Cyber Glossary - S
Safeguards – Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures. (SP 800-53; SP 800-37; FIPS 200; CNSSI-4009) (NISTIR)
Safeguarding Statement – Statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized individual. Synonymous with banner. (CNSSI-4009) (NISTIR)
Salt – A non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an Attacker. (SP 800-63; CNSSI-4009) (NISTIR)
Sandboxing – A method of isolating application modules into distinct fault domains enforced by software. The technique allows untrusted programs written in an unsafe language, such as C, to be executed safely within the single virtual address space of an application. Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. Access to system resources can also be controlled through a unique identifier associated with each domain. (SOURCE: SP 800-19)
A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized. (CNSSI-4009) (NISTIR)
Sanitization – Process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs. SOURCE: FIPS 200 A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means. (SP 800-53; CNSSI-4009) (NISTIR)
S-box – Nonlinear substitution table used in several byte substitution transformations and in the Key Expansion routine to perform a one for-one substitution of a byte value. (FIPS 197) (NISTIR)
SCADA – See Supervisory Control and Data Acquisition. (NISTIR)
Scanning – Sending packets or requests to another system to gain information to be used in a subsequent attack. (CNSSI-4009 (NISTIR)
Scatternet – A chain of piconets created by allowing one or more Bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance. (SP 800-121) (NISTIR)
Scavenging – Searching through object residue to acquire data. (CNSSI-4009) (NISTIR)
Scoping Guidance – A part of tailoring guidance providing organizations with specific policy/regulatory-related, technology-related, system component allocation-related, operational/environmental-related, physical infrastructure-related, public access-related, scalability-related, common control-related, and security objective-related considerations on the applicability and implementation of individual security controls in the security control baseline. (SP 800-53) (NISTIR)
Specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline. (FIPS 200; CNSSI-4009) (NISTIR)
Script kiddie – a less skilled individual who uses ready-made scripts, or programs, that can be found on the Internet to conduct cyber attacks, such as web defacements. (UK 2016)
Secret Key – A cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. SOURCE: SP 800-57 Part 1 (NISTIR)
A cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key. The use of the term “secret” in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution. (FIPS 201) (NISTIR)
A cryptographic key that is uniquely associated with one or more entities. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution. (FIPS 198) (NISTIR)
Secret Key (symmetric) Cryptographic Algorithm – A cryptographic algorithm that uses a single secret key for both encryption and decryption. SOURCE: FIPS 140-2 A cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption. (CNSSI-4009) (NISTIR)
Secret Seed – A secret value used to initialize a pseudorandom number generator. (CNSSI-4009) (NISTIR)
Sector Risk Management Agency - A proposed designation for a federal agency that codifies the minimum roles and responsibilities of a sector-specific agency. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Sector-specific Agencies - Federal agencies that have institutional knowledge and specialized expertise about a critical infrastructure sector
Secure by default – the unlocking of the secure use of commodity technologies whereby security comes by default for users. (UK 2016)
Secure by design – software, hardware and systems that have been designed from the ground up to be secure. (UK 2016)
Secure Communication Protocol – A communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection. (SP 800-57 Part 1; CNSSI-4009) (NISTIR)
Secure Communications – Telecommunications deriving security through use of NSA-approved products and/or Protected Distribution Systems. (CNSSI-4009) (NISTIR)
Secure DNS (SECDNS) – Configuring and operating DNS servers so that the security goals of data integrity and source authentication are achieved and maintained. (SP 800-81) (NISTIR)
Secure Erase – An overwrite technology using firmware-based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure. (SP 800-88) (NISTIR)
Secure Hash Algorithm (SHA) – A hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. (CNSSI-4009) (NISTIR)
Secure Hash Standard – This Standard specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message).
When a message of any length less than 2 64 bits (for SHA-1, SHA224 and SHA-256) or less than 2 128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits).
