Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z


Abbreviation(s) and Synonym(s):



  A rule, condition, or requirement: (1) Describing the following information for products, systems, services or practices: (i) Classification of components. (ii) Specification of materials, performance, or operations; or (iii) Delineation of procedures; or (2) With respect to the privacy of individually identifiable health information.
NIST SP 800-66 Rev. 1 (45 C.F.R., Sec. 160.103)

  a document, established by consensus and approved by a recognized body, that provides for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context. Note: Standards should be based on the consolidated results of science, technology and experience, and aimed at the promotion of optimum community benefits.
NISTIR 8074 Vol. 2 (ISO/IEC Guide 2:2004)

  a document that may provide the requirements for: a product, process or service; a management or engineering process; or a testing methodology. An example of a product standard is the multipart ISO/IEC 24727, Integrated circuit card programming interfaces. An example of a management process standard is the ISO/IEC 27000, Information security management systems, family of standards. An example of an engineering process standard is ISO/IEC 15288, System life cycle processes. An example of a testing methodology standard is the multipart ISO/IEC 19795, Biometric Performance Testing and Reporting.
NISTIR 8074 Vol. 2

  A published statement on a topic specifying the characteristics, usually measurable, that must be satisfied or achieved to comply with the standard.
FIPS 201 [version unknown]