NIST glossary of security terms displayed on a tablet

A comprehensive list of security terms you should know

A comprehensive glossary of information security terms used in government documents has been updated by the National Institute of Standards and Technology, with more than 200 pages of definitions for words most commonly used in NIST publications.

First published in 2006 in response to requests for a comprehensive source of definitions, the latest version of Interagency Report 7298, Glossary of Key Information Security Terms, provides the most current definitions, culled from Federal Information Processing Standards; the NIST 800 series of Special Publications, which provide guidance for meeting federal cybersecurity requirements; NIST interagency reports; and the Committee for National Security Systems (CNSS) information assurance publications.

Each definition, from “Access” (the ability to make use of any information system resource) to “Zone of Control” (the three-dimensional space surrounding equipment that processes classified and/or sensitive information) cites the NIST and/or CNSS source.

Authoritative definitions are necessary for agencies to meet requirements for information assurance laid out in the Federal Information Security Management Act and in the standards, specifications and guidelines for implementing them. For example, “continuous monitoring,” which has emerged as key component for federal information security, is defined as “maintaining ongoing awareness to support organizational risk decisions.”

Because the field of information security evolves quickly, the glossary is intended to be a living document, the authors wrote. “It is our intention to keep the glossary current by providing updates online. New definitions will be added to the glossary as required, and updated versions will be posted on the Computer Security Resource Center Web site.”

Comments and suggestions for changes or additions for the publication should be sent to [email protected].

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected