Glossary
Glossary terms and definitions last updated: July 3, 2025
This Glossary is an aggregation of terms and definitions specified in NIST's cybersecurity and privacy standards, guidelines, and other technical publications, and in CNSSI 4009. These should not be viewed as "official" or "preferred" definitions for a particular subject area, sector, or industry, with the exception that some definitions are cited directly from U.S. laws, the Code of Federal Regulations, Presidential Directives, etc.
Each term-definition pair must be understood within the context of its Source document, to which readers should refer. Because of this, many terms have multiple, varying definitions that reflect the different contexts of various publications written at different times.
- Cite the source publication, not this website. As our documents are published and withdrawn, the terminology on these web pages will change. When citing terms and definitions, we encourage you to cite the source publication for the authoritative terminology and to understand it in its proper context. Many terms on this website have different definitions, from multiple publications.
- Public input. We invite public comments—including terminology suggestions—on our draft publications and welcome your contributions.
- Artificial Intelligence (AI) terminology. For AI-focused terminology, see the Glossary available from the NIST Trustworthy & Responsible AI Resource Center.
* "Relevance" merely indicates the search engine's score for a document. It is based on the search parameters and information in the document's detailed record.
