Glossary
Early Pay Discount
Early Pay Discount – A two percent credit (2%) given by the Contractor on AZNet service charges of a monthly invoice when full payment of the current owed balance is received within 15 calendar days of the invoice date. The credit applies only to AZNet charges (seat and non-seat items). It does not apply to the entire invoice amount.
Eavesdropping Attack (NIST)
An attack in which an Attacker listens passively to the authentication protocol to capture information that can be used in a subsequent active attack to masquerade as the Claimant.
SOURCE: SP 800-63
Egress Filtering (NIST)
Filtering of outgoing network traffic.
SOURCE: SP 800-41
Electronic Authentication – (E-authentication) (NIST)
The process of establishing confidence in user identities electronically presented to an information system.
SOURCE: SP 800-63; CNSSI-4009
Electronic Key Entry (NIST)
The entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. (The operator of the key may have no knowledge of the value of the key being entered.)
SOURCE: FIPS 140-2
Electronic Key Management System (EKMS) (NIST)
Interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.
SOURCE: CNSSI-4009
Electronic messages
Includes all forms of electronic messaging such as e-mail, voice mail, instant messaging etc.
Electronic Messaging Services (NIST)
Services providing interpersonal messaging capability; meeting specific functional, management, and technical requirements; and yielding a business-quality electronic mail service suitable for the conduct of official government business.
SOURCE: CNSSI-4009
Electronic Signature (NIST)
The process of applying any mark in electronic form with the intent to sign a data object. See also Digital Signature.
SOURCE: CNSSI-4009
Embedded Cryptographic System (NIST)
Cryptosystem performing or controlling a function as an integral element of a larger system or subsystem.
SOURCE: CNSSI-4009
Embedded Cryptography (NIST)
Cryptography engineered into an equipment or system whose basic function is not cryptographic.
SOURCE: CNSSI-4009
Encipher (NIST)
Convert plain text to cipher text by means of a cryptographic system.
SOURCE: CNSSI-4009
Enclave (NIST)
Collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location.
SOURCE: CNSSI-4009
Encode (NIST)
Convert plain text to cipher text by means of a code.
SOURCE: CNSSI-4009
Encrypt (NIST)
Generic term encompassing encipher and encode.
SOURCE: CNSSI-4009
Encrypted Key (NIST)
A cryptographic key that has been encrypted using an Approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key.
SOURCE: FIPS 140-2
Encrypted Network (NIST)
A network on which messages are encrypted (e.g., using DES, AES, or other appropriate algorithms) to prevent reading by unauthorized parties.
SOURCE: SP 800-32
Encryption (NIST)
Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
SOURCE: FIPS 185
The process of changing plaintext into ciphertext for the purpose of security or privacy.
SOURCE: SP 800-21; CNSSI-4009
Encryption Algorithm (NIST)
Set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.
SOURCE: CNSSI-4009
Encryption Certificate (NIST)
A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.
SOURCE: SP 800-32
End-to-End Encryption (NIST)
Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible.
SOURCE: SP 800-12
Encryption of information at its origin and decryption at its intended destination without intermediate decryption.
SOURCE: CNSSI-4009
End-to-End Security (NIST)
Safeguarding information in an information system from point of origin to point of destination.
SOURCE: CNSSI-4009
Endpoint
1. In Enterprise Service Tools, an association between a binding and a network address, specified by a Uniform Resource Identifier, which can be used to communicate with an instance of a service. An endpoint indicates a specific location for accessing a service using a specific protocol and data.
2. The logical name of a physical location in the system. The location can be a queue, mailbox, or file system.
3. The address of an API or service in an environment. An API exposes an endpoint and at the same time invokes the endpoints of other services.
4. The system that is the final destination of an operation.
5. A host or gateway that comprises part of a virtual private network (VPN) connection.
6. The origin or destination of a file transfer within Sterling B2B Integrator.
7. One of two points that defines a line or arc. Objects are located by their endpoints.
8. A server, computer, machine or device that is monitored.
9. The system that is the origin or destination of a session.
10. An entry point to a service, process, application, or topic destination.
11. A JCA application or other client consumer of an event from the enterprise information system.
SOURCE: IBM WEBSITE
Energy Star
An international standard for energy efficient consumer products. Devices carrying the Energy Star service mark generally use 20–30% less energy than required by federal standards.
SOURCE: WIKIPEDIA
Enterprise (NIST)
An organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.
SOURCE: CNSSI-4009
Enterprise Architecture (EA)
A discipline for proactively and holistically leading enterprise responses to disruptive forces by identifying and analyzing the execution of change toward desired business vision and outcomes.
EA delivers value by presenting business and IT leaders with signature-ready recommendations for adjusting policies and projects to achieve target business outcomes that capitalize on relevant business disruptions.
EA is used to steer decision making toward the evolution of the future state architecture.
SOURCE: GARTNER
Enterprise Architecture (EA) is a comprehensive framework used to manage and align an organization’s business processes, information technology (IT) software and hardware, local and wide area networks, people, operations and projects with the organization’s overall strategy. (DMReview definition) Enterprise Architecture is often subdivided into four architectural domain: Application Architecture, Business Architecture, Data Architecture, and Systems Architecture. Other types of architectures (security, compliance, controls, etc.) may be considered as part of EA, or they may be aligned with EA. In some organizations, EA is primarily focused on Business Architectures and Business Process Management.
SOURCE: Data Governance Institute
Enterprise Architecture (EA) (NIST)
The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.
SOURCE: CNSSI-4009
Enterprise Risk Management (NIST)
The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary.
SOURCE: CNSSI-40
Entity (NIST)
Either a subject (an active element that operates on information or the system state) or an object (a passive element that contains or receives information).
SOURCE: SP 800-27
An active element in an open system.
SOURCE: FIPS 188
Any participant in an authentication exchange; such a participant may be human or nonhuman, and may take the role of a claimant and/or verifier.
SOURCE: FIPS 196
Entrapment (NIST)
Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations.
SOURCE: CNSSI-4009
Entropy (NIST)
A measure of the amount of uncertainty that an Attacker faces to determine the value of a secret. Entropy is usually stated in bits.
SOURCE: SP 800-63
Environment (NIST)
Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system.
SOURCE: FIPS 200; CNSSI-4009
Environment of Operation (NIST)
The physical surroundings in which an information system processes, stores, and transmits information.
SOURCE: SP 800-37; SP 800-53A
The physical, technical, and organizational setting in which an information system operates, including but not limited to: missions/business functions; mission/business processes; threat space; vulnerabilities; enterprise and information security architectures; personnel; facilities; supply chain relationships; information technologies; organizational governance and culture; acquisition and procurement processes; organizational policies and procedures; organizational assumptions, constraints, risk tolerance, and priorities/trade-offs).
SOURCE: SP 800-30
EOL
End-of-Life – A process that consists of a series of technical and business milestones and activities that, once completed, make a product obsolete. Once obsolete, the product is not sold, manufactured, improved, repaired, maintained, or supported.
Ephemeral Key (NIST)
A cryptographic key that is generated for each execution of a key establishment process and that meets other requirements of the key type (e.g., unique to each message or session).
In some cases, ephemeral keys are used more than once within a single session (e.g., broadcast applications) where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key.
SOURCE: SP 800-57 Part 1
Erasure (NIST)
Process intended to render magnetically stored information irretrievable by normal means.
SOURCE: CNSSI-4009
Error Detection Code (NIST)
A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data.
SOURCE: FIPS 140-2; CNSSI-4009
Escrow (NIST)
Something (e.g., a document, an encryption key) that is "delivered to
a third person to be given to the grantee only upon the fulfillment of a condition."
SOURCE: FIPS 185
Europay/Mastercard/Visa (EMV)
Standard for credit and debit payment cards based on chip card technology - commonly known as "Chip and PIN".
SOURCE: VERIZON PCI SECURITY
Event (NIST)
Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring.
SOURCE: CNSSI-4009; SP 800-61
Examination (NIST)
A technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data.
SOURCE: SP 800-72
Examine (NIST)
A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time.
SOURCE: SP 800-53A
Exceptions
Instances not conforming to the general rule.
Audit evidence containing one or more attributes that do not appear to meet documented requirements. One or more exceptions may result in an audit finding.
SOURCE: DICTIONARY.COM
Exculpatory Evidence (NIST)
Evidence that tends to decrease the likelihood of fault or guilt.
SOURCE: SP 800-72
Expected Output (NIST)
Any data collected from monitoring and assessments as part of the Information Security Continuous Monitoring (ISCM) strategy.
SOURCE: SP 800-137
Exploit Code (NIST)
A program that allows attackers to automatically break into a system.
SOURCE: SP 800-40
Extensible Hypertext Markup Language (XHTML)
A family of XML markup languages that mirror or extend versions of the widely used Hypertext Markup Language (HTML), the language in which Web pages are written.
SOURECE: WIKIPEDIA
External Information System (or Component) (NIST)
An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.
SOURCE: SP 800-37; SP 800-53; CNSSI-40
External Information System Service (NIST)
An information system service that is implemented outside of the authorization boundary of the organizational information system (i.e., a service that is used by, but not a part of, the organizational information system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.
SOURCE: SP 800-53; SP 800-37; CNSSI-4009
External Information System Service Provider (NIST)
A provider of external information system services to an organization through a variety of consumer-producer relationships, including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines
of business arrangements); licensing agreements; and/or supply chain exchanges.
SOURCE: SP 800-37; SP 800-53
External Network (NIST)
A network not controlled by the organization.
SOURCE: SP 800-53; CNSSI-4009
External Party
A person external to “government”.
External Security Testing (NIST)
Security testing conducted from outside the organization’s security perimeter.
SOURCE: SP 800-115
Extranet (NIST)
A private network that uses Web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises.
SOURCE: CNSSI-4009