Appendix A List of Acronyms¶
AD |
Active Directory |
AFW |
Android for Work |
API |
Application Programming Interface |
CA |
Certificate Authority |
COPE |
Corporate-Owned Personally-Enabled |
DMZ |
Demilitarized Zone |
DN |
Distinguished Name |
DNS |
Domain Name System |
DPC |
Derived Personal Identity Verification Credential |
EMM |
Enterprise Mobility Management |
FQDN |
Fully Qualified Domain Name |
GOVT |
Government |
HTTP |
Hypertext Transfer Protocol |
HTTPS |
Hypertext Transfer Protocol Secure |
ID |
Identifier |
IMEI |
International Mobile Equipment Identity |
IP |
Internet Protocol |
LAN |
Local Area Network |
LDAP |
Lightweight Directory Access Protocol |
MDM |
Mobile Device Management |
MDS |
Mobile Device Security |
MES |
Mobile Endpoint Security |
MTP |
Mobile Threat Posture |
NAT |
Network Address Translation |
NCCoE |
National Cybersecurity Center of Excellence |
NIST |
National Institute of Standards and Technology |
NTP |
Network Time Protocol |
OVA |
Open Virtualization Appliance |
PLIST |
Property List |
SCEP |
Simple Certificate Enrollment Protocol |
SSH |
Secure Shell |
SSID |
Service Set Identifier |
SSL |
Secure Sockets Layer |
TLS |
Transport Layer Security |
URL |
Uniform Resource Locator |
USB |
Universal Serial Bus |
VLAN |
Virtual Local Area Network |
VPN |
Virtual Private Network |
WAN |
Wide Area Network |
Appendix B Glossary¶
Application Programming Interface (API) |
A system access point or library function that has a well-defined syntax and is accessible from application programs or user code to provide well-defined functionality [C1]. |
App-Vetting Process |
The process of verifying that an app meets an organization’s security requirements. An app vetting process comprises app testing and app approval/rejection activities [C2]. |
Authenticate |
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system [C3]. |
Certificate |
A data structure that contains an entity’s identifier(s), the entity’s public key (including an indication of the associated set of domain parameters) and possibly other information, along with a signature on that data set that is generated by a trusted party, i.e., a certificate authority, thereby binding the public key to the included identifier(s) [C4]. |
Certificate Authority (CA) |
A trusted entity that issues and revokes public key certificates [C5]. |
Corporate-Owned Personally-Enabled (COPE) |
A device owned by an enterprise and issued to an employee. Both the enterprise and the employee can install applications onto the device. |
Demilitarized Zone (DMZ) |
An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied [C6]. |
Derived Personal Identity Verification (PIV) |
A credential issued based on proof of possession and control of the PIV Card, so as not to duplicate the identity proofing process as defined in [SP 800-63-2]. A Derived PIV Credential token is a hardware or software-based token that contains the Derived PIV Credential [C7]. |
Hypertext Transfer Protocol (HTTP) |
A standard method for communication between clients and Web servers [C8]. |
Hypertext Transfer Protocol Secure (HTTPS) |
HTTP transmitted over TLS [C9]. |
Internet Protocol (IP) addresses |
Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks [C10]. |
Lightweight Directory Access Protocol (LDAP) |
The Lightweight Directory Access Protocol, or LDAP, is a directory access protocol. In this document, LDAP refers to the protocol defined by RFC 1777, which is also known as LDAP V2. LDAP V2 describes unauthenticated retrieval mechanisms [C11]. |
Local Area Network (LAN) |
A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables any device to interact with any other on the network [C12]. |
Mutual Authentication |
The process of both entities involved in a transaction verifying each other [C13]. |
Passphrase |
A passphrase is a memorized secret consisting of a sequence of words or other text that a claimant uses to authenticate their identity. A passphrase is similar to a password in usage, but is generally longer for added security [C14]. |
Personal Identity Verification (PIV) |
A physical artifact (e.g., identity card, “smart” card) issued to a government individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable). PIV requirements are defined in FIPS PUB 201 [C15]. |
Risk Analysis |
The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment [C16]. |
Risk Assessment |
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system [C17]. |
Root Certificate Authority (CA) |
In a hierarchical public key infrastructure (PKI), the certification authority (CA) whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain [C18]. |
Appendix C References¶
- C1
National Institute of Standards and Technology (NIST). Information Technology Laboratory (ITL) Glossary, “Application Programming Interface Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/Application_Programming_Interface.
- C2
NIST. ITL Glossary, “App-Vetting Process,” [Online]. Available: https://csrc.nist.gov/glossary/term/App_Vetting_Process.
- C3
NIST. ITL Glossary, “Authenticate Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/authenticate.
- C4
NIST. ITL Glossary, “Certificate Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/certificate.
- C5
NIST. ITL Glossary, “Certificate Authority (CA) Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/Certificate_Authority.
- C6
NIST. ITL Glossary, “Demilitarized Zone (DMZ) Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/demilitarized_zone.
- C7
NIST. ITL Glossary, “Derived Personal Identity Verification (PIV) Credential Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/Derived_PIV_Credential.
- C8
NIST. ITL Glossary, “Hypertext Transfer Protocol (HTTP) Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/HTTP.
- C9
NIST. ITL Glossary, “Hypertext Transfer Protocol over Transport Layer Security Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/Hypertext_Transfer_Protocol_over_Transport_Layer_Security.
- C10
NIST. ITL Glossary, “Internet Protocol (IP) Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/internet_protocol.
- C11
NIST. ITL Glossary, “Lightweight Directory Access Protocol Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/Lightweight_Directory_Access_Protocol.
- C12
NIST. ITL Glossary, “Local Area Network (LAN) Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/Local_Area_Network.
- C13
NIST. ITL Glossary, “Mutual Authentication Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/mutual_authentication.
- C14
NIST. ITL Glossary, “Passphrase Definition,” [Online]. Available: https://csrc.nist.gov/glossary/term/Passphrase.
- C15
NIST. ITL Glossary, “Personal Identity Verification (PIV),” [Online]. Available: https://csrc.nist.gov/glossary/term/personal_identity_verification.
- C16
NIST. ITL Glossary, “Risk Analysis,” [Online]. Available: https://csrc.nist.gov/glossary/term/risk_analysis.
- C17
NIST. “NIST Special Publication 800-39, Managing Information Security Risk,” March 2011. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf.
- C18
NIST. “NIST Special Publication 800-32, Introduction to Public Key Technology and the Federal PKI Infrastructure,” February 2001. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-32.pdf.