Limiting access to information system resources only to authorized users, programs, processes, or other systems.
From "Acceptance" to "XSLT," use this alphabetical listing to get familiar with commonly used acronyms and terms related to ISE.
A measure of the relative ease of admission to the various areas of an item for the purpose of operation or maintenance.
Data and services can be accessed via the Global InformatioN Grid (GIG) by users and applications in the Enterprise. Data and services are made available to any user of application except where limited by law, policy, security classification, or operational necessity.
Source: DIEA Glossary
A formal written document reflecting the specific actions necessary to execute the approach established in the approved acquisition strategy and guiding contractual implementation.
A directed, funded effort that provides a new, improved, or continuing materiel, weapon or information system, or service capability in response to an approved need.
1) A bill or measure after it passes one or both Houses of Congress. 2) A law in place.
Security commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, acquisition, development, installation, operational, and technical controls.
Any individual, group, organization, or government that conducts activities, or has the intention and capability to conduct activities, detrimental to critical assets.
Association for Enterprise Information
A kind of intermediary service which acts on behalf of another service (service provider or requester) according to rules established upon its invocation.
The ability to get a more complete picture of the information by analyzing several different types of records at once
A name that points to a resource with a different name. In the context of email, an alias is an email address which, when it receives email, directs that mail to an email account on the same domain with a different address. In the context of domain names, a domain alias is a domain name that points to a website at a different address, such as mydomain.net pulling up mydomain.com. mydomain.net would be an alias of mydomain.com.
The All Hazards Consortium exists to create a new approach to addressing complex, persistent public/private issues in disaster management, business continuity and cyber security.
Source - www.ahcusa.org
Intelligence product or analysis that uses all the sources of intelligence available to come to a conclusion, instead of just relying on one primary source. This may also be referred to as multi-INT reporting.
Modification, addition or deletion of specific parts of the content of a normative document. NOTE: The results of amendment are usually presented by issuing a separate amendment sheet to the normative document.
The voice of the U.S. standards and conformity assessment system that empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment
The ASCII format provides computer systems with a common language for exchanging information.
American National Standards Institute
Application Programming Interface
A small application, with limited functionality, designed to operate in a componentware and/or middleware environment.
Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges.
The collection of hardware and software components that provide the infrastructure services used by application programs. APIs make the specific characteristics of the platform transparent and accessible to the application.
The ability to move software among computers without rewriting it. This may be provided in three ways; as source code portability, pseudocode portability, or binary code portability.
An interface definition that permits invoking services from application programs without knowing details of their internal implementation.
A set of conceptual schema for data required by one or more applications. An application schema contains selected parts of the base schemas presented in the ORM Information Viewpoint. Designers of application schemas may extend or restrict the types defined in the base schemas to define appropriate types for an application domain. Application schemas are information models for a specific information community.
The computing elements supporting users’ particular needs. Frequently includes data, documentation, and training, as well as programs.
The relevant documentation, models, diagrams, depictions, and analyses, including a baseline repository and standards and security profiles.
Identifies key interfaces and services, and provides a context for identifying and resolving policy, management and strategic technical issues. Constrains implementation by focusing on interfaces, but does not dictate design or specific technical solutions.
The organizational structure and associated behavior of a system. An architecture can be recursively decomposed into parts that interact through interfaces, relationships that connect parts, and constraints for assembling parts. Parts that interact through interfaces include classes, components, and subsystems.
The structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time.
American Standard Code for Information Interchange
Association of State Criminal Investigative Agencies is a professional association consisting of the senior executives of the state wide criminal investigative agencies in the United States whether they are independent bureau within the state or a state police agency with both criminal and other enforcement responsibilities.
Source – www.ascia.org
Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy.
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
Attribute based access control represents a point on the spectrum of logical access control from simple access control lists to more capable role-based access, and finally to a highly flexible method for providing access based on the evaluation of attributes.
Source – NIST.gov
The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.
The means used to confirm the identity of a user, processor, or device (e.g., user password or token).
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See Authentication.
The recognized, sustainable organization empowered to speak for stakeholders within the context of a given subject area.
The recognized primary supplier of reliable, accurate, and current data, information, or knowledge about some thing for subsequent use by consumers.
Access privileges granted to a user, program, or process or the act of granting those privileges.