CMS Risk Management Terms, Definitions, and Acronyms

Download CMS Risk Management Terms, Definitions, and Acronyms

Post on 02-Jan-2017

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

<ul><li><p>CENTERS for MEDICARE &amp; MEDICAID SERVICES Enterprise Information Security Group </p><p>7500 Security Boulevard </p><p>Baltimore, Maryland 21244-1850 </p><p>Risk Management Handbook </p><p>Volume I </p><p>Chapter 10 </p><p>CMS Risk Management Terms, </p><p>Definitions, and Acronyms </p><p>FINAL </p><p>Version 1.0 </p><p>July 13, 2012 </p><p>Document Number: CMS-CISO-2012-vI-ch10 </p></li><li><p>Risk Management Handbook Vol I, Ch 10 </p><p>CMS Risk Management Terms, Definitions, and Acronyms CMS-CISO-2012-vI-ch10 </p><p>ii July 13, 2012 - Version 1.0 (FINAL) </p><p>(This Page Intentionally Blank) </p></li><li><p>Vol I, Ch 10 Risk Management Handbook </p><p>CMS-CISO-2012-vI-ch10 CMS Risk Management Terms, Definitions, and Acronyms </p><p>July 13, 2012 - Version 1.0 (FINAL) iii </p><p>SUMMARY OF CHANGES IN CMS RISK MANAGEMENT TERMS, DEFINITIONS, AND ACRONYMS, VERSION 1.0 </p><p>1. Baseline Version. </p><p>Risk Management Handbook Volume I Chapter 10, CMS Risk Management Terms, Definitions, and Acronyms, supersedes CMS Information Security Terms, Definitions, and Acronyms Version 4.00, dated </p><p>March 8, 2009. </p></li><li><p>Risk Management Handbook Vol I, Ch 10 </p><p>CMS Risk Management Terms, Definitions, and Acronyms CMS-CISO-2012-vI-ch10 </p><p>iv July 13, 2012 - Version 1.0 (FINAL) </p><p>(This Page Intentionally Blank) </p></li><li><p>Vol I, Ch 10 Risk Management Handbook </p><p>CMS-CISO-2012-vI-ch10 CMS Risk Management Terms, Definitions, and Acronyms </p><p>July 13, 2012 - Version 1.0 (FINAL) v </p><p>TABLE OF CONTENTS </p><p>1 INTRODUCTION.................................................................................................................1 </p><p>1.1 Terms and Definitions ................................................................................................... 1 1.1.1 A .............................................................................................................................. 2 1.1.2 B .............................................................................................................................. 9 </p><p>1.1.3 C ............................................................................................................................ 12 1.1.4 D ............................................................................................................................ 21 1.1.5 E ............................................................................................................................ 25 1.1.6 F ............................................................................................................................ 28 1.1.7 G ............................................................................................................................ 30 </p><p>1.1.8 H ............................................................................................................................ 31 1.1.9 I ............................................................................................................................. 33 </p><p>1.1.10 J ............................................................................................................................. 39 1.1.11 K ............................................................................................................................ 40 </p><p>1.1.12 L ............................................................................................................................ 40 1.1.13 M ........................................................................................................................... 43 1.1.14 N ............................................................................................................................ 46 </p><p>1.1.15 O ............................................................................................................................ 48 1.1.16 P ............................................................................................................................ 49 </p><p>1.1.17 Q ............................................................................................................................ 57 1.1.18 R ............................................................................................................................ 57 1.1.19 S ............................................................................................................................ 62 </p><p>1.1.20 T ............................................................................................................................ 77 </p><p>1.1.21 U ............................................................................................................................ 81 1.1.22 V ............................................................................................................................ 83 1.1.23 W ........................................................................................................................... 84 </p><p>1.1.24 X ............................................................................................................................ 85 1.1.25 Z ............................................................................................................................ 85 </p><p>1.2 Acronyms ...................................................................................................................... 87 1.2.1 A ............................................................................................................................ 88 1.2.2 B ............................................................................................................................ 88 1.2.3 C ............................................................................................................................ 88 1.2.4 D ............................................................................................................................ 90 1.2.5 E ............................................................................................................................ 90 </p><p>1.2.6 F ............................................................................................................................ 91 1.2.7 G ............................................................................................................................ 91 </p><p>1.2.8 H ............................................................................................................................ 91 1.2.9 I ............................................................................................................................. 92 1.2.10 K ............................................................................................................................ 92 1.2.11 L ............................................................................................................................ 93 1.2.12 M ........................................................................................................................... 93 </p><p>1.2.13 N ............................................................................................................................ 93 1.2.14 O ............................................................................................................................ 94 1.2.15 P ............................................................................................................................ 94 </p></li><li><p>Risk Management Handbook Vol I, Ch 10 </p><p>CMS Risk Management Terms, Definitions, and Acronyms CMS-CISO-2012-vI-ch10 </p><p>vi July 13, 2012 - Version 1.0 (FINAL) </p><p>1.2.16 R ............................................................................................................................ 