Cyber Glossary - U
UDP – See User Datagram Protocol
Unauthorized Access –Unauthorized Access – Occurs when a user, legitimate or unauthorized, accesses a resource that the user is not permitted to use. SOURCE: FIPS 191 Any access that violates the stated security policy. (CNSSI-4009) (NISTIR)
Any access that violates the stated security policy. (From: CNSSI 4009) NICCS)
Unauthorized Disclosure – An event involving the exposure of information to entities not authorized access to the information. (SP 800-57 Part 1; CNSSI-4009) (NISTIR)
Unclassified – Information that has not been determined pursuant to E.O. 12958, as amended, or any predecessor order, to require protection against unauthorized disclosure and that is not designated as classified. (CNSSI-4009) (NISTIR)
Unsigned data – Data included in an authentication token, in addition to a digital signature. (FIPS 196) (NISTIR)
Untrusted Process – Process that has not been evaluated or examined for correctness and adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the security mechanisms. (CNSSI-40090 (NISTIR)
Update (a Certificate) – The act or process by which data items bound in an existing public key certificate, especially authorizations granted to the subject, are changed by issuing a new certificate. (SP 800-32; CNSSI-4009) (NISTIR)
Update (key) – Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key. (CNSSI-4009) (NISTIR)
US-CERT – A partnership between the Department of Homeland Security and the public and private sectors, established to protect the nation's Internet infrastructure. US-CERT coordinates defense against and responses to cyber attacks across the nation. (CNSSI-4009) (NISTIR)
U.S.-Controlled Facility – Base or building to which access is physically controlled by U.S. individuals who are authorized U.S. government or U.S. government contractor employees. (CNSSI-4009) (NISTIR)
U.S.-Controlled Space – Room or floor within a facility that is not a U.S.-controlled facility, access to which is physically controlled by U.S. individuals who are authorized U.S. government or U.S. government contractor employees. Keys or combinations to locks controlling entrance to U.S.-controlled spaces must be under the exclusive control of U.S. individuals who are U.S. government or U.S. government contractor employees. (CNSSI-4009) (NISTIR)
U.S. Government Configuration Baseline – (USGCB) The United States Government Configuration Baseline (USGCB) provides security configuration baselines for Information Technology products widely deployed across the federal agencies.
The USGCB baseline evolved from the federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security. (SP 800-128) (NISTIR)
U.S. Person – Federal law and Executive Order define a U.S. Person as: a citizen of the United States; an alien lawfully admitted for permanent residence; an unincorporated association with a substantial number of members who are citizens of the U.S. or are aliens lawfully admitted for permanent residence; and/or a corporation that is incorporated in the U.S. (CNSSI-400) (NISTIR)
User – Individual or (system) process authorized to access an information system. (SOURCE: FIPS 200)
Individual, or (system) process acting on behalf of an individual, authorized to access an information system. (SP 800-53; SP 800-18; CNSSI-4009) (NISTIR)
A person, organisation entity, or automated process, that accesses a system, whether authorised to, or not. (UK 2016)
User ID – Unique symbol or character string used by an information system to identify a specific user. (CNSSI-4009) (NISTIR)
User Initialization – A function in the life cycle of keying material; the process whereby a user initializes its cryptographic application (e.g., installing and initializing software and hardware). (SP 800-57 Part 1) (NISTIR)
User Partnership Program (UPP) – Partnership between the NSA and a U.S. government agency to facilitate development of secure information system equipment incorporating NSA-approved cryptography. The result of this program is the authorization of the product or system to safeguard national security information in the user’s specific application. (CNSSI-4009) (NISTIR)
User Registration – A function in the life cycle of keying material; a process whereby an entity becomes a member of a security domain. (SP 800-57 Part 1) (NISTIR)
User Representative (COMSEC) – Individual authorized by an organization to order COMSEC keying material and interface with the keying system, provide information to key users, and ensure the correct type of key is ordered. (CNSSI-4009) (NISTIR)
User Representative (Risk Management) – The person that defines the system’s operational and functional requirements, and who is responsible for ensuring that user operational interests are met throughout the systems authorization process. (CNSSI-4009) (NISTIR)