NIST Revising Glossary of Infosec Terms

Defined Terms Found in NIST, Defense Dept. Publications
NIST Revising Glossary of Infosec Terms

Looking for a holiday gift for your boss who doesn't quite understand information security lingo? The National Institute of Standards and Technology has one you can give, and it's free.

See Also: How Supply Chain Attacks Work — and How to Secure Against Them

NIST has issued a draft of Interagency Report 7298 Revision 2: NIST Glossary of Key Information Security Terms.

The glossary includes most of the terms found in NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009, an information assurance glossary issued by the Defense Department's Committee on National Security Systems, a forum that helps set the federal government's information assurance policy.

The publication contains 215 pages of definitions, from "Access" - the ability to make use of any information system resource - to "Zone of Control" - a three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. (TEMPEST is defined as a name referring to the investigation, study and control of compromising emanations from telecommunications and automated information systems equipment.)

"As we are continuously refreshing our publication suite, terms included in the glossary come from our more recent publications," publication editor Richard Kissell writes. "The NIST publications referenced are the most recent versions of those publications. It is our intention to keep the glossary current by providing updates online. New definitions will be added to the glossary as required, and updated versions will be posted on the Computer Security Resource Center website.

NIST is seeking comments and suggestions on the revised glossary, and they should be sent by Jan. 15 to

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.