Читаем CISSP Practice полностью

Campus-area network (CAN)

An interconnected set of local-area networks (LANs) in a limited geographical area such as a college campus or a corporate campus.

Capability list

A list attached to a subject ID specifying what accesses are allowed to the subject.

Capability maturity model (CMM)

CMM is a five-stage model of how software organizations improve, over time, in their ability to develop software. Knowledge of the CMM provides a basis for assessment, comparison, and process improvement. The Carnegie Mellon Software Engineering Institute (SEI) has developed the CMM.

Capture

The method of taking a biometric sample from an end user.

Capturing (password)

The act of an attacker acquiring a password from storage, transmission, or user knowledge and behavior.

Cardholder

An individual possessing an issued personal identity verification (PIV) card.

Carrier sense multiple access (CSMA) protocols

Carrier sense multiple access (CSMA) protocols listen to the channel for a transmitting carrier and act accordingly. If the channel is busy, the station waits until it becomes idle. When the station detects an idle channel, it transmits a frame. If collision occurs, the station waits a random amount of time and starts all over again. The goal is to avoid a collision or detect a collision (CSMA/CA and CSMA/CD). The CSMA/CD is used on LANs in the MAC sublayer, and it is the basis of Ethernet.

CERT/CC

See computer emergency response team coordination center (CERT/CC)

Certificate

(1) A set of data that uniquely identifies a key pair and an owner that is authorized to use the key pair. The certificate contains the owner’s public key and possibly other information, and is digitally signed by a Certification Authority (i.e., a trusted party), thereby binding the public key to the owner. Additional information in the certificate could specify how the key is used and its crypto-period. (2) A digital representation of information which at least (i) identifies the certification authority issuing it, (ii) names or identifies its subscriber, (iii) contains the subscriber’s public key, (iv) identifies its operational period, and (v) is digitally signed by the certification authority issuing it.

Certificate management protocol (CMP)

Both certification authority (CA) and registration authority (RA) software supports the use of certificate management protocol (CMP).

Certificate policy (CP)

A certificate policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management. A CP addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a CP can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.

Certificate-related information

Information such as a subscriber’s postal address that is not included in a certificate. May be used by a certification authority (CA) managing certificates.

Certificate revocation list (CRL)

A list of revoked but unexpired public key certificates created and digitally signed or issued by a certification authority (CA).

Certificate status authority

A trusted entity that provides online verification to a relying party of a subject certificate’s trustworthiness, and may also provide additional attribute information for the subject certificate.

Certification

Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

Certification and accreditation (C&A)

Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.