Dictionary entry for technology

NIST updates, expands glossary of security terms

The National Institute of Standards and Technology is updating its Glossary of Key Information Security terms, and has released a draft of the latest revision of Interagency Report 7298.

The glossary contains more than 200 pages of definitions, from “Access” (the ability to make use of any information system resource) to “Zone of Control” (the three-dimensional space surrounding equipment that processes classified and/or sensitive information). It defines the responsibilities of the chief information officer and describes the Security Content Automation Protocol (SCAP) as well as its specifications and languages.

The glossary was compiled in response to requests for a summary of definitions in NIST and other government documents. The terms have been taken from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009).

“The glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications,” the authors write.

The glossary includes almost all of the terms from CNSSI 4009, first published in 2006 and updated in 2010.

Because the field of information security evolves quickly, the glossary is intended to be a living document that will be updated online with new terms and definitions as required. Updates will be posted on the Computer Security Resource Center (CSRC) Web site.

All definitions cite authoritative sources in government documents, and although the draft has been released for public comment, “the editor will correct typos, but the content of the definitions will not be changed in this document,” it says.

Comments should be sent by Jan. 15 to [email protected].

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected