U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

security

Abbreviation(s) and Synonym(s):

SEC

Definition(s):

  A condition that results from the establishment and maintenance of protective measures that enable an organization to perform its mission or critical functions despite risks posed by threats to its use of systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the organization’s risk management approach.
Source(s):
NIST SP 800-171 Rev. 2 from CNSSI 4009
NIST SP 800-172
NIST SP 800-37 Rev. 2
NIST SP 800-53 Rev. 5 from CNSSI 4009-2015

  A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.
Source(s):
CNSSI 4009-2015
NIST SP 800-12 Rev. 1 under Security from CNSSI 4009
NIST SP 800-53 Rev. 4 [Superseded] under Security from CNSSI 4009

  Protection against intentional subversion or forced failure. A composite of four attributes – confidentiality, integrity, availability, and accountability – plus aspects of a fifth, usability, all of which have the related issue of their assurance.
Source(s):
NIST SP 800-160 Vol. 2 from ISO/IEC 15288:2008

  Freedom from those conditions that can cause loss of assets with unacceptable consequences.
Source(s):
NIST SP 800-160 Vol. 1
NIST SP 800-160 Vol. 2 from NIST SP 800-160 Vol. 1

  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide— (A) integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; (B) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and (C) availability, which means ensuring timely and reliable access to and use of information.
Source(s):
NIST SP 800-66 Rev. 1 under Security from 44 U.S.C., Sec. 3542

  A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach. Note: See also information security and cybersecurity.
Source(s):
NIST SP 800-160 Vol. 2 from CNSSI 4009-2015, NIST SP 800-37 Rev. 2

  The combination of confidentiality, integrity and availability.
Source(s):
NISTIR 5153 under Security from DoD 5200.28-STD

  the preservation of confidentiality, integrity and availability of information. NOTE In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be relevant. A.    Integrity, property of protecting the accuracy and completeness of assets; B.    Confidentiality, property that information is not made available or disclosed to unauthorized individuals, entities, or processes; C.    Availability, property of being accessible and usable upon demand by an authorized entity.
Source(s):
NISTIR 8074 Vol. 2 under Security from ISO/IEC 27000:2009

  The state in which the integrity, confidentiality, and accessibility of information, service or network entity is assured.
Source(s):
NISTIR 4734 under Security

  refers to information security. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: A.    Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; B.    Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and C.    Availability, which means ensuring timely and reliable access to and use of information.
Source(s):
NISTIR 8074 Vol. 2 under Security from PL 107-347

  A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.
Source(s):
NIST SP 800-171 Rev. 1 [Superseded]

  Security is a system property. Security is much more than a set of functions and mechanisms. IT security is a system characteristic as well as a set of mechanisms that span the system both logically and physically.
Source(s):
NIST SP 800-27 Rev. A [Withdrawn]

  Security is a system property. Security is much more that a set of functions and mechanisms. Information technology security is a system characteristic as well as a set of mechanisms which span the system both logically and physically.
Source(s):
NIST SP 800-33 [Withdrawn]