Search CSRC

Information system contingency planning refers to a coordinated strategy involving plans, procedures, and technical measures that enable the recovery of information systems, operations, and data after a disruption. Contingency planning generally includes one or more of the following approaches to restore disrupted services: Restoring information systems using alternate equipment; Performing some or all of the affected business processes using alternate processing (manual) means (typically acceptable for only short-term disruptions); Recovering information systems operations at an...

"The mitigation of violations of security policies and recommended practices." (SP 800-61 Rev. 2)

Security controls related to media protection include media: i) policies and procedures, ii) access, iii) marking, iv) storage, v) transport, vi) sanitization, vii) use, and viii) downgrading. (SP 800-53, Appendix F-MP)

The process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware. From a security perspective, patches are most often of interest because they are mitigating software flaw vulnerabilities; applying patches to eliminate these vulnerabilities significantly reduces the opportunities for exploitation. Also, patches are usually the most effective way to mitigate software flaw vulnerabilities, and are often the only fully effective solution. (SP 800-40 Rev. 3)

Includes the behavior of systems, devices, applications and people.

NIST's cybersecurity resources have supported NIST's smart grid development efforts, which resulted from the Energy Independence and Security Act of 2007 (EISA). RT=EISA

Trustworthiness is a concept that includes: privacy, reliability, resilience, safety, and security. Worthy of being trusted to fulfill whatever critical requirements may be needed for a particular component, subsystem, system, network, application, mission, business function, enterprise, or other entity. [SP 800-160 Volume 2, Appendix B]

Personal computing devices such as dektop and laptop computers.

"A device that measures a physical quantity and converts it into a signal which can be read by an observer or by an instrument. A sensor is a device, which responds to an input quantity by generating a functionally related output usually in the form of an electrical or optical signal." (SP 800-82 Rev. 2)

"A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures." (SP 800-41 Rev. 1)