accrediting authority (C.F.D.) |
Synonymous with designated accrediting authority (DAA). See also authorizing official. |
acquirer |
Stakeholder that acquires or procures a product or service. |
activation data |
A pass-phrase, personal identification number (PIN), biometric data, or other mechanisms of equivalent authentication robustness used to protect access to any use of a private key, except for private keys associated with System or Device certificates. |
active attack |
An attack on the authentication protocol where the Attacker transmits data to the Claimant, Credential Service Provider, Verifier, or Relaying Party. Examples of active attacks include man-in-the middle, impersonation, and session hijacking. |
active content |
Electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user. |
active cyber defense |
Synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities. |
activities (assessment) |
An assessment object that includes specific protection related pursuits or actions supporting an information system that involve people (e.g., conducting system backup operations, monitoring network traffic). |
add-on security (C.F.D.) |
Incorporation of new or additional hardware, software, or firmware safeguards in an operational information system. |
adequate security |
Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. |
administrative incident (COMSEC) |
A violation of procedures or practices dangerous to security that is not serious enough to jeopardize the integrity of a controlled cryptographic item (CCI), but requires corrective action to ensure the violation does not recur or possibly lead to a reportable COMSEC incident. |