Glossary of Key Information Security Terms

Published: June 05, 2013


Richard L. Kissel


The National Institute of Standards and Technology (NIST) has received numerous requests to provide a summary glossary for our publications and other relevant sources, and to make the glossary available to practitioners. As a result of these requests, this glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009). This glossary includes most of the terms in the NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009. This glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications. For a given term, we do not include all definitions in NIST documents - especially not from the older NIST publications. Since draft documents are not stable, we do not refer to terms/definitions in them. Each entry in the glossary points to one or more source NIST publications, and/or CNSSI-4009, and/or supplemental sources where appropriate. The NIST publications referenced are the most recent versions of those publications (as of the date of this document).
Citation: NIST Interagency/Internal Report (NISTIR) - 7298 Rev. 2
Report Number:
7298 Rev. 2
Pub Type: NIST Pubs


Superseded by


Cyber Security, Definitions, Glossary, Information Assurance, Information Security, Terms
Created June 05, 2013, Updated July 16, 2019