Home | Community | Glossary

NextLabs Glossary

Glossary of Data Security Terms

What is Data-Centric Security?

Data-centric security (DCS) is an approach to security that emphasizes the protection of the data itself rather than the security of networks, servers, databases, or applications. It encompasses technologies, processes, and policies for safeguarding data throughout its lifecycle – at rest, in motion, and in use. 

DCS often works hand in hand with Zero Trust Architecture (ZTA), since it requires the ability to make authorization decisions dynamically at the point of access. Our glossary provides clear definitions of key DCS terms below to help you implement effective security strategies. 

A B C D E F G H I J K L M N O P R S T U V W X Y Z

Access Control

A security mechanism for governing the entry, use, and permissions of individuals or entities accessing certain data resources or systems. It ensures that only authorized users can perform specific actions or access specific information.

Access Token

A credential, often in the format of opaque strings and JSON Web Tokens (JWT), utilized by applications to access APIs after a user is successfully authenticated and authorized. The token informs the API that its bearer is authorized to perform certain actions within the granted scope, thereby playing a crucial role in controlling and securing data access through APIs.

Adaptive Multi-Factor Authentication (MFA)

Adaptive MFA is a method for using contextual information and predefined business rules to determine which authentication factors apply to a user in each situation. Businesses use adaptive MFA to strike a balance between stringent security requirements and user convenience.

Attributes

Properties associated with subjects, objects, or the environment in the context of access control. These can refer to user characteristics, device location, time, and other factors that are critical in determining access permissions to data resources.

Attribute-Based Access Control (ABAC)

An access control paradigm that uses attribute-based policies to grant or deny access to resources. Authorization decisions are based on the evaluation of policies and attributes such as user, device location, time, and other factors.

Attribute Management

The act of dynamically creating, maintaining, disseminating, and revoking attributes (for example, clearance, citizenship, location, department, and work role), which are assigned and bound to subjects.

Authorization

Authorization is the process used by a server to determine if a user or device has permission to use or access the requested resource. Authorization is usually coupled with authentication so that the server has some concept of who is requesting access.

Authentication

The process of confirming the identity of a user or device and ensuring that they are indeed who they claim to be. A typical example is a login screen, which authenticates a user by matching the provided username with the corresponding password.

Automated Rights Protection

The automated use of encryption and tagging of sensitive documents and files to enable document security, mitigate the risk of unauthorized access, and provide visibility and control throughout the data lifecycle without manual intervention.

Automation

The use of technology to perform security tasks without human intervention. This can include the detection of threats, enforcement of security policies, management of access rights, and real-time policy updates.

Big Data

Umbrella term used for huge volumes of heterogeneous datasets that cannot be processed by traditional computers or tools due to their varying volume, velocity, and variety.

Binding

An association between a subscriber identity and an authenticator or given subscriber session.

Centralized Visibility

A feature that offers data owners a comprehensive and unified view of their data’s usage, access, and activities from a centralized system. It allows organizations to efficiently monitor, analyze, and manage their data, ensuring streamlined oversight of information across the enterprise.

Certificate Authority (CA)

A trusted entity that issues digital certificates for verifying identities on networks. The CA ensures that the information contained in the certificate is correct and provides a public key that can be used to encrypt communications between the client and the server. It also maintains a list of issued certificates and can revoke them if necessary.

Coarse-Grained Access Control

A method of access control that requires a lower level of specificity in granting or denying access. For example, any user under a particular role (Ex. Engineering or people operations) can access any service.

Computer-aided design (CAD)

A technology that uses software to create, modify, and optimize designs, improving productivity and quality. Commonly used in industries like engineering and architecture, CAD is essential for producing detailed 2D drawings and complex 3D models. Popular CAD software includes AutoCAD, SolidWorks, NX and Creo.

Commercial off-the-shelf (COTS)

Ready-made software or hardware products sold to the public, designed for easy integration into existing systems with minimal customization. COTS products, such as Microsoft Office, help organizations reduce development costs and time while providing reliable, supported solutions.

