Search Knowledge Base by Keyword
Data Security / Privacy / Breach Law
- 23 NYCRR 500
- Alaska's Data Breach & Data Security Laws
- Arizona Data Breach Law
- Arkansas Data Breach Law
- Arkansas DHS Breach 2017
- Arkansas Government on 2017 Equifax Breach
- Business Email Compromise (BEC)
- California CCPA
- California Cybersecurity & Data Breach Laws
- Colorado Cybersecurity, Privacy & Data Breach Laws
- Connecticut Cybersecurity & Privacy Laws
- COPPA
- Delaware Cybersecurity & Privacy Regulations
- Florida Cybersecurity, Privacy & Data Breach Laws
- GDPR
- Georgia Cybersecurity, Data Privacy Laws & Insurance Regulations
- Hawaii Cybersecurity, Privacy & Data Security Laws
- Idaho Cybersecurity, Privacy & Data Security Laws
- Illinois Cybersecurity, Privacy & Data Security Laws
- Indiana Cybersecurity, Privacy & Data Security Laws
- Iowa | Data Breach Law
- Kansas Cybersecurity, Privacy & Data Security Law
- Kentucky | Data Breach Law
- Louisiana | Data Breach Law
- Maine | Data Breach Law
- Maryland Cybersecurity, Privacy & Data Regulations
- Massachusetts | Data Breach Law
- Michigan Data Security & Breach Laws
- Nevada Insurance Data Security Law (SB21)
- North Carolina Cybersecurity Laws
- PCI DSS
- Regulatory Requirements
- Tennessee Data Breach Law
- Third Party Risk Management (TPRM)
- Washington, D.C. Data Breach Law
- What are South Carolina Data Security & Breach Laws?
- What is HIPAA?
- WISP
- Show all articles (18) Collapse Articles
Definitions
- Access
- Access Authority
- Access Control
- Access Control List (ACL)
- Access Control Lists (ACLs)
- Access Control Mechanism
- Access Level
- Access List
- Access Point
- Access Profile
- Access Type
- Account Management, User
- Accountability
- Accounting Legend Code (ALC)
- Accounting Number
- Accreditation
- Accreditation Authority
- Accreditation Boundary
- Accreditation Package
- Accrediting Authority
- Activation Data
- Active Attack
- Active Content
- Active Security Testing
- Activities
- Ad Hoc Network
- Add-on Security
- Adequate Security
- Administrative Account
- Administrative Safeguards
- Advanced Encryption Standard (AES)
- Advanced Key Processor (AKP)
- Advanced Persistent Threats (APTs)
- Adversary
- Advisory
- Agency
- Agency Certification Authority (CA)
- Agent
- Alert
- Allocation
- Alternate COMSEC Custodian
- Alternate Work Site
- Analysis
- Anomaly-Based Detection
- Anti-jam
- Anti-spoof
- Antispyware Software
- Antivirus Software
- Applicant
- Application
- Approval to Operate (ATO)
- Approved
- Approved Mode of Operation
- Approved Security Function
- Assessment
- Assessment Findings
- Assessment Method
- Assessment Object
- Assessment Objective
- Assessment Procedure
- Assessor
- Asset
- Asset Identification
- Asset Reporting Format (ARF)
- Assurance
- Assurance Case
- Assured Information Sharing
- Assured Software
- Asymmetric Cryptography
- Asymmetric Keys
- Attack
- Attack Sensing and Warning (AS&W)
- Attack Signature
- Attribute Authority
- Attribute-Based Access Control
- Attribute-Based Authorization
- Audit
- Audit Data
- Audit Log
- Audit Reduction Tools
- Audit Review
- Audit Trail
- Authenticate
- Authentication
- Authentication Code
- Authentication Mechanism
- Authentication Mode
- Authentication Period
- Authentication Protocol
- Authentication Tag
- Authentication Token
- Authenticator
- Authenticity
- Authority
- Authorization
- Authorization (to operate)
- Authorization Boundary
- Authorize Processing
- Authorized Vendor
- Authorized Vendor Program(AVP)
- Authorizing Official
- Authorizing Official Designated Representative
- Automated Key Transport
- Automated Password Generator
- Automated Security Monitoring
- Automatic Remote Rekeying
- Autonomous System (AS)
- Availability
- Awareness (Information Security)
- Back Door
- Backdoor
- Backtracking Resistance
- Backup
- Banner
- Banner Grabbing
- Baseline
- Baseline Configuration
- Baseline Security
- Baselining
- Basic Testing
- Bastion Host
- Behavioral Outcome
- Benign Environment
- Binding
- Biometric
- Biometric Information
- Biometric System
- Biometrics
- Bit
- Bit Error Rate
- Bitcoin
- BLACK
- Black Box Testing
- Black Core
- Blacklist
- Blacklisting
- Blended Attack
- Blinding
- Block
- Block Cipher
- Block Cipher Algorithm
- Blue Team
- Body of Evidence (BoE)
- botnet
- Boundary
- Boundary Protection
- Boundary Protection Device
- Browsing
- Brute Force Password Attack
- Buffer Overflow
- Buffer Overflow Attack
- Bulk Encryption
- Business Continuity Plan (BCP)
- Business Email Compromise (BEC)
- Business Impact Analysis (BIA)
- Cyber Risks at Accounting Firms
- Show all articles (136) Collapse Articles
- California CCPA
- Call Back
- Canister
- Capstone Policies
- Capture
- Cardholder
- Cascading
- Category
- CBC/MAC
- CCM
- Central Office of Record (COR)
- Central Services Node (CSN)
- Certificate
- Certificate Management
- Certificate Management Authority – (CMA)
- Certificate Policy (CP)
- Certificate Revocation List (CRL)
- Certificate Status Authority
- Certificate-Related Information
- Certification
- Certification Analyst
- Certification Authority (CA)
- Certification Authority Facility
- Certification Authority Workstation (CAW)
- Certification Package
- Certification Practice Statement – (CPS)
- Certification Test and Evaluation(CT&E)
- Certified TEMPEST Technical Authority (CTTA)
- Certifier
- Chain of Custody
- Chain of Evidence
- Challenge and Reply Authentication
- Challenge-Response Protocol
- Check Word
- Checksum
- Chief Information Officer (CIO)
- Chief Information Security Officer (CISO)
- Cipher
- Cipher Block Chaining-Message Authentication Code(CBC-MAC)
- Cipher Suite
- Cipher Text Auto-Key (CTAK)
- Ciphertext
- Ciphertext/Cipher Text
- Ciphony
- Claimant
- Classified Information
- Classified Information Spillage
- Classified National Security Information
- Clear
- Clear Text
- Clearance
- Clearing
- Client
- Client (Application)
- Clinger-Cohen Act of 1996
- Closed Security Environment
- Closed Storage
- Cloud Computing
- CMMC
- Code
- Code Book
- Code Group
- Code Vocabulary
- Cold Site
- Cold Start
- Collision
- Command Authority
- Commercial COMSEC Evaluation Program (CCEP)
- Commodity Service
- Common Access Card (CAC)
- Common Carrier
- Common Configuration Enumeration (CCE)
- Common Configuration Scoring System (CCSS)
- Common Control
- Common Control Provider
- Common Criteria
- Common Fill Device
- Common Misuse Scoring System (CMSS)
- Common Platform Enumeration (CPE)
- Common Vulnerabilities and Exposures (CVE)
- Common Vulnerability Scoring System (CVSS)
- Communications Cover
- Communications Deception
- Communications Profile
- Communications Security (COMSEC)
- Community of Interest (COI)
- Community Risk
- Comparison
- Compartmentalization
- Compartmented Mode
- Compensating Security Control
- Compensating Security Controls
- Comprehensive Testing
- Compromise
- Compromising Emanations
- Computer Abuse
- Computer Cryptography
- Computer Forensics
- Computer Incident Response Team (CIRT)
- Computer Network Attack (CNA)
- Computer Network Defense(CND)
- Computer Network Exploitation – (CNE)
- Computer Network Operations (CNO)
- Computer Security (COMPUSEC)
- Computer Security Incident
- Computer Security Incident Response Team (CSIRT)
- Computer Security Object (CSO)
- Computer Security Objects Register
- Computer Security Subsystem
- Computer Virus
- Computing Environment
- COMSEC
- COMSEC Account
- COMSEC Account Audit
- COMSEC Aid
- COMSEC Assembly
- COMSEC Boundary
- COMSEC Chip Set
- COMSEC Control Program
- COMSEC Custodian
- COMSEC Demilitarization
- COMSEC Element
- COMSEC End-item
- COMSEC Equipment
- COMSEC Facility
- COMSEC Incident
- COMSEC Insecurity
- COMSEC Manager
- COMSEC Material
- COMSEC Material Control System (CMCS)
- COMSEC Modification
- COMSEC Module
- COMSEC Monitoring
- COMSEC Profile
- COMSEC Survey
- COMSEC System Data
- COMSEC Training
- Concentration Risk
- Concept of Operations (CONOP)
- Confidentiality
- Configuration Control
- Configuration Control Board (CCB)
- Confinement Channel
- Container
- Contamination
- Content Filtering
- Contingency Key
- Contingency Plan
- Contingent Business Interruption (CBI)
- Continuity of Government (COG)
- Continuity of Operations Plan(COOP)
- Continuous Monitoring
- Control Information
- Controlled Access Area
- Controlled Access Protection
- Controlled Area
- Controlled Cryptographic Item (CCI)
- Controlled Cryptographic Item (CCI) Assembly
- Controlled Cryptographic Item (CCI) Component
- Controlled Cryptographic Item (CCI) Equipment
- Controlled Interface
- Controlled Space
- Controlled Unclassified Information (CUI)
- Controlling Authority
- Cookie
- Cooperative Key Generation
- Cooperative Remote Rekeying
- COPPA
- Correctness Proof
- Counter with Cipher Block Chaining-Message Authentication Code (CCM)
- Countermeasure
- Countermeasures
- Cover-Coding
- Coverage
- Covert Channel
- Covert Channel Analysis
- Covert Storage Channel
- Covert Testing
- Covert Timing Channel
- Credential
- Credential Service Provider (CSP)
- Critical Infrastructure
- Critical Security Parameter (CSP)
- Criticality
- Criticality Level
- Cross Site Scripting (XSS)
- Cross-Certificate
- Cross-Domain Capabilities
- Cross-Domain Solution (CDS)
- Cryptanalysis
- Crypto Officer
- Cryptographic
- Cryptographic Alarm
- Cryptographic Algorithm
- Cryptographic Ancillary Equipment
- Cryptographic Binding
- Cryptographic Boundary
- Cryptographic Component
- Cryptographic Equipment
- Cryptographic Hash Function
- Cryptographic Ignition Key (CIK)
- Cryptographic Initialization
- Cryptographic Key
- Cryptographic Logic
- Cryptographic Material (slang CRYPTO)
- Cryptographic Module
- Cryptographic Module Security Policy
- Cryptographic Module Validation Program (CMVP)
- Cryptographic Net
- Cryptographic Period
- Cryptographic Product
- Cryptographic Randomization