95 </p><p>1.2.17 S ............................................................................................................................ 95 1.2.18 T ............................................................................................................................ 96 1.2.19 U ............................................................................................................................ 97 </p><p>1.2.20 V ............................................................................................................................ 97 1.2.21 W ........................................................................................................................... 97 1.2.22 X ............................................................................................................................ 97 1.2.23 Y ............................................................................................................................ 97 </p><p>2 SOURCE REFERENCES ..................................................................................................98 </p><p>3 APPROVED ........................................................................................................................99 </p></li><li><p>Vol I, Ch 10 Risk Management Handbook </p><p>CMS-CISO-2012-vI-ch10 CMS Risk Management Terms, Definitions, and Acronyms </p><p>July 13, 2012 - Version 1.0 (FINAL) vii </p><p>(This Page Intentionally Blank) </p></li><li><p>Vol I, Ch 10 Risk Management Handbook </p><p>CMS-CISO-2012-vI-ch10 CMS Risk Management Terms, Definitions, and Acronyms </p><p>July 13, 2012 - Version 1.0 (FINAL) 1 </p><p>1 INTRODUCTION </p><p>The CMS Risk Management Terms, Definitions, and Acronyms provides definitions and </p><p>acronyms for common terms in information system risk management, including information </p><p>security. Terms and acronyms are listed in alphabetical order together with the definition that </p><p>applies within CMS. When CMS is not the primary term/definition source, the source is </p><p>enclosed in brackets ([ ]) after the definition. Acronyms for sources are explained in the </p><p>acronyms list in section 1.2. </p><p>Some terms and acronyms may have multiple definitions depending on their context. When </p><p>multiple term/acronym definitions are provided, there is no hierarchy or importance placed on </p><p>the order or numerical value of the definition. </p><p>1.1 TERMS AND DEFINITIONS </p><p>The alphabetical tables of CMS risk management terms and definitions begin on page 2 of this </p><p>document. </p></li><li><p>Risk Management Handbook Vol I, Ch 10 </p><p>CMS Risk Management Terms, Definitions, and Acronyms CMS-CISO-2012-vI-ch10 </p><p>2 July 13, 2012 - Version 1.0 (FINAL) </p><p>1.1.1 A </p><p>Term Definition </p><p>Acceptable Level of Risk The tolerable level of risk that is determined from: an analysis of threats and vulnerabilities; the sensitivity of data and applications; a cost/benefit analysis; and a study of the technical and operational feasibility of available controls. </p><p>Acceptance The act of an authorized representative of the government by which the government, for itself or as agent of another, assumes control or ownership of existing identified supplies tendered or approves specific services rendered as partial or complete performance of the contract. It is the final determination whether or not a facility or system meets the specified technical and performance standards. [NIST SP 800-64] </p><p>Access 1. The ability or the means necessary to read, write, modify or communicate data or otherwise make use of any system resource. </p><p>2. A specific type of interaction between a subject and an object that results in the flow of information from one to the other. [NCSC-TG-004] </p><p>3. Opportunity to make use of an information system resource. [CNSSI 4009] </p><p>Access Control 1. Limiting access to information system resources only to authorized users, programs, processes, or other systems. [CNSSI 4009] </p><p>2. The process of granting or denying specific requests: </p><p>3. Obtain and use information and related information processing services; and </p><p>4. Enter specific physical facilities (e.g., federal buildings, military establishments, border-crossing entrances). [FIPS 201; FISCAM] </p><p>Access Control List (ACL) 1. A register of: </p><p>2. Users (including groups, machines, processes) who have been given permission to use a particular system resource, and </p><p>3. The types of access they have been permitted. [NIST SP 800-12] </p><p>4. Mechanism implementing discretionary and/or mandatory access control between subjects and objects. [CNSSI 4009] </p><p>Access Control Mechanism Security safeguard designed to detect and deny unauthorized access and permit authorized access in an information system. [CNSSI 4009] </p><p>Access Control Software Software (e.g., CA-ACF2, RACF, CA-TOP SECRET), which is external to the operating system, provides a means of specifying who has access to a system, who has access to specific resources, and what capabilities authorized users are granted. Access control software can generally be implemented in different modes that provide varying degrees of protection such as denying access for which the user is not expressly authorized, allowing access which is not expressly authorized but providing a wanting, or allowing access to all resources without warning regardless of authority. [FISCAM] </p><p>Access Method The technique used for selecting records in a file for processing, retrieval, or storage. [FISCAM] </p></li><li><p>Vol I, Ch 10 Risk Management Handbook </p><p>CMS-CISO-2012-vI-ch10 CMS Risk Management Terms, Definitions, and Acronyms </p><p>July 13, 2012 - Version 1.0 (FINAL) 3 </p><p>Term Definition </p><p>Access Path 1. Sequence of hardware and software components significant to access control. Any component capable of enforcing access restrictions or any component that could be used to bypass an access restriction should be considered part of the access path. </p><p>2. The path through which user requests travel, including the telecommunications software, transaction processing software, application program, etc. [FISCAM] </p><p>Access Privilege Precise statements that define the extent to which an individual can access computer systems and use or modify the programs and data on the system, and under what circumstances this access will be allowed. [FISCAM] </p><p>Access Profile Associates each user with a list of protected objects the user may access. [CNSSI 4009] </p><p>Access Script A program or a series of encoded commands that enable a user to log-on to a system. </p><p>Access Type Privilege to perform action on an object. Read, write, execute, append, modify, delete, and create are examples of access types. [CNSSI 4009] </p><p>Account Management In network management, a set of functions that: (a) enables network service use to be measured and the costs of such use to be determined; and (b) includes all the resources consumed, the facilities used to collect accounting data, the facilities used to set billing parameters for the services used by customers, maintenance of the data bases used for billing purposes, and the preparation of resource usage and billing reports. </p><p>Also, see User Account Management. </p><p>Accountability </p><p>(See Non-repudiation) </p><p>1. The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. [NIST SP 800-27A; FISCAM] </p><p>2. Process of tracing information system activities to a responsible source. [CNSSI 4009] </p><p>Accreditation Obsolete (per 800-37 R1). See Authorization to Operate. </p><p>Acquisition...</p></li></ul>

Recommended

View more >