Containerization

A lightweight form of virtualization that packages applications and their dependencies into containers, allowing them to run consistently across different computing environments. This technology isolates applications from the underlying infrastructure, which simplifies deployment and improves scalability. Popular tools for containerization include Docker and Kubernetes, which help manage and orchestrate containers effectively.

Continuous Integration and Deployment (CI/CD)

A software development practice where developers frequently merge code changes into a central repository, followed by automatic builds and tests. The CI/CD pipeline aims to improve software quality and accelerate the delivery process by enabling quick and reliable updates.

Controlled Unclassified Information (CUI)

Sensitive information that requires protection but does not meet the criteria for classified information. Examples include Proprietary Business Information (PBI), Unclassified Controlled Technical Information (UCTI) and Personally Identifiable Information (PII). Federal agencies regulate CUI handling through policies like NIST SP 800-171, which outlines security controls for preventing unauthorized access, disclosure, and loss.

Credentialing

The process of binding an identity to a physical or electronic credential, which can subsequently be used as a proxy for the identity or proof of having specific attributes.

Credential Service Provider (CSP)

A provider of credentialing services to agencies or companies that do not operate their own credentialing capability.

Cybersecurity Maturity Model Certification (CMMC)

A certification standard developed by the United States Department of Defense (DoD) with the purpose of assessing and improving the cybersecurity maturity of defense contractors. CMMC aims to protect sensitive information and secure the defense supply chain by establishing different levels of cybersecurity practices and processes that organizations must comply with to work on government-related projects.

Data Access Security

Measures and practices implemented to protect the confidentiality, integrity, and availability of data from unauthorized access or disclosure. It involves employing various security controls, such as encryption, access controls, authentication mechanisms, and monitoring systems.

Data Classification

The practice of categorizing data according to its criticality, value, sensitivity and compliance requirements within an organization. It aids in the identification, segregation, and secure handling of data, allowing organizations to determine the necessary protection level and ensure compliance with relevant regulations.

Data Cleaning

The process of rectifying or removing inaccurate, incomplete or duplicate data records from the database. Failure to properly clean data threatens data integrity and harms data-driven decision making. It is commonly referred to as data cleansing.

Data Consolidation

The process of gathering data from disparate sources across an organization, cleaning it, and combining it in a single location, such as a cloud data warehouse or data lake environment. It allows organizations to leverage efficient reporting and analysis capabilities while ensuring data accessibility.

Data Governance

The set of standards and processes around collection, storage, processing, and disposal of data over time, in order to ensure data quality, consistency, integrity, and security.

Data Ingestion

The process of obtaining and importing data for immediate use or storage in a database.

Data Lake

A vast repository designed to store extensive raw data in its original format. Unlike hierarchical data warehouses that use a file and folder structure, data lakes adopt a flat architecture, where each data item in the repository is uniquely identified and tagged with metadata. Data lakes enable efficient data analysis for specific business queries.

Data Manipulation Language (DML)

A family of computer programming languages for adding, deleting, and updating data in a database. A popular DML is Structured Query Language, or SQL.

Data Mining

An analytical process tailored for examining extensive data resources to identify consistent patterns and systematic relationships among variables. Identified patterns are subsequently applied to new subsets of data for evaluation. The ultimate objective of data mining typically involves predicting customer behavior, sales volume, customer retention likelihood, and other critical business metrics.

Data Normalization

The reorganization of database data with the aim of removing redundancies and ensuring that all data dependencies follow a logical structure.

Data Encryption

A security method that uses algorithms to transform plaintext data into ciphertext, making it unreadable without a decryption key. Prominent examples of data encryption include Digital Rights Management (DRM and Format Preserving Encryption (FPE).

Data Filtering

A process that involves sorting and restricting data access or display based on predefined criteria. This technique is used to manage large volumes of data by selectively showing only the relevant or required information to users or systems.

Data Loss Prevention

A system’s ability to identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through contextual security analysis of transactions, within a centralized management framework.

Digital Rights Management (DRM)

The application of technologies, policies, and processes aimed at securing and controlling the access, sharing, and usage of data. It involves implementing encryption, access controls, and permissions management to safeguard data from unauthorized access, modification, or distribution.

Digital Watermarking

The process of embedding discreet information into digital transmitted data. The watermark is used to identify the data owner and to track any unauthorized use or distribution of data.

Dynamic Data Masking (DDM)

A technique that masks sensitive information based on the real-time attributes of the user requesting access, the characteristics of the data, and the context of the access request.

Data Segregation

The practice of isolating specific data sets from others to apply distinct access policies, ensuring that only authorized individuals can access certain data. This segregation can be physical, involving the storage of data on separate systems or networks, or logical, where data is stored in distinct logical partitions or areas within the same physical device.

Data Warehouse

A system that stores data for future analysis and processing. It serves as a repository for data from various sources, such as a company's CRM systems and external files or databases.

Defense Federal Acquisition Regulation Supplement (DFARS) 

A set of regulations issued by the US Department of Defense (DoD) that extends and expands on the Federal Acquisition Regulation (FAR). DFARS imposes additional stipulations on defense contractors conducting business with the DoD, including cybersecurity requirements.

De-provisioning

The removal of an individual's digital identity, access rights, and privileges within an organization. It is a critical security measure to ensure that former employees or users no longer have access to sensitive data.

Distributed Identity

A strategy where identity information is managed across various cloud environments in compliance with open standards, ensuring interoperability and security. Identity is stored in distributed locations and verified through trusted external entities. It is also commonly referred to as decentralized identity.

Digital Identity Lifecycle Management

The process of establishing and maintaining the attributes that comprise an individual’s digital identity, supporting general updates to an identity such as a name change or biometric update.

Dynamic Authorization

A technology in which authorization and access rights to an enterprise's network, applications, data, or other sensitive assets are granted dynamically in real-time using attribute-based policies.

Endpoint Security

A cybersecurity approach focused on protecting the endpoints, or entry points, of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns.

Enrollment

Process of collecting and storing identity information of an entity in a repository; associates the entity with minimal information representing the entity within a specific context and allows the entity to be distinguished from any other entity in the context; also known as registration.

End-to-End Protection

A data security approach that ensures sensitive information is automatically secured throughout its entire lifecycle, both within an enterprise and across its extended network. It involves access controls, encryption, and data loss prevention measures to maintain data integrity and confidentiality from creation to final use.

Externalized Authorization

A data security approach where authorization decisions are separated from the application itself and managed by a dedicated external service. This method centralizes and standardizes access control by using policies enforced by an authorization server. Externalized authorization allows for more flexible and scalable control over who can access what resources across multiple application.

Enterprise Application

A comprehensive software application or system designed to support the operations, processes, and information needs of large organizations or businesses. Given its role in handling business-critical data, an enterprise application requires robust security protocols to safeguard sensitive information. The four primary types of enterprise applications are enterprise systems, supply chain management systems, customer relationship management systems and knowledge management systems.

Export Administration Regulations (EAR)

Regulations administered by the Bureau of Industry and Security (BIS) which is governed by the U.S. Department of Commerce. These regulations dictate the export, re-export, and transfer of most commercial items, software, and technology that are not covered by ITAR. EAR regulations are designed to strike a balance between promoting legitimate trade and safeguarding national security interests.

Export Controls

Laws and regulations that govern the transfer or disclosure of goods, technology and funds originating in one country to persons or entities based in or having citizenship in another country. They apply even if the regulated items are not crossing an international border. In the United States, export control regulations are implemented by the U.S. Department of Commerce, Department of State, Department of Treasury through Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), and Office of Foreign Assets Control (OFAC) respectively. Other countries usually have their own export regulations, such as Germany’s BAFA and the UK Export Control Act.

