Electronic search capability is expected, similar terms are grouped together for coherence, verses alphabetic sort.
Glossary
- Risk : Analysis, a Proceeding Framework phase.
- Design : Plan, a Proceeding Framework phase.
- Execution : Implementation, a Proceeding Framework phase.
- Check : Assurance, a Proceeding Framework phase. Comparison of the Design and Execution for acceptance or Risk. (Quality Assurance,
- Index : a table of components and their reference in each Proceeding Framework phase.
- Reference principal supporting reference material.
- driving phase : The input for the current phase, of the Proceeding Operations Framework.
- calibration phase : The context setting phase, two-steps from the current phase and one step prior to the driving phase, of the Proceeding Operations Framework.
- recipient : The phase receiving development in the active phase, in the Proceeding Operations Framework.
- framework : The Proceeding Operations (ProOps) Framework, a template for lean quality, minimal controls for operational standards.
- production : The operations around delivering the fully developed, qualified product to the customer.
- development : The operations around defining product, process, controls and delivery.
- configuration management : A collection of activities focused on establishing and maintaining the integrity of information technology products and information systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle. Source: NIST SP 800-53 Rev 4
Acronym
- COTS : Commercial-Off-the-Shelf
- DevOps : Development and Operations
- IoT : Internet of Things
- KPI : Key Performance Indicator
- NIST : National Institute of Standards and Technology
- SBOM : Software Bill of Materials
- SDLC : Software Development Life Cycle
- SLC : Software Lifecyle
- SSDF : Secure Software Development Framework
Reference
FISMA
Federal Information Security Modernization Act (FISMA) Implementation Project Overview
https://csrc.nist.gov/projects/risk-management
SSDF
Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)
[Secure Software Development Framework, SSDF](https://csrc.nist.gov/publications/detail/white-paper/2019/06/11/mitigating-risk-of-software-vulnerabilities-with-ssdf/draft)
[Mitigating Risk of Software Vulnerabilities with SSDF](https://csrc.nist.gov/CSRC/media/Publications/white-paper/2019/06/07/mitigating-risk-of-software-vulnerabilities-with-ssdf/draft/documents/ssdf-for-mitigating-risk-of-software-vulns-draft.pdf)
RMF
Risk Management Framework (RMF) Overview
https://csrc.nist.gov/Projects/Risk-Management/rmf-overview
-
Risk Management Framework: Quick Start Guides
https://csrc.nist.gov/Projects/Risk-Management/rmf-quick-start-guides
-
NISTIR 8286 Integrating Cybersecurity and Enterprise Risk Management (ERM)
https://csrc.nist.gov/publications/detail/nistir/8286/draft
SP 800-37 Rev. 2
Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
SP 800-53 Rev. 4
Security and Privacy Controls for Federal Information Systems and Organizations
https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf * SP 800-53 Rev. 5(Draft)
Security and Privacy Controls for Information Systems and Organizations
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft
https://csrc.nist.gov/CSRC/media/Publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft-baselines-markup.pdf
https://csrc.nist.gov/CSRC/media/Publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft-controls-markup.pdf
FIPS 199
FIPS 199 Standards for Security Categorization of Federal Information and Information Systems
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf
FIPS 200
FIPS 200 Minimum Security Requirements for Federal Information and Information Systems
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.200.pdf
NISTIR 7298
- Glossary of Key Information Security Terms NISTIR 7298 Rev. 3, is online only! Revision 2, below, can be downloaded as pdf.
- Abstract: This publication describes an online glossary of terms used in National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) publications.
https://csrc.nist.gov/publications/detail/nistir/7298/rev-3/final
- Glossary of Key Information Security Terms NISTIR 7298 Rev. 2
- The National Institute of Standards and Technology (NIST) has received numerous requests to provide a summary glossary for our publications and other relevant sources, and to make the glossary available to practitioners. As a result of these requests, this glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009). This glossary includes most of the terms in the NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009. This glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications.
https://csrc.nist.gov/publications/detail/nistir/7298/rev-2/archive/2013-06-05
CNSSI 4009
GAMP 5 Guide
Compliant GxP Computerized Systems
- GAMP 5 provides pragmatic and practical industry guidance to achieve compliant computerized systems fit for intended use in an efficient and effective manner.
https://ispe.org/publications/guidance-documents/gamp-5
- GAMP 5: Ten Years On
https://ispe.org/pharmaceutical-engineering/may-june-2018/gamp-5-ten-years
Unlimited use with this notice (c) 2019-2020 George Georgalis