Glossary of Key Information Security Terms (NIST) part 28 / F - G - H

Mathematical argument which verifies that the system satisfies a mathematically-described security policy.

Complete and convincing mathematical argument presenting the full logical justification for each proof step and for the truth of a theorem or set of theorems.

Mathematically-precise statement of a security policy.

The function that transforms the payload, associated data, and nonce into a sequence of complete blocks.

One of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key. The term “forward cipher operation” is used for TDEA, while the term “forward transformation” is used for DEA.

Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications.

The process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.

Complete diagnostic repair, modification, and overhaul of COMSEC equipment, including repair of defective assemblies by piece part replacement. See Limited Maintenance.

Segment of security testing in which advertised security mechanisms of an information system are tested under operational conditions.

Interface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures.

An interconnected set of information resources under the same direct management control that shares common functionality. It normally includes hardware, software, information, data, applications, communications, and people.

The globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and National Security Systems. Non-GIG IT includes stand-alone, self-contained, or embedded IT that is not, and will not be, connected to the enterprise network.

Worldwide interconnections of the information systems of all countries, international and multinational organizations, and international commercial communications.

A security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.

Used, sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.

A mechanism limiting the exchange of information between information systems or subsystems.

A measure of the difficulty that an Attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.

Unauthorized user who attempts to or gains access to an information system.

Dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another.

Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories (PROM).