The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm. (FIPS 180-4) (NISTIR)
Specification for a secure hash algorithm that can generate a condensed message representation called a message digest. (CNSSI-4009) (NISTIR)
Secure/Multipurpose Internet Mail Extensions (S/MIME) – A set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard [MIME] and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, nonrepudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s). (SP 800-49; CNSSI-4009) (NISTIR)
Secure Socket Layer (SSL) – A protocol used for protecting private information during transmission via the Internet. Note: SSL works by using a public key to encrypt data that's transferred over the SSL connection. Most Web browsers support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https:” instead of “http:.” (CNSSI-4009) (NISTIR)
A published statement on a topic specifying characteristics, usually measurable, that must be satisfied or achieved in order to comply with the standard. (FIPS 201) (NISTIR)
Secure State – Condition in which no subject can access any object in an unauthorized manner. (CNSSI-4009) (NISTIR)
Secure Subsystem – Subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects. (CNSSI-4009) (NISTIR)
Securely Provision – A NICE Workforce Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development. (From: NICE Workforce Framework) (NICCS)
Security – A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach. (CNSSI-4009) (NISTIR)
Security Assertion Markup Language (SAML) – An XML-based security specification developed by the Organization for the Advancement of Structured Information Standards (OASIS) for exchanging authentication (and authorization) information between trusted entities over the Internet. (SP 800-63) (NISTIR)
A framework for exchanging authentication and authorization information. Security typically involves checking the credentials presented by a party for authentication and authorization. SAML standardizes the representation of these credentials in an XML format called “assertions,” enhancing the interoperability between disparate applications. (SP 800-95) (NISTIR)
A protocol consisting of XML-based request and response message formats for exchanging security information, expressed in the form of assertions about subjects, between online business partners. (CNSSI-4009) (NISTIR)
Security Association – A relationship established between two or more entities to enable them to protect data they exchange. (CNSSI-4009) (NISTIR)
Security Attribute – A security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes. (FIPS 188) (NISTIR)
An abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy. (SP 800-53; CNSSI-4009) (NISTIR)
Security Authorization – See Authorization. Security Authorization – (To Operate) See Authorization (to operate). (CNSSI-4009) (NISTIR)
Security Authorization Boundary – See Authorization Boundary. (NISTIR)
Security Automation – The use of information technology in place of manual processes for cyber incident response and management.
(Adapted from: DHS personnel) (NICCS)
Security Automation Domain – An information security area that includes a grouping of tools, technologies, and data. (SP 800-137) (NISTIR)
Security Banner – A banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. Also can refer to the opening screen that informs users of the security implications of accessing a computer resource. (CNSSI-4009) (NISTIR)
Security Categorization – The process of determining the security category for information or an information system. See Security Category. SOURCE: SP 800-53
The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems. (SP 800-37; SP 800-53A; SP 800-39) (NISTIR)
Security Category – The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals. (FIPS 200; FIPS 199; SP 800-18) (NISTIR)
The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the Nation. (SP 800-53; CNSSI-4009; SP 800-60) (NISTIR)
Security Concept of Operations – (Security CONOP) A security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission. (CNSSI-4009) (NISTIR)
Security Content Automation Protocol (SCAP) – A method for using specific standardized testing methods to enable automated vulnerability management, measurement, and policy compliance evaluation against a standardized set of security requirements. (CNSSI-4009) (NISTIR)
Security Control Assessment – The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. (SP 800-37; SP 800-53; SP 800-53A) (NISTIR)
The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise. (CNSSI-4009) (NISTIR)
Security Control Assessor – The individual, group, or organization responsible for conducting a security control assessment. (SP 800-37; SP 800-53A) (NISTIR)
