UCF Glossary

Federal Bridge Certification Authority Operational Authority

The Federal Bridge Certification Authority Operational Authority is the organization selected by the Federal Public Key Infrastructure Policy Authority to be responsible for operating the Federal Bridge Certification Authority. [NIST 800 series]

Tactical

The middle of three levels of planning and delivery (strategic, tactical, operational). Tactical activities include the medium term plans required to achieve specific objectives, typically over a period of weeks to months. [ITIL]

Tagged Image File Format (TIFF)

One of the most widely used and supported graphic file formats for storing bit-mapped images, with many different compression formats and resolutions. File name has .TIF extension. Can be black and white, gray-scaled, or color. Images are stored in tagged fields, and programs use the tags to accept or ignore fields, depending on the application. The format originated in the early 1980’s. [Sedona Conference]

Tampering

An unauthorized modification that alters proper functioning of equipment or systems in a manner that degrades security or functionality. [Centers for Medicare & Medicaid Services (CMS), ISO/IEC 27001:2005, US National Information Assurance (IA) Glossary]

Tape drive

A hardware device used to store or backup electronic data on a magnetic tape. Tape drives are usually used to back up large quantities of data due to their large capacity and cheap cost relative to other data storage options. [Sedona Conference]

Taps

Wiring devices that may be inserted into communication links for use with analysis probes, LAN analyzers, and intrusion detection security systems. Also, the last bugle call. [ISACA, Network Frontiers]

Target Of Evaluation (TOE)

IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation. [US National Information Assurance (IA) Glossary]

Taxonomy

The science of categorization, or classification, of things based on a predetermined system. In reference to Web sites and portals, a site’s taxonomy is the way it organizes its data into categories and subcategories, sometimes displayed in a site map. [Sedona Conference]

Technical controls

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. Technical controls can also be found in software measures that ensure the confidentiality, availability, and integrity of a system and/or data. See also logical access control. [FISCAM, Centers for Medicare & Medicaid Services (CMS), FIPS Pubs, US National Information Assurance (IA) Glossary, NIST 800 Series]

Technical infrastructure security

A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer. [ISACA]

Technical Observation Post (TOP)

A technique used in service improvement, problem investigation, and availability management. Technical support staff meet to monitor the behavior and performance of an IT service and make recommendations for improvement. [ITIL]

Technical support

The process responsible for the technical aspects of supporting IT services. Technical support defines the roles of support groups, as well as the tools, processes and procedures required. See also support group. [ITIL]

Technical vulnerability information

Detailed description of a vulnerability to include the implementable steps (such as code) necessary to exploit that vulnerability. [US National Information Assurance (IA) Glossary]

Technology product

Security, but which provides security services as an associated feature of its intended operating capabilities. Examples include such products as security-enabled web browsers, screening routers, trusted operating systems, and security-enabled messaging systems. [US National Information Assurance (IA) Glossary]

Technology vulnerability

A weakness in systems that can directly lead to unauthorized action. Technology vulnerabilities are present in and apply to network services, architecture, operating systems, and applications. Types of technology vulnerabilities include design, implementation, and configuration vulnerabilities. [CERT OCTAVE]

Telecommunications

A general term for the electronic transmission of information of any type, such as data, television pictures, sound, or facsimiles, over any medium, such as telephone lines, microwave relay, satellite link, or physical cable. [FISCAM, ISACA, Centers for Medicare & Medicaid Services (CMS), US National Information Assurance (IA) Glossary]

Teleprocessing monitor

In the mainframe environment, a component of the operating system that provides support for on-line terminal access to application programs. This type of software can be used to restrict access to on-line applications and may provide an interface to security software to restrict access to certain functions within the application. [FISCAM]

Temporary file (Temp)

Temporary (or “temp”) files are files stored on a computer for temporary use only, and are often created by Internet browsers. These temp files store information about Web sites that a user has visited, and allow for more rapid display of the Web page when the user revisits the site. Forensic techniques can be used to track the history of a computer’s Internet usage through the examination of these temporary files. Temp files are also created by common office applications, such as word process or spreadsheet applications. [Sedona Conference]

Terminal

A device for sending and receiving computerized data over transmission lines consisting of a video adapter, a monitor, and a keyboard. [FISCAM, ISACA, Centers for Medicare & Medicaid Services (CMS)]

Terms of Reference (TOR)

A document that confirms the client’s and the IS auditor’s acceptance of a review assignment. The TOR specifies the requirements, scope, deliverables, resources, and schedule for a project or activity. See also statement of requirements. [ISACA, ITIL]

