A computing procedure designed to perform a task such as encryption, compression, or hashing. A set of rules or procedures to perform on input data. Commonly related to cryptographic functions that dictate the permutations of encryption and decryption.

American National Standards Institute. See American National Standards Institute.

A small Java program embedded in an HTML document. Code objects sent from a server to a client to perform some action. Applets are self- contained miniature programs that execute independently of the server that sent them.

Computer software used to perform a distinct function. Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges.

Layer 7 of the Open Systems Interconnection (OSI) model. The topmost layer in the OSI Reference Model, providing such communication service is invoked through a software package. This layer provides the interface between end users and networks. It

American Standard Code for Information InterchangeAmerican Standard Code for Information Interchange.

Any person, facility, material, information, or activity that has a positive value to an owner. Anything within an environment that should be protected. The loss or disclosure of an asset could result in an overall security compromise, loss of productivity, reduction in profits, additional expenditures, discontinuation of the organization, and numerous intangible consequences.

(1) Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. “Adequately met” includes the following: functionality that performs correctly, sufficient protection against unintentional errors (by users or software), and sufficient resistance to malicious penetration or bypass. (2) A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. (3) A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. Note: Assurance refers to a basis for believing that the objective and approach of a security mechanism or service will be achieved. Assurance is generally based on factors such as analysis involving theory, testing, software engineering, validation, and verification. Lifecycle assurance requirements provide a framework for secure system design, implementation, and maintenance. The level of assurance that a deMeasure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy. The degree of confidence that security needs are satisfied. Assurance must be continually maintained, updated, and reverified.

One of the four required characteristics of all database transactions. A database transaction must be an “all-or-nothing” affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred. The assurance that an operation either changes the state of all participating objects consistent with the semantics of the operation or changes none at all.

Attempt to gain unauthorized access to an information system’s services, resources, or information, or the attempt to compromise an information system’s integrity, availability, or confidentiality. The exploitation of a vulnerability by a threat agent.