Security Control Baseline – The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. (SP 800-53; FIPS 200) (NISTIR)
One of the sets of minimum security controls defined for federal information systems in NIST Special Publication 800-53 and CNSS Instruction 1253. (SP 800-53A) (NISTIR)
Security Control Effectiveness – The measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance. (SP 800-137) (NISTIR)
Security Control Enhancements – Statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control. SOURCE: CNSSI-4009; SP 800-53A; SP 800-39 Statements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control. (SP 800-53; SP 800-18) (NISTIR)
Security Control Inheritance – A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control. (SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009) (NISTIR)
Security Controls – The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. (SP 800-53; SP 800-37; SP 800-53A; SP 800-60; FIPS 200; FIPS 199; CNSSI-4009) (NISTIR)
Security Controls Baseline – The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. (CNSSI-4009) (NISTIR)
Security Domain – A set of subjects, their information objects, and a common security policy. (SP 800-27) (NISTIR)
Security Domain – A collection of entities to which applies a single security policy executed by a single authority. SOURCE: FIPS 188
A domain that implements a security policy and is administered by a single authority. (SP 800-37; SP 800-53; CNSSI-4009) (NISTIR)
Security Engineering – An interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem. (CNSSI-4009) (NISTIR)
Security Fault Analysis (SFA) – An assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered. (CNSSI-4009) (NISTIR)
Security Features Users Guide – (SFUG) Guide or manual explaining how the security mechanisms in a specific system work. (CNSSI-4009) (NISTIR)
Security Filter – A secure subsystem of an information system that enforces security policy on the data passing through it. (CNSSI-4009) (NISTIR)
Security Functions – The hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. (SP 800-53) (NISTIR)
Security Goals – The five security goals are confidentiality, availability, integrity, accountability, and assurance. (SP 800-27) (NISTIR)
Security Impact Analysis – The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system. (SP 800-53; SP 800-53A; SP 800-37; CNSSI-4009) (NISTIR)
Security Incident – Synonym(s): incident
Security Information and Event Management (SIEM) Tool – Application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface. (SP 800-128) (NISTIR)
Security Inspection – Examination of an information system to determine compliance with security policy, procedures, and practices. (CNSSI-4009) (NISTIR)
Security Kernel – Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct. (CNSSI-4009) (NISTIR)
Security Label – The means used to associate a set of security attributes with a specific information object as part of the data structure for that object. (SP 800-53) (NISTIR)
Security Label – A marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. SOURCE: FIPS 188 Information that represents or designates the value of one or more security relevant-attributes (e.g., classification) of a system resource. (CNSSI-4009) (NISTIR)
Security Level – A hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy being enforced, a specific level of protection. (FIPS 188) (NISTIR)
Security Management Dashboard – A tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders. (SP 800-128) (NISTIR)
Security Marking – Human-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings. (SP 800-53) (NISTIR)
Human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein. For intelligence information, these could include compartment and sub-compartment indicators and handling restrictions. (CNSSI-4009) (NISTIR)
Security Mechanism – A device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design. (CNSSI-4009) (NISTIR)
Security Net Control Station – Management system overseeing and controlling implementation of network security policy. (CNSSI-4009) (NISTIR)
Security Objective – Confidentiality, integrity, or availability. (SP 800-53; SP 800-53A; SP 800-60; SP 800-37; FIPS 200; FIPS 199) (NISTIR)
Security Perimeter – See Authorization Boundary. A physical or logical boundary that is defined for a system, domain, or enclave, within which a particular security policy or security architecture is applied. (CNSSI-4009) (NISTIR)
Security Plan – Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. See ‘System Security Plan’ or ‘Information Security Program Plan.’ (SP 800-53; SP 800-53A; SP 800-37; SP 800-18) (NISTIR)
Security Policy – Definition: A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.
