Cybersecurity Glossary

Sandboxing is a method of isolating application modules into distinct fault domains enforced by software. Sandboxing is a technique which allows untrusted programs written in an unsafe language, such as C, to be executed safely within the single virtual address space of an application. Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. Access to system resources can also be controlled through a unique identifier associated with each domain. A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized.

Secure communication protocol is a communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection.

Security requirements are requirements levied on an information system that are derived from applicable laws, executive orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.

A security requirements traceability matrix (SRTM) is a matrix that captures all security requirements linked to potential risks and addresses all applicable C&A requirements. It is, therefore, a correlation statement of a system’s security features and compliance methods for each security requirement.

A security management dashboard is a tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders. Security marking – human-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings.

A security tag is an information unit containing a representation of certain security related information (e.g., a restrictive attribute bitmap).

Security impact analysis is the analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.

The security status of an enterprise’s networks, information, and systems based on resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.

Security category is the characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals. It is also the characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the nation.

A session key is a key that is temporary or is used for a relatively short period of time. It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. These keys are sometimes called symmetric keys, because the same key is used for both encryption and decryption.