Extract, Transform, and Load (ETL)

The process of ‘extracting’ raw data, ‘transforming’ by cleaning the data and ‘loading’ it into the appropriate repository for the future use.

Fault Tolerant

The property that enables a system to continue operating properly in the event of the failure of one or more faults within some of its components.

Federal Contract Information (FCI)

Data that is generated, provided, received, used, or stored by a contractor as a requirement of fulfilling a federal government contract. It must handled, protected and disposed of securely to comply with federal regulations.

Federated Identity

A method of allowing authorized users to access multiple applications with a single set of credentials, by interlinking a user's identity across different identity management systems.

Fine-Grained Access Control

A method of access control that leverages multiple conditions and entitlements to enable granular control over access to resources. Unlike coarse-grained access control, which might grant access based on more general criteria (such as user role or group membership), fine-grained access control allows for more nuanced and specific permissions.

Format-Preserving Encryption (FPE)

A data encryption technique that maintains the original format of the input data in the encrypted output. This method allows sensitive data to be encrypted without disrupting the operation of applications that expect data in a specific format. For instance, a 16-digit credit card number can be encrypted into another 16-digit number, ensuring that systems which rely on this format can still function properly while the data remains secure.

Fourth-Generation Policy Language (4GL)

In the context of access control, policy refers to a set of rules that utilizes attributes or user roles to determine whether access to a resource should be granted or denied. Policies can span across domains such as security, compliance, governance, and business rules.

Identity & Access Management (IAM)

Security and business discipline for managing digital identities and ensuring only authorized users have the necessary access to technology resources. Some of the options for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management.

Identity Assurance Level (IAL)

A category that conveys the degree of confidence that the applicant’s claimed identity is their real identity.

Identity Proofing

The process by which a Credential Service Provider (CSP) collects, validates, and verifies information about a person.

Identity Provider (IdP)

A service that stores and manages digital identities, providing authentication services to dependent applications within a federation or distributed network.

Internal Controls

Mechanisms, policies, and procedures implemented by an organization to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud. These controls range from physical security and segregation of duties to audit trails and management reviews.

International Traffic in Arms Regulations (ITAR)

A set of U.S. government regulations administered by the Department of State’s Directorate of Defense Trade Controls (DDTC). ITAR primarily focuses on controlling the export and import of defense-related articles, services, and technical data. The key objective of ITAR is to safeguard national security by preventing the unauthorized transfer of defence technology and knowledge to foreign entities or individuals.

Interoperability

The ability of different systems, devices, applications, or products to communicate, and operate together effectively without special effort from the user. It is crucial for ensuring seamless services and enhancing functionality within and across organizational boundaries, facilitating collaboration and efficiency.

Least Privilege Access

A principle that limits users’ access rights only what is necessary for them to effectively perform their job functions. It ensures that users are only able to view, edit, download only necessary data, reducing the risk of unauthorized access or data breaches.

Mandatory Access Control (MAC)

A security model that restricts access to resources based on fixed security attributes assigned to both information and users. In a MAC system, the security administrator defines the access policies, including the classification levels and the clearances required to access certain resources. Users cannot change these attributes or the access controls; only administrators have this authority. This approach is commonly used in environments that require a high level of security, such as military and government institutions.

Master Data Management (MDM)

A comprehensive method of enabling an enterprise to link all its critical data to one file, called a master file, provides a common reference point. When properly done, MDM streamlines data sharing among personnel and departments. Additionally, it facilitates computing in multiple system architectures, platforms, and applications.

Metadata

Data that offers contextual information about other data. This includes details such as the title, subject, author, and file size of a document. It may also describe acquisition conditions, accuracy, timestamps, compilation methods, and processing procedures for data stored in a database.