Terrorism

A deliberate and violent act taken by an individual or group whose motives go beyond the act of sabotage, generally toward some political or social sentiment/position. A weekend visit from my in-laws. [Centers for Medicare & Medicaid Services (CMS), Network Frontiers]

Test

A test is used to verify that a configuration item, IT service, process, etc. meets its specification and is able to correctly deliver specific functional or service level requirements. There should be no negative effects on other processes or IT services. [ITIL]

Test data

Simulated transactions that can be used to test processing logic, computations, and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs) and Base Case System Evaluations (BCSEs). [ISACA]

Test materiality

The maximum misstatement that the auditor can tolerate in a population. This materiality is used in determining the extent of a specific substantive test. In statistical terms, margin or bound of error. Test materiality is design materiality, reduced when the audit is being performed at some, but not all, entity locations (requiring increased audit assurance for those locations visited); the area tested is deemed to be sensitive to the users of the financial statements; or the auditor expects to find a significant amount of misstatements. [GAO/PCIE Financial Audit Manual]

Test programs

Programs that are tested and evaluated before approval into the production environment. Test programs, through a series of control moves, migrate from the test environment to the production environment and become production programs. [ISACA]

The Technology Group for The Financial Services Roundtable

BITS is a nonprofit, CEO-driven financial service industry consortium made up of 100 of the largest financial institutions in the US. BITS works to leverage the intellectual capital of its members, fostering collaboration to address emerging issues where financial services, technology, and commerce intersect. See also http://www.bitsinfo.org/ for more information. [de facto]

Thesaurus

A thesaurus is a complex alphabetical listing of all terms derived from a classification scheme. Such tools act as a guide in the allocation of classification terms to individual records. In a thesaurus the meaning of the term is specified and hierarchical relationships to other terms are shown. A thesaurus should provide sufficient entry points to allow users to navigate from terms which are not to be used to the preferred terminology adopted by the organization. See also merged thesaurus. [DIRKS]

Third party

A person, group, or business who is not part of the Service Level Agreement for an IT service, but is required to ensure successful delivery of that IT service. For example, a software supplier, a hardware maintenance company, or a facilities department. Requirements for third parties are typically specified in underpinning contracts or Operational Level Agreements. See also partnership. [ITIL]

Third party review

An independent audit of the control structure of a service organization, such as a service bureau, with the objective of providing assurances to the users of the service organization that the internal control structure is adequate, effective and sound. [ISACA]

Third-line support

The third level in a hierarchy of support groups involved in the resolution of incidents and investigation of problems. Each level contains more specialist skills or has more time or other resources. See also escalation. [ITIL]

Third-party processor

A non-member organization that performs transaction authorization and processing, account record keeping, and other day-to-day business and administrative functions for issuers and merchant banks. [VISA Glossary of Terms]

Thread

A series of postings on a particular topic. Threads can be a series of bulletin board messages (for example, when someone posts a question and others reply with answers or additional queries on the same topic). A thread can also apply to chats, where multiple conversation threads may exist simultaneously. [Sedona Conference]

Threat

Any circumstance or event that has the potential to cause harm to a system (whether intentional or unintentional) in the form of destruction, disclosure, modification of data, interruption, and/or denial of service. An indication of a potential undesirable event. The potential for a “threat source” to exploit (intentional) or trigger (accidental) a specific vulnerability. It refers to a situation in which a threat source could do something undesirable (an attacker initiating a denial-of-service attack against an organization’s e-mail server) or a natural occurrence could cause an undesirable outcome (a fire damaging an organization’s information technology hardware). Threats have defined properties (asset, actor, motive, access, outcome). For example, a fire is a threat that could exploit the vulnerability of flammable floor coverings. This term is commonly used in information security management and IT service continuity management but also applies to other areas such as problem and availability management. [CERT OCTAVE, NIST 800 series, ISACA, Centers for Medicare & Medicaid Services (CMS), PCI-DSS, FIPS Pubs, ITIL, US National Information Assurance (IA) Glossary]

Threat agent/source

Either: 1) intent and method targeted at the intentional exploitation of a vulnerability; or 2) a situation and method that may accidentally trigger a vulnerability. [NIST 800 series]

Threat analysis

The examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment. [Centers for Medicare & Medicaid Services (CMS), US National Information Assurance (IA) Glossary, NIST 800 Series]

Threat monitoring

Analysis, assessment, and review of audit trails and other information collected for the purpose of searching out system events that may constitute violations of system security. [US National Information Assurance (IA) Glossary]

Threat profile

Defines the range of threats that can affect an asset. Threat profiles contain categories that are grouped according to threat source (human actors using network access, human actors using physical access, system problems, other problems). [CERT OCTAVE]

Threat source

Either intent and method targeted at the intentional exploitation of a vulnerability, or the situation and method that may accidentally trigger a vulnerability. See also common threat sources. [NIST 800 series, FIPS Pubs]

Threshold

The value of a metric which should cause an alert to be generated or management action to be taken. For example, “priority 1 incident not solved within 4 hours,” “more than 5 soft disk errors in an hour,” or “more than 10 failed changes in a month.” [ITIL]

Thumbnail

A miniature representation of a page or item for quick overviews to provide a general idea of the structure, content and appearance of a document. A thumbnail program may be standalone or part of a desktop publishing or graphics program. Thumbnails take considerable time to generate, but provide a convenient way to browse through multiple images before retrieving the one needed. Programs often allow clicking on the thumbnail to retrieve it. [Sedona Conference]

Ticket-oriented

IS protection system in which each subject maintains a list of unforgeable bit patterns called tickets, one for each object a subject is authorized to access. See also list-oriented. [US National Information Assurance (IA) Glossary]

Time-compliance date

Date by which a mandatory modification to a COMSEC end-item must be incorporated if the item is to remain approved for operational use. [US National Information Assurance (IA) Glossary]

Timeliness

Public and private parties, nationally and internationally, should act in a timely coordinately manner to prevent and respond to breaches of security of information systems. [NIST 800 series]

TOE Security Functions (TSF)

Set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TSP. [US National Information Assurance (IA) Glossary]

Token

A physical device used to convey privilege or a capability through dynamic authentication, e.g., a handheld password generator. In authentication systems, some type of physical device (such as a card with a magnetic strip or a smart card) that must be in the individual’s possession in order to gain access. The token itself is not sufficient; the user must also be able to supply something memorized, such as a personal identification number (PIN). [FISCAM, ISACA, Centers for Medicare & Medicaid Services (CMS), PCI-DSS, NIST 800 Series]

Token Ring topology

A type of LAN ring topology in which a frame containing a specific format, called the token, is passed from one station to the next around the ring. When a station receives the token, it is allowed to transmit. The station can send as many frames as desired until a predefined time limit is reached. When a station either has no more frames to send or reaches the time limit, it transmits the token. Token passing prevents data collisions that can occur when two computers begin transmitting at the same time. [ISACA]

Tolerable rate

In attribute sampling for control testing, the maximum rate of deviation from a prescribed control that the auditor would be willing to accept without altering the assessment of the effectiveness of the control. For tests of compliance with laws and regulations, the tolerable rate is the maximum rate of noncompliance that the auditor would accept in the population without reporting the noncompliance. In statistical terms, margin or bound of error. [GAO/PCIE Financial Audit Manual]

Top level management

The highest level of management in the organization, responsible for direction and control of the organization as a whole (such as director, general manager, partner, chief officer, and executive manager). [ISACA]

Top secret

The highest level of information classification. The unauthorized disclosure of top-secret information will cause exceptionally great damage to the country’s national security. [Centers for Medicare & Medicaid Services (CMS)]

Top stratum item

An item in a dollar-unit sample that equals or exceeds the amount of the sampling interval or implicit sampling interval. Top stratum items are tested 100 percent. [GAO/PCIE Financial Audit Manual]

Topology

The geometric arrangement of a computer system. Common topologies include a bus (network topology in which nodes are connected to a single cable with terminators at each end), star (local area network designed in the shape of a star, where all end points are connected to one central switching device, or hub), and ring (network topology in which nodes are connected in a closed loop; no terminators are required because there are no unconnected ends). Star networks are easier to manage than ring topology. [ISACA, Sedona Conference, NIST 800 Series]

Total Cost of Ownership (TCO)

The life cycle cost view of an asset, which includes acquisition, setup, support, ongoing maintenance, service and all operating expenses. It focuses attention on the sum of all costs of owning an asset, as opposed to the initial or vendor cost, and is useful in outsourcing decisions. Total cost of ownership can be significantly higher than the purchase cost, and systems with a lower purchase cost can have higher total cost of ownership. [CobiT, ITIL]

Total Quality Management (TQM)

A methodology for managing continuous improvement by using a quality management system. TQM establishes a culture involving all people in the organization in a process of continuous monitoring and improvement. [ITIL]

Trading partner code

As assigned by the U.S. Department of the Treasury, trading partner code is the attribute defined within the accounting for a transaction used to identify the trading partner entity. The trading partner code is illustrated next to the SGL account and is a two-digit number. [GAO/PCIE Financial Audit Manual]

Trading partners

As defined by the U.S. Department of the Treasury, trading partners are agencies, bureaus, programs, or other entities (within or between agencies/ departments) participating in transactions with each other. [GAO/PCIE Financial Audit Manual]

Traditional INFOSEC program

Program in which NSA acts as the central procurement agency for the development and, in some cases, the production of INFOSEC items. This includes the Authorized Vendor Program. Modifications to the INFOSEC end-items used in products developed and/or produced under these programs must be approved by NSA. [US National Information Assurance (IA) Glossary]

Traffic analysis

The inference of information from observation of traffic flows (presence, absence, amount, direction, and frequency). [NIST 800 series, US National Information Assurance (IA) Glossary]

Training and awareness

Training strives to produce relevant and needed (information) security skills and competencies. See also information security training and awareness. [Centers for Medicare & Medicaid Services (CMS), ISO/IEC 27001:2005, NIST 800 Series]

Training effectiveness evaluation

Information collected to assist employees and their supervisors in assessing individual students’ subsequent on-the-job performance, to provide trend data to assist trainers in improving both learning and teaching, and to be used in return-on-investment statistics to enable responsible officials to allocate limited resources in a thoughtful, strategic manner among the spectrum of IT security awareness, security literacy, training, and education options for optimal results among the workforce as a whole. [NIST 800 series]

Transaction

This term has two definitions, one for Information Assurance and another for the Payment Card Industry. 1) The smallest unit of business activity. A transaction should be activity-based rather than subject- or topic-based. A transaction provides the basis for identifying, in detail, the records that meet the business needs of the organization. Typically, a transaction is applied to a calculation or event that then results in the updating of a holding or master file. Depending on the complexity of an organization’s business activities, it may be necessary to group transactions on the basis of their similarities or to further dissect this level to obtain an appropriate degree of specificity for the organization’s record keeping purposes. A particular instance in the performance of an activity. In some cases, the term transaction is used to cover a class of transactions that occur in the performance of an activity. 2) For the Payment Card Industry, the act between a cardholder and merchant that results in the sale of goods or services. [DIRKS, FISCAM, ISACA, Centers for Medicare & Medicaid Services (CMS), ITIL, VISA Glossary of Terms]

Transaction file

A group of one or more computerized records containing current business activity and processed with an associated master file. Transaction files are sometimes accumulated during the day and processed in batch production overnight or during off-peak processing periods. [FISCAM]

Transaction protection

Also known as “automated remote journaling of redo logs.” A data recovery strategy that is similar to electronic vaulting, except that instead of transmitting several transaction batches daily, the archive logs are shipped as they are created. [ISACA]

Transaction risk

The current and prospective risk to earnings and capital arising from fraud, error, and the inability to deliver products or services, maintain a competitive position, and manage information. Security risk is evident in each product and service offered and encompasses product development and delivery, transaction processing, systems development, computing systems, complexity of products and services, and the internal control environment. A high level of security risk may exist with Internet banking products, particularly if those lines of business are not adequately planned, implemented, and monitored. [ISACA]

Transfer cost

A cost type which records expenditure made on behalf of another part of the organization. For example, the IT service provider may pay for an external consultant to be used by the finance department and transfer the cost to them. The IT service provider would record this as a transfer cost. [ITIL]

Transmission Control Protocol (TCP)

A protocol within the TCP/IP protocol suite that is used when reliable packet delivery is essential; TCP requires confirmation of packet delivery for all transmitted packets. [Network Frontiers, ISACA, PCI-DSS]

Transmission Control Protocol/Internet Protocol (TCP/IP)

Transmission media

The facility through which information already recorded electronically is passed between electronic systems (e.g. twisted pair cables, coaxial, or optical cables). To include: transmissions over open communication channels e.g. Internet, intranets, and leased lines. [Workgroup for Electronic Data Interchange]

