process for tagging information for records-keeping requirements as mandated in the Federal Records Act and the National Archival and Records Requirements. (CNSSI-4009) (NISTIR)

Recovery – Definition: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term. (Adapted from: NIPP) (NICCS)

Recovery Point Objective – The point in time to which data must be recovered after an outage. (SP 800-34) (NISTIR)

Recovery Time Objective – The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business functions. (SP 800-34) (NISTIR)

Recovery Procedures – Actions necessary to restore data files of an information system and computational capability after a system failure. (CNSSI-4009) (NISTIR)

RED – In cryptographic systems, refers to information or messages that contain sensitive or classified information that is not encrypted. See also BLACK. (CNSSI-4009) (NISTIR)

Red Signal – Any electronic emission (e.g., plain text, key, key stream, subkey stream, initial fill, or control signal) that would divulge national security information if recovered. (CNSSI-4009) (NISTIR)

Red Team – A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment. (CNSSI-4009) (NISTIR)

Red Team Exercise – An exercise, reflecting real-world conditions, that is conducted as a simulated adversarial attempt to compromise organizational missions and/or business processes to provide a comprehensive assessment of the security capability of the information system and organization. (SP 800-53) (NISTIR

Red/Black Concept – Separation of electrical and electronic circuits, components, equipment, and systems that handle unencrypted information (Red), in electrical form, from those that handle encrypted information (Black) in the same form. (CNSSI-4009) (NISTIR)

Red Team – A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

Related Term(s): Blue Team, White Team

(Adapted from: CNSSI 4009) (NICCS)

Red Team exercise – An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.

Related Term(s): cyber exercise

(Adapted from: NIST SP 800-53 Rev 4) (NICCS)

Redundancy – Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process. (From: DHS Risk Lexicon) (NICCS)

Reference Monitor – The security engineering term for IT functionality that— 1) controls all access, 2) cannot be bypassed, 3) is tamper-resistant, and 4) provides confidence that the other three items are true. SOURCE: SP 800-33

Concept of an abstract machine that enforces Target of Evaluation (TOE) access control policies. (CNSSI-4009) (NISTIR)

Registration – The process through which a party applies to become a subscriber of a Credentials Service Provider (CSP) and a Registration Authority validates the identity of that party on behalf of the CSP. SOURCE: CNSSI-4009

The process through which an Applicant applies to become a Subscriber of a CSP and an RA validates the identity of the Applicant on behalf of the CSP. (SP 800-63) (NISTIR)

Registration Authority (RA) – A trusted entity that establishes and vouches for the identity of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s). (SP 800-63; CNSSI-4009) (NISTIR)

Registration Authority – (RA) Organization responsible for assignment of unique identifiers to registered objects. (FIPS 188) (NISTIR)

Rekey – To change the value of a cryptographic key that is being used in a cryptographic system/application. (CNSSI-4009) (NISTIR)

Rekey (a certificate) – To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key. (SP 800-32 Release) (NISTIR)

Relying Party – An entity that relies upon the subscriber’s credentials, typically to process a transaction or grant access to information or a system. (CNSSI-4009) (NISTIR)

An entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system. (SP 800-63) (NISTIR)

Remanence – Residual information remaining on storage media after clearing. See Magnetic Remanence and Clearing. (CNSSI-4009) (NISTIR)

Remediation – The act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application. (SP 800-40) (NISTIR)

The act of mitigating a vulnerability or a threat. (CNSSI-4009) (NISTIR)

Remediation Plan – A plan to perform the remediation of one or more threats or vulnerabilities facing an organization’s systems. The plan typically includes options to remove threats and vulnerabilities and priorities for performing the remediation. (SP 800-40) (NISTIR)

Remote Access – Access to an organizational information system by a user (or an information system acting on behalf of a user) communicating through an external network (e.g., the Internet). SOURCE: SP 800-53

Access by users (or information systems) communicating external to an information system security perimeter. SOURCE: SP 800-18 The ability for an organization’s users to access its nonpublic computing resources from external locations other than the organization’s facilities. SOURCE: SP 800-46

Access to an organization's nonpublic information system by an authorized user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). (CNSSI-4009) (NISTIR)

Remote Diagnostics/Maintenance – Maintenance activities conducted by authorized individuals communicating through an external network (e.g., the Internet). (CNSSI-4009) (NISTIR)

Remote Rekeying – Procedure by which a distant crypto-equipment is rekeyed electrically. See Automatic Remote Rekeying and Manual Remote Rekeying. (CNSSI-4009) (NISTIR)

Remote Maintenance – Maintenance activities conducted by individuals communicating external to an information system security perimeter. (SP 800-18) (NISTIR)

Maintenance activities conducted by individuals communicating through an external network (e.g., the Internet). (SP 800-53) (NISTIR)