Extended Definition: A rule or set of rules applied to an information system to provide security services. (Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0) (NICCS)
The statement of required protection of the information objects. (SP 800-27) (NISTIR)
A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data. SOURCE: FIPS 188 A set of criteria for the provision of security services. (SP 800-37; SP 800-53; CNSSI-4009) (NISTIR)
Security Posture – The security status of an enterprise’s networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. (CNSSI-4009) (NISTIR)
Security Program Management – In the NICE Workforce Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer). (From: NICE Workforce Framework) (NICCS)
Security Program Plan – Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements. (CNSSI-4009) (NISTIR)
Security Range – Highest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network. (CNSSI-400) (NISTIR)
Security-Relevant Change – Any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations. (CNSSI-4009) (NISTIR)
Security-Relevant Event – An occurrence (e.g., an auditable event or flag) considered to have potential security implications to the system or its environment that may require further action (noting, investigating, or reacting). (CNSSI-4009) (NISTIR)
Security-Relevant Information – Any information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. (SP 800-53) (NISTIR)
Security Requirements – Requirements levied on an information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted. (FIPS 200; SP 800-53; SP 800-53A; SP 800-37; CNSSI4009) (NISTIR)
Security Requirements Baseline – Description of the minimum requirements necessary for an information system to maintain an acceptable level of risk. (CNSSI-4009) (NISTIR)
Security Requirements Traceability Matrix (SRTM) – Matrix that captures all security requirements linked to potential risks and addresses all applicable C&A requirements. It is, therefore, a correlation statement of a system’s security features and compliance methods for each security requirement. (CNSSI-4009) (NISTIR)
Security Safeguards – Protective measures and controls prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. (CNSSI-4009) (NISTIR)
Security Service – A capability that supports one, or many, of the security goals. Examples of security services are key management, access control, and authentication. SOURCE: SP 800-27
A capability that supports one, or more, of the security requirements (Confidentiality, Integrity, Availability). Examples of security services are key management, access control, and authentication. (CNSSI-4009) (NISTIR)
Security Specification – Detailed description of the safeguards required to protect an information system. (CNSSI-4009) (NISTIR)
Security Strength – A measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g. plaintext/ciphertext pairs for a given encryption algorithm). (SP 800-108) (NISTIR)
A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. Sometimes referred to as a security level. (FIPS 186) (NISTIR)
Security Tag – Information unit containing a representation of certain securityrelated information (e.g., a restrictive attribute bit map). (FIPS 188) (NISTIR)
Security Target – Common Criteria specification that represents a set of security requirements to be used as the basis of an evaluation of an identified Target of Evaluation (TOE). (CNSSI-4009) (NISTIR)
Security Test & Evaluation – (ST&E) Examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system. (CNSSI-4009) (NISTIR)
Security Testing – Process to determine that an information system protects data and maintains functionality as intended. (CNSSI-4009) (NISTIR)
Seed Key – Initial key used to start an updating or key generation process. (CNSSI-4009) (NISTIR)
Semi-Quantitative Assessment – Use of a set of methods, principles, or rules for assessing risk based on bins, scales, or representative numbers whose values and meanings are not maintained in other contexts. (SP 800-30) (NISTIR)
Senior Agency Information Security Officer (SAISO) – Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. SP 800-53
Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers. (SP 800-53; SP 800-53A; SP 800-37; SP 800-60; FIPS 200; CNSSI-4009; 44 U.S.C., Sec. 354) (NISTIR)
Sensitive Compartmented Information (SCI) – Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence. (SP 800-53; CNSSI-4009) (NISTIR)
Sensitive Compartmented Information Facility (SCIF) – Accredited area, room, or group of rooms, buildings, or installation where SCI may be stored, used, discussed, and/or processed. (CNSSI-4009) (NISTIR)
Sensitive Information – Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. SOURCE: SP 800-53
Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (Systems that are not national security systems, but contain sensitive information, are to be protected in accordance with the requirements of the Computer Security Act of 1987 [P.L.100-235].) (CNSSI-4009) (NISTIR)
Sensitivity – A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection. (SP 800-60; CNSSI-4009) (NISTIR)
Sensitivity Label – Information representing elements of the security label(s) of a subject and an object. Sensitivity labels are used by the trusted computing base (TCB) as the basis for mandatory access control decisions. See Security Label. (CNSSI-4009) (NISTIR)
Service-Level Agreement – Defines the specific responsibilities of the service provider and sets the customer expectations. (CNSSI-4009) (NISTIR)
Session – A session is a virtual connection between two hosts by which network traffic is passed.
Shared Secret – A secret used in authentication that is known to the Claimant and the Verifier. (SP 800-63) (NISTIR)
Shielded Enclosure – Room or container designed to attenuate electromagnetic radiation, acoustic signals, or emanations. (CNSSI-4009) (NISTIR)
Short Title – Identifying combination of letters and numbers assigned to certain COMSEC materials to facilitate handling, accounting, and controlling. (CNSSI-4009) (NISTIR)
Signature – A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system. SOURCE: SP 800-61
A recognizable, distinguishing pattern. See also Attack Signature or Digital Signature. (CNSSI-4009) (NISTIR)
Signature – A recognizable, distinguishing pattern.
