PREVIOUS

NEXT

audit trail

1. A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.
2. A record showing who has accessed an information technology (IT) system and what operations the user has performed during a given period.
Source: NIST SP 800-47

authenticate

To confirm the identity of an entity when that identity is presented.
Source: NIST SP 800-32

authentication

1. Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
Source: FIPS PUB 200; NIST SP 800-27 Rev A
2. A security measure designed to protect a communications system against acceptance of fraudulent transmission or simulation by establishing the validity of a transmission, message, originator, or a means of verifying an individual's eligibility to receive specific categories of information.
Source: CNSSI No. 4005 (COMSEC); NSA/CSS Manual Number 3-16 (COMSEC)

authentication mechanism

Hardware or software-based mechanisms that force users to prove their identity before accessing data on a device.
Source: NIST SP 800-72

authentication period

The period between any initial authentication process and subsequent re-authentication processes during a single terminal session or during the period data is being accessed.

authentication protocol

1. A well specified message exchange process between a claimant and a verifier that enables the verifier to confirm the claimant’s identity.
2. A defined sequence of messages between a Claimant and a Verifier that demonstrates that the Claimant has possession and control of a valid token to establish his/her identity, and optionally, demonstrates to the Claimant that he or she is communicating with the intended Verifier.
Source: NIST SP 800-63-2

authenticator

The means used to confirm the identity of a user, process, or device (e.g., user password or token).
Source: NIST SP 800-53 Rev 4

authenticity

The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See authentication.
Source: NIST SP 800-53 Rev 4; NIST SP 800-53A Rev 1; NIST SP 800-39