Glossary

The NISPOM (DoD 5220.22-M) establishes the standard procedures and requirements for all government contractors, with regards to classified information. NISPOM is sometimes cited as a standard for sanitization to counter data remanence. The NISPOM actually covers the entire field of government-industrial security, of which data sanitization is a very small part (about two paragraphs in a 141 page document).[4] Furthermore, the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The Defense Security Service provides a Clearing and Sanitization Matrix (C&SM) which does specify methods.[5] As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.

SOURCE: WIKIPEDIA

Network Change Control – A process, including a committee consisting of representatives from invested parties, for reviewing proposed changes to networks to ensure awareness and communication of impact to all parties, resulting in network change management, less down time, and minimal impact to users.

A complex system of systems composed of subsystems and services that are part of a continuously evolving, complex community of people, devices, information and services interconnected by a network that enhances information sharing and collaboration. Subsystems and services may or may not be developed or owned by the same entity, and, in general, will not be continually present during the full life cycle of the system of systems. Examples of this architecture include service-oriented architectures and cloud computing architectures.

SOURCE:  SP 800-37

Access to an organizational information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).

SOURCE: SP 800-53; CNSSI-4009

A routing technology used by many firewalls to hide internal system addresses from an external network through use of an addressing schema.

SOURCE:  SP 800-41

A computing infrastructure that provides continuous business operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged), rapid recovery if failure does occur, and the ability to scale to meet rapid or unpredictable demands.

SOURCE: CNSSI-4009

A passive technique that monitors network communication, decodes protocols, and examines headers and payloads for information of interest.  It is both a review technique and a target identification and analysis technique.

SOURCE:  SP 800-115

Penetration technique in which different communication networks are linked to access an information system to avoid detection and trace- back.

SOURCE: CNSSI-4009

Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.

SOURCE:  CNSSI-4009; SP 800-60

Protection against an individual falsely denying having performed a particular action. Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.

SOURCE:  SP 800-53; SP 800-18

Is the security service by which the entities involved in a communication cannot deny having participated. Specifically, the sending entity cannot deny having sent a message (non-repudiation with proof of origin), and the receiving entity cannot deny having received a message (non-repudiation with proof of delivery).

SOURCE:  FIPS 191

A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key (i.e., the signatory).

SOURCE:  FIPS 186