- Cryptographic Security
- Cryptographic Strength
- Cryptographic Synchronization
- Cryptographic System
- Cryptographic System Analysis
- Cryptographic System Evaluation
- Cryptographic System Review
- Cryptographic System Survey
- Cryptographic Token
- Cryptography
- Cryptology
- CVE
- Cyber Attack
- Cyber Incident
- Cyber Infrastructure
- Cybersecurity
- Cyberspace
- Cyclical Redundancy Check (CRC)
- Show all articles (210) Collapse Articles
- Data
- Data Aggregation
- Data Asset
- Data Breach
- Data Element
- Data Encryption Algorithm (DEA)
- Data Encryption Standard (DES)
- Data Flow Control
- Data Harvesting
- Data Integrity
- Data Loss
- Data Mapping
- Data Origin Authentication
- Data Security
- Data Transfer Device (DTD)
- Decertification
- Decipher
- Decode
- Decrypt
- Decryption
- Dedicated Mode
- Default Classification
- Defense-in-Breadth
- Defense-in-Depth
- Degauss
- Delaware Cybersecurity & Privacy Regulations
- Delegated Development Program
- Deleted File
- Demilitarized Zone (DMZ)
- Denial of Service (DoS)
- Depth
- Descriptive Top-Level Specification (DTLS)
- Designated Approval Authority (DAA)
- Designated Approving (Accrediting) Authority
- Deterministic Random Bit Generator (DRBG)
- Deterministic Random Bit Generator (DRBG) Mechanism
- Device Distribution Profile
- Device Registration Manager
- Dial Back
- Differential Power Analysis (DPA)
- Digital Ecosystem
- Digital Evidence
- Digital Forensics
- Digital Signature
- Digital Signature Algorithm
- Direct Shipment
- Disaster Recovery Plan (DRP)
- Disconnection
- Discretionary Access Control
- Disk Imaging
- Disruption
- Distinguished Name (DN)
- Distinguishing Identifier
- Distributed Denial of Service – (DDoS)
- DKIM
- DMZ
- Domain
- Drop Accountability
- Dual-Use Certificate
- Duplicate Digital Evidence
- Duration
- Dynamic Subsystem
- E-Government (e-gov)
- Easter Egg
- Eavesdropping Attack
- Education (Information Security)
- Egress Filtering
- Electronic Authentication (E-authentication)
- Electronic Business (e-business)
- Electronic Credentials
- Electronic Evidence
- Electronic Key Entry
- Electronic Key Management System (EKMS)
- Electronic Messaging Services
- Electronic Signature
- Electronically Generated Key
- Emanations Security (EMSEC)
- Embedded Computer
- Embedded Cryptographic System
- Embedded Cryptography
- Encipher
- Enclave
- Enclave Boundary
- Encode
- Encrypt
- Encrypted Key
- Encrypted Network
- Encryption
- Encryption Algorithm
- Encryption Certificate
- End Cryptographic Unit (ECU)
- End-Item Accounting
- End-to-End Encryption
- End-to-End Security
- Enrollment Manager
- Enterprise
- Enterprise Architecture (EA)
- Enterprise Risk Management
- Enterprise Service
- Entity
- Entrapment
- Entropy
- Environment
- Environment of Operation
- Ephemeral Key
- Erasure
- Error Detection Code
- Escrow
- Evaluation Assurance Level (EAL)
- Evaluation Products List (EPL)
- Event
- Examination
- Examine
- Exculpatory Evidence
- Executive Agency
- Exercise Key
- Expected Output
- Exploit Code
- Exploitable Channel
- Extensible Configuration Checklist Description Format (XCCDF)
- External Information System Service
- External Information System (or Component)
- External Information System Service Provider
- External Network
- External Security Testing
- Extraction Resistance
- Extranet
- Show all articles (107) Collapse Articles
- Fail Safe
- Fail Soft
- Failover
- Failure Access
- Failure Control
- False Acceptance
- False Acceptance Rate (FAR)
- False Positive
- False Rejection
- False Rejection Rate (FRR)
- Federal Agency
- Federal Bridge Certification Authority (FBCA)
- Federal Bridge Certification Authority Membrane
- Federal Bridge Certification Authority Operational Authority
- Federal Enterprise Architecture
- Federal Information Processing Standard (FIPS)
- Federal Information Security Management Act (FISMA)
- Federal Information System
- Federal Information Systems Security Educators’ Association (FISSEA)
- Federal Public Key Infrastructure Policy Authority (FPKI PA)
- File Encryption
- File Name Anomaly
- File Protection
- File Security
- Fill Device
- FIPS
- FIPS PUB
- FIPS-Approved Security Method
- FIPS-Validated Cryptography
- FIREFLY
- Firewall
- Firewall Control Proxy
- Firmware
- FISMA
- Fixed COMSEC Facility
- Flaw
- Flooding
- Focused Testing
- Forced Leave
- Forensic Copy
- Forensic Specialist
- Forensically Clean
- Forensics
- Formal Access Approval
- Formal Development Methodology
- Formal Method
- Formal Proof
- Formal Security Policy
- Formatting Function
- Forward Cipher
- Frequency Hopping
- Full Disk Encryption (FDE)
- Full Maintenance
- Functional Testing
- Gateway
- GDPR
- General Support System
- Geolocation Data
- Global Information Grid (GIG)
- Global Information Infrastructure (GII)
- Governance
- Graduated Security
- Gray Box Testing
- Group Authenticator
- Guard (System)
- Guessing Entropy
- What Is Flaw Hypothesis Methodology?
- Show all articles (47) Collapse Articles
- Hacker
- Handshaking Procedures
- Hard Copy Key
- Hardening
- Hardware Security Module (HSM) Keys
- Hardwired Key
- Hash Function
- Hash Total
- Hash Value
- Hash Value/Result
- Hash-based Message Authentication Code (HMAC)
- Hashing
- Hashword
- Health Information Exchange (HIE)
- High Assurance Guard (HAG)
- High Availability
- High Impact
- High-Impact System
- Honeypot
- Hot Site
- Hot Wash
- Hybrid Security Control
- IA Architecture
- IA Infrastructure
- IA Product
- IA-Enabled Information Technology Product
- IA-Enabled Product
- Identification
- Identifier
- Identity
- Identity Binding
- Identity Proofing
- Identity Registration
- Identity Token
- Identity Validation
- Identity Verification
- Identity-Based Access Control
- Identity-Based Security Policy
- Image
- Imitative Communications Deception
- Impact
- Impact Level
- Impact Value
- Implant
- Inadvertent Disclosure
- Incident
- Incident Handling
- Incident Response Plan
- Incident Response Plan
- Incomplete Parameter Checking
- Inculpatory Evidence
- Independent Validation Authority (IVA)
- Independent Verification & Validation (IV&V)
- Indicator
- Individual
- Individual Accountability
- Individuals
- Industrial Control System
- Informal Security Policy
- Information
- Information Assurance (IA)
- Information Assurance (IA) Professional
- Information Assurance Component (IAC)
- Information Assurance Manager (IAM)
- Information Assurance Officer (IAO)
- Information Assurance Vulnerability Alert (IAVA)
- Information Domain
- Information Environment
- Information Flow Control
- Information Management
- Information Operations (IO)
- Information Owner
- Information Resources
- Information Resources Management (IRM)
- Information Security
- Information Security Architect
- Information Security Architecture
- Information Security Continuous Monitoring (ISCM)
- Information Security Continuous Monitoring (ISCM) Process
- Information Security Continuous Monitoring (ISCM) Program
- Information Security Policy
- Information Security Program Plan
- Information Security Risk
- Information Sharing
- Information Sharing Environment
- Information Steward
- Information System
- Information System Boundary
- Information System Contingency Plan (ISCP)
- Information System Life Cycle
- Information System Owner
- Information System Owner (or Program Manager)
- Information System Resilience
- Information System Security Officer (ISSO)
- Information System-Related Security Risks
- Information Systems Security (INFOSEC)
- Information Systems Security Engineer (ISSE)
- Information Systems Security Engineering (ISSE)
- Information Systems Security Equipment Modification
- Information Systems Security Manager (ISSM)
- Information Systems Security Officer (ISSO)
- Information Systems Security Product
- Information Technology
- Information Type
- Information Value
- Inheritance
- Initialization Vector (IV)
- Initialize
- Initiator
- Inside(r) Threat
- Insider Threat
- Inspectable Space
- Integrity
- Integrity Check Value
- Intellectual Property
- Interconnection Security Agreement (ISA)
- Interface
- Interface Control Document
- Interim Approval to Operate (IATO)
- Interim Approval to Test (IATT)
- Intermediate Certification Authority (CA)
- Internal Network
- Internal Security Controls
- Internal Security Testing
- Internet
- Internet Protocol (IP)
- Interoperability
- Interview
- Intranet
- Intrusion
- Intrusion Detection and Prevention System (IDPS)
- Intrusion Detection Systems (IDS)
- Intrusion Detection Systems (IDS) – (Host-Based)
- Intrusion Detection Systems (IDS) – (Network-Based)
- Intrusion Prevention System(s) (IPS)
- Inverse Cipher
- IP Security (IPsec)
- IT Security Architecture
- IT Security Awareness
- IT Security Awareness and Training Program
- IT Security Education
- IT Security Investment
- IT Security Metrics
- IT Security Policy
- IT Security Training
- IT-Related Risk
- What is HIPAA?
