Access Control
The process of granting or denying specific requests:
1) for obtaining and using information and related information processing services; and
2) To enter specific physical facilities (e.g. Federal buildings, military establishments, and border crossing entrances).

Access Control Lists (ACLs)
A register of:
1) Users (including groups, machines, processes) who have been given permission to use a particular system resource, and
2) The types of access they have been permitted.

Account Management, User
Involves
1) the process of requesting, establishing, issuing, and closing user accounts;
2) Tracking users and their respective access authorizations; and
3) Managing these functions.

Authentication
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.

Authentication, Electronic
The process of establishing confidence in user identities electronically presented to an information system.

Authentication Mechanism
Hardware or software-based mechanisms that force users to prove their identity before accessing data on a device.

Biometric
A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and handwriting samples are all examples of biometrics.

Biometric Information
The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g. patterns.)

Biometric System
An automated system capable of:
1) Capturing a biometric sample from an end user;
2) Extracting biometric data from that sample;
3) Comparing the biometric data with that contained in one or more reference templates;
4) Deciding how well they match; and
5) Indicating whether or not an identification or verification of identity has been achieved.

Capture
The method of taking a biometric sample from an end user

Certificate
A digital representation of information which at least:
1) Identifies the certification authority issuing it,
2) Names or identifies its subscriber,
3) Contains the subscriber's public key,
4) Identifies its operational period, and
5) Is digitally signed by the certification authority issuing it.

Certification
A comprehensive assessment of the management, operational and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

Credential
An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person.

Domain
A set of subjects, their information objects, and a common security policy.

Dynamic Host Configuration Protocol (DHCP)
The protocol used to assign Internet Protocol (IP) addresses to all nodes on the network.

Electronic Key Entry
The entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. (The operator of the key may have no knowledge of the value of the key being entered.)

Encrypted Key
A cryptographic key that has been encrypted using an approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key.

Event
Any observable occurrence in a network or system.

Firewall
A gateway that limits access between networks in accordance with local security policy.

Firmware
The programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution.

Identification
The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.

Identifier
A unique data string used as a key in the biometric system to name a person's identity and its associated attributes.

Identity
The set of physical and behavioral characteristics by which an individual is uniquely recognizable.

Identity-Based Security Policy
A security policy based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access.

Identity Verification
The process of affirming that a claimed identity is correct by comparing the offered claims of identity with previously proven information stored in the identity card or PIV system.
OR
The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card or system and associated with the identity being claimed.

Image
An exact bit-stream copy of all electronic data on a device, performed in a manner that ensures the information is not altered.

Incident
A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. -
An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

Integrity
The property that sensitive data has not been modified or deleted in an unauthorized and undetected manner.

Intrusion Detection System (IDS)
Software that looks for suspicious activity and alerts administrators.

IP Address
An IP address is a unique number for a computer that is used to determine where messages transmitted on the Internet should be delivered. The IP address is analogous to a house number for ordinary postal mail.

Key
A value used to control cryptographic operations, such as decryption, encryption, signature generation or signature verification

Password
A secret that a claimant memorizes and uses to authenticate his or her identity. Passwords are typically character strings

Password Protected
The ability to protect a file using a password access control, protecting the data contents from being viewed with the appropriate viewer unless the proper password is entered.

Personal Identification Number (PIN)
A secret password that a claimant memorizes and uses to authenticate his or her identity. Typically consisting of only decimal digits.

Personal Identity Verification Card (PIV Card)
Physical artifact (e.g., identity card, "smart" card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation etc.) such that a claimed identity of the cardholder may be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable).

Policy
A document that delineates the security management structure and clearly assigns security responsibilities and lays the foundation necessary to reliably measure progress and compliance

Port
A physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire).

Privileged Accounts
Individuals who have access to set "access rights" for users on a given system. Sometimes referred to as system or network administrative accounts.

Proxy Server
A server that sits between a client application, such as a web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server.

Remote Access
Access by users (or information systems) communicating external to an information system security perimeter.

Remote Maintenance
Maintenance activities conducted by individuals communicating external to an information system security perimeter.

Sensitivity
Used in this guideline to mean a measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection.

Signature
A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.

Signature Certificate
A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions

Smart Card
A credit card with a built-in microprocessor and memory that is used for identification or financial transactions. When inserted into a reader, the card transfers data to and from a central computer. A smart card is more secure than a magnetic stripe card and can be programmed to self-destruct if the wrong password is entered too many times.

System
A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

System Software
The special software within the cryptographic boundary (e.g., operating system, compilers or utility programs) designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system, and associated programs, and data.

Unauthorized Access
A person gains logical or physical access without permission to a network, system, application, data, or other resource.

User
Individual or (system) process authorized to access an information system.

Verification
The process of affirming that a claimed identity is correct by comparing the offered claims of identity with previously proven information stored in the identity card or PIV system. See Identity Verification.

Verified Name
A subscriber name that has been verified by identity proofing.