NIST updates, expands glossary of security terms
- By William Jackson
- Dec 11, 2012
The National Institute of Standards and Technology is updating its Glossary of Key Information Security terms, and has released a draft of the latest revision of Interagency Report 7298.
The glossary contains more than 200 pages of definitions, from “Access” (the ability to make use of any information system resource) to “Zone of Control” (the three-dimensional space surrounding equipment that processes classified and/or sensitive information). It defines the responsibilities of the chief information officer and describes the Security Content Automation Protocol (SCAP) as well as its specifications and languages.
The glossary was compiled in response to requests for a summary of definitions in NIST and other government documents. The terms have been taken from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009).
“The glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications,” the authors write.
The glossary includes almost all of the terms from CNSSI 4009, first published in 2006 and updated in 2010.
Because the field of information security evolves quickly, the glossary is intended to be a living document that will be updated online with new terms and definitions as required. Updates will be posted on the Computer Security Resource Center (CSRC) Web site.
All definitions cite authoritative sources in government documents, and although the draft has been released for public comment, “the editor will correct typos, but the content of the definitions will not be changed in this document,” it says.
Comments should be sent by Jan. 15 to firstname.lastname@example.org.
William Jackson is freelance writer and the author of the CyberEye blog.