Dictionary entry for technology

NIST updates, expands glossary of security terms

The National Institute of Standards and Technology is updating its Glossary of Key Information Security terms, and has released a draft of the latest revision of Interagency Report 7298.

The glossary contains more than 200 pages of definitions, from “Access” (the ability to make use of any information system resource) to “Zone of Control” (the three-dimensional space surrounding equipment that processes classified and/or sensitive information). It defines the responsibilities of the chief information officer and describes the Security Content Automation Protocol (SCAP) as well as its specifications and languages.

The glossary was compiled in response to requests for a summary of definitions in NIST and other government documents. The terms have been taken from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009).

“The glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications,” the authors write.

The glossary includes almost all of the terms from CNSSI 4009, first published in 2006 and updated in 2010.

Because the field of information security evolves quickly, the glossary is intended to be a living document that will be updated online with new terms and definitions as required. Updates will be posted on the Computer Security Resource Center (CSRC) Web site.

All definitions cite authoritative sources in government documents, and although the draft has been released for public comment, “the editor will correct typos, but the content of the definitions will not be changed in this document,” it says.

Comments should be sent by Jan. 15 to [email protected].

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected