Cybersecurity Glossary

A security target is a common criteria specification that represents a set of security requirements to be used as the basis of an evaluation of an identified target of evaluation (TOE).

A security objective pertains to confidentiality, integrity, or availability.

Scoping guidance is a part of tailoring guidance providing organizations with specific policy/regulatory-related, technology-related, system component allocation-related, operational/environmental-related, physical infrastructure-related, public access-related, scalability-related, common control-related, and security objective-related considerations on the applicability and implementation of individual security controls in the security control baseline. Scoping guidance is also specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline.

Security control assessment is the testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Security control assessment is the testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise.

Security policy is a set of rules and practices that specify how a system or organization delivers security services to protect sensitive and critical information.

A security range is the highest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network.

A secure subsystem is a subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.

Scatternet is a chain of piconets created by allowing one or more bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance.

A security domain is a set of subjects, their information objects, and a common security policy; it is also a collection of entities to which applies a single security policy executed by a single authority. A domain that implements a security policy and is administered by a single authority.

A seed key is an initial key used to start an updating or key generation process.