- Show all articles (127) Collapse Articles
- Jamming
- Joint Authorization
- Kerberos
- Key
- Key Bundle
- Key Distribution Center (KDC)
- Key Escrow
- Key Escrow System
- Key Establishment
- Key Exchange
- Key Expansion
- Key Generation Material
- Key List
- Key Loader
- Key Logger
- Key Management
- Key Management Device
- Key Management Infrastructure (KMI)
- Key Pair
- Key Production Key (KPK)
- Key Recovery
- Key Stream
- Key Tag
- Key Tape
- Key Transport
- Key Updating
- Key Wrap
- Key-Auto-Key (KAK)
- Key-Encryption-Key (KEK)
- Keyed-hash based message authentication code (HMAC)
- Keying Material
- Keystroke Monitoring
- KMI Operating Account (KOA)
- KMI Protected Channel (KPC)
- KMI-Aware Device
- KOA Agent
- KOA Manager
- KOA Registration Manager
- Show all articles (18) Collapse Articles
- Label
- Labeled Security Protections
- Laboratory Attack
- Least Privilege
- Least Trust
- Level of Concern
- Level of Protection
- Likelihood of Occurrence
- Limited Maintenance
- Line Conditioning
- Line Conduction
- Line of Business
- Link Encryption
- List-Oriented
- LLMjacking
- Local Access
- Local Authority
- Local Management Device/Key Processor (LMD/KP)
- Local Registration Authority (LRA)
- Logic Bomb
- Logical Completeness Measure
- Logical Perimeter
- Long Title
- Low Impact
- Low Probability of Detection
- Low Probability of Intercept
- Low-Impact System
- Macro Virus
- Magnetic Remanence
- Maintenance Hook
- Maintenance Key
- Major Application
- Major Information System
- Malicious Applets
- Malicious Code
- Malicious Logic
- Malware
- Man-in-the-middle Attack (MitM)
- Management Client (MGC)
- Management Controls
- Management Security Controls
- Mandatory Access Control (MAC)
- Mandatory Modification
- Manipulative Communications Deception
- Manual Cryptosystem
- Manual Key Transport
- Manual Remote Rekeying
- Marking
- Masquerading
- Master Cryptographic Ignition Key
- Match/matching
- Maximum Tolerable Downtime
- Mean Time to Contain (MTTC)
- Mean Time to Detect (MTTD)
- Mean Time To Repair (MTTR)
- Mean Time To Respond (MTTR)
- Mechanisms
- Media
- Media Sanitization
- Memorandum of Understanding/Agreement (MOU/A)
- Memory Scavenging
- Message Authentication Code (MAC)
- Message Digest
- Message Externals
- Message Indicator
- Metrics
- MIME
- Mimicking
- Min-Entropy
- Minimalist Cryptography
- Minor Application
- Misnamed Files
- Mission Assurance Category (MAC)
- Mission Critical
- Mission/Business Segment
- Mobile Code
- Mobile Code Technologies
- Mobile Device
- Mobile Software Agent
- Mode of Operation
- Moderate Impact
- Moderate-Impact System
- Multi-Hop Problem
- Multi-Releasable
- Multifactor Authentication
- Multilevel Device
- Multilevel Mode
- Multilevel Security (MLS)
- Multiple Security Levels (MSL)
- Mutual Authentication
- Mutual Suspicion
- The Null Hypothesis in Cybersecurity
- Show all articles (72) Collapse Articles
- 23 NYCRR 500
- Naming Authority
- National Information Infrastructure
- National Information Assurance Partnership (NIAP)
- National Security Emergency Preparedness Telecommunications Services
- National Security Information
- National Security Information(NSI)
- National Security System
- National Vulnerability Database (NVD)
- Need To Know Determination
- Need-To-Know
- Needs Assessment (IT Security Awareness Training)
- Net-centric Architecture
- Network
- Network Access
- Network Access Control (NAC)
- Network Address Translation (NAT)
- Network Front-End
- Network Reference Monitor
- Network Resilience
- Network Security
- Network Security Officer
- Network Sniffing
- Network Sponsor
- Network System
- Network Weaving
- Nevada Insurance Data Security Law (SB21)
- No-Lone Zone (NLZ)
- Non-deterministic Random Bit Generator (NRBG)
- Non-Local Maintenance
- Non-Organizational User
- Non-repudiation
- Nonce
- North Carolina Cybersecurity Laws
- NSA-Approved Cryptography
- Nth Tier Risk
- Null
- Object
- Object Identifier
- Object Reuse
- Off-Card
- Off-line Attack
- Off-line Cryptosystem
- Official Information
- On-Card
- One-part Code
- One-time Cryptosystem
- One-time Pad
- One-time Tape
- One-Way Hash Algorithm
- Online Attack
- Online Certificate Status Protocol (OCSP)
- Online Cryptosystem
- Open Checklist Interactive Language (OCIL)
- Open Storage
- Open Vulnerability and Assessment Language (OVAL)
- Operating System (OS) Fingerprinting
- Operational Controls
- Operational Key
- Operational Vulnerability Information
- Operational Waiver
- Operations Code
- Operations Security (OPSEC)
- Optional Modification
- Organization
- Organizational Information Security Continuous Monitoring
- Organizational Maintenance
- Organizational Registration Authority (ORA)
- Organizational User
- Outside Threat
- Outside(r) Threat
- Over-The-Air Key Distribution
- Over-The-Air Key Transfer
- Over-The-Air Rekeying (OTAR)
- Overt Channel
- Overt Testing
- Overwrite Procedure
- Show all articles (57) Collapse Articles
- Packet Filter
- Packet Sniffer
- Parity
- Partitioned Security Mode
- Passive Attack
- Passive Security Testing
- Passive Wiretapping
- Password
- Password Cracking
- Password Protected
- Patch
- Patch Management
- Path Histories
- Payload
- PCI DSS
- Peer Entity Authentication
- Penetration
- Penetration Testing
- Per-Call Key
- Performance Reference Model (PRM)
- Perimeter
- Periods Processing
- Perishable Data
- Permuter
- Personal Firewall
- Personal Identification Number (PIN)
- Personal Identity Verification Issuer
- Personal Identity Verification (PIV)
- Personal Identity Verification Accreditation
- Personal Identity Verification Authorizing Official
- Personal Identity Verification Card (PIV Card)
- Personal Identity Verification Registrar
- Personal Identity Verification Sponsor
- Personally Identifiable Information (PII)
- Personnel Registration Manager
- Phishing
- Physically Isolated Network
- Piconet
- PII Confidentiality Impact Level
- Plaintext
- Plaintext Key
- Plan of Action and Milestones (POA&M)
- Policy Approving Authority (PAA)
- Policy Certification Authority (PCA)
- Policy Management Authority (PMA)
- Policy Mapping
- Policy-Based Access Control (PBAC)
- Port
- Port Scanning
- Portable Electronic Device (PED)
- Portal
- Positive Control Material
- Potential Impact
- Practice Statement
- Precursor
- Prediction Resistance
- Predisposing Condition
- Preproduction Model
- Primary Services Node (PRSN)
- Principal
- Principal Accrediting Authority (PAA)
- Principal Certification Authority – (CA)
- Print Suppression
- Privacy
- Privacy Impact Assessment (PIA)
- Privacy System
- Private Key
- Privilege
- Privilege Management
- Privileged Access Management (PAM)
- Privileged Account
- Privileged Accounts
- Privileged Command
- Privileged Process
- Privileged User
- Probability of Occurrence
- Probe
- Product Source Node (PSN)
- Production Model
- Profiling
- Promiscuous Mode
- Proprietary Information (PROPIN)
- Protected Distribution System (PDS)
- Protection Philosophy
- Protection Profile
- Protective Distribution System
- Protective Packaging
- Protective Technologies
- Protocol
- Protocol Data Unit
- Protocol Entity
- Proxy
- Proxy Agent
- Proxy Server
- Pseudonym
- Pseudorandom Number Generator (PRNG)
- Public Domain Software
- Public Key
- Public Key (Asymmetric) Cryptographic Algorithm
- Public Key Certificate
- Public Key Cryptography
- Public Key Enabling (PKE)
- Public Key Infrastructure (PKI)
- Public Seed
- Purge
- Quadrant
- Qualitative Assessment
- Quality of Service
- Quantitative Assessment
- Quarantine
- Show all articles (90) Collapse Articles
- Radio Frequency Identification (RFID)
- Random Bit Generator (RBG)
- Random Number Generation (RNG)
- Randomizer
- Ransomware
- RBAC
- Read
- Read Access
- Real-Time Reaction
- Recipient Usage Period
- Reciprocity
- Records
- Records Management
- Recovery Point Objective
- Recovery Procedures
- Recovery Time Objective
- Recovery Time Objective (RTO)
- RED
- Red Signal
- Red Team
- Red Team Exercise
- Red/Black Concept
- Reference Monitor
- Registration
- Registration Authority (RA)
- Regulatory Requirements
- Rekey
- Rekey (a certificate)
- Release Prefix
- Relying Party
- Remanence
- Remediation
- Remediation Plan
- Remote Access
- Remote Diagnostics/Maintenance
- Remote Maintenance
- Remote Rekeying
- Removable Media
- Renew (a certificate)
- Repair Action
- Replay Attacks
- Repository
- Reserve Keying Material
- Residual Risk
- Residue
- Resilience
- Resource Encapsulation
- Responder
- Responsibility to Provide
- Responsible Individual
- Restricted Data
- Revoke a Certificate
- RFID
- Rijndael
- Risk
- Risk Analysis
- Risk Assessment
- Risk Assessment Methodology
- Risk Assessment Report
- Risk Assessor
- Risk Executive (or Risk Executive Function)
- Risk Management
- Risk Management Framework
- Risk Mitigation
- Risk Model
- Risk Monitoring
- Risk Response
- Risk Response Measure
- Risk Tolerance
- Risk-Adaptable Access Control (RAdAC)
- Robust Security Network (RSN)
- Robust Security Network Association (RSNA)
- Robustness
- Rogue Device
- Role
- Role-Based Access Control – (RBAC)
- Root Cause Analysis
- Root Certification Authority
- Rootkit
- Round Key
- Rule-Based Security Policy
- Rules of Engagement (ROE)
- Ruleset
- Show all articles (63) Collapse Articles
- S-box
- S/MIME
- Safeguarding Statement
- Safeguards
- Salt
- Sandboxing
- Sanitization
- SCADA
- Scanning
- Scatternet
- Scavenging
- Scoping Guidance
- Secret Key
- Secret Key (symmetric) Cryptographic Algorithm
- Secret Seed
- Secure Communication Protocol
- Secure Communications
- Secure DNS (SECDNS)
- Secure Erase
- Secure Hash Algorithm (SHA)
- Secure Hash Standard
- Secure Socket Layer (SSL)
- Secure State
- Secure Subsystem
- Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Security
- Security Assertion Markup Language (SAML)
- Security Association
- Security Attribute
- Security Authorization
- Security Authorization (To Operate)
- Security Authorization Boundary
- Security Automation Domain
- Security Banner
- Security Categorization
- Security Category
- Security Concept of Operations (Security CONOP)
- Security Content Automation Protocol (SCAP)
- Security Control Assessment
- Security Control Assessor
- Security Control Baseline
- Security Control Effectiveness
- Security Control Enhancements
- Security Control Inheritance
- Security Controls
- Security Controls Baseline
- Security Domain
- Security Engineering
- Security Fault Analysis (SFA)
- Security Features Users Guide – (SFUG)
- Security Filter
- Security Functions
- Security Goals
- Security Impact Analysis
- Security Incident
- Security Information and Event Management (SIEM) Tool
- Security Inspection
- Security Kernel
- Security Label
- Security Level
- Security Management Dashboard
- Security Marking
- Security Markings
- Security Mechanism
- Security Net Control Station
- Security Objective
- Security Operations Center (SOC)
- Security Perimeter
- Security Plan
- Security Policy
- Security Program Plan
- Security Range
- Security Requirements
- Security Requirements Baseline
- Security Safeguards
- Security Service
- Security Specification
- Security Strength
- Security Tag
- Security Target
- Security Test & Evaluation (ST&E)
- Security Testing
- Security-Relevant Change
- Security-Relevant Event
- Security-Relevant Information
- Seed Key
- Semi-Quantitative Assessment
- Sender Policy Framework (SPF)
- Senior Agency Information Security Officer (SAISO)
- Senior Information Security Officer
- Sensitive Compartmented Information (SCI)
- Sensitive Compartmented Information Facility (SCIF)
- Sensitive Information
- Sensitivity
- Sensitivity Label
- Service-Level Agreement
- Shared Secret
- Shielded Enclosure
- Short Title
- Signature
- Signature Certificate
- Signature Generation
- Signature Validation
- Signature Verification
- Signed Data
- Single Point Keying
- Situational Awareness
- Skimming
- Smart Card
- Smishing
- Sniffer
- Social Engineering
- Software
- Software Assurance
- Software System Test and Evaluation Process
- Software-Based Fault Isolation
- Source Code
- Spam
- Spam Filtering Software
- Special Access Program (SAP)
- Special Access Program Facility – (SAPF)
- Special Character
- Specification
- Spillage
- Split Knowledge
- Spoofing
- Spread Spectrum
- Spyware
- SRTM- Security Requirements Traceability Matrix
- SSL
- Standard
- Start-Up KEK
- State
- Static Key
- Status Monitoring
- Steganography
- Storage Object
- Strength of Mechanism (SoM)
- Striped Core
- Strong Authentication
- Subassembly
- Subject
- Subject Security Level
- Subordinate Certification Authority
- Subscriber
- Subsystem
- Suite A
- Suite B
- Superencryption
- Superior Certification Authority
- Supersession
- Supervisory Control and Data Acquisition (SCADA)
- Supplementation (Security Controls)
- Supplementation (Assessment Procedures)
- Supply Chain
- Supply Chain Attack
- Suppression Measure
- Surrogate Access
- Syllabary
- Symmetric Encryption Algorithm
- Symmetric Key
- Synchronous Crypto-Operation
- System
- System Administrator
- System Assets
- System Development Methodologies
- System Development Life Cycle (SDLC)
- System High
- System High Mode
- System Indicator
- System Integrity
- System Interconnection
- System Low
- System Of Records
- System Owner
- System Profile
- System Security
- System Security Plan
- System Software
- System-Specific Security Control
- Systems Security Engineering
- Systems Security Officer
- What is Security Posture?
- Show all articles (163) Collapse Articles
- Tabletop Exercise
- Tactical Data
- Tactical Edge
- Tailored Security Control Baseline
- Tailoring
- Tailoring (Assessment Procedures)
- Tampering
- Technical Controls
- Technical Non-repudiation
- Technical Reference Model(TRM)
- Technical Security Controls
- Technical Vulnerability Information
- Telecommunications
- Telework
- Tempest
- TEMPEST
- TEMPEST Test
- TEMPEST Zone
- Test
- Test Key
- Third Party
- Third Party Risk Management (TPRM)
- Threat
- Threat Analysis
- Threat Assessment
- Threat Event
- Threat Monitoring
- Threat Scenario
- Threat Shifting
- Threat Source
- Time Bomb
- Time-Compliance Date
- Time-Dependent Password
- TOE Security Functions (TSF)
- TOE Security Policy (TSP)
- Token
- Total Risk
- Tracking Cookie
- Tradecraft Identity
- Traditional INFOSEC Program
- Traffic Analysis
- Traffic Encryption Key (TEK)
- Traffic Padding
- Traffic-Flow Security (TFS)
- Training (Information Security)
- Training Assessment
- Training Effectiveness
- Training Effectiveness Evaluation
- Tranquility
- Transmission
- Transmission Security (TRANSEC)
- Transport Layer Security (TLS)
- Trap Door
- Triple DES
- Trojan Horse
- Trust Agent
- Trust Anchor
- Trust List
- Trusted Agent
- Trusted Certificate
- Trusted Channel
- Trusted Computer System
- Trusted Computing Base (TCB)
- Trusted Distribution
- Trusted Foundry
- Trusted Identification Forwarding
- Trusted Path
- Trusted Platform Module (TPM) Chip
- Trusted Process
- Trusted Recovery
- Trusted Timestamp
- Trustworthiness
- Trustworthy System
- TSEC
- TSEC Nomenclature
- Tunneling
- Two-Part Code
- Two-Person Control (TPC)
- Two-Person Integrity (TPI)
- Type 1 Key
- Type 1 Product
- Type 2 Key
- Type 2 Product
- Type 3 Key
- Type 3 Product
- Type 4 Key
- Type 4 Product
- Type Accreditation
- Type Certification
- U.S. Person
- U.S.-Controlled Facility
- U.S.-Controlled Space
- Unauthorized Access
- Unauthorized Disclosure
- Unclassified
- United States Government Configuration Baseline (USGCB)
- Unsigned data
- Untrusted Process
- Update (a Certificate)
- Update (key)
- US-CERT
- User
- User ID
- User Initialization
- User Partnership Program (UPP)
- User Registration
- User Representative (COMSEC)
- User Representative (Risk Management)
- Show all articles (88) Collapse Articles
- Warm Site
- Web Bug
- Web Content Filtering Software
- Web Risk Assessment
- White Team
- Whitelist
- Wi-Fi Protected Access-2 (WPA2)
- Wiki
- Wired Equivalent Privacy (WEP)
- Wireless Access Point (WAP)
- Wireless Application Protocol (WAP)
- Wireless Local Area Network – (WLAN)
- Wireless Technology
- Work Factor
- Workcraft Identity
- Worm
- Write
- Write Access
- Write-Blocker
- X.509 Certificate
- X.509 Public Key Certificate
- Zero Fill
- Zeroization
- Zeroize
- Zombie
- Zone Of Control
- Show all articles (6) Collapse Articles
Health
Insurance
Security Controls Baseline
Created On
Last Updated On
Views48
Navigation:
< Back
Baseline security controls are the fundamental, minimum security measures an organization implements to protect its information systems and data, ensuring confidentiality, integrity, and availability. They serve as a starting point for a robust security posture, providing a foundation upon which more specialized controls can be built.
Definition:
The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.
SOURCE: CNSSI-4009
What are Baseline Security Controls?
- Minimum Security: They represent the essential security practices that every organization should have in place, regardless of size or industry.
- Foundation for Security: Baseline controls act as a starting point for a comprehensive security program, providing a basic level of protection against common threats.
- Consistency and Auditability: They help ensure consistency in security configurations across an organization, making it easier to audit and manage security risks.
- Risk Reduction: Implementing these controls helps reduce the risk of cyberattacks, data breaches, and unauthorized access.
- Examples:
Common baseline controls include strong passwords, multi-factor authentication, firewalls, anti-malware software, regular software updates, and data backup and recovery procedures.
Why are Baseline Security Controls Important?
- Protect Against Common Threats: Baseline controls help protect against the most common cyber threats and vulnerabilities, such as malware, phishing attacks, and unauthorized access.
- Compliance: Many industries and regulations require organizations to implement security controls to meet compliance requirements.
- Cost-Effective: Implementing baseline controls is often a cost-effective way to improve an organization’s security posture.
- Foundation for Advanced Security: Baseline controls provide a foundation for implementing more advanced security measures and technologies.
- Consistency: They ensure that all systems and devices within an organization are protected at a consistent level of security.
How to Implement Baseline Security Controls:
- Identify Your Assets: Determine which information systems and data are most critical to your organization.
- Conduct a Risk Assessment: Evaluate the potential risks to your organization’s information systems and data.
- Select Appropriate Controls: Choose security controls that are most appropriate for your organization‘s specific needs and risks.
- Implement and Configure Controls: Implement and configure the selected baseline controls.
- Monitor and Maintain Controls: Regularly monitor and maintain the security controls to ensure that they are effective.
- Stay Updated: Stay up-to-date with the latest security threats and vulnerabilities, and make a habit update your baseline security controls accordingly.