Trap door

Unauthorized electronic exits, or doorways, out of an authorized computer program into a set of malicious instructions or programs. A hidden software or hardware mechanism that can be triggered to permit system protection mechanisms to be circumvented. It is activated in some innocent-appearing manner; e.g., a special “random” key sequence at a terminal. Software developers often introduce trap doors in their code to enable them to re-enter the system and perform certain functions. See also back door. [ISACA, Centers for Medicare & Medicaid Services (CMS), US National Information Assurance (IA) Glossary]

Treasury Financial Manual (TFM)

The Treasury Financial Manual (TFM) is Treasury’s official publication for financial accounting and reporting of all receipts and disbursements of the federal government. Provides procedures for federal agencies to account for and reconcile transactions occurring within and between each other. Includes procedures for CFO Act agencies to reconcile and confirm with their trading partners intragovernmental activity and balances. [GAO/PCIE Financial Audit Manual]

Treatment, Payment, or health care Operations (TPO)

Those services directly associated with: 1) the delivery of care, 2) the processing of healthcare claim forms, 3) receipt of payments and corollary duties and services. [Workgroup for Electronic Data Interchange]

Trend analysis

Analysis of data to identify time related patterns. Trend analysis is used in problem management to identify common failures or fragile configuration items and in capacity management as a modeling tool to predict future behavior. It is also used as a management tool for identifying deficiencies in IT service management processes. [ITIL]

Trojan horse

A computer program that conceals harmful code. A Trojan horse usually masquerades as a useful program that a user would wish to execute. Unlike viruses, they do not replicate themselves, but they can be just as destructive to a single computer. [FISCAM, ISACA, Centers for Medicare & Medicaid Services (CMS), US National Information Assurance (IA) Glossary, NIST 800 Series]

Trust

Generally, the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity and a Certificate Authority (CA). An authenticating entity must be certain that it can trust the CA to create only valid and reliable certificates, and users of those certificates rely upon the authenticating entity’s determination of trust. [ISACA]

Trust anchor

A public key and the name of a certification authority that is used to validate the first certificate in a sequence of certificates. The trust anchor public key is used to verify the signature on a certificate issued by a trust anchor certification authority. The security of the validation process depends upon the authenticity and integrity of the trust anchor. Trust anchors are often distributed as self-signed certificates. [NIST 800 series]

Trusted agent

Entity authorized to act as a representative of an Agency in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities. [NIST 800 series]

Trusted certificate

A certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a "trust anchor". [NIST 800 series]

Trusted channel

Means by which a TOE Security Function (TSF) and a remote trusted IT product can communicate with necessary confidence to support the TOE Security Policy (TSP). [US National Information Assurance (IA) Glossary]

Trusted computer system

Information system employing sufficient hardware and software assurance measures to allow simultaneous processing of a range of classified or sensitive information. [US National Information Assurance (IA) Glossary]

Trusted computing base (TCB)

Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy. [US National Information Assurance (IA) Glossary]

Trusted distribution

Method for distributing trusted computing base (TCB) hardware, software, and firmware components that protects the TCB from modification during distribution. [US National Information Assurance (IA) Glossary]

Trusted foundry

Facility where both classified and unclassified parts can be produced with an extra level of assurance that the parts have not been tampered. [US National Information Assurance (IA) Glossary]

Trusted identification forwarding

Identification method used in IS networks whereby the sending host can verify an authorized user on its system is attempting a connection to another host. The sending host transmits the required user authentication information to the receiving host. [US National Information Assurance (IA) Glossary]

Trusted path

Means by which a user and a TOE Security Function (TSF) can communicate with necessary confidence to support the TOE Security Policy (TSP). A mechanism by which a user (through an input device) can communicate directly with the security functions of the information system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the information system and cannot be imitated by untrusted software. [US National Information Assurance (IA) Glossary, NIST 800 Series]

Trusted third party

A person or organization that performs a function or activity on behalf of a CE but is not part of the regulated organization’s workforce. See also business associate. [17 CFR 240.17a-3 & 4, HIPAA]

Trustworthiness

The attribute of a person or organization that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. [NIST 800 series]

Trustworthy system

Computer hardware, software and procedures that: 1) are reasonably secure from intrusion and misuse; 2) provide a reasonable level of availability, reliability, and correct operation; 3) are reasonably suited to performing their intended functions; and 4) adhere to generally accepted security procedures. [NIST 800 series]

Tuning

The activity responsible for planning changes to make the most efficient use of resources. Tuning is part of performance management which also includes performance monitoring and implementation of the required changes. [ITIL]