Microservices

An architectural style that structures an application as a collection of small, loosely coupled services, each deployed independently. Unlike monolithic architectures, where all components are tightly integrated and a single change affects the entire system, microservices allow for individual components to be updated without impacting others. This modular approach makes it easier to scale and update applications, enhancing agility and reducing complexity.

Multiple-Client Option

A feature that allows users to manage and access documents and files from a variety of client options, such as rich clients, web browser, and mobile applications.

Multi-factor Authentication (MFA)

An authentication process that requires multiple verification factors. By utilizing multiple factors, it ensures that even if one element, such as a password, is compromised, the data remains protected from unauthorized access.

Need-to-Know Access

A principle in data security and access control where individuals are granted access to information strictly based on the necessity to know that information for performing their job functions. Unlike the "least privilege" principle, which focuses on limiting the level of access rights and permissions. need-to-know specifically targets the relevance of the information to the user’s duties, focusing on the appropriateness of accessing certain data.

Network Security

The security paradigm of protecting a computer network from intruders. It manages network access and availability by employing defensive measures such as firewalls, anti-virus software, intrusion detection systems, and encryption protocols.

NIST 800-207

A NIST special publication that discusses the core logical components that make up a zero trust architecture (ZTA) network strategy. Zero trust refers to an evolving set of security paradigms that focus on protecting resources rather than network segments. It is a response to the rise of remote users and cloud-based assets located beyond an enterprise-owned network boundary.

NIST Cybersecurity Framework

A framework based on existing standards that provides voluntary guidance to organizations around managing and mitigating cybersecurity risks. Comprising of 5 components (identify, protect, detect, respond, recover), it is designed not only to enhance an organization's security posture but also to facilitate effective communication about risk and cybersecurity management among both internal and external stakeholders.

OAuth

An open protocol to allow secure and standardized authorization in a simple and standard method from web, mobile and desktop applications. OAuth 2.0 in particular has become the industry-standard protocol for authorization.

Persistent File Protection

The implementation of security controls to ensure that sensitive documents are protected regardless of where the document travels and who it is shared with. It involves digital rights management (DRM) techniques to prevent unauthorized access, modification, or extraction of sensitive information, both during transit and while at rest.

Platform as a Service (PaaS)

A cloud computing environment for developing, deploying, and managing applications. PaaS provides an infrastructure which includes operating systems, runtime environments, and development tools for developers to focus on building applications without the need to manage underlying infrastructure.

Personally Identifiable Information (PII)

Data that can be used to identify an individual, such as names, addresses, social security numbers, or biometric information.

Policy

In the context of access control, policy refers to a set of rules that utilizes attributes or user roles to determine whether access to a resource should be granted or denied. Policies can span across domains such as security, compliance, governance, and business rules.

Policy-Based Access Control (PBAC)

A method of controlling user access to one or more systems, where access privileges are determined by combining the business responsibilities of the user with policies. This approach allows for dynamic adjustment of access rights in response to changing business requirements, without the need for extensive auditing and modification of roles.

Policy Governance

A structured approach to managing the authoring, approval, and implementation of policies within an organization. It involves regular review and updating of policies to adapt to changing conditions, providing a clear framework for decision-making and accountability.

Policy Language

A high-level programming language that utilizes a natural language syntax similar to English, which allows business users to authorize policies without prior programming knowledge.

Policy Lifecycle Management

Policy Lifecycle Management is the process of creating, implementing, monitoring, reviewing, and updating current data security policies. It oversees the entire journey of a policy, ensuring that it remains effective and relevant.

Policy Studio

A specialized tool or interface used for creating, managing, and deploying various policies within an organization. It provides administrators and policy developers with a graphical environment where they can easily define, test, and modify.

Policy Orchestration

At its core, policy orchestration involves the automation and management of security policies across multiple systems, applications, and devices. This can include firewalls, intrusion detection/prevention systems, identity management systems, and other security tools that are used to protect an organization’s IT environment.