Removable Media – Portable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information. Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage devices. (CNSSI-4009) (NISTIR)

Renew (a certificate) – The act or process of extending the validity of the data binding asserted by a public key certificate by issuing a new certificate. (SP 800-32) (NISTIR)

Repair Action – NSA-approved change to a COMSEC end-item that does not affect the original characteristics of the end-item and is provided for optional application by holders. Repair actions are limited to minor electrical and/or mechanical improvements to enhance operation, maintenance, or reliability. They do not require an identification label, marking, or control but must be fully documented by changes to the maintenance manual. (CNSSI-4009) (NISTIR)

Replay Attacks – An attack that involves the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access. (CNSSI-4009) (NISTIR)

Repository – A database containing information and data relating to certificates as specified in a CP; may also be referred to as a directory. (SP 800-32) (NISTIR)

Reserve Keying Material – Key held to satisfy unplanned needs. See Contingency Key. (CNSSI-4009) (NISTIR)

Residual Risk – The remaining potential risk after all IT security measures are applied. There is a residual risk associated with each threat. SOURCE: SP 800-33

Portion of risk remaining after security measures have been applied. (CNSSI-4009; SP 800-30) (NISTIR)

Residue – Data left in storage after information-processing operations are complete, but before degaussing or overwriting has taken place. (CNSSI-4009) (NISTIR)

Resilience – The ability to quickly adapt and recover from any known or unknown changes to the environment through holistic implementation of risk management, contingency, and continuity planning. (SP 800-34) (NISTIR)

The ability to continue to:

  1. operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and
  2. recover to an effective operational posture in a time frame consistent with mission needs. (SP 800-137) (NISTIR)

The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption. (From: DHS Risk Lexicon) (NICCS)

Resource Encapsulation – Method by which the reference monitor mediates accesses to an information system resource. Resource is protected and not directly accessible by a subject. Satisfies requirement for accurate auditing of resource usage. (CNSSI-4009) (NISTIR)

Responder – The entity that responds to the initiator of the authentication exchange. (FIPS 196) (NISTIR)

Response – The activities that address the short-term, direct effects of an incident and may also support short-term recovery.

Extended Definition: In cybersecurity, response encompasses both automated and manual activities. (Adapted from: National Infrastructure Protection Plan, NCPS Target Architecture Glossary) (NICCS)

Related Term(s): recovery

Response Plan – Synonym(s): incident response plan

Responsible Individual – A trustworthy person designated by a sponsoring organization to authenticate individual applicants seeking certificates on the basis of their affiliation with the sponsor. (SP 800-32) (NISTIR)

Responsibility to Provide – An information distribution approach whereby relevant essential information is made readily available and discoverable to the broadest possible pool of potential users. (CNSSI-4009) (NISTIR)

Restricted Data – All data concerning (i) design, manufacture, or utilization of atomic weapons; (ii) the production of special nuclear material; or (iii) the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category pursuant to Section 142 [of the Atomic Energy Act of 1954]. (SP 800-53;) (NISTIR)

RFID – See Radio Frequency Identification.

Rijndael – Cryptographic algorithm specified in the Advanced Encryption Standard (AES). (FIPS 197) (NISTIR)

Risk – The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. (FIPS 200) (NISTIR)

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of:

  1. the adverse impacts that would arise if the circumstance or event occurs; and
  2. the likelihood of occurrence.

[Note: Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation. Adverse impacts to the Nation include, for example, compromises to information systems that support critical infrastructure applications or are paramount to government continuity of operations as defined by the Department of Homeland Security.]

(SP 800-37; SP 800-53A) (NISTIR)

The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences. (Adapted from: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, SAFE-BioPharma Certificate Policy 2.5) (NICCS)

Risk-Adaptable Access Control – (RAdAC) A form of access control that uses an authorization policy that takes into account operational need, risk, and heuristics. (CNSSI-4009) (NISTIR)

Risk Analysis – The process of identifying the risks to system security and determining the likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment. (SP 800-27) (NISTIR)

Examination of information to identify the risk to an information system. See Risk Assessment. (CNSSI-4009) (NISTIR)

Risk Assessment – The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. (SP 800-53; SP 800-53A; SP 800-37) (NISTIR)

The product of a risk assessment is a list of estimated potential impacts and unmitigated vulnerabilities. Risk assessment is part of risk management and is conducted throughout the Risk Management Framework (RMF). (CNSSI-4009) (NISTIR)

Risk Assessment Methodology – A risk assessment process, together with a risk model, assessment approach, and analysis approach. (SP 800-30) (NISTIR)

Risk Assessment Report – The report which contains the results of performing a risk assessment or the formal output from the process of assessing risk. (SP 800-30) (NISTIR)

Risk Assessor – The individual, group, or organization responsible for conducting a risk assessment. (SP 800-30) (NISTIR)

Risk-Based Data Management – A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data. (Adapted from: DHS personnel) (NICCS)

Risk Executive – (or Risk Executive Function) An individual or group within an organization that helps to ensure that:

  1. security risk-related considerations for individual information systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions;
  2. and managing risk from individual information systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.