Extended Definition: Types of signatures: attack signature, digital signature, electronic signature. (From: CNSSI 4009; Adapted from: NIST SP 800-94) (NICCS)
Signature Certificate – A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions. (SP 800-32; CNSSI-4009) (NISTIR)
Signature Generation – Uses a digital signature algorithm and a private key to generate a digital signature on data. SOURCE: SP 800-57 Part 1
The process of using a digital signature algorithm and a private key to generate a digital signature on data. (FIPS 186) (NISTIR)
Signature Validation – The (mathematical) verification of the digital signature and obtaining the appropriate assurances (e.g., public key validity, private key possession, etc.). (FIPS 186 0 (NISTIR)
Signature Verification – The use of a digital signature algorithm and a public key to verify a digital signature on data. (SP 800-57 Part 1) (NISTIR)
The process of using a digital signature algorithm and a public key to verify a digital signature on data. SOURCE: SP 800-89; FIPS 186
Signed Data – Data on which a digital signature is generated. (FIPS 196) (NISTIR)
Significant Consequences - Effects that may include loss of life, significant damage to property, significant national security consequences, or significant economic impact on the United States. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Significant Cyber Incident - A cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Single Point Keying – Means of distributing key to multiple, local crypto equipment or devices from a single fill point. (CNSSI-4009) (NISTIR)
Single-Hop Problem – The security risks resulting from a mobile software agent moving from its home platform to another platform. (SP 800-19) (NISTIR)
Situational Awareness – Within a volume of time and space, the perception of an enterprise’s security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future. (CNSSI-4009) (NISTIR)
Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience. (Adapted from: CNSSI 4009, DHS personnel, National Response Framework) (NICCS)
Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
Skimming – The unauthorized use of a reader to read tags without the authorization or knowledge of the tag’s owner or the individual in possession of the tag. (SP 800-98) (NISTIR)
Smart Card – A credit card-sized card with embedded integrated circuits that can store, process, and communicate information. (CNSSI-4009) (NISTIR)
S/MIME – A set of specifications for securing electronic mail. Secure/ Multipurpose Internet Mail Extensions (S/MIME) is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s). (SP 800-49) (NISTIR)
SMS spoofing – a technique which masks the origin of an SMS text message by replacing the originating mobile number (Sender ID) with alphanumeric text. It may be used legitimately by a sender to replace their mobile number with their own name, or company name, for instance. Or it may be used illegitimately, for example, to fraudulently impersonate another person. (UK 2016)
Sniffer – See Packet Sniffer or Passive Wiretapping. (NISTIR)
Social Engineering – An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks. SOURCE: SP 800-61
A general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious. SOURCE: SP 800-114
The process of attempting to trick someone into revealing information (e.g., a password). SOURCE: SP 800-115
An attempt to trick someone into revealing information (e.g., a password) that can be used to attack an enterprise. (CNSSI-4009) (NISTIR)
The methods attackers use to deceive and manipulate victims into performing an action or divulging confidential information. Typically, such actions include opening a malicious webpage, or running an unwanted le attachment. (UK 2016)
Software – Computer programs and associated data that may be dynamically written or modified during execution. (CNSSI-4009) (NISTIR)
Software Assurance – Level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. (CNSSI-4009) (NISTIR)
Software Assurance and Security Engineering – In the NICE Workforce Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices. (From: NICE Workforce Framework) (NICCS)
Software-Based Fault Isolation – A method of isolating application modules into distinct fault domains enforced by software. The technique allows untrusted programs written in an unsafe language, such as C, to be executed safely within the single virtual address space of an application.
Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. Access to system resources can also be controlled through a unique identifier associated with each domain. (SP 800-19) (NISTIR)
Software System Test and Evaluation Process – Process that plans, develops, and documents the qualitative/quantitative demonstration of the fulfillment of all baseline functional performance, operational, and interface requirements. (CNSSI-4009) (NISTIR)
Spam – The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. SOURCE: SP 800-53 Unsolicited bulk commercial email messages. SOURCE: SP 800-45
Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. (CNSSI-4009) (NISTIR)
Spam Filtering Software – A program that analyzes emails to look for characteristics of spam, and typically places messages that appear to be spam in a separate email folder. (SP 800-69) (NISTIR)
Special Access Program (SAP) – A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level. (SP 800-53; CNSSI-4009) (NISTIR)
Special Access Program Facility – (SAPF) Facility formally accredited by an appropriate agency in accordance with DCID 6/9 in which SAP information may be processed. (CNSSI-40090 (NISTIR)
Special Character – Any non-alphanumeric character that can be rendered on a standard American-English keyboard. Use of a specific special character may be application-dependent. The list of special characters follows: ` ~ ! @ # $ % ^ & () _ + | } { “ : ? > < [ ] \ ; ’ , . / - = (CNSSI-4009) (NISTIR)
Specification – An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, and architectural designs) associated with an information system. (SP 800-53A) (NISTIR)
Spillage – Security incident that results in the transfer of classified or CUI information onto an information system not accredited (i.e., authorized) for the appropriate security level. (CNSSI-4009) (NISTIR)
Split Knowledge – A procedure by which a cryptographic key is split into n multiple key components, individually providing no knowledge of the original key, which can be subsequently combined to recreate the original cryptographic key. If knowledge of k (where k is less than or equal to n) components is required to construct the original key, then knowledge of any k-1 key components provides no information about the original key other than, possibly, its length. (SP 800-57 Part 1 (NISTIR)
Split Knowledge – A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, that can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key. SOURCE: FIPS 140-2
- Separation of data or information into two or more parts, each part constantly kept under control of separate authorized individuals or teams so that no one individual or team will know the whole data.
- A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key. (CNSSI-4009) (NISTIR)
Spillage – Synonym(s): data spill, data breach
Spoofing – “IP spoofing” refers to sending a network packet that appears to come from a source other than its actual source. (SP 800-48) (NISTIR)
Spoofing – Involves— 1) the ability to receive a message by masquerading as the legitimate receiving destination, or 2) masquerading as the sending machine and sending a message to a destination. SOURCE: FIPS 191 1.
Faking the sending address of a transmission to gain illegal entry into a secure system. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. 2.
The deliberate inducement of a user or resource to take incorrect action. (CNSSI-4009) (NISTIR)
Spread Spectrum – Telecommunications techniques in which a signal is transmitted in a bandwidth considerably greater than the frequency content of the original information. Frequency hopping, direct sequence spreading, time scrambling, and combinations of these techniques are forms of spread spectrum. (CNSSI-4009) (NISTIR)
Spyware – Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code. (SP 800-53; CNSSI-4009) (NISTIR)
SSL – See Secure Sockets Layer
Start-Up KEK Key – Encryption-key held in common by a group of potential communicating entities and used to establish ad hoc tactical networks. (CNSSI-4009) (NISTIR)
State – Intermediate Cipher result that can be pictured as a rectangular array of bytes. (FIPS 197) (NISTIR)
Static Key – A key that is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establish scheme (SP 800-57 Part 1) (NISTIR)
Status Monitoring – Monitoring the information security metrics defined by the organization in the information security ISCM strategy. (SP 800-137) (NISTIR)
Stealthing – Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
Steganography -The art and science of communicating in a way that hides the existence of the communication. For example, a child pornography image can be hidden inside another graphic image file, audio file, or other file format. SOURCE: SP 800-72; SP 800-101
The art, science, and practice of communicating in a way that hides the existence of the communication. (CNSSI-4009) (NISTIR)
Storage Object – Object supporting both read and write accesses to an information system. (CNSSI-4009) (NISTIR)
Strategic Communication – Focused United States Government (USG) efforts to understand and engage key audiences in order to create, strengthen or preserve conditions favorable for the advancement of USG interests, policies, and objectives through the use of coordinated programs, plans, themes, messages, and products synchronized with the actions of all elements of national power. (Approved for inclusion in the next edition of JP 1-02) (Jt Pub 3-13)
Strategic Planning and Policy Development – In the NICE Workforce Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity. (From: NICE Workforce Framework) (NICCS)
