acceptable use policy (AUP) A policy that governs employees’ use of company equipment and Internet services. ISPs may also apply AUPs to their customers.

access badge An authentication mechanism that allows a user to present a smart card to operate an entry system.

access control list (ACL) The collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).

access control vestibule A secure entry system with two gateways, only one of which is open at any one time.

access point (AP) A device that provides a connection between wireless devices and can connect to wired networks, implementing an infrastructure mode WLAN.

account lockout Policy that prevents access to an account under certain conditions, such as an excessive number of failed authentication attempts.

account policies A set of rules governing user security information, such as password expiration and uniqueness, which can be set globally.

accounting Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.

acquisition/procurement Policies and processes that ensure asset and service purchases and contracts are fully managed, secure, use authorized suppliers/vendors, and meet business goals.

active reconnaissance Penetration testing techniques that interact with target systems directly. active security control Detective and preventive security controls that use an agent or network configuration to monitor hosts. This allows for more accurate credentialed scanning, but consumes some host resources and is detectable by threat actors.

ad hoc network A type of wireless network where connected devices communicate directly with each other instead of over an established medium.

address resolution protocol (ARP) Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment.

advanced persistent threat (APT) An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

adware Software that records information about a PC and its user. Adware is used to describe software that the user has acknowledged can record information about their habits.

AES Galois Counter Mode Protocol (GCMP) A high performance mode of operation for symmetric encryption. Provides a special characteristic called authenticated encryption with associated data, or AEAD.

air-gapped A type of network isolation that physically separates a host from other hosts or a network from all other networks.

alert tuning The process of adjusting detection and correlation rules to reduce incidence of false positives and low-priority alerts.

algorithm Operations that transform a plaintext into a ciphertext with cryptographic properties, also called a cipher. There are symmetric, asymmetric, and hash cipher types.

allow listing A security configuration where access is denied to any entity (software process, IP/domain, and so on) unless the entity appears on an allow list.