Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

defense-in-depth

Abbreviation(s) and Synonym(s):

None

Definition(s):

  Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization.
Source(s):
NIST SP 800-161 under Defense-in-Depth CNSSI 4009, NIST SP 800-53 Rev. 4
NISTIR 7622 under Defense-in-Depth CNSSI 4009-2010, NIST SP 800-53

  Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.
Source(s):
CNSSI 4009-2015 NIST SP 800-53 Rev. 4
NIST SP 800-30 Rev. 1 under Defense-in-Depth CNSSI 4009
NIST SP 800-39 under Defense-in-Depth CNSSI 4009
NIST SP 800-53 Rev. 4 under Defense-in-Depth

  The application of multiple countermeasures in a layered or stepwise manner to achieve security objectives. The methodology involves layering heterogeneous security technologies in the common attack vectors to ensure that attacks missed by one technology are caught by another.
Source(s):
NISTIR 8183 under Defense-in-depth ISA/IEC 62443, ISO/IEC 62443 1-1
NISTIR 8183A Vol. 2 under Defense-in-depth ISO/IEC 62443 1-1
NISTIR 8183A Vol. 3 under Defense-in-depth ISO/IEC 62443 1-1