Strength of Mechanism (SoM) – A scale for measuring the relative strength of a security mechanism. (CNSSI-4009 (NISTIR)
Striped Core – A network architecture in which user data traversing a core IP network is decrypted, filtered and re-encrypted one or more times. Note: The decryption, filtering, and re-encryption are performed within a “Red gateway”; consequently, the core is “striped” because the data path is alternately Black, Red, and Black. (CNSSI-4009) (NISTIR)
Strong Authentication – The requirement to use multiple factors for authentication and advanced technology, such as dynamic passwords or digital certificates, to verify an entity’s identity. (CNSSI-4009) (NISTIR)
Subassembly – Major subdivision of an assembly consisting of a package of parts, elements, and circuits that perform a specific function. (CNSSI-4009) (NISTIR)
Subject – Generally an individual, process, or device causing information to flow among objects or changes to the system state. See Object. SOURCE: SP 800-53
An active entity (generally an individual, process, or device) that causes information to flow among objects or changes the system state. See also Object. (CNSSI-4009) (NISTIR)
Subject Security Level – Sensitivity label(s) of the objects to which the subject has both read and write access. Security level of a subject must always be dominated by the clearance level of the user associated with the subject. (CNSSI-4009) (NISTIR)
Subordinate Certification Authority – In a hierarchical PKI, a Certification Authority whose certificate signature key is certified by another CA, and whose activities are constrained by that other CA. (SP 800-32; CNSSI-4009) (NISTIR)
Subscriber – A party who receives a credential or token from a CSP (Credentials Service Provider) and becomes a claimant in an authentication protocol. SOURCE: CNSSI-4009
A party who receives a credential or token from a CSP (Credentials Service Provider). (SP 800-63) (NISTIR)
Subsystem – A major subdivision or component of an information system consisting of information, information technology, and personnel that perform one or more specific functions. (SP 800-53; SP 800-53A; SP 800-37) (NISTIR)
Suite A – A specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission-critical information. (CNSSI-4009) (NISTIR)
Suite B – A specific set of cryptographic algorithms suitable for protecting national security systems and information throughout the U.S. government and to support interoperability with allies and coalition partners. (CNSSI-4009, as modified (NISTIR)
Superencryption – Process of encrypting encrypted information. Occurs when a message, encrypted off-line, is transmitted over a secured, online circuit, or when information encrypted by the originator is multiplexed onto a communications trunk, which is then bulk encrypted. (CNSSI-4009) (NISTIR)
Superior Certification Authority – In a hierarchical PKI, a Certification Authority who has certified the certificate signature key of another CA, and who constrains the activities of that CA. (SP 800-32; CNSSI-4009) (NISTIR)
Supersession – Scheduled or unscheduled replacement of COMSEC material with a different edition. (CNSSI-4009) (NISTIR)
Supervisory Control and Data Acquisition (SCADA) – A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances.
Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (delays, data integrity, etc.) posed by the various media that must be used, such as phone lines, microwave, and satellite.
Usually shared rather than dedicated. SOURCE: SP 800-82 Networks or systems generally used for industrial controls or to manage infrastructure such as pipelines and power systems. (CNSSI-4009) (NISTIR)
Supplementation (Assessment Procedures) – The process of adding assessment procedures or assessment details to assessment procedures in order to adequately meet the organization’s risk management needs. (SP 800-53A) (NISTIR)
Supplementation (Security Controls) – The process of adding security controls or control enhancements to a security control baseline from NIST Special Publication 800-53 or CNSS Instruction 1253 in order to adequately meet the organization’s risk management needs. (SP 800-53A; SP 800-39) (NISTIR)
Supply Chain – A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers. (SP 800-53; CNSSI-4009) (NISTIR)
Supply Chain Attack – Attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle. (CNSSI-4009) (NISTIR)
Supply Chain Compromise - An occurrence within the supply chain whereby an adversary jeopardizes the confidentiality, integrity, or availability of a system or the information that the system processes, stores, or transmits. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Supply Chain Management - A cross-functional approach to procuring, producing, and delivering products and services to customers. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Supply Chain Risk Management – The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Related Term(s): supply chain
(Adapted from: DHS Risk Lexicon, CNSSD 505) (NICCS)
Suppression Measure – Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in an information system. (CNSSI-4009 (NISTIR)
Surrogate Access – See Discretionary Access Control. (NISTIR)
Syllabary – List of individual letters, combination of letters, or syllables, with their equivalent code groups, used for spelling out words or proper names not present in the vocabulary of a code. A syllabary may also be a spelling table. SOURCE: CNSSI-4009
Symmetric Encryption Algorithm – Encryption algorithms using the same secret key for encryption and decryption. (SP 800-49; CNSSI-4009) (NISTIR)
Symmetric Key – A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt and decrypt, or create a message authentication code and to verify the code. (SP 800-63; CNSSI-4009) (NISTIR)
A single cryptographic key that is used with a secret (symmetric) key algorithm. (SP 800-21 [2nd Ed]) (NISTIR)
Synchronous Crypto-Operation – Encryption algorithms using the same secret key for encryption and decryption. (CNSSI-4009) (NISTIR)
System – See Information System. Any organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions. (CNSSI-4009) (NISTIR)
System Administrator – A person who manages the technical aspects of a system. (SP 800-40) (NISTIR)
Individual responsible for the installation and maintenance of an information system, providing effective information system utilization, adequate security parameters, and sound implementation of established Information Assurance policy and procedures. (CNSSI-4009) (NISTIR)
In the NICE Workforce Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration. (From: NICE Workforce Framework) (NICCS)
System Assets – Any software, hardware, data, administrative, physical, communications, or personnel resource within an information system. (CNSSI-4009) (NISTIR)
System Development Life Cycle – (SDLC) The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation. (SP 800-34; CNSSI-4009) (NISTIR)
System Development Methodologies – Methodologies developed through software engineering to manage the complexity of system development. Development methodologies include software engineering aids and high-level design analysis tools. (CNSSI-4009) (NISTIR)
System High – Highest security level supported by an information system. (CNSSI-4009) (NISTIR)
System High Mode – Information systems security mode of operation wherein each user, with direct or indirect access to the information system, its peripherals, remote terminals, or remote hosts, has all of the following: a. valid security clearance for all information within an information system; b. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments and/or special access programs); and c. valid need-to-know for some of the information contained within the information system. (CNSSI-4009) (NISTIR)
Systemically Important Critical Infrastructure (SICI) - A proposed designation of critical infrastructure entities that manage systems and assets whose disruption could have cascading, destabilizing effects on U.S. national security, economic security, and public health and safety. SOURCE: Cyberspace Solarium Commission Final Report, 2020
System Indicator – Symbol or group of symbols in an off-line encrypted message identifying the specific cryptosystem or key used in the encryption. (CNSSI-4009) (NISTIR)
System Integrity – The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental. SOURCE: SP 800-27
Attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. (CNSSI-4009) (NISTIR)
The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. (From: CNSSI 4009) (NICCS)
Related Term(s): integrity, data integrity
System Interconnection – The direct connection of two or more IT systems for the purpose of sharing data and other information resources. (SP 800-47; CNSSI-4009) (NISTIR)
System Low – Lowest security level supported by an information system. (CNSSI-4009) (NISTIR)
System of Records – A group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. (SP 800-122) (NISTIR)
System Owner – Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system. (CNSSI-4009) (NISTIR)
System Profile – Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an information system. (CNSSI-4009) (NISTIR)
System Security – See Information System Security. System Security Plan – Formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements. SOURCE: SP 800-37; SP 800-53; SP 800-53A; SP 800-18; FIPS 200
The formal document prepared by the information system owner (or common security controls owner for inherited controls) that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements.
The plan can also contain as supporting appendices or as references, other key security-related documents such as a risk assessment, privacy impact assessment, system interconnection agreements, contingency plan, security configurations, configuration management plan, and incident response plan. (CNSSI-4009) (NISTIR)
System Software – The special software within the cryptographic boundary (e.g., operating system, compilers or utility programs) designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system, associated programs, and data. (FIPS 140-2) (NISTIR)
System-Specific Security Control – A security control for an information system that has not been designated as a common security control or the portion of a hybrid control that is to be implemented within an information system. (SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009) (NISTIR)
Systems Development – Definition: In the NICE Workforce Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle. (From: NICE Workforce Framework) (NICCS)
Systems Requirements Planning – In the NICE Workforce Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs. (From: NICE Workforce Framework) (NICCS)
Systems Security Analysis – In the NICE Workforce Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security. (From: NICE Workforce Framework (NICCS)
Systems Security Architecture – In the NICE Workforce Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes. (From: NICE Workforce Framework (NICCS)