NIST | RSA Information Security Glossary

NIST

National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Commerce Department. NIST security publications (Special Publications in the 800 series) may be used by organizations to provide a structured, yet flexible framework for selecting, specifying, employing, and evaluating the security controls in information systems.

The documents, available in both draft and published forms, offer guidelines and recommendations on subjects as varied as setting up a security awareness program to recommendation of a specific block cipher.

One of the most comprehensive guides, very helpful to companies that are developing a control framework is NIST SP 800-53, “Recommended Security Controls for Federal Information Systems”. This document describes fundamental concepts and defines the process of selecting and specifying controls for information systems with different risk profiles. It also maps the controls to other frameworks and baseline documents, including ISO 17799.

NIST SP 800-66,"An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule", (draft document as of March 2005) identifies NIST guidance documents that can help organizations with HIPAA security standards compliance, including FIPS publications.

21 CFR Part 11 access control, access management AES Alerting, alerts Anti-phishing service Anti-Phishing Working Group (APWG)authentication authorization Basel II Baseline, baselining biometrics/biometric authentication California AB 1950 and SB 1386 call center call center assist Card Management Systems (CMS)CAS certificate authority, certification authority (CA)Certificate Revocation List (CRL)Chip and PIN COBIT control framework credentials, credential store CVV DAS digital certificate digital identity digital rights management (DRM)digital signature directory service E-Authentication Initiative EMV™endpoint authentication EPS EU Data Protection Directive factoring, prime numbers Federal Information Processing Standards (FIPS)federated identity FFIEC FFIEC Online Banking Authentication Guidance FIPS 140 FIPS 201 GINA Gramm-Leach-Bliley Act (GLBA)hardware authenticator hijacking HIPAA Homeland Security Presidential Directive – Number 12 (HSPD-12)Identity and Access Management (IAM)identity theft Intelligent Questioning IPSec ISO 17799 ISO27002 key logging key management Knowledge Based Authentication (KBA)layered authentication LDAP Liberty Alliance, Liberty ID-FF logical access, physical access man-in-the-middle attacks (MITM)MasterCard's Chip Authentication Protocol (CAP)Microsoft.NET, Passport MPEG-LA mutual authentication NIST OASIS Open Mobile Alliance (OMA)OTP (One-Time Password)OTPS password, passcode, pass code Payment Card Industry (PCI) Data Security Standard Personal Identity Verification card (PIV Card)pharming phishing PKCS PKI provisioning RADIUS RBAC (Role Based Access Control)RC2, RC4, RC5, etc.RFID risk-based authentication RSA algorithm S/MIME SAML Sarbanes-Oxley Act (SOX)seed record sequential questions Service Oriented Architecture (SOA)single sign-on (SSO)smart badging smart card smart chip spoofing SSL-VPN strong authentication symmetric key cryptography time synchronous authentication token Trojans two-factor authentication U.K. Identity Cards Bill USB token user life-cycle management verification Visa's Dynamic Passcode Authentication (DPA)VPN web access management web services WS-Security XML	NIST National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Commerce Department. NIST security publications (Special Publications in the 800 series) may be used by organizations to provide a structured, yet flexible framework for selecting, specifying, employing, and evaluating the security controls in information systems. The documents, available in both draft and published forms, offer guidelines and recommendations on subjects as varied as setting up a security awareness program to recommendation of a specific block cipher. One of the most comprehensive guides, very helpful to companies that are developing a control framework is NIST SP 800-53, “Recommended Security Controls for Federal Information Systems”. This document describes fundamental concepts and defines the process of selecting and specifying controls for information systems with different risk profiles. It also maps the controls to other frameworks and baseline documents, including ISO 17799. NIST SP 800-66,"An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule", (draft document as of March 2005) identifies NIST guidance documents that can help organizations with HIPAA security standards compliance, including FIPS publications. Top of Page	Related Terms AES control framework Federal Information Processing Standards (FIPS) HIPAA ISO 17799 Related Links Secure Enterprise Data Regulatory Compliance RSA enVision Platform
		Email to a friend Print