NIST glossary of security terms displayed on a tablet

A comprehensive list of security terms you should know

A comprehensive glossary of information security terms used in government documents has been updated by the National Institute of Standards and Technology, with more than 200 pages of definitions for words most commonly used in NIST publications.

First published in 2006 in response to requests for a comprehensive source of definitions, the latest version of Interagency Report 7298, Glossary of Key Information Security Terms, provides the most current definitions, culled from Federal Information Processing Standards; the NIST 800 series of Special Publications, which provide guidance for meeting federal cybersecurity requirements; NIST interagency reports; and the Committee for National Security Systems (CNSS) information assurance publications.

Each definition, from “Access” (the ability to make use of any information system resource) to “Zone of Control” (the three-dimensional space surrounding equipment that processes classified and/or sensitive information) cites the NIST and/or CNSS source.

Authoritative definitions are necessary for agencies to meet requirements for information assurance laid out in the Federal Information Security Management Act and in the standards, specifications and guidelines for implementing them. For example, “continuous monitoring,” which has emerged as key component for federal information security, is defined as “maintaining ongoing awareness to support organizational risk decisions.”

Because the field of information security evolves quickly, the glossary is intended to be a living document, the authors wrote. “It is our intention to keep the glossary current by providing updates online. New definitions will be added to the glossary as required, and updated versions will be posted on the Computer Security Resource Center Web site.”

Comments and suggestions for changes or additions for the publication should be sent to [email protected].

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected