Access Control
Limiting access to information system resources only to authorized users, programs, processes, or other systems.
Accessibility
A measure of the relative ease of admission to the various areas of an item for the purpose of operation or maintenance.
Accessible
Data and services can be accessed via the Global Information Grid (GIG) by users and applications in the Enterprise. Data and services are made available to any user of application except where limited by law, policy, security classification, or operational necessity.
Source: DIEA Glossary
Acquisition Plan (AP)
A formal written document reflecting the specific actions necessary to execute the approach established in the approved acquisition strategy and guiding contractual implementation.
Acquisition Program
A directed, funded effort that provides a new, improved, or continuing materiel, weapon or information system, or service capability in response to an approved need.
Act
1) A bill or measure after it passes one or both Houses of Congress. 2) A law in place.
Adequate Security
Security commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, acquisition, development, installation, operational, and technical controls.
Adversary
Any individual, group, organization, or government that conducts activities, or has the intention and capability to conduct activities, detrimental to critical assets.
AFEI
Association for Enterprise Information
Agent
A kind of intermediary service which acts on behalf of another service (service provider or requester) according to rules established upon its invocation.
Aggregation
The ability to get a more complete picture of the information by analyzing several different types of records at once.
Alias
A name that points to a resource with a different name. In the context of email, an alias is an email address which, when it receives email, directs that mail to an email account on the same domain with a different address. In the context of domain names, a domain alias is a domain name that points to a website at a different address, such as mydomain.net pulling up mydomain.com. mydomain.net would be an alias of mydomain.com.
All-Source
Intelligence product or analysis that uses all the sources of intelligence available to come to a conclusion, instead of just relying on one primary source. This may also be referred to as multi-INT reporting.
All Hazards Consortium (AHC)
The All Hazards Consortium exists to create a new approach to addressing complex, persistent public/private issues in disaster management, business continuity and cyber security.
Source: www.ahcusa.org
Amendment
Modification, addition or deletion of specific parts of the content of a normative document. NOTE: The results of amendment are usually presented by issuing a separate amendment sheet to the normative document.
American National Standards Institute (ANSI)
The voice of the U.S. standards and conformity assessment system that empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.
American Standard Code for Information Interchange (ASCII)
The ASCII format provides computer systems with a common language for exchanging information.
ANSI
American National Standards Institute
API
Application Programming Interface
Applet
A small application, with limited functionality, designed to operate in a componentware and/or middleware environment.
Application
Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges.
Application Platform
The collection of hardware and software components that provide the infrastructure services used by application programs. APIs make the specific characteristics of the platform transparent and accessible to the application.
Application Portability
The ability to move software among computers without rewriting it. This may be provided in three ways; as source code portability, pseudocode portability, or binary code portability.
Application Programming Interface (API)
An interface definition that permits invoking services from application programs without knowing details of their internal implementation.
Application Schema
A set of conceptual schema for data required by one or more applications. An application schema contains selected parts of the base schemas presented in the ORM Information Viewpoint. Designers of application schemas may extend or restrict the types defined in the base schemas to define appropriate types for an application domain. Application schemas are information models for a specific information community.
Application Software
The computing elements supporting users’ particular needs. Frequently includes data, documentation, and training, as well as programs.
Architectural Artifacts
The relevant documentation, models, diagrams, depictions, and analyses, including a baseline repository and standards and security profiles.
Architectural Framework
Identifies key interfaces and services, and provides a context for identifying and resolving policy, management and strategic technical issues. Constrains implementation by focusing on interfaces, but does not dictate design or specific technical solutions.
Architecture
The organizational structure and associated behavior of a system. An architecture can be recursively decomposed into parts that interact through interfaces, relationships that connect parts, and constraints for assembling parts. Parts that interact through interfaces include classes, components, and subsystems.
Architecture Product
The structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time.
Association of State Criminal Investigative Agencies (ASCIA)
Association of State Criminal Investigative Agencies is a professional association consisting of the senior executives of the state wide criminal investigative agencies in the United States whether they are independent bureau within the state or a state police agency with both criminal and other enforcement responsibilities.
Source: www.ascia.org
ASCII
American Standard Code for Information Interchange
Assurance
Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy.
Attack
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
Attribute Based Access Control (ABAC)
Attribute based access control represents a point on the spectrum of logical access control from simple access control lists to more capable role-based access, and finally to a highly flexible method for providing access based on the evaluation of attributes.
Source: NIST.gov
Authentication
The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.
Authenticator
The means used to confirm the identity of a user, processor, or device (e.g., user password or token).
Authenticity
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See Authentication.
Authoritative Body
The recognized, sustainable organization empowered to speak for stakeholders within the context of a given subject area.
Authoritative Source
The recognized primary supplier of reliable, accurate, and current data, information, or knowledge about some thing for subsequent use by consumers.
Authorization
Access privileges granted to a user, program, or process or the act of granting those privileges.
Backend attribute exchange (BAE)
Backend attribute exchange enables the exchange of identity and entitlement information about their respective users, enabling information systems to make access control decisions on data and services. This ensures inter-organization information sharing across organizational boundaries, maintains the sovereignty between organizations, and eliminates the redundant process of one organization managing and maintaining users of another organization.
Source: DHS.gov
BCA
Business Case Analysis
BCOT
Building Communities of Trust initiative
Biometrics
Measurable physical characteristics or personal behavioral traits used to identify, or verify the claimed identity, of an individual. Facial images, fingerprints, and handwriting samples are all examples of biometrics.
BJA
Bureau of Justice Assistance in Office of Justice Programs within the U.S. Department of Justice
Blog
Common parlance for weblog, a kind of website or component within a website whereby an individual may post journal entries which are then viewable by visitors to the site, ordered from the most recent to the eldest entries.
BRM
Business Reference Model
Sources: Revision Summary Document for the Federal Enterprise Architecture (FEA) Consolidated Reference Model (CRM), Version 2.3
Broker
A kind of intermediary service whose responsibility is only to bring other services together (typically a service requester and a service provider) and has no responsibility for satisfactory completion of the “contract” established between the requester and provider.
Browser
Client software with which a user can access resources on the internet, and which renders the markup language as the web page seen by the user. Although all browsers perform the same basic functions, additional capabilities vary widely from browser to browser.
Building Communities of Trust initiative (BCOT)
Building Communities of Trust initiative
Bureau of Justice Assistance (BJA)
Bureau of Justice Assistance in Office of Justice Programs within the U.S. Department of Justice.
Business Architecture
A component of the current and target architectures and relates to the Federal mission and goals. It contains the content of the business models and focuses on the Federal business areas and processes responding to business drivers. The business architecture defines Federal business processes, Federal information flows, and information needed to perform business functions.
Business Case
Structured proposal that justifies a project for decision-makers. Includes an analysis of business process performance and requirements, assumptions, and issues. Also presents the risk analysis by explaining strengths, weaknesses, opportunities, and threats.
Business Case Analysis (BCA)
An expanded cost/benefit analysis created with the intent of determining a best-value solution for product support. Alternatives weigh total cost against total benefits to arrive at the optimum solution.
Business Reference Model (BRM)
One of the five Federal Enterprise Architecture (FEA) reference models. The BRM provides a framework facilitating a functional (rather than organizational) view of the federal government’s lines of business (LoBs), including its internal operations and its services for citizens, independent of the agencies, bureaus and offices performing them. The BRM describes the federal government around common business areas instead of through a stovepiped, agency-by-agency view. It thus promotes agency collaboration and serves as the underlying foundation for the FEA and E-Gov strategies. See FEA Reference Model.
Source: Revision Summary Document for the FEA CRM, Version 2.3
Capabilities Document Service Profile
The result of invoking the ""Get Capabilities"" operation on a service is a message containing a ""capabilities document"" describing the service. Provides a high-level description of a service instance and its provider. Includes; a human readable description of the service, a specification of the functionalities that are provided by the service and a set of functional attributes that provide additional information and requirements about the service.
Capabilities XML
Service-level metadata describing the operations and content available at a service.
Capability
The ability to perform one or more functions. In this sense, a capability may be represented as a generic statement (e.g., “the ability to collect and analyze human intelligence”) or may be more specific to address an explicit function (e.g., “the ability to plot coordinates on a map).
Capability Gap
The inability to achieve a desired effect under specified standards and conditions through combinations of means and ways to perform a set of tasks. The gap may be the result of no existing capability, lack of proficiency or sufficiency in existing capability, or the need to recapitalize an existing capability.
Capital Planning and Investment Control (CPIC) Process
A process to structure budget formulation and execution and to ensure that investments consistently support the strategic goals of the Agency.
Cartesian Coordinates
Coordinates that differ from latitude-longitude coordinates in that the latter comprise a spherical (rather than planar) reference system.
Catalog
A collection of datasets.
CDM
DoDAF Conceptual Data Model CDM
CDS
Cross-Domain Solution
Certificate
Digitally signed document that binds a public key with an identity. The certificate contains, at a minimum, the identity of the issuing Certification Authority, the user identification information, and the user’s public key.
Certification
1) Comprehensive evaluation of the technical and non-technical security safeguards of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. See Security Control Assessment.
Change Management
The process of controlling changes to the infrastructure or any aspect of services, in a controlled manner, enabling approved Changes with minimum disruption.
Sources: ITIL Glossary
Chat
A service on the internet wherein people may communicate in real-time, in virtual chat rooms, using nicknames to identify themselves. These have waned in popularity over the years, but are still commonly used throughout the internet.
CIKR
Critical Infrastructure and Key Resources
CIO
Chief Information Officer
CIPAC
Critical Infrastructure Partnership Advisory Council
CISS
Common Information Sharing and Safeguarding
CISSO
Classified Information Sharing and Safeguarding Officer
CJIS
Criminal Justice Information System
Classification
The act or process by which information is determined to be classified information.
Classification Guidance
Any instruction or source that prescribes the classification of specific information.
Classification Guide
A documentary form of classification guidance issued by an original classification authority that identifies the elements of information regarding a specific subject that must be classified and establishes the level and duration of classification for each such element.
Classification Levels
Information may be classified at one of the following three levels; Top Secret, which is applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe; Secret, which is applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe; and Confidential, which is applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe.
Classified Information
Information that an original classification authority determines the unauthorized disclosure of which reasonably could be expected to result in damage to the national security, which includes defense against transnational terrorism, and the original classification authority is able to identify or describe the damage. Classified information may be protected at one of three classification levels; Top Secret, Secret, or Confidential.
Classified Information Sharing and Safeguarding Officer (CISSO)
Classified Information Sharing and Safeguarding Officer
Classified Information Spillage
Security incident that occurs whenever classified data is released, without appropriate permissions, either onto an unclassified information system (IS) or to an IS with a lower level of classification.
Source: Adapted from Committee on National Security Systems Instruction (CNSSI) 4009
Classified National Security Information
See Classified Information.
Client
A role filled by a processor when it requests the services provided by another processor (i.e. a server).
Client-Server Relationship
The relationship between a client and a server, which is established at the moment that a client asks for a service to be performed by a server.
Client/Server
The network computing revolution is based on software entities (clients) that tell other software entities (servers) to do things for them. Software clients say, “Send me this specific data from your database!” or “Tell me what Internet address contains this information!” or “Take this data and do a correlation operation on it!” In a simple sense, your word processor is a client when you click on “Save” and the word processor instructs the operating system (acting as a server) to save your file to disk. Interoperability interfaces make it possible for diverse computers to request things of each other over networks and get predictable responses.
CMS
Content Management System
CNSS
Committee on National Security Systems
COI
Community of Interest
Collaboration
A recursive process where two or more people or organizations work together in an intersection of common goals.
Commercially Available Off-The-Shelf (COTS)
A commercial item sold in the commercial marketplace and offered to the government under a contract or subcontract at any tier, without modification, in the same form in which it was sold in the marketplace.
Committee on National Security Systems (CNSS)
Committee on National Security Systems
Common Core
A set of concepts that have broad applicability across two or more Communities of Interest, but are not universal.
Common Terrorism Information Sharing Standards (CTISS)
Common Terrorism Information Sharing Standards
Communications Linkage
A means for exchanging data between computer systems, or between a user and computer systems.
Communications Security (COMSEC)
Measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study. This includes cryptosecurity, transmission security, emission security, and physical security of communication security materials and information.
Community of Interest (COI)
A collaborative group of users who exchange information in pursuit of their shared goals, interests, missions, or business processes, and who therefore must have a shared vocabulary for the information they exchange. The group exchanges information within and between systems to include security domains.
Comparable Standards
Standards on the same products, processes or services, approved by different standardizing bodies, in which different requirements are based on the same characteristics and assessed by the same methods, thus permitting unambiguous comparison of differences in the requirements. NOTE: Comparable standards are not harmonized (or equivalent) standards.
Compatibility
Suitability of products, processes or services for use together under specific conditions to fulfill relevant requirements without causing unacceptable interactions.
Compilation
An aggregation of preexisting unclassified items of information.
Compliance
Obliged adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements. See Conformance.
Compromise
Type of incident where information is disclosed to unauthorized individuals or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.
COMPUSEC
Computer Security
Computer Security (COMPUSEC)
Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.
COMSEC
Communications Security
Conceptual Architecture
A diagram and accompanying text that provides a model of how a system works.
Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Configuration
The manner in which the hardware, software, or other aspects of an information processing system are organized and interconnected.
Configuration Control
Process of controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modifications prior to, during, and after system implementation.
Configuration Management
The process of identifying and defining Configuration Items in a system, recording and reporting the status of Configuration Items and Requests for Change, and verifying the completeness and correctness of Configuration Items.
Conformance
Measure of how well an implemented system or process fulfills its requirements against the standard.
Conformity Assessment
Demonstration that specified requirements relating to a product, process, system, person or body are fulfilled. (This may include any activity concerned with determining directly or indirectly that relevant requirements are fulfilled.
Consensus
General agreement, characterized by the absence of sustained opposition to substantial issues by any important part of the concerned interests and by a process that involves seeking to take into account the views of all parties concerned and to reconcile any conflicting arguments. Note consensus need not imply unanimity.
Consensus Body
The group that approves the content of a standard and whose vote demonstrates evidence of consensus.
Constraint
A restriction on the values permitted for a given collection of data.
Contamination
Type of incident involving the introduction of data of one security classification or security category into data of a lower security classification or different security category.
Content Management System (CMS)
A type of web application which allows for high-functionality sites with minimal effort needed to set them up. These are also known as “portals” and are database-driven applications usually developed in PHP or ASP.
Content Standard
A standard data model.
Control
Means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be administrative, technical, management, or legal in nature.
Controlled Interface
Mechanism that facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system).
Controlled Unclassified Information (CUI)
A categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (1) pertinent to the national interests of the United States or to the important interests of entities outside the Federal Government, and (2) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. Henceforth, the designation CUI replaces ""Sensitive But Unclassified"" (SBU).
Controlled Vocabulary
A knowledge organization system that deals with terms in a domain and is a collection of natural language (lexical) terms (i.e., values) explicitly allowed to be used to refer to aspects of the domain.
COPS
Office of Community Oriented Policing Services within the U.S. Department of Justice
Cost/Benefit Analysis
Determination of the economic feasibility of developing a system on the basis of a comparison of the projected costs of a proposed system and the expected benefits from its operation.
Cost/Risk Analysis
The assessment of the cost of potential risk of loss or compromise of data in a computer system without data protection versus the cost of providing data protection.
COTS
Commerically available Off-The-Shelf
Counterintelligence
Information gathered and activities conducted to identify, deceive, exploit, interdict, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, foreign organizations or persons, or international terrorist organizations or activities.
Countermeasure
The deployment of a set of security services to protect against a security threat.
CPIC
Capital Planning and Investment Control
Cradle-to-Grave
Total life cycle of a given system, from concept through development, acquisition, operations phases, and final disposition. Also called “womb-to-tomb.”
Credentials
Information, passed from one entity to another, used to establish the sending entity's access rights.
Criminal Justice Information System (CJIS)
Criminal Justice Information System
Critical Infrastructure and Key Resources (CIKR)
Critical Infrastructure and Key Resources
Critical Infrastructure Partnership Advisory Council (CIPAC)
Critical Infrastructure Partnership Advisory Council
Critical Infrastructure Protection
Actions taken to prevent, remediate, or mitigate the risks resulting from vulnerabilities of critical infrastructure assets. Depending on the risk, these actions could include; changes in tactics, techniques, or procedures; adding redundancy; selection of another asset; isolation or hardening; guarding, etc.
Cross Certification
Practice of mutual recognition of another certification authority it certificates to an agreed level of confidence.
Cross-Domain Capabilities
The set of functions that enable the transfer of information between security domains in accordance with the policies of the security domains involved.
Cross-Domain Solution (CDS)
A form of controlled interface that provides the ability to manually and/or automatically access and/or transfer information between different security domains.
CTISS
Common Terrorism Information Sharing Standards
CUI
Controlled Unclassified Information (formerly SBU)
Cultural Intelligence
Knowledge resulting from all-source analysis of cultural factors, which assists in anticipating the actions of people or groups of people.
Cyber Law
The field of law dealing with the Internet, encompassing cases, statutes, regulations, and disputes that affect people and business interacting through computers.
Cybersecurity
The ability to protect or defend the use of cyberspace from cyber attacks.
Data Element
The smallest unit of data accessible to a database management system or a field of data within a file processing system.
Data Element Dictionary
An information resource that lists and defines all relevant data elements.
Data Export
A data management service, which retrieves a set of data from a database and creates a copy of that data organized according to a data interchange format.
Data Import
A data management service, which inserts into a database a set of data, organized according to a data interchange format.
Data Independence
The independence of processes from data such that the data definition may be changed without unnecessarily affecting the processes.
Data Integrity
The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner.
Data Interchange Format
A set of data structuring rules that determine a format for data to enable the export of data from one data management system and its import by another data management system.
Data Interchange Standard
A standard, which defines a set of data according to a set of data structuring rules so that the set of data can be interchanged between one computer system and another.
Data Management
The activities of defining, creating, storing, maintaining and providing access to data and associated processes in one or more information systems.
Data Mapping
The process of matching one set of data elements or individual code values to their closest equivalents in another set of them. This is sometimes called a cross-walk.
Data Mining
A methodology used by organizations to better understand their customers, products, markets, or any other phase of the business.
Data Model
1) A description of the organization of data in a manner that reflects an information structure. 2) A model that describes in an abstract way how data is represented in a business organization, an information system or a database management system.3) An abstraction of the real world which incorporates only those properties thought to be relevant to the application at hand. The data model would normally define specific groups of entities, and their attributes and the relationships between these entities. A data model is independent of a computer system and its associated data structures. A map is one example of an analogue data model.
Data Quality
Indications of the degree to which data satisfies stated or implied needs. This includes information about lineage, completeness, currency, logical consistency and accuracy of the data.
Data Reference Model (DRM)
One of the five reference models of the Federal Enterprise Architecture (FEA). The DRM is a flexible and standards-based framework to enable information sharing and reuse across the federal government via the standard description and discovery of common data and the promotion of uniform data management practices. The DRM provides a standard means by which data may be described, categorized, and shared. These are reflected within each of the DRM’s three standardization areas: 1) Data Description: Provides a means to uniformly describe data, thereby supporting its discovery and sharing. 2) Data Context: Facilitates discovery of data through an approach to the categorization of data according to taxonomies. Additionally, enables the definition of authoritative data assets within a Comm COI. 3) Data Sharing: Supports the access and exchange of data where access consists of ad hoc requests (such as a query of a data asset), and exchange consists of fixed, reoccurring transactions between parties. Enabled by capabilities provided by both the Data Context and Data Description standardization areas. See Federal Enterprise Architecture (FEA) Reference Model.
Data Representation
The manner in which data is characterized in a computer system and its peripheral devices.
Dated Reference (to Standards)
Reference to standards that identifies one or more specific standards in such a way that later revisions of the standard or standards are not to be applied unless the regulation is modified. NOTE: The standard is usually identified by its number and either date or edition. The title may also be given.
Data
A value or set of values representing a specific concept or concepts. Data become ""information"" when analyzed and possibly combined with other data in order to extract meaning, and to provide context. The meaning of Data can vary depending on its context.
Data Architecture
An element of an organization's Enterprise Architecture that contains the data models, data standards, and associated policy and guidance. The Data Architecture contains data models and standards that enumerate and formally define the real-world objects and events integral to an enterprise's business and mission, the interrelationships among them and provides guidance on how to use them. This architecture also contains metadata definitions, standards and guidance, which are used capture unique descriptive information about objects and events.
Data Asset
A managed container for data; examples include a relational database, Web site, document repository, directory or data service (DRM usage). See Data Reference Model.
Database
A collection of data stored according to a schema and manipulated according to the rules set out in one Data Modelling Facility.
Data at Rest
A term used to refer to all data in computer storage while excluding data that is traversing a network or temporarily residing in computer memory to be read or updated. Data at rest can be archival or reference files that are changed rarely or never; data at rest can also be data that is subject to regular but not constant change. Examples include vital corporate files stored on the hard drive of an employee's notebook computer, files on an external backup medium, files on the servers of a storage area network (SAN), or files on the servers of an offsite backup service provider.
Data Center
A facility built and tooled specifically for the purpose of housing equipment that must maintain high-bandwidth connectivity to the internet, and experience a minimum of downtime for such reasons as power failure. Security measures are employed, and network and systems administrators are on hand to attend to any issues that might arise immediately.
Data Clearinghouse
Collection of institutions providing digital data, which can be searched through a single interface using a common metadata standard.
Data Contamination
A deliberate or accidental process or act that compromises the integrity of the original data.
Data Content Standard
A logical specification of a collection of data, which is of sufficiently general applicability to be of use in many application systems.
Data Definition
A description, which determines the rules to which one or more collections of data instances must conform.
Data Dictionary
A database used for data that refers to the use and structure of other data; that is, a database for the storage of metadata. See Data Element Dictionary.
Data Schema
Formal description of a data model.
Data Set
An organized collection of data. The most basic representation of a dataset is data elements presented in tabular form. Each column represents a particular variable. Each row corresponds to a given value of that column's variable. A dataset may also present information in a variety of non-tabular formats, such as an extended mark-up language (XML) file, a geospatial data file, or an image file, etc.
Data Standard
A standard which depicts the required content, format, and structure in which particular types of data are to be presented or exchanged as determined by an authoritative body for a specified purpose and scope. It is: (1) documented by a specification for an explicit set of requirements, and (2) may have associated Extensible Markup Language (XML) artifacts (e.g., schema, Web Ontology Language (OWL), Schematron, stylesheet). Data standards containing one or more associated XML artifacts are designated Data Encodings Standards (DES) (e.g., Joint Photographic Experts Group (JPEG), Moving Picture Experts Group (MPEG), National Imagery Transmission Format (NITF), DoD Discovery Metadata Specification (DDMS). Data standards not containing XML artifacts are designated Abstract Data Standards (e.g., IC ADD, IETF RFC 3339, ISO Technical Committee 211, ISO 8601, and ISO 3166).
De Facto Standards
Standards set and accepted by the marketplace but lacking approval by recognized standards organizations.
Deliverable
Used to describe the outputs from a project - may be a product, a service, or a process - the things which are generated as a result of the project.
Denial of Service (DOS)
The unauthorized prevention of authorized access to resources or the delaying of time-critical operations.
Denial of Service Attack
The act of preventing access to a service by congesting, through whatever means, the data connections involved, usually on the hosting organization’s network.
Department of Defense Architecture Framework (DoDAF) (Version 2.0)
The overarching, comprehensive framework and conceptual model enabling the development of architectures to facilitate the ability of Department of Defense (DoD) managers at all levels to make key decisions more effectively through organized information sharing across the Department, Joint Capability Areas (JCAs), Mission, Component, and Program boundaries. The DoDAF serves as one of the principal pillars supporting the DoD Chief Information Officer (CIO) in his responsibilities for development and maintenance of architectures required under the Clinger-Cohen Act. DoDAF is prescribed for the use and development of Architectural Descriptions in the Department. It also provides extensive guidance on the development of architectures supporting the adoption and execution of Net-centric services within the Department.
Department of Defense Information Technology Standards Registry (DISR)
Consists of citations of information technology standards specified through a consensus process as the minimum set of IT standards for the acquisition of all DoD systems that produce, use, or exchange information. The objective is to obtain interoperability and supportability among DoD systems. The DISR is sometimes referred to as ""the Registry"" or ""the Standards Registry. The DISR contains the DoD Enterprise Standards Baseline.
Dependability
That property of a computer system such that reliance can be justifiably placed on the service it delivers. The service delivered by a system is its behavior as it is perceived by its user(s); a user is another system or human that interacts with the former.
Dependency
A logical linkage between tasks. Most often a 'Finish - Start' (activity A must finish before activity B can start).
Deprecate
To mark (a component of a software standard) as obsolete to warn against its use in the future so that it may be phased out.
Deprecation
In computer software or authoring programs standards and documentation, the term deprecation is applied to software features that are superseded and should be avoided. Although deprecated features remain in the current version, their use may raise warning messages recommending alternative practices, and deprecation may indicate that the feature will be removed in the future. Features are deprecated—rather than being removed—in order to provide backward compatibility and give programmers who have used the feature time to bring their code into compliance with the new standard.
DHS
U.S. Department of Homeland Security
Dictionary Model
The general model for representing online dictionaries that pertain to well-known types of classification schemes and dictionaries.
Digital Certificate
A document issued by some authority to attest to a truth or to offer certain evidence. A digital certificate is commonly used to offer evidence in electronic form about the holder of the certificate. In PKI, it comes from a trusted third party, called a Certification Authority (CA) and it bears the digital signature of that authority.
Digital Signature
Cryptographic process used to assure data object originator authenticity, data integrity, and time stamping for prevention of replay.
Digitize
The process of converting information into the digital codes stored and processed by computers.
Directory
Table specifying the relationships between items of data. Sometimes a table (index) giving the addresses of data.
Directory Model
The general model for representing online, well-known types of directories (e.g. Yellow Pages).
Directory Service
A network-accessible service that provides access to an online directory (e.g. Yellow Pages) to find the location of a specific or nearest place, product or service.
Discovery
The process by which users and applications can find data and services, such as through catalogs, registries, and other search services.
DISR
Department of Defense Information Technology Standards Registry
DISRonline
Consists of a collection of web-based applications supporting the continuing evolution of the Department of Defense (DoD) Information Technology Standards Registry (DISR) and the automation of all its processes. It supports all aspects of the DISR from standards development to daily usage and compliance guidance using a web-based front-end. It provides general information for the DoD IT Standards Committee (ITSC), IT Standards Working Groups (TWGs), and other DISR Communities of Interest (COIs), as well as access to all versions of the archived JTA documents.
Dissemination
The provision of national intelligence to consumers in a form suitable for use.
Dissemination Control Markings
Control markings that identify the expansion or limitation on the distribution of information. These markings are in addition to and separate from the levels of classification defined by EO 13526.
Diversity
The ability of a system or components of a system to support multiple behaviors, functions, and data types.
DMZ
Commonly, it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network, while denying access from the Internet directly to the private network.
DNDO
Domestic Nuclear Detection Office within the U.S. Department of Homeland Security
DNS
Domain Name Service, System or Server
Document
Any recorded information, regardless of the nature of the medium or the method or circumstances of recording.
DoD
U.S Department of Defense
DoDAF
U.S. Department of Defense Architecture Framework
DoDAF Conceptual Data Model (CDM)
Defines concepts involving high-level data constructs from which Architectural Descriptions are created, enabling executives and managers at all levels to understand the data basis of Architectural Description.
DoJ
U.S. Department of Justice
Domain
An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture. See Security Domain.
Domain (Use Case Context)
An area of knowledge or activity characterized by a set of concepts and terminology understood by practitioners in that area.
Domain Name
Web address that is used to help people find a website on the Internet. Domain names are made up of a hierarchy known as levels, which are separated by periods (""."") within the domain name. Top-level domains include domains such as .gov, .mil, .us, .org, .com, and .edu. Examples of a federal organization's domain name are army.mil, noaa.gov and publicdebt.treas.gov.
Domain Name System, Service or Server (DNS)
A hierarchical database that is distributed across the Internet and allows names to be resolved to IP addresses and vice versa to locate services such as Web sites and email. An Internet service that translates domain names into IP addresses).
Domestic Nuclear Detection Office within the U.S. Department of Homeland Security (DNDO)
Domestic Nuclear Detection Office within the U.S. Department of Homeland Security
DoS (DOS)
1) U. S. Department of State 2) Denial of Service
DRM
Data Reference Model
EAF
Enterprise Architecture Framework
EDI
Electronic Data Interchange
Electronic Data Interchange (EDI)
The exchange of standardized information between business partners typically communicated electronically between computers.
Email Client
An application which is specifically designed to access remote mail servers (and often news servers as well), retrieve mail from them, and manipulate that mail. Mail clients must be configured to access particular email accounts.
End-to-End
An environment in which all activities associated with the flow and transformation of information encompass the source of the information (i.e., the producer) to the recipients (i.e., the consumers, or end-users).
Enterprise
An organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.
Enterprise Application
Software that automates a business process that spans many business units.
Enterprise Architecture (EA)
The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.
Enterprise Architecture Policy
A statement governing the development, implementation, and maintenance of the enterprise architecture.
Enterprise Architecture Products
The graphics, models, and/or narrative that depicts the enterprise environment and design.
Enterprise Engineering
A multidisciplinary approach to defining and developing a system design and architecture for the organization.
Enterprise Life Cycle
The integration of management, business, and engineering life cycle processes that span the enterprise to align IT with the business.
Enterprise Service
A set of one or more computer applications and middleware systems hosted on computer hardware that provides standard information systems capabilities to end users and hosted mission applications and services.
Enterprise Standards Baseline (ESB)
The formally identified minimal set of Enterprise Standards determined to align with and facilitate implementation of an organization’s Enterprise Architecture. Compliance with the organization’s Enterprise Architecture is measured, in part, by adherence of systems and Enterprise Architecture-related IT items to relevant standards in the Enterprise Standards Baseline.
EO
Executive Order
ESB
Enterprise Standards Baseline
Event
Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring.
Exclusive Reference (to Standards)
Reference to standards that states that the only way to meet the relevant requirements of a technical regulation is to comply with the standard(s) referred to.
Exposure
Extent to which an organization and/or stakeholder is subject to an event.
Extensibility
The ability for a system or components of a system to expand by assimilating new data, software or hardware components.
EXtensible Markup Language (XML)
A coding language for the Web that lets computers interpret the meaning of information in Web documents.
Extensible Stylesheet Language Transformation (XSLT)
A language used to convert an XML document into another XML document or into HTML, PDF or some other format.
FAR
Federal Acquisition Regulation
FBI
Federal Bureau of Investigation
FEA
Federal Enterprise Architecture
FEAF
Federal Enterprise Architecture Framework
Federal Acquisition Regulation (FAR)
The regulation for use by federal executive agencies for acquisition of supplies and services with appropriated funds. The FAR is supplemented by DoD, the military departments, the Defense Contract Audit Agency (DCAA), the Defense Information Systems Agency (DISA), and the Defense Logistics Agency (DLA). The DoD supplement is called the DFARS (Defense FAR Supplement).
Federal Bureau of Investigation (FBI)
Federal Bureau of Investigation
Federal Enterprise Architecture (FEA)
A business-based framework for government-wide improvement developed by the Office of Management and Budget (OMB) that is intended to facilitate efforts to transform the federal government to one that is citizen-centered, results-oriented, and market-based.
Federal Enterprise Architecture (FEA) Reference Model
The FEA consists of a set of interrelated “reference models” designed to facilitate cross-agency analysis and the identification of duplicative investments, gaps and opportunities for collaboration within and across agencies. Collectively, the reference models comprise a framework for describing important elements of the FEA in a common and consistent way. Through the use of this common framework and vocabulary, IT portfolios can be better managed and leveraged across the federal government. The five FEA reference models are: (1) Performance Reference Model (PRM). See Performance Reference Model.; (2) Business Reference Model (BRM). See Business Reference Model.; (3) Service Component Reference Model (SRM). See Service Component Reference Model.; (4) Technical Reference Model (TRM). See Technical Reference Model.; (5) Data Reference Model (DRM). See Data Reference Model.
Federal Enterprise Architecture Framework (FEAF)
An organizing mechanism for managing development, maintenance, and facilitated decision making of a Federal Enterprise Architecture. The Framework provides a structure for organizing Federal resources and for describing and managing Federal Enterprise Architecture activities.
Federal Information Processing Standard (FIPS)
A standard for adoption and use by Federal agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability.
Federal Information Security Management Act (FISMA)
A statute (Title III, P.L. 107-347) that requires agencies to assess risk to information systems and provide information security protections commensurate with the risk. FISMA also requires that agencies integrate information security into their capital planning and enterprise architecture processes, conduct annual information systems security reviews of all programs and systems, and report the results of those reviews to OMB.
Federal Information Security Management Act of 2002 (FISMA)
Federal Information Security Management Act of 2002
Federated Architecture
An approach for enterprise architecture development that is composed of a set of coherent but distinct entity architectures—the architectures of separate members of the federation. The members of the federation participate to produce an interoperable, effectively integrated enterprise architecture. The federation sets the overarching rules of the federated architecture, defining the policies, practices and legislation to be followed, as well as the interfederate procedures and processes, data interchanges, and interface standards, to be observed by all members. Each federation member conforms to the enterprise view and overarching rules of the federation in developing its architecture. Internal to themselves, each focuses on their separate mission and the architecture that supports that mission.
Federal Law Enforcement Training Center (FLETC)
Federal Law Enforcement Training Centers serve as an interagency law enforcement training body for U.S. government federal law enforcement agencies
Source: www.fletc.gov
Federated Database
Separate databases that are structured, perhaps with middleware or special database access software, in such a way that they can be queried as a single database.
Federated Test Environment
A live, virtual, constructive distributed environment for testing.
Federation
Any society or organization formed from separate groups or bodies.
FICAM
Federal Identity, Credential, and Access Management
File Transfer Protocol (FTP)
The standard protocol used to transfer files to and from machines on the internet. This is distinct from, say HTTP, which is another protocol altogether. Although some browsers, such as Microsoft Internet Explorer, have built in FTP capabilities, the most common, and most functional, way to use FTP is by way of an FTP client, such as WS_FTP, CuteFTP, or even a command line.
FIPS
Federal Information Processing Standard
Firewall
A hardware/software capability that limits access between networks and/or systems in accordance with a specific security policy.
Fiscal Year (FY)
For the U.S. government, the period covering October 1 through September 30 (12 months).
EISMA
Federal Information Security Management Act of 2002
Framework
A logical structure for classifying and organizing complex information.
FY
Fiscal Year
Gateway
Interface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures.
General Reference (to Standards)
Reference to standards that designates all standards of a specified body and/or in a particular field without identifying them individually.
General Services Administration (GSA)
General Services Administration
General Services Administration Acquisition Manual (GSAM)
General Services Administration Acquisition Manual
GLOBAL
Global Justice Information Sharing Initiative
Global Justice Information Sharing Initiative (GLOBAL)
A Federal Advisory Committee (FAC) that advises the U.S. Attorney General on justice information sharing and integration initiatives, spanning the spectrum of law enforcement, judicial, correctional, and related bodies
Governance
The combination of processes and structures implemented to oversee the development and integration of Information Technology across the IC enterprise.
Government Accountability Office (GAO)
U.S. Government Accountability Office
Government Standard
A standard developed by and for the government and typically documented or described in MIL SPECs, MIL STDs, FIPS, ICDs, GTP, DoD Handbooks, etc. See Standard.
GSA
General Services Administration
GSAM
General Services Administration Acquisition Manual
Guard
Mechanism limiting the exchange of information between systems.
Guideline
Recommendation of what is expected to be done to achieve an objective.
Handle
An index entry or unique name in software that identifies a catalog entry or other resource so that it can be found and utilized by another software facility.
Harmonization
With respect to standards: activities undertaken by communities of experts to align standards. For example, to define common metadata and application schema from legacy sources, harmonization will consider: -- Architecture - multiple viewpoints that capture high-level requirements, use cases, scenarios, information flows and computational flows. -- Data modelling - definition and UML encoding of feature type, attribute type, data type, coding, dependency mapping -- Schema modelling - UML mapping and encoding to GML, mapping of profiles to one another, and delineation to service types -- Iteration and development - build a little, see if it works, build more -- Delivery to standards organizations for approval.
Harmonized Standards
Equivalent standards. Standards on the same subject approved by different standardizing bodies, that establish interchangeability of products, processes and services, or mutual understanding of test results or information provided according to these standards. NOTE: Within this definition, harmonized standards might have differences in presentation and even in substance, e.g. in explanatory notes, guidance on how to fulfill the requirements of the standard, preferences for alternatives and varieties.
Hierarchical Database
A database that stores related information in terms of pre-defined categorical relationships in a “tree-like” fashion. Information is traced from a major group, to a subgroup, and to further subgroups. Much like tracing a family tree, data can be traced through parents along paths through the hierarchy. Users must keep track of the hierarchical structure in order to make use of the data. The relational database provides an alternative means of organizing datasets.
Homepage
The page that serves as the front door of a website. Every website has a homepage. No website has more than one homepage.
Hosting
The provision of infrastructure necessary to make services available to remote users. This includes web hosting for websites, email hosting for email, database hosting for databases, and so forth. The term “hosting” does not solely refer to web hosting, although the term is commonly used this way.
HTML
HyperText Markup Language
HTTP
HyperText Transport Protocol
HyperText Markup Language (HTML)
The standard markup language used in web pages. HTML contains the text of a web page, as well as an extensive range of code which instructs the browser as to how the web page should be displayed, such as the color of the text, the background image to be used, tables, hyperlinks, and the like.
HyperText PreProcessor (PHP)
A server-side scripting language. Its instructions are interpreted by the web server, which renders the output as HTML which is then sent to the visitor’s browser for rendering. PHP allows for dynamic sites capable of communicating with databases, and extended capabilities not possible with HTML alone.
HyperText Transport Protocol (HTTP)
The standard protocol used to transfer documents, particularly HTML documents, on the world-wide-web. This is the protocol used to access and, thus view, web pages in your browser, for instance.
Back to top
IA
Information Assurance
IACP
International Association of Chiefs of Police
IC
Intelligence Community
ICD
Intelligence Community Directive
ICPG
Intelligence Community Policy Guidance
ICS
Intelligence Community Standard
ICSR
Intelligence Community Standards Registry
ICSRonline
Consists of a collection of Intelligence Community (IC) Standards Registry (ICSR) web-based applications supporting the continuing evolution of the Enterprise Standards Baseline (ESB) and the automation of its governance process. It supports all aspects of the ESB from standards development to daily usage and compliance guidance using a web-based front-end. It provides general information for the IC Enterprise Standards Committee (ESC), Standards Technical Working Groups (TWGs), and other ICSR Communities of Interest (COIs), as well as access to all versions of the archived ICSR documents.
Identical Standards
Harmonized standards that are identical in both substance and presentation. See Harmonized Standards.
Identification
1) The process, generally employing unique machine-readable names, that enables recognition of users or resources as identical to those previously described to the computer system. 2) The assignment of a name by which an entity can be referenced. The entity may be high level (such as a user) or low level (such as a process or communication channel.
Identity
The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity.
Identity and Access Management (IdAM)
An overarching term used to refer to the processes of authentication, authorization, assignment of attributes and privileges, access management, credential issuance, and the identification of a digital identity and the binding of that digital identity to an individual.
Identity Federation
A set of otherwise independent identity providers and relying parties that agree to adhere to common rules and requirements for identity management and the use and protection of identity information.
Identity-Based Access Control
Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to specific objects are assigned based on user identity.
IDS
Intrusion Detection System
IEPD
Information Exchange Package Document
IJIS
Integrated Justice Information Systems
IJIS Institute
A national nonprofit organization that brings together industry and government in an effort to improve national security and promote effective information sharing across all levels of the justice, public safety, and homeland security communities
IM
Information Management
Implementation Guidance
Provides specific information on how to implement a standard.
Implementation Guide (IG)
A document that explains the proper use of a standard for a specific business purpose.
Inadvertent Disclosure
Accidental exposure of information to a person not authorized access.
Incident
An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system; or the information the system processes, stores, or transmits; or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
Incident of Security Concern
Events that, at the time of occurrence, cannot be determined to be an actual violation of law, but which are of such significance as to warrant preliminary inquiry and subsequent reporting. Examples include drug use and distribution, alcohol abuse, the discovery or possession of contraband articles in security areas, and unauthorized attempts to access classified data.
INCITS
InterNational Committee for Information Technology Standards
Information
Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.
Information Assurance (IA)
Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Information Assurance (IA) Metadata
Structured information describing any or all information assurance aspects of a real object (i.e., resource) (e.g., a book, a mountain, etc.) or virtual object (e.g., a digital photograph, a service, etc.). See Metadata.
Information Exchange Package Document (IEPD)
A specification for a data exchange and defines a particular data exchange. It is a set of artifacts consisting of normative exchange specifications, examples, metadata, and documentation encapsulated by a catalog that describes each artifact.
Information Leakage
An application or protocol weakness where controlled data is inappropriately revealed to an unauthorized user or service.
Information Management (IM)
The discipline that analyzes information as an organizational resource. It covers the definitions, uses, value and distribution of all data and information within an organization whether processed by computer or not. It evaluates the kinds of data/information an organization requires in order to function and progress effectively.
Information Needs
A condition or situation requiring knowledge or intelligence derived from received, stored, or processed facts and data.
Information Security (INFOSEC)
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Information Security Marking (ISM)
A standard that provides classification and dissemination control metadata requirements for a virtual object (e.g., an electronic document).
Information Security Oversight Office (ISOO)
Office responsible to the President for policy and oversight of the Government-wide security classification system and the National Industrial Security Program.
Information Security Policy
Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.
Information Security Program Plan
Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.
Information Security Risk
Potential that a threat will exploit a vulnerability of an asset or group of assets and thereby cause harm to the organization.
Information Sharing Environment (ISE)
A trusted environment in which capabilities may be developed and exploited to discover, fuse, share and collaborate on information from any mission into integrated and synthesized information.
Information Support Plan (ISP)
The identification and documentation of information needs, infrastructure support, IT and NSS interface requirements and dependencies focusing on net-centric, interoperability, supportability and sufficiency concerns (DODI 4630.8).
Information System (IS)
A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Information Systems Security
Protection of information systems against (INFOSEC) unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
Information Technology (IT)
Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.
Information Technology Infrastructure
Data, information, processes, organizational interactions, skills, and analytical expertise, as well as systems, networks, and information exchange capabilities.
INFOSEC
Information Security
Infrastructure
A set of interconnected structural elements that provide the framework supporting an entire structure.
Instruction
Provision that conveys an action to be performed. See Provision.
Integrated Justice Information Systems (IJIS)
Integrated Justice Information Systems
Integrity
The property whereby an entity has not been modified in an unauthorized manner.
Intellectual Property (IP)
Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Under intellectual property law, the holder of one of these abstract “properties” has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered.
Intelligence Community (IC)
A federation of executive branch agencies and organizations that work separately and together to conduct intelligence activities necessary for the conduct of foreign relations and the protection of the national security of the United States.
Intelligence Community Classification and Control Markings Implementation Manual
A companion document to the Authorized Classification and Control Marking Register (CAPCO Register) that provides guidance on the syntax and use of classification and control markings.
Intelligence Community Directive (ICD)
May be based on statute, regulation, Executive Order, or other policy directives and establish policy and provide definitive direction to the IC. ICDs may: (a) define activities, systems or missions; (b) delegate authorities; (c) establish roles and responsibilities; (d) assign decision rights; (e) establish governance structures; (f) include evaluation criteria; or (g) replace or modify previous policy, or provide other such guidance as the DNI deems appropriate.
Intelligence Community Policy Guidance (ICPG)
Provide further guidance required for the implementation of ICDs. ICPGs are subsidiary to ICDs and may establish subordinate responsibilities, and define procedures, processes, or methodologies that enable ICDs to be implemented effectively.
Intelligence Community Standard (ICS)
Subordinate to ICDs and ICPGs, and are fully consistent with applicable ICDs and ICPGs. ICSs are policy instruments of the IC Policy System and provide specific procedures, sets of rules, conditions, guidelines, characteristics, or specifications for intelligence or intelligence-related products, processes, or activities in support of effective and uniform implementation of laws, Executive Orders, and IC policies.
Intelligence Community Standards Registry (ICSR)
Consists of citations of standards specified through a consensus process as the minimum set of standards for the acquisition of all IC systems. The objective is to obtain integrity, interoperability and supportability among IC systems. The ICSR is sometimes referred to as ""the Registry"" or ""the Standards Registry.” The ICSR contains the IC Enterprise Standards Baseline.
Inter-Agency Policy Committee (IPC)
Inter-Agency Policy Committee
Interagency Threat Assessment and Coordination Group (ITACG)
Interagency Threat Assessment and Coordination Group.
Interchangeability
Ability of one product, process or service to be used in place of another to fulfill the same requirements. NOTE: The functional aspect of interchangeability is called “functional interchangeability”, and the dimensional aspect “dimensional interchangeability”.
Interconnection
The linking together of interoperable systems.
Interdiction
Impeding or denying someone the use of system resources.
Interface
1) The functional and physical characteristics required to exist at a common boundary or connection between persons, between systems, or between persons and systems.
Interface Standard
A standard, which defines the services available at an interface to a process.
International Association of Chiefs of Police (IACP)
International Association of Chiefs of Police
InterNational Committee for Information Technology Standards (INCITS)
The primary U.S. focus of standardization in the field of Information and Communications Technologies (ICT), encompassing storage, processing, transfer, display, management, organization, and retrieval of information. INCITS is the forum of choice for information technology developers, producers and users for the creation and maintenance of formal de jure IT standards. INCITS is accredited by, and operates under rules approved by, the American National Standards Institute (ANSI).
international standard (all lower case)
Standard that is adopted by an international standardizing/standards organization and made available to the public.
International Standard (IS) (Capitalized)
International standard where the international standards organization is ISO or IEC.
International Standardized Profile (ISP)
An internationally agreed-to, harmonized document, which describes one or more profiles.
Information Sharing Council: ISC
Established to advice the President and the Program Manager (PM-ISE) about developing ISE policies, procedures, guidelines, and standards, and to ensure proper coordination among federal departments and agencies participating in the ISE.
Internet Service Provider (ISP)
An entity which provides points of access to the internet. This may be a university, corporation, or any other entity. The means of connecting to an ISP include dial-up through a modem, broadband access via cable or DSL, or corporate networks with internet connectivity.
Interoperability
The ability of systems, units or forces to provide data, information, materiel and services to and accept the same from other systems, units or forces and to use the data, information, materiel and services so exchanged to enable them to operate effectively together. IT and NSS interoperability includes both the technical exchange of information and the operational effectiveness of that exchanged information as required for mission accomplishment. Interoperability is more than just information exchange. It includes systems, processes, procedures, organizations, and missions over the lifecycle and must be balanced with IA.
Intrusion
Unauthorized act of bypassing the security mechanisms of a system.
Intrusion Detection
The process of monitoring the events occurring in a computer system or network, detecting signs of security problems.
Intrusion Detection System (IDS)
A technical security system designed to detect an attempted or actual unauthorized entry into a secure facility or information system and alert responders.
IP
1) Intellectual Property 2) Internet Provider
IP Address
A numeric address which identifies a particular resource on an IP network such as the internet. The format of an IP address is xxx.xxx.xxx.xxx, with each xxx representing a number between 1 and 254, the decimal representations of the underlying 8-bit “octets.” For a resource to be accessible on the internet, it must have an IP address assigned to it, and no 2 devices can have the same publicly accessible IP address.
IPC
Inter-Agency Policy Committee
IRTPA
Intelligence Reform and Terrorism Prevention Act
IS
International Standard
ISA IPC
Information Sharing and Access Inter-Agency Policy Committee
ISE
Information Sharing Environment
ISM
Information Security Marking
ISOO
Information Security Oversight Office
ISP
1) Internet Service Provider 2) International Standardized Profile
IT
Information Technology
IT Infrastructure
The hardware, software, and telecommunications equipment that when combined provides the underlying foundation to support the organization’s goal.
IT-Related Risk
The net mission/business impact considering (1) the probability that a particular threat source will exploit, or trigger, a particular information system vulnerability and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to: 1) Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information. 2) Non-malicious errors and omissions. 3) IT disruptions due to natural or man-made disasters. 4) Failure to exercise due care and diligence in the implementation and operation of the IT.
ITACG
Interagency Threat Assessment and Coordination Group
JPDO
Joint Planning and Development Office
JPG/JPEG
Joint Photographic Experts Group (JPEG) image format for continuous-tone pictures.
Key Data Sets
Data sources essential for a specific application.
Key Interface
Interfaces in functional and physical characteristics that exist at a common boundary with co-functioning items, systems, equipment, software and data.
Key Length
The number of binary digits, or bits, in an encryption algorithm key. Key length is sometimes used to measure the relative strength of the encryption algorithm.
Keyhole Markup Language (KML)
An XML-based language schema for expressing geographic annotation and visualization on existing or future Web-based, two-dimensional maps and three-dimensional Earth browsers.
KISSI
Key Information Sharing and Safeguarding Indicator
Knowledge
Information from multiple sources integrated with common, environmental, real-world experience.
Back to top
LAN
Local Access Network
Language Independent
Describes a standard or specification which is not specified in terms of a specific programming language, but is implementable in a variety of languages.
Latency
In local networking, the time (measured in bits at the transmission rate) for a signal to propagate around or throughput the network. For general purposes, average latency time is used. Delay between the time a device requests access to a network and the time it is granted permission to transmit.
LCM
Life Cycle Management
LE
Law Enforcement
Legacy System
System in existence and either deployed or under development at the start of a modernization program. All legacy systems will be affected by modernization to a greater or lesser extent. Some systems will become transition systems before they are retired. Other systems will simply be retired as their functions are assumed by modernization systems. Still others will be abandoned when they become obsolete.
Lessons Learned
Capitalizing on past errors in judgment, materiel failures, wrong timing, or other mistakes to ultimately improve a situation or system.
Level of Protection
Extent to which protective measures, techniques, and procedures must be applied to Information Systems (IS) and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs. Levels of protection are: (1) Basic: IS and networks requiring implementation of standard minimum-security countermeasures. (2) Medium: IS and networks requiring layering of additional safeguards above the standard minimum-security countermeasures. (3) High: IS and networks requiring the most stringent protection and rigorous security countermeasures.
Source: CNSSI 4009
Life Cycle Management (LCM)
A management process applied throughout the life of a system that bases all programmatic decisions on the anticipated mission-related and economic benefits derived over the life of the system.
Lifecycle
A model or template for the different stages that comprise a project. Useful as a roadmap to plan the project and for ensuring that all necessary tasks for one stage have been completed before moving on to the next stage.
Limited Rights
Rights to use, duplicate, or disclose technical data (TD) in whole or in part, by or for the government, with the express written permission of the party furnishing the data to be released or disclosed outside the government.
Linkage
The purposeful combination of data or information from one information system with that from another system in the hope of deriving additional information.
Local Access
Access to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network.
Local Area Network (LAN)
A system for connecting computers so they can communicate with one another.
Loosely-Coupled Service
A service that can be used to operate on multiple, unspecified datasets. Calling application has no structural dependency on the interface of called application. Call is not made in same technology as the interface of the called application.
Maintainability
The ability of an item to be retained in, or restored to, a specified condition when maintenance is performed by personnel having specified skill levels, using prescribed procedures and resources, at each prescribed level of maintenance and repair.
Malicious Code
Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code. Also known as Malware.
Mandatory Standard
Standard the application of which is made compulsory by virtue of a general law or exclusive reference in a regulation.
Map
A two-dimensional visual portrayal of geospatial data. A map is not the data itself.
Material
Elements, constituents, or substances of which something is composed or can be made. It includes, but is not limited to, raw and processed material, parts, components, assemblies, fuels, and other items that may be worked into a more finished form in performance of a contract.
Materiel
Equipment, apparatus, and supplies used by an organization or institution.
MDA
Maritime Domain Awareness
Measurement
An observation event whose value property is a value of some natural phenomenon. A measurement usually refers to the measuring device and procedure used to determine the value, such as a sensor or observer, analytical procedure, simulation or other numerical process. A measurement feature binds the result to the (spatiotemporal) location where the measurement was made.
Mediation
Action by an arbiter that decides whether or not a subject or process is permitted to perform a given operation on a specified object.
Memorandum of Agreement (MOA)
A written agreement among relevant parties that specifies roles, responsibilities, terms, and conditions for each party to reach a common goal.
Memorandum of Understanding (MOU)
A document describing a bilateral or multilateral agreement between parties. It expresses a convergence of will between the parties, indicating an intended common line of action.
Metadata
Information that describes a number of characteristics, or attributes, of data; that is, data that describes data. For any particular datum, the metadata may describe how the datum is represented, ranges of acceptable values, it should be labeled, as well as its relationship to other data. Metadata also may provide other relevant information, such as the responsible steward, associated laws and regulations, and access management policy. The metadata for structured data objects describes the structure, data elements, interrelationships, and other characteristics of information, including its creation, disposition, access and handling controls, formats, content, and context, as well as related audit trails.
Sources: Data.gov
Metadata Dataset
Metadata describing a specific dataset.
Metadata Entity
Group of metadata elements and other metadata entities describing the same aspect of data. Note 1: A metadata entity may contain one or more metadata entities. Note 2: A metadata entity is equivalent to a class in UML terminology.
Metadata Schema
Conceptual schema describing metadata.
Metadata Section
Subset of metadata that defines a collection of related metadata entities and elements.
Methodology
A documented approach for performing activities in a coherent, consistent, accountable, and repeatable manner.
Middleware
Software in a distributed computing environment that mediates between clients and servers.
Milestone
The point at which a recommendation is made and approval sought regarding starting or continuing an acquisition program, i.e., proceeding to the next phase. Milestones established by DoDI 5000.02 are: Milestone A that approves entry into the Technology Development (TD) phase; Milestone B that approves entry into the Engineering and Manufacturing Development (EMD) phase; and Milestone C that approves entry into the Production and Deployment (P&D) phase.
Mission
The objective or task, together with the purpose, which clearly indicates the action to be taken.
MLS
Multi-Level Security
MOA
Memorandum of Agreement
Model
Representations of information, activities, relationships, and constraints.
Modeling
Graphic representation of the activities, tasks, subprocesses within a process and their relationships to one another.
MOU
Memorandum of Understanding
Multi-Level Security (MLS)
Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization. See Cross-Domain Solution.
Multifactor Authentication
Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator.
National Association for Justice Information Systems (NAJIS)
The National Association for Justice Information Systems (NAJIS) is an organization of individuals who are responsible for the acquisition, operation and management of local, state and federal criminal justice information systems.
Source: www.najis.org
Namespace
An abstract container or environment created to hold a logical grouping of unique identifiers or symbols (i.e., names). An identifier defined in a namespace is associated with that namespace. The same identifier can be independently defined in multiple namespaces. That is, the meaning associated with an identifier defined in one namespace may or may not have the same meaning as the same identifier defined in another namespace. Languages that support namespaces specify the rules that determine to which namespace an identifier (i.e., not its definition) belongs.
National Information Exchange Model (NIEM)
A set of tools, common terminology, governance, methodologies, and support that enables the creation of standards.
National Intelligence
National Intelligence refers to all intelligence, regardless of the source from which derived and including information gathered within or outside the U.S., that: (A) pertains, as determined consistent with any guidance issued by the President, to more than one United States Government agency; and (B) that involves (i) threats to the United States, its people, property, or interests; (ii) the development, proliferation, or use of weapons of mass destruction; or (iii) any other matter bearing on United States national or homeland security.
National Security
The national defense or foreign relations of the United States.
National Security System
Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency, the function, operation, or use of which - (A) involves intelligence activities; (B) involves cryptologic activities related to national security; (C) involves command and control of military forces; (D) involves equipment that is an integral part of a weapon or weapons system; or (E) is critical to the direct fulfillment of military or intelligence missions provided that this definition does not apply to a system that is used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications).
National Spatial Data Infrastructure (NSDI)
Information Infrastructure elements that make digital geographic information a part of everyone's digital information environment: data content and metadata standards; national Framework (base) data; metadata to help inventory, advertise, and intelligently search geographic data sets; a clearinghouse that allows for catalog searches across multiple geodata servers on the Internet; commercial geoprocessing products that interoperate through interfaces that conform to interoperability interface specifications; and partnerships to advance data sharing and NSDI development.
National Standard
Standard that is adopted by a national standards body and made available to the public.
National Standards Body
Standards body recognized at the national level that is eligible to be the national member of the corresponding international and regional standards organizations.
NATO
North Atlantic Treaty Organization
NATO Standardization Agreement (STANAG)
A NATO Agreement for procedures and systems and equipment components, developed and promulgated by the NATO Standardization Agency in conjunction with the Conference of National Armaments Directors and other authorities concerned.
NCTC
National Counter-Terrorism Center
Net-Centric
Information-based operations that use service-oriented information processing, networks, and data from the following perspectives: user functionality (capability to adaptively perform assigned operational roles with increasing use of system-provided intelligence/cognitive processes), interoperability (shared information and loosely coupled services), and enterprise management (net operations).
Network
Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.
Network Access
Access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).
NIEM
National Information Exchange Model
NISS Helpdesk
National Information Sharing Standards Helpdesk
NIST
National Institute of Standards and Technology
NMIO
National Maritime Intelligence-Integration Office
Non-Government Standard
A standard … that is in the form of a standardization document developed by a private sector association, organization or technical society, which plans, develops, establishes or coordinates standards, specifications, handbooks, or related documents.
Non-repudiation
A security service by which evidence is maintained so that the sender and recipient of data cannot deny having participated in the communication.
Normative Document
Document that provides rules, guidelines or characteristics for activities or their results. The term “normative document” is a generic term that covers such documents as standards, technical specifications, codes of practice and regulations.
Normative Elements
Elements (of a standard) that describe the scope of the document, and which set out provisions.
NSDI
National Spatial Data Infrastructure
NSI
Nationwide Suspicious Activity Report (SAR) Initiative
NSIS
National Strategy for Information Sharing 2007
NSS
National Security Staff
OASIS
Organization for the Advancement of Structured Information Standards
Object
Data and processing functions packaged into a small, discrete, interoperable module.
Object Management Group (OMG)
A worldwide not-for-profit computer industry consortium that develops enterprise integration standards to provide real-world value
Object Technology
Software scheme in which data and processing functions are packaged into small, discrete, interoperable modules, offering advantages such as portability and easy maintainability.
ODNI
Office of the Director of National Intelligence
OFPP
Office of Federal Procurement Policy within the OMB
OJP
Office of Justice Programs within the U.S. Department of Justice
OMB
U.S. Office of Management and Budget
OMG
Object Management Group
Ontology
A systematically ordered representation of knowledge about a domain, in terms of its objects, concepts and other entities, as well as the variety of relationships among them.
Open Specification
A specification that promotes interoperability through its public availability to developers, who use it to develop software or hardware compatible with the common resource described in the specification. Open specifications are generally consistent with related standards and are updated to conform with new standards and new technologies. They may be developed and maintained by a public open consensus process.
Open Standard
A standard developed or adopted by voluntary consensus standards bodies, both domestic and international. These standards include provisions requiring that owners of relevant intellectual property have agreed to make that intellectual property available on a non-discriminatory, royalty-free or reasonable royalty basis to all interested parties.
Open System
A system that implements specifications maintained by an open, public consensus process for interfaces, services, and support formats, to enable properly engineered components to be utilized across a wide range of systems with minimal change, to interoperate with other components on local and remote systems, and to interact with users in a manner that facilitates portability.
Open System Environment
A computer environment specified by a set of standards and profiles for interfaces, services, and formats for an open system.
Operation
A single step performed by a computer in the execution of a program, or, in the context of object-oriented programming: Specification of an interaction that can be requested from an object to effect behavior.
Operations Security (OPSEC)
Systematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures.
OPSEC
Operations Security
Optional Element
Element (of a standard), the presence of which in a document, is dependent on the provisions of the particular document.
Optional Requirement
Requirement of a normative document that must be fulfilled in order to comply with a particular option permitted by that document. NOTE: An optional requirement may be either a) one of two or more alternative requirements; or b) an additional requirement that must be fulfilled only if applicable and that may otherwise be disregarded.
Organization for the Advancement of Structured Information Standards (OASIS)
A not-for-profit consortium that drives the development, convergence and adoption of open standards for the global information society.
OSAC
Overseas Security Advisory Council
P/CR/CL
Privacy/Civil Rights/Civil Liberties
Page
A text file at a single URL, written or generated in a markup language like HTML, and viewed through a browser.
PAS
Publicly Available Specification
Password
A word or string of characters that authenticates a user, a specific resource, or an access type.
Peering
A voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the customers of each network.
Penetration
A successful unauthorized access to a computer system.
Penetration Testing
A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
Performance Reference Model (PRM)
One of the five FEA reference models. The PRM is a framework for performance measurement providing common output measurements throughout the federal government. It allows agencies to better manage the business of government at a strategic level, by providing a means for using an agency’s EA to measure the success of IT investments and their impact on strategic outcomes. The PRM accomplishes these goals by establishing a common language by which agency EAs can describe the outputs and measures used to achieve program and business objectives. The model articulates the linkage between internal business components and the achievement of business and customer-centric outputs. Most importantly, it facilitates resource-allocation decisions based on comparative determinations of which programs and organizations are more efficient and effective. See Federal Enterprise Architecture (FEA) Reference Model.
Period of Validity
Period of time for which a normative document is current, that lasts from the date on which it becomes effective (“effective date”), resulting from a decision of the body responsible for it, until it is withdrawn or replaced.
PKI
Public Key Infrastructure
Platform Independent
Depends on context, but in general, when discussing software, platform independence means the software can be run on any computer or operating system or distributed computing platform.
PM-ISE
Program Manager, Information Sharing Environment
POC
Point of Contact
Point of Contact (POC)
Person serving as coordinator, action officer, or focal point for an activity.
Policy
Overall intention and direction as formally expressed by management.
Portal
A web site that provides a view into a universe of content and activity through a variety of links to other sites, communication and collaboration tools, and special features geared toward the community served by the portal.
Sources: OGC Glossary of Terms
Portrayal
The presentation of information to humans, e.g., a map. In the context of the Web, portrayal refers to how data is presented for the user. Map portrayal, for example, is concerned with shape and color of symbols representing features, rules for displaying text labels, rules for showing/not showing symbols based on zoom extent, etc.
Precision
Refers to the level of measurement and exactness of description in a geographic information system (GIS) database. Precise locational data may measure position to a fraction of a unit. Precise attribute information may specify the characteristics of features in great detail. It is important to realize, however, that precise data - no matter how carefully measured - may be inaccurate. Surveyors may make mistakes or data may be entered into the database incorrectly. Therefore, a distinction is made between precision and accuracy.
Sources: OGC Glossary of Terms
Priority
(Proposed) Represents a near-, mid-, or long-term priority designation of IC Core services perceived enterprise need.
Privacy Policy
An organization’s requirements for complying with privacy regulations and directives.
Privilege
A right granted to an individual, a program, or a process.
Privileged Account
An information system account with authorizations of a privileged user.
PRM
Performance Reference Model
Procedure
Specified way to carry out an activity or a process.
Process
An active component of an information system.
Processing Linkage
A representation of a possible interaction between processors.
Profile
A profile characterizes a base set of standards, with options necessary to accomplish (a) the desired purpose of interoperability and (b) a common methodology for referencing standards across multiple component solutions that is meaningful to both producers and consumers of the component solutions.
Project
A coordinated set of tasks which delivers a defined beneficial gain to the organization.
Project Plan
Defines the what, when, and who questions of system development including all activities to be performed, the individuals or resources who will perform the activities, and the time required to complete each activity.
Property
A facet or attribute or an object referenced by a name.
Protect
To keep information systems away from intentional, unintentional, and natural threats: 1) preclude an adversary from gaining access to information for the purpose of destroying, corrupting, or manipulating such information; or (2) deny use of information systems to access, manipulate, and transmit mission-essential information.
Protocol
A set of semantic and syntactic rules that determine the behavior of entities that interact.
Provision
Expression in the content of a normative document, that takes the form of a statement, an instruction, a recommendation or a requirement NOTE: These types of provision are distinguished by the form of wording they employ; e.g. instructions are expressed in the imperative mood, recommendations by the use of the auxiliary “should” and requirements by the use of the auxiliary “shall”.
Provisioning
The process of managing attributes and accounts within the scope of a defined business process or interaction. Provisioning an account or service may involve the creation, modification, deletion, suspension, or restoration of a defined set of accounts or attributes.
Proxy Server
A server that acts as an intermediary between a remote user and the servers that run the desired applications. Typical proxies accept a connection from a user, make a decision as to whether or not client IP address is permitted to use the proxy, perhaps perform additional authentication, and complete a connection to a remote destination on behalf of the user.
Public Key
In an asymmetric cryptography scheme, the key that may be widely published to enable the operation of the scheme. Typically, a public key can be used to encrypt, but not decrypt or to validate a signature, but not to sign.
Public Key Infrastructure (PKI)
Framework established to issue, maintain, and revoke public key certificates accommodating a variety of security technologies, including the use of software.
Publicly Available Specification (PAS)
Document published by ISO or IEC to respond to an urgent market need, representing either (a) a consensus in an organization external to ISO or IEC, or (b) a consensus of the experts within a working group. NOTE 1: A Publicly Available Specification is not allowed to conflict with an existing International Standard. NOTE 2: Competing Publicly Available Specifications on the same subject are permitted.
Publish, Find, Bind
In the context of Web Services, publish means to advertise data and services to a broker (such as registry, catalog or clearinghouse). A service provider contacts the service broker to publish (or unpublish) a service. A service provider typically publishes to the broker metadata describing its capabilities and network address. Find is used by service requestors to locate specific service types or instances. Service requestors describe the kinds of services they're looking for to the broker and the broker responds by delivering results that match the request. Service requestors typically use metadata published to the broker to find service providers of interest. Bind results after a service requestor and a service provider successfully negotiate so the requestor can access and invoke services of the provider. A service requestor typically uses service metadata provided by the broker to bind to a service provider. The service requestor can either use a proxy generator to generate the code that can bind to the service, or can use the service description to manually implement the binding before accessing that service.
Back to top
QoS
Quality of Service
Quality of Service (QoS)
The service level defined by a service agreement between a network user and a network provider, which guarantees a certain level of bandwidth and data flow rates.
Quorum
The codified minimum number of members required for a group to officially conduct business and to cast binding votes, often but not necessarily a majority or supermajority.
Back to top
RA
Registration Authority
Raster
The representation of spatial data as a matrix of valued cells. A raster display builds an image from pixels, small square picture elements of coarse or fine resolution.
Raster Image
An image that is composed of small points of color data called pixels. Raster images allow the representation complex shapes and colors in a relatively small file format. Photographs are represented using raster images.
Real-Time
Refers generally to systems that respond (almost) immediately or synchronously to external events.
Reciprocity
Mutual agreement among participating enterprises to accept each other’s security assessments in order to reuse information system resources and/or to accept each other’s assessed security posture in order to share information.
Records
The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items).
Reference Configuration
A combination of functional groups and reference points that shows possible network arrangements.
Reference Implementation
An operational, conformant implementation of an implementation specification, together with available source code, that is made available for public use for testing and development purposes.
Reference Model
Provides the complete scientific and engineering contextual framework for a technology area. Includes the underlying elements, rules and behaviors.
Reference to Standards (in Regulations)
Reference to one or more standards in place of detailed provisions within a regulation.
Registration
Third party attestation related to systems that convey assurance that specified requirements have been demonstrated. Such systems include those established for the management of product, process or service quality and environmental performance.
Registration Authority (RA)
A trusted entity that establishes and vouches for the identity of a subscriber to a Credentials Service Provider (CSP). The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).
Registry
A central location in an organization where metadata about real world objects or information resources is stored and maintained using a disciplined process.
Registry Object
Every registered resource is a registry object. Dataset metadata and service metadata are examples of registry objects. All metadata and data types are regarded as registry objects.
Registry Services
OWS Services that provide a common mechanism to classify, register, describe, search, maintain and access information about resources available on a network. Resources are network addressable instances of typed data or services.
Regulation
Document providing binding legislative rules that is adopted by an authority.
Reliability
The ability of a system and its parts to perform its mission without failure, degradation, or demand on the support system under a prescribed set of conditions.
Remote Access
Access to an organizational information system by a user (or a process acting on behalf of a user) communicating through an external network (e.g., the Internet).
Remote Procedure Call (RPC)
An API for remote (across the network) execution of detailed functions.
Repository
A central location in an organization where real world objects or information resources are stored and maintained using a disciplined process.
Reprint
New impression of a normative document without changes.
Request
Invocation of an operation by a client.
Request for Proposal (RFP)
A solicitation used in negotiated acquisition to communicate government requirements to prospective contractor and to solicit proposals.
Request for Quotation (RFQ)
A solicitation used in negotiated acquisition to communicate government requirements to prospective contractors and to solicit a quotation. A response to an RFQ is not an offer; however, it is informational in character.
Request for Technical Proposal (RTP)
Solicitation document used in two-step sealed bid. Normally in letter form, it asks only for technical information–price and cost breakdowns are forbidden.
Required Element
Element (of a standard), the presence of which in a document, is obligatory.
Requirement
Expression in the content of a document conveying criteria to be fulfilled if compliance with the document is to be claimed and from which no deviation is permitted.
Resource
In a computer system, any function, device, or data collection that can be allocated to users or programs.
Response
Result of an operation returned from a server to a client.
RFP
Request For Proposal
RFQ
Request For Quote
Risk
A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of (1) the adverse impacts that would arise if the circumstance or event occurs; and (2) the likelihood of occurrence.
Risk Acceptance
Informed decision to take a particular risk.
Risk Analysis/Risk Assessment
The process of examining all risks, then ranking those risks by level of severity. Risk analysis involves determining what you need to protect, what you need to protect it from, and how to protect it.
Risk Avoidance
A risk-handling option that eliminates risk by eliminating or modifying the concept, requirements, specifications, or practices that create the unacceptable risk.
Risk Control
A risk-handling option that monitors a known risk and then takes specific actions to minimize the likelihood of the risk occurring and/or reduce the severity of the consequences.
Risk Criteria
Terms of reference against which the significance of risk is evaluated.
Risk Management
Coordinated activities to direct and control an organization with regard to risk.
Risk Mitigation
The practice of putting controls into place to mitigate the risk once an incident occurs.
RISS
Regional Information Sharing Systems
Role-Based Access Control
Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.
Route Service
A network-accessible service that determines travel routes and navigation information between two or more points.
RPC
Remote Procedure Call
RTP
Request For Technical Proposal
Rule-Based Security Policy
A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access.
Back to top
Safety
Freedom from unacceptable risk of harm. NOTE: In standardization, the safety of products, processes and services is generally considered with a view to achieving the optimum balance of a number of factors, including non-technical factors such as human behaviour that will eliminate avoidable risks of harm to persons and goods to an acceptable degree.
SAR
Suspicious Activity Report
SBU
Sensitive But Unclassified; refer to CUI
Scalability
The ability to change the component configuration of a system to fit desired application contexts.
SCO
Standards Coordination Office of the National Institute of Standards and Technology
SDLC
Systems Development Life Cycle
SDO
Standards Development Organization
Seamless
Implies that the user is unaware of the path, speed, capacity or method of transmission for the various datasets used to perform specified tasking or mission elements.
Secured Sockets Layer (SSL)
A protocol that provides for encryption and authentication of traffic between a web server and a client’s machine. This requires the use of an SSL certificate, which is issued by a SSL authority, such as Verisign or Thawte. This is a necessary tool whenever sensitive information is to be transmitted across the internet.
Security
A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.
Security Controls
The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.
Security Domain
A domain that implements a security policy and is administered by a single authority.
Security Functions
The hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.
Security Incident
An act that constitutes a threat to a security program or is a deviation from existing governing security regulations. Security incidents may be portrayed as security infractions or security violations.
Security Plan
Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements.
Security Requirements
Requirements levied on an information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.
Seepage
The accidental flow, to unauthorized individuals, of data or information that is presumed to be protected by computer security safeguards.
Sensitive But Unclassified Information (SBU)
Protected unclassified information, the disclosure, loss, misuse, alteration, or destruction of which could adversely affect national security or governmental interests. Refer to Controlled Unclassified Information.
Sensitive Information
Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
Sensor Domain Model
The definition of a specific sensor type in accordance with the general sensor model.
Sensor Web
A networked collection of sensors that can be remotely read and perhaps also controlled.
Server
A computer or piece of software which provides some sort of service to other computers, referred to as clients. For example, a DHCP server is a server which provides dynamic IP addresses to client machines on request. The term “server” can be used to describe a wide range of functions, but the core idea is that the server provides a central go-to point for a service, or services, that other machines depend on, even other servers.
Service
1) The performance of a function by one entity for another – a technology-independent representation of a set of behaviors implemented (realized) by one or more software solutions. In this sense, a service is a process or action that results in a real-world change for the consumer. Standard specifications can be used to define the behavior of a technical service. It is important to note that a service, without an explicit qualifier (e.g., Business, SOA, Web, etc.), is an act, not an object. (IC Service Lifecycle Management, JARM, SCA); 2) A capability provided by a processor to other processors, or by a process to other processes.
Service Capability
The functionality invoked or leveraged to perform a service. It is important to note that a Service Capability, without an explicit qualifier (e.g., Business, SOA, Web, etc.), does not imply a technical implementation. As an example, a service capability may simply refer to a person performing a service.
Service Chain
A sequence of services where, for each adjacent pair of services, occurrence of the first action is necessary for the occurrence of the second action.
Service Component
A self-contained business process or service with predetermined functionality that may be exposed through a business or technology interface.
Service Component Reference Model (SRM)
One of the five FEA reference models. The SRM is a business-driven, functional framework classifying Service Components according to how they support business and performance objectives. It serves to identify and classify horizontal and vertical Service Components supporting federal agencies and their IT investments and assets. The model aids in recommending service capabilities to support the reuse of business components and services across the federal government. IT investments can be service providers or consumers.See Federal Enterprise Architecture (FEA) Reference Model.
Service Interface
Shared boundary between an automated system or human being and another automated system or human being.
Service Oriented Architecture (SOA)
An evolution of distributed computing and modular programming. SOAs build applications out of software services. Services are relatively large, intrinsically unassociated units of functionality, which have no calls to each other embedded in them. Instead of services embedding calls to each other in their source code, protocols are defined which describe how one or more services can talk to each other. This architecture then relies on a business process expert to link and sequence services, in a process known as orchestration, to meet a new or existing business system requirement.
Service Request
A request by a client of an operation from a service.
Shared Space
A mechanism that provides storage of and access to data for users within a bounded network space. Enterprise-shared space refers to a store of data that is accessible by all users within or across security domains in the [enterprise]. A shared space provides virtual or physical access to any number of data assets (e.g., catalogs, web sites, registries, document storage, and databases).
Simple Mail Transfer Protocol (SMTP)
The protocol used to distribute electronic mail on the Internet. SMTP provides a standard for how the sending and receiving computers should interact.
Single Sign-On
A system that enables a user to access multiple computer platforms (usually a set of hosts on the same network) or application systems after being authenticated just one time. Typically, a user logs in just once, and then is transparently granted access to a variety of permitted resources with no further login being required until after the user logs out. Such a system has the advantages of being user friendly and enabling authentication to be managed consistently across an entire enterprise, and has the disadvantage of requiring all hosts and applications to trust the same authentication mechanism.
Site Map
A linked, graphic or text-based display of a website's hierarchy, similar to an organization chart. Typically, site maps break down a website's content into increasingly specific subject areas to help the visitor understand its structure, from the main navigation pages to their subordinate pages. The main difference between a site map and a subject index is that a subject index is typically an alphabetical list, not a hierarchically structured set of links.
Situational Awareness
Within a volume of time and space, the perception of an enterprise’s security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future.
SLTPS
State, Local, Tribal & Private Sector
SLTT
State, Local, Tribal, Territorial
SME
Subject Matter Expert
SOA
Service Oriented Architecture
SoS
System of Systems
Spillage
Security incident that results in the transfer of classified or CUI information onto an information system not accredited (i.e., authorized) for the appropriate security level.
Spyware
Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code.
SRM
Service Component Reference Model
SSL
Secure Socket Layer
Stakeholder
Person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity.
STANAG
See NATO Standardization Agreement.
Standard
The term “standard,” or “technical standard,” as cited in Public Law 104-113, includes all of the following: (1) Common and repeated use of rules, conditions, guidelines, or characteristics for products or related processes and production methods; and related management systems practices; (2) the definition of terms; classification of components; delineation of procedures; specification of dimensions, materials, performance, designs, or operations; measurement of quality and quantity in describing materials, products, systems, services, or practices; test methods and sampling procedures; or descriptions of fit and measurements of size or strength.
Standard Conformance Certification
Confirmation that an IT, including NSS, has undergone IT standards conformance testing with respect to a given standard, and correctly implements the standard, with specified profiles and options, where applicable.
Standard Conformance Testing
Testing the extent to which a system or subsystem adheres to or implements a standard.
Standard, Functional
Standard that sets forth rules, conditions, guidelines, and characteristics of data and mission products supporting business processes.
Standard, Technical
Standard that documents methodologies and practices to design and implement information sharing technology capability into systems, thereby enabling Interoperability.
Standardization
Activity of establishing, with regard to actual or potential problems, provisions for common and repeated use, aimed at the achievement of the optimum degree of order in a given context. NOTE 1: In particular, the activity consists of the processes of formulating, issuing and implementing standards. NOTE 2: Important benefits of standardization are improvement of the suitability of products, processes and services for their intended purposes, prevention of barriers to trade and facilitation of technological cooperation.
Standardization Document
A generic term for a document used to standardize on an item of supply, process, procedure, method, data, practice, or engineering approach. Standardization documents include military specifications, standards, handbooks, and bulletins; federal specifications and standards; guide specifications; and Non-Government Standards.
Standards Baseline
See Enterprise Standards Baseline.
Standards Body
Standardizing body recognized at national, regional or international level that has as a principal function, by virtue of its statutes, the preparation, approval or adoption of standards that are made available to the public.
Standards Development Organization (SDO)
A domestic or international organization that plans, develops, establishes, or coordinates voluntary consensus standards using procedures that incorporate the attributes of openness, balance of interests, due process, an appeals process, and consensus in a manner consistent with the Office of Management and Budget Circular Number A-119, as revised February 10, 1998.
Standards Registry
A collection of citations (Metadata) about standards, e.g., DISR and ICSR. See Registry.
Stove Pipe or Stove-Piped
Colloquial term describing systems that are 'islands of automation,' that do not interoperate with other systems. Data in at the bottom, data out at the top, no sharing of data or services laterally.
Subject Index
A list of a website's content, typically presented in alphabetical order, similar to an index in the back of a book. The main difference between a subject index and a site map is that a site map conveys website structure or navigation.
Subject Matter Expert (SME)
A person who is an expert in a particular area and exhibits the highest level of expertise in performing a specialized job, task, or skill.
Supplementary Element
Element (of a standard) that provides additional information intended to assist the understanding or use of the document.
Supportability
The ability of systems and infrastructure components, external to IT or NSS, to achieve, aid, protect, complement, or sustain design, development, testing, training, or operations of the IT or NSS to its required capability.
