Glossary
Term Description
Accreditation
(1) A program whereby a laboratory demonstrates that something is operating under accepted standards to ensure quality assurance. (2) A management or administrative process of accepting a specific site installation/implementation for operational use based upon evaluations and certifications. (3) A formal declaration by a Designated Approving Authority (DAA) that the AIS is approved to operate in a particular security mode using a prescribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. (4) Formal declaration by a (DAA) that an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. Formal declaration by a Designated Accrediting Authority (DAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. (. See security safeguards. )The formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
ACK
Acknowledgement. A packet message used in the Transmission Control Protocol (TCP) to acknowledge receipt of a packetAcknowledgment. A type of message sent to indicate that a block of data arrived at its destination without error. A negative acknowledgment is called a “NAK. ”.
ActiveX
Microsoft’s component object model (COM) technology used in web applications. ActiveX is implemented using any one of a variety of languages, including Visual Basic, C, C++, and Java. Microsoft’s Windowsspecific nonJava technique for writing applets. ActiveX applets take considerably longer to download than the equivalent Java applets; however, they more fully exploit the features of Windows.
Address Resolution Protocol (ARP)
A subprotocol of the TCP/IP protocol suite that operates at the Data Link layer (layer 2). ARP is used to discover the MAC address of a system by polling using its IP address. The Internet protocol used to dynamically map Internet addresses to physical (hardware) addresses on the local area network. Limited to networks that support hardware broadcast.
Adequate security
Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that information systems operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of costeffective management, personnel, operational, and technical controls. (OMB Circular A130)Security commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of costeffective management, acquisition, development, installation, operational, and technical controls.
ADSL
Asymmetric digital subscriber line. Asynchronous Digital Subscriber Line
Advanced Encryption Standard (AES)
Advanced Encryption StandardAdvanced Encryption Standard, a new encryption standard, whose development and selection was sponsored by NIST, that will support key lengths of 128, 192, and 256 bits. FIPS approved cryptographic algorithm that is a symmetric block cipher using cryptographic key sizes of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. The encryption standard selected in October 2000 by the National Institute of Standards and Technology (NIST) that is based on the Rijndael cipher.
Adware
Software that uses a variety of techniques to display advertisements on infected computers. Commonly related to or linked to spyware. Software to generate ads that installs itself on your computer when you download some other (usually free) program from the Web.
Agent
An intelligent code object that performs actions on behalf of a user. It typically takes initial instructions from the user and then carries on its activity in an unattended manner for a predetermined period of time, until certain conditions are met, or for an indefinite period. In the client/server model, the part of the system that performs information preparation and exchange on behalf of a client or server application.
Aggregation
A number of functions that combine records from one or more tables to produce potentially useful information. A relation, such as CONSISTS OF or CONTAINS, between types that defines the composition of a type from other types.