Lesson 2 Definitions Flashcards
Sensitive Information
Information where the loss, misuse, or unauthorized access or modification could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act).
Federal Contract Information (FCI)
Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments.
Controlled Unclassified Information (CUI)
Information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.
Controlled Technical Information (CTI)
Technical Information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination.
Export-Controlled Information (ECI)
Any information or material that cannot be released to foreign nationals or representatives of a foreign entity, without first obtaining approval or license from the Dept. of State for items controlled by ITAR or the Dept. of Commerce for items controlled by the Export Administration Regulations (EAR).
Covered Defense Information (CDI)
Terms used to identify information that requires protection under DFARS Clause 252.204-7012. Unclassified CTI or other information, as described in the CUI Registry, that requires safeguarding or dissemination controls pursuant to and consistent with the law, regulations, and government-wide policies.
Lawful government purpose
Any activity, mission, function, operation, or endeavor that the U.S. Government authorizes or recognizes as within the scope of its legal authorities or the legal authorities of non-executive branch entities (such as state and local law enforcement).
Data Integrity
Property that data has not been altered in an unauthorized manner
Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information
Personally Identifiable Information (PII)
Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a speficic individual
Multifactor Authentication (MFA)
A mechanism that provides for added protection of data through electronic methods
Awareness
A learning process that sets the state for training by changing individual and organizational attitudes to realize the importance of security and the adverse consequences of its failure.
Awareness and Training Program
Explains proper rules of behavior for the use of agency information systems and information. The program communicates information technology (IT) security policies and procedures that need to be followed. (i.e., NSTISSD 501, NIST SP 800-50)
Configuration Management
A collection of activities focused on establishing and maintaining the integrity of information technology products and systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.
Encryption
The process of changing plaintext into cipher text