Symbology
Methodology for describing symbols and mapping of the schema to an application schema. Portrayal requires symbology.
System
A collection of components organized to accomplish a specific function or set of functions.
System Integrity
Attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
System Interconnection
The direct connection of two or more information technology systems for the purpose of sharing data and other information resources.
System of Systems (SoS)
A set or arrangement that results when independent and useful systems are integrated into a larger system that delivers unique capabilities.
Systems Architecture
The fundamental and unifying system structure defined in terms of system elements, interfaces, processes, constraints, and behaviors.
Systems Development Life Cycle (SDLC)
Guidance, policies, and procedures for developing systems throughout their life cycle, including requirements, design, implementation, testing, deployment, operations, and maintenance.
Target Architecture
The set of products that portray the future or end-state enterprise, generally captured in the organization’s strategic thinking and plans. Commonly referred to as the “To-Be” architecture.
Taxonomy
The act and science of categorization. A collection of terms organized into a hierarchical structure. Each term in a taxonomy is in one or more parent/child (broader/narrower) relationships to other terms in the taxonomy.
TCP/IP
Transmission Control Protocol/Internet Protocol
Tearline
An automated or manual technique for separating an intelligence report into multiple portions separated by machine- or human-readable tearlines. A tearline section is the area in an intelligence report or finished intelligence product where the sanitized version of a more highly classified and/or controlled report is located. The sanitized information within the tearlines contains the substance of the more detailed information without identifying the sensitive sources and methods, allowing wider dissemination of the substantive intelligence and information to authorized customers.
Technical Controls
The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.
Technical Reference Model (TRM)
One of the five FEA reference models. The TRM is a component-driven, technical framework categorizing the standards and technologies to support and enable the delivery of Service Components and capabilities. See Federal Enterprise Architecture (FEA) Reference Model.
Technical Service
A technology-independent representation of a set of behaviors that are implemented (realized) by one or more software solutions. Standard specifications can be used to define the behavior of a technical service.
Technical Specification (TS)
Document published by ISO or IEC for which there is the future possibility of agreement on an International Standard, but for which at present: (1) the required support for approval as an International Standard cannot be obtained; (2) there is doubt on whether consensus has been achieved, 3) the subject matter is still under technical development, or 4) there is another reason precluding immediate publication as an International Standard.
Technology Roadmap
A plan that matches short-term and long-term goals with specific technology solutions to help meet those goals. It is a plan that applies to a new product or process, or to an emerging technology. Developing a roadmap has three major uses: It helps reach a consensus about a set of needs and the technologies required to satisfy those needs; it provides a mechanism to help forecast technology developments and it provides a framework to help plan and coordinate technology developments.
Thick Client
Client that handles much of the necessary computation and data/metadata management themselves; and rather than invoking the processing services of other components, it obtains their inputs through low-level data-access requests.
Thin Client
Client that relies on invoking the services of other components (servers, middleware) for most of the computation it needs to function in the system; it also relies on other components to manage most of the data and metadata it uses.
Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Threat Agent
A means or method used to exploit a vulnerability in a system, operation, or facility.
Threat Analysis
A project to identify the threats that exist over key information and information technology. The threat analysis usually also defines the level of the threat and likelihood of that threat to materialize.
Threat Assessment
Process of formally evaluating the degree of threat to an information system and describing the nature of the threat.
Threat Source
The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. Synonymous with Threat Agent.
Tightly-Coupled Data and Service
An instance of a service associated with a specific instance of a dataset.
Timeliness
The ability to ensure the delivery of required information within a defined time frame.
Timestamping
The practice of tagging each record with some moment in time, usually when the record was created or when the record was passed from one environment to another.
Tool
A software component, sometimes called an application object, which can act as either a service provider or service requester within an application platform. See Application.
Translation
The process of converting data or commands from one computer format to another, or from one computer language to another.
Transmission Control Protocol/Internet Protocol (TCP/IP)
A set of communications protocols that encompasses media access, packet transport, session communications, file transfer, electronic mail, terminal emulation, remote file access and network management. TCP/IP provides the basis for the Internet.
Transparency
The ability of systems or components of systems to hide the details of their implementations from other client or server systems or components of systems.
Transport
The collection of interconnected pathways within a network infrastructure that allow information to traverse from system to system or system to user. It is also the movement of information and/or knowledge among consumers, producers, and intermediate entities.
TRM
Technical Reference Model
Trust
Reliance on the ability of a system or process to meet its specifications.
Trusted
Users and applications can determine and assess the suitability of the source because the pedigree, security level, and access control level of each data asset or service is known and available.
Trusted Path
A mechanism by which a user (through an input device) can communicate directly with the security functions of the information system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the information system and cannot be imitated by untrusted software.
TS
Technical Specification
TV-1 (Technical Standards Profile)
Listing of standards that apply to Systems and Services View elements in a given architecture.
TV-2 (Technical Standards Forecast)
Description of Emerging Standards and potential impact on current Systems and Services View elements, within a set of time frames.
Back to top
U.S. Department of Defense (DoD)
U.S. Department of Defense
U.S. Department of Homeland Security (DHS)
U.S. Department of Homeland Security
U.S. Department of Justice (DoJ)
U.S. Department of Justice
U.S. Department of State (DoS)
U.S. Department of State
U.S. Person
Federal law and executive order define a U.S. Person as: a citizen of the United States; an alien lawfully admitted for permanent residence; an unincorporated association with a substantial number of members who are citizens of the U.S. or are aliens lawfully admitted for permanent residence; and/or a corporation that is incorporated in the U.S.
UCDMO
Unified Cross Domain Management Office
Ucore
Univeral Core
Unauthorized Disclosure
An event involving the exposure of information to entities not authorized access to the information.
Understandable
Users and applications can comprehend the data, both structurally and semantically, and readily determine how the data may be used for their specific needs.
Unified Cross Domain Management Office (UCDMO)
Unified Cross Domain Management Office
Unified Standards
Harmonized standards that are identical in substance but not in presentation. See Harmonized Standards.
Uniform Resource Locator (URL)
The standard addressing format used for HTTP requests. URLs resolve the protocol to be used for the request, the IP address of the host to which the request is to be made, and the location on that host where the resource is located.
Universal Core
A federal information sharing initiative that supports the National Strategy for Information Sharing (NSIS) and associated agency strategies that enables information sharing by defining an implementable specification (XML Schema) containing agreed-upon representations for the most commonly shared and universally understood concepts of who, what, when, and where in the context of national security
Source: CJCSI 6212.01E
Unlimited Rights
Rights to use, modify, reproduce, display, release, or disclose technical data (TD) in whole or in part, in any manner, and for any purpose whatsoever, and to have or authorize others to do so.
URL
Uniform Resource Locator
Usability
The measure of the quality of a visitor's experience when using a website, including the ability to accomplish basic tasks.
User
Individual, or (system) process acting on behalf of an individual, authorized to access an information system.
User-Friendly
Connotes a machine (hardware) or program (software) that is compatible with a person’s ability to operate it successfully and easily.
Back to top
Version
A configuration of all or part of an information system at a specific point in time.
Viewpoint
Form of abstraction achieved using a selected set of architectural concepts and structuring rules, in order to focus on particular concerns within a system.
Violation
1) Any knowing, willful, or negligent action that could reasonably be expected to result in an unauthorized disclosure of classified information; 2) Any knowing, willful, or negligent action to classify or continue the classification of information contrary to the requirements of this order or its implementing directives; or 3) Any knowing, willful, or negligent action to create or continue a special access program contrary to the requirements of this order.
Virtual Private Network (VPN)
A secure private network that uses the public telecommunications infrastructure to transmit data. In contrast to a much more expensive system of owned or leased lines that can only be used by one company, VPNs are used by enterprises for both extranets and wide are intranets. Using encryption and authentication, a VPN encrypts all data that passes between two Internet points, maintaining privacy and security.
Visible
The property of being discoverable. All data assets (intelligence, non-intelligence, raw, and processed) are advertised or “made visible” by providing metadata, which describes the asset.
Voluntary Consensus Standards
Standards developed or adopted by voluntary consensus Standards Bodies, both domestic and international. These standards include provisions requiring that owners of relevant intellectual property have agreed to make that intellectual property available on a non-discriminatory, royalty-free or reasonable royalty basis to all interested parties. (OMB A-119) Voluntary consensus standards may be referenced in government regulations or procurement specifications, effectively rendering them mandatory for the indicated purposes.
VPN
Virtual Private Network
Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
Vulnerability Analysis
The systematic examination of systems in order to determine the adequacy of security measures, identify security deficiencies, and provide data from which to predict the effectiveness of proposed security measures.
Vulnerability Assessment
Systematic examination of an information system (IS) or product to determine the adequacy of security measures identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
Source: ISM Handbook
W3C
World Wide Web Consortium
Waiver
1) A written authorization to accept a configuration item (CI) or other designated item, which, during production or after having been submitted for inspection, is found to depart from specified requirements, but nevertheless is considered suitable “as is” or after rework by an approved method. 2) Decision to not require certain criteria to be met for certain reasons, such as national security.
Web Hosting
The service whereby the infrastructure and connectivity necessary for a website to be available on the internet is leased to customers by a hosting organization.
Web Page
A specific portion of a web site that deals with a certain topic.
Sources: ISM Handbook
Web Portal
A site that provides a wide range of services including search engines, free e-mail, chat rooms, discussion boards, and links to hundreds of different sites.
Web Registry Service
A software component that supports the run-time discovery and evaluation of resources such as services, datasets, and application schemes.
Web Server
A server which is setup to serve documents, usually built in HTML or server side scripting languages, over HTTP connections. This may refer either to the machine itself, or to the web server software that is running on the machine for this purpose.
Web Services
Self-contained, self-describing, modular applications that can be published, located, and invoked across the web. Web services perform functions that can be anything from simple requests to complicated business processes. Once a web service is deployed, other applications (and other web services) can discover and invoke the deployed service.
Source: OGC Glossary of Terms
Web Services Description Language (WSDL)
The language for describing and encoding services. The Web Services Description Language is a draft specification from W3C to describe networked services in terms of what they can do, where they reside on the network and how to invoke them.
Web Site or Website
A structured collection of documents and associated files which contain everything necessary to instruct a web browser on how to render a site and what content it contains. These are usually written in HTML, but commonly also use CSS, scripts, Flash, and other components that expand the capabilities of the site beyond that provided by HTML alone. Web sites are hosted with web hosts on web servers, usually housed in a data center.
Weblog
Also known informally as a “blog,” this is a kind of website or component within a website whereby an individual may post journal entries which are then viewable by visitors to the site, ordered from the most recent to the eldest entries.
Webmaster
An individual who builds, publishes, maintains, and updates websites. Webmasters can be thought of as website administrators, as opposed to network and systems administrators, who handle the infrastructure behind the website. Webmasters do not necessarily handle all of the processes involved in the creation and maintenance of a website, and may act more along the lines of a manager than a developer or designer.
Widget
In computer programming, a widget (also known as a control or gadget) is an element of a graphical user interface (GUI) that displays an information arrangement changeable by the user, such as a window or a text box. The defining characteristic of a widget is to provide a single interaction point for the direct manipulation of a given kind of data. Widgets are basic visual building blocks which, combined in an application, hold all the data processed by the application and the available interactions on this data.
Workflow
Defines all of the steps or business rules, from beginning to end, required for a process to run correctly.
World Wide Web
A multimedia-based collection of information, services, and web sites supported by the Internet.
Source: ISM Handbook
WSDL
Web Services Description Language
XML
Extensible Markup Language
XSLT
Extensible Stylesheet Language Transformation