(CNSSI-4009; SP 800-53A; SP 800-37; SP 800-39) (NISTIR)

Risk Management – The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Extended Definition: Includes:

  1. conducting a risk assessment;
  2. implementing strategies to mitigate risks;
  3. continuous monitoring of risk over time; and
  4. documenting the overall risk management program.

(From: DHS Risk Lexicon and Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4) (NICCS)

Related Term(s): enterprise risk management, integrated risk management, risk

The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes:

  1. the conduct of a risk assessment;
  2. the implementation of a risk mitigation strategy; and
  3. employment of techniques and procedures for the continuous monitoring of the security state of the information system.

(SP 800-53; SP 800-53A; SP 800-37) (NISTIR)

Risk Management Framework – A structured approach used to oversee and manage risk for an enterprise. (CNSSI-4009) (NISTIR)

Risk Mitigation – Synonym(s): mitigation

Risk Mitigation – Prioritizing, evaluating, and implementing the appropriate riskreducing controls/countermeasures recommended from the risk management process. (CNSSI-4009; SP 800-30; SP 800-39) (NISTIR)

Risk Model – A key component of a risk assessment methodology (in addition to assessment approach and analysis approach) that defines key terms and assessable risk factors. (SP 800-30) (NISTIR)

Risk Monitoring – Maintaining ongoing awareness of an organization’s risk environment, risk management program, and associated activities to support risk decisions. (SP 800-30; SP 800-39) (NISTIR)

Risk Response – Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (i.e., mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation. (SP 800-30; SP 800-39) (NISTIR)

Risk Response Measure – A specific action taken to respond to an identified risk. (SP 800-39) (NISTIR)

Risk Tolerance – The level of risk an entity is willing to assume in order to achieve a potential desired result. SOURCE: SP 800-32

The defined impacts to an enterprise’s information systems that an entity is willing to accept. (CNSSI-4009) (NISTIR)

Robust Security Network (RSN) – A wireless security network that only allows the creation of Robust Security Network Associations (RSNAs). (SP 800-48) (NISTIR)

Robust Security Network Association (RSNA) – A logical connection between communicating IEEE 802.11 entities established through the IEEE 802.11i key management scheme, also known as the four-way handshake. (SP 800-48) (NISTIR)

Robustness – The ability of an Information Assurance entity to operate correctly and reliably across a wide range of operational conditions, and to fail gracefully outside of that operational range. (CNSSI-4009) (NISTIR)

Rogue Device – An unauthorized node on a network. (SP 800-115) (NISTIR)

Role – A group attribute that ties membership to function. When an entity assumes a role, the entity is given certain rights that belong to that role. When the entity leaves the role, those rights are removed. The rights given are consistent with the functionality that the entity needs to perform the expected tasks. (CNSSI-4009) (NISTIR)

Role-Based Access Control – (RBAC) A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities. (SP 800-95) (NISTIR)

Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals. (SP 800-53; CNSSI-4009) (NISTIR)

Root Cause Analysis – A principle-based, systems approach for the identification of underlying causes associated with a particular set of risks. (SP 800-30; SP 800-39) (NISTIR)

Root Certification Authority – In a hierarchical Public Key Infrastructure, the Certification Authority whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain. (SP 800-32; CNSSI-4009) (NISTIR)

Rootkit – A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools. (Adapted from: CNSSI 4009) (NICCS)

A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root-level access to the host through covert means. (CNSSI-4009) (NISTIR)

Round Key – Round keys are values derived from the Cipher Key using the Key Expansion routine; they are applied to the State in the Cipher and Inverse Cipher. (FIPS 197) (NISTIR)

Rule-Based Security Policy – A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access. (SP 800-33) (NISTIR)

A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access. Also known as discretionary access control (DAC). (CNSSI-4009) (NISTIR)

Router – devices that interconnect logical networks by forwarding information to other networks based upon IP addresses. (UK 2016)

Rules of Engagement (ROE) – Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions. (SP 800-115) (NISTIR)

Ruleset – A table of instructions used by a controlled interface to determine what data is allowable and how the data is handled between interconnected systems. (SP 800-115; CNSSI-4009) (NISTIR)

A set of directives that govern the access control functionality of a firewall. The firewall uses these directives to determine how packets should be routed between its interfaces. (SP 800-) (NISTIR)