mandatory access control - An access policy that restricts subjects\' access to objects based on the security clearance of the subject and the classification of the object. The system enforces the security policy, and users cannot share their files with other users.

masquerading - Impersonating another user, usually with the intention of gaining unauthorized access to a system.

maximum allowable downtime - The measure of how long an organization can survive an interruption of critical functions.

maximum tolerable downtime - The measure of how long an organization can survive an interruption of critical functions.

media - Any object that contains data.

message authentication code - In cryptography, a message authentication code (MAC) is a generated value used to authenticate a message. A MAC can be generated by HMAC or CBC-MAC methods. The MAC protects both a message\'s integrity (by ensuring that a different MAC will be produced if the message has changed) and its authenticity, because only someone who knows the secret key could have modified the message.

message digest - A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.

metadata - Information about the data.

misuse case - A use case from the point of view of an actor hostile to the system under design.

MPLS - (MultiProtocol Label Switching) - A converged data communications protocol designed to improve the routing speed of high-performance networks.

MTD - (Maximum Tolerable Downtime) - The measure of how long an organization can survive an interruption of critical functions.

multi-condition coverage - These criteria require sufficient test cases to exercise all possible combinations of conditions in a program decision.

multi-factor authentication - Ensures that a user is who he or she claims to be. The more factors used to determine a person

multifactor authentication - Authentication mechanisms that employ more than one factor. Factors are things a user knows (e.g., password), has (e.g., a hardware token), or is (e.g., biometrics).

multilevel security - A class of systems containing information with different classifications. Access decisions are based on the subject\'s security clearances, need to know, and formal approval.

Multiprotocol Label Switching - A converged data communications protocol designed to improve the routing speed of high-performance networks.

need to know - Primarily associated with organizations that assign clearance levels to all users and classification levels to all assets

need to know - A security principle stating that users should have access only to the information and resources necessary to complete their tasks that fulfill their roles within an organization. Need to know is commonly used in access control criteria by operating systems and applications.

need-to-know - Primarily associated with organizations that assign clearance levels to all users and classification levels to all assets

negative testing - This ensures the application can gracefully handle invalid input or unexpected user behavior.

network function virtualization - The objective of NFV is to decouple functions such as firewall management, intrusion detection, network address translation, or name service resolution away from specific hardware implementation into software solutions.

NFV - (Network Function Virtualization) - The objective of NFV is to decouple functions such as firewall management, intrusion detection, network address translation, or name service resolution away from specific hardware implementation into software solutions.

node - A system that is connected to a network.

non-repudiation - Inability to deny. In cryptography, a service that ensures the sender cannot deny a message was sent and the integrity of the message is intact, and the receiver cannot claim receiving a different message.

nonrepudiation - A service that ensures the sender cannot later falsely deny sending a message or taking an action.

null cipher - Hiding plaintext within other plaintext. A form of steganography.

OAuth - (Open Authorization) - The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

object - A passive entity that contains or receives information. Access to an object potentially implies access to the information that it contains. Examples of objects include records, pages, memory segments, files, directories, directory trees, and programs.

object reuse - Reassigning to a subject media that previously contained information. Object reuse is a security concern because if insufficient measures were taken to erase the information on the media, the information may be disclosed to unauthorized personnel.

onboarding - The process of turning a candidate into a trusted employee who is able to perform all assigned duties.

one-time pad - A method of encryption in which the plaintext is combined with a random

open authorization - The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

open shortest path first - An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm.

operational assurance - A level of confidence of a trusted system\'s architecture and implementation that enforces the system\'s security policy. This can include system architecture, covert channel analysis, system integrity, and trusted recovery.

operational goals - Daily goals to be accomplished to ensure the proper operation of an environment.

operator - An individual who supports the operations of computer systems

OSPF - (Open Shortest Path First) - An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm.

OTP - (One-Time Pad) - A method of encryption in which the plaintext is combined with a random

overt channel - A path within a computer system or network that is designed for the authorized transfer of data.

overt security testing - Overt testing can be used with both internal and external testing. When used from an internal perspective, the bad actor simulated is an employee of the organization. The organization

ownership - Possessing something, usually of value.

packet - Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model.

packet loss - A technique called Packet Loss Concealment (PLC) is used in VoIP communications to mask the effect of dropped packets.

parity bits - RAID technique, allows recovery of missing drive(s) by pulling data from adjacent drives.

password - A sequence of characters used to prove one\'s identity. It is used during a logon process and should be highly protected.

PAT - (Port Address Translation) - An extension to NAT to translate all addresses to one routable IP address and translate the source port number in the packet to a unique value.

patch - An update/fix for an IT asset.

path coverage - This criteria require sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once.

payment card industry data security standard - An information security standard for organizations that are involved in payment card transactions.

PCI DSS - (Payment Card Industry Data Security Standard) - An information security standard for organizations that are involved in payment card transactions.