A | B | C | D | E | F | G | H | I | J | K | L | M |
N | O | P | Q | R | S | T | U

Access
A specific type of interaction between a subject and an object that results in the flow of information from one to the other. The capability and opportunity to gain knowledge of, or to alter information or materials including the ability and means to communicate with (i.e., input or receive output), or otherwise make use of any information, resource, or component in a computer system.

Access Control
The process of limiting access to the resources of a system to only authorized persons, programs, processes, or other systems. Synonymous with controlled access and limited access. Requires that access to information resources be controlled by or for the target system. In the context of network security, access control is the ability to limit and control the access to host systems and applications via communications links. To achieve this control, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual.

Accreditation/Approval
The official management authorization for operation of an MIS. It provides a formal declaration by an Accrediting Authority that a computer system is approved to operate in a particular security mode using a prescribed set of safeguards. Accreditation is based on the certification process as well as other management considerations. An accreditation statement affixes security responsibility with the Accrediting Authority and shows that proper care has been taken for security.

Adequate Security
Security commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications used by the agency operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational and technical controls.

ADP
Automatic Data Processing. See also: Management Information System.

Advanced Encryption Standard (AES)
A new secret key encryption standard to replace the Data Encryption Standard (DES) selected by the National Institute of Standards and Technology (NIST). The candidates for AES were announced in 1999, and the new standard, Rijndael, was selcted in October 2000.

Algebraic Attack
A method of cryptanalytic attack used against block ciphers that exhibit a significant amount of mathematical structure.

Algorithm
A process for completing a task. An encryption algorithm is merely the process, usually a mathematical process, to encrypt and decrypt messages.

Alice
The name traditionally used for the first user of cryptography in a system; Bob's friend.

ANSI
American National Standards Institute.

API
Application Programming Interface.

Application
A software organization of related functions, or series of interdependent or closely related programs, that when executed accomplish a specified objective or set of user requirements. See also: Major Application, Process.

Application Owner
The official who has the responsibility to ensure that the program or programs, which make up the application accomplish the specified objective or set of user requirements established for that application, including appropriate security safeguards. See also: Process Owner.

Asymmetric Ciphers
Cryptographic methods (e.g. RSA) that use separate encryption and decryption keys known as public and private keys. The public key encrypts and another private key decrypts. There is one and only one private key holder and usually many public key holders. Also known as public key cryptography.

Attack
Either a successful or unsuccessful attempt at breaking part or all of a cryptosystem.

Audit
To conduct the independent review and examination of system records and activities.

Audit trail
A set of records that collectively provides documentary evidence of processing. It is used to aid in tracing from original transactions forward to related records and reports, and/or backwards from records and reports to their component source transactions.

Authenticate/Authentication
1) The process to verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. 2) A process used to verify that the origin of transmitted data is correctly identified, with assurance that the identity is not false. To establish the validity of a claimed identity.

Authenticated user
A user who has accessed a MIS with a valid identifier and authentication combination.

Authenticating Block Cipher
A block cipher mechanism which inherently contains an authentication value or field.

Authentication Header (AH)
One of two protocol choices (the other is Encapsulating Security Protection) in Internet Protocol Security (IPsec). IPsec protocol choice controls if confidentiality and/or message integrity are used to protect a data packet.

Authorization
The privileges and permissions granted to an individual by a designated official to access or use a program, process, information, or system. These privileges are based on the individual's approval and need-to-know.

Authorized Person
A person who has the need-to-know for sensitive information in the performance of official duties and who has been granted authorized access at the required level. The responsibility for determining whether a prospective recipient is an authorized person rests with the person who has possession, knowledge, or control of the sensitive information involved, and not with the prospective recipient.

Autokey
A cipher whose key is produced by message data. One common form is "ciphertext feedback," where ciphertext is "fed back" into the state of the random number generator used to produce the confusion sequence for a stream cipher.

Automatic Data Processing (ADP)
The assembly of computer hardware, firmware, and software used to categorize, sort, calculate, compute, summarize, store, retrieve, control, process, and/or protect data with a minimum of human intervention. ADP systems can include, but are not limited to, process control computers, embedded computer systems that perform general purpose computing functions, supercomputers, personal computers, intelligent terminals, offices automation systems (which includes standalone microprocessors, memory typewriters, and terminal connected to mainframes), firmware, and other implementations of MIS technologies as may be developed: they also include applications and operating system software. See also: Management Information System.

Availability
The property of being accessible and usable upon demand by an authorized entity. Security constraints must make MIS services available to authorized users and unavailable to unauthorized users.

Avalanche Effect
An effect in DES and other secret key ciphers where each small change in plaintext implies that somewhere around half the ciphertext changes. The avalanche effect makes it harder to successfully cryptanalyze the ciphertext.