Tunneled password protocol

A protocol where a password is sent through a protected channel. For example, the TLS protocol is often used with a verifier’s public key certificate to 1) authenticate the verifier to the claimant, 2) establish an encrypted session between the verifier and claimant, and 3) transmit the claimant’s password to the verifier. The encrypted TLS session protects the claimant’s password from eavesdroppers. [NIST 800 series]

Tunneling

Technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. [US National Information Assurance (IA) Glossary]

Two-factor authentication

An authentication process whereas a user authenticates using two different types of identification; for example, a smart card and a password. This type of authentication requires users to produce two credentials - something they have (e.g., smartcards or hardware tokens), and something they know (e.g., a password). In order to access a system, users must produce both factors. [Network Frontiers, PCI-DSS]

Two-part code

Code consisting of an encoding section, in which the vocabulary items (with their associated code groups) are arranged in alphabetical or other systematic order, and a decoding section, in which the code groups (with their associated meanings) are arranged in a separate alphabetical or numeric order. [US National Information Assurance (IA) Glossary]

Two-person control

Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed, and each familiar with established security and safety requirements. [US National Information Assurance (IA) Glossary]

Two-Person Integrity (TPI)

System of storage and handling designed to prohibit individual access to certain COMSEC keying material by requiring the presence of at least two authorized individuals, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed. See also no-lone zone. [US National Information Assurance (IA) Glossary]

Type 1 key

Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of classified and sensitive national security information. [US National Information Assurance (IA) Glossary]

Type 1 product

Cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring the most stringent protection mechanisms. [US National Information Assurance (IA) Glossary]

Type 2 key

Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of unclassified national security information. [US National Information Assurance (IA) Glossary]

Type 2 product

Cryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified national security information. [US National Information Assurance (IA) Glossary]

Type 3 product

Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP). [US National Information Assurance (IA) Glossary]

Type 4 key

Used by a cryptographic device in support of its Type 4 functionality; i.e., any provision of key that lacks U.S. Government endorsement or oversight. [US National Information Assurance (IA) Glossary]

Type 4 product

Unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any Government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor’s commercial practices. These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS. [US National Information Assurance (IA) Glossary]

Type certification

The certification acceptance of replica information systems based on the comprehensive evaluation of the technical and non-technical security features of an information system and other safeguards, made as part of and in support of the accreditation process, to establish the extent to which a particular design and implementation meet a specified set of security requirements. [US National Information Assurance (IA) Glossary]

Typeface

There are over 10,000 typefaces available for computers. The general categories are: oldstyle (faces have slanted serifs, gradual thick to thin strokes and a slanted stress - the “O” appears slanted), modern (faces have thin, horizontal serifs, radical thick to thin strokes and a vertical street - the “O” does not appear to slant); slab serif (faces have thick, horizontal serifs, little or no thick-to-thin in the strokes and a vertical stress - the “O” appears vertical); sans serif (faces have no serifs), script (from elaborate handwriting styles to casual, freeform, unconnected letter forms), decorative unusual fonts (designed to be very different and attention getting). [Sedona Conference]

Federal Bridge Certification Authority Operational Authority

T1

T3

Table look up

Tactical

Tagged Image File Format (TIFF)

Tamper resistance

Tampering

Tape drive

Tape library

Tape Management System (TMS)

Taps

Targa Format (TGA)

Target Of Evaluation (TOE)

Taxonomy

Tcpdump

Technical controls

Technical infrastructure security

Technical non-repudiation

Technical Observation Post (TOP)

Technical support

Technical vulnerability information

Technology

Technology infrastructure plan

Technology neutral

Technology product

Technology vulnerability

Telecommunications

Telephone network protocol (TELNET)

Telephony

Teleprocessing

Teleprocessing monitor

TEMPEST

TEMPEST test

TEMPEST zone

Template

Templates

Temporary file (Temp)

Terabyte

Terminal

Terminal Access Controller Access Control System Plus (TACACS+)

Terms of Reference (TOR)

Terrorism

Test

Test bed

Test data

Test environment

Test facility

Test generators

Test key

Test materiality

Test programs

The Technology Group for The Financial Services Roundtable

Thesaurus

Thin Client

Third party

Third party review

Third-line support

Third-party processor

Thread

Threat

Threat agent/source

Threat analysis

Threat assessment

Threat monitoring

Threat profile

Threat source

Threshold

Throughput

Thumb Drive

Thumbnail

Ticket-oriented

Tied users

TIFF Group III

Time bomb

Time Sharing Option (TSO)

Time-compliance date

Time-dependent password

Time-sharing

Timeliness