Policy Administration Point (PAP)

A component within a policy-based access control system that is responsible for managing and maintaining policy information. It serves as a centralized authority for creating, editing, and storing policy definitions, and it is typically used in conjunction with a Policy Decision Point (PDP) and a Policy Enforcement Point (PEP) to enforce policies within a system or network.

Policy Decision Point (PDP)

A component within a policy-based access control system that is responsible for making access control decisions based on the predefined policies. The PDP evaluates the attributes associated with the subject, object, and environment to determine whether access to a resource should be granted or denied.

Policy Enforcement Point (PEP)

A component that enforces security policies by intercepting access requests, consulting a Policy Decision Point (PDP) for authorization decisions, and then granting or denying access based on those decisions. The PEP ensures that all data access activity complies with predefined security policies.

Policy Information Point (PIP)

A component that supplies real-time attribute information to the Policy Decision Point (PDP) during access evaluation. It retrieves and provides the necessary attribute data, encompassing user roles, resource characteristics, environmental factors, and contextual information. effective and relevant.

Policy Enforcement

The process of ensuring that predefined policies are adhered to within an organization's computing environment. Policies are designed to protect sensitive information, maintain regulatory compliance, and mitigate potential cybersecurity risks when enforced.

Policy Engine

A software component or system that functions as a decision-making mechanism within an organization or application, playing a key role in the enforcement of policies and rules. Its operation is triggered by inputs or events such as user requests, system events, or data updates, to which it applies predefined policies to reach a decision or execute an action.

Policy Management

The process of creating, implementing, and maintaining policies within an organization. It involves the practical steps needed to ensure policies are up-to-date, properly communicated across the organization, and effectively enforced. Unlike policy governance which sets the higher-level framework, policy management is concerned with the day-to-day administration and oversight of policies.

Policy Retrieval Point (PRP)

A centralized storage of XACML access authorization policies, typically this is a database or filesystem. The PRP serves as the source for the Policy Decision Point (PDP) to access and retrieve specific policies needed for decision-making and enforcement.

Privileged Account Management

A set of processes for establishing and maintaining the entitlement or privilege attributes that comprise an individual’s access profile. These attributes are features of an individual that can be used as the basis for determining access decisions to both physical and logical resources.

Privileged User

A user authorized and trusted to perform security-relevant functions that ordinary users are not authorized to do.

Product Lifecycle Management (PLM)

A strategic business approach that manages the entire lifecycle of a product from inception through engineering design and manufacture to service and disposal. PLM software handles data from items, parts, products, documents, requirements, engineering change orders, and quality workflows across globalized supply chains. Widely used PLM software includes Siemens Teamcenter, SAP PLM and PTC Windchill.

Public Key Infrastructure (PKI)

A framework that manages digital certificates and public-key encryption to enable secure electronic communications. PKI supports various network activities like e-commerce, internet banking, and confidential email by using a pair of cryptographic keys, one public and one private, to facilitate encrypted exchanges between parties.

Role Based Access Control (RBAC)

An access control paradigm that grants permissions based on predefined roles assigned to users. It simplifies administration by linking permissions to roles, and then allocating these roles to users.

Role Engineering

The process of defining roles within an organization to optimize access control management. Role engineering involves identifying and grouping sets of permissions and responsibilities that frequently occur together, assigning these to specific roles within the organization. This systematic approach ensures that access to resources is authorized based on job function.

Role Explosion

A challenge in Role Based Access Control where the number of roles in an organization grows excessively large and complex. This proliferation can complicate management, reduce system performance, and increase the risk of security gaps and inconsistencies.

Runtime Authorization

The process of granting or denying access to resources dynamically during the execution of an application or system. It involves evaluating access control policies and making access decisions based on the context and conditions at runtime, ensuring a responsive and context-aware security posture.

Secure Socket Layer (SSL)

A cryptographic protocol that secures internet communication by encrypting data exchanged between a web browser and a website. It shields sensitive data, like passwords and credit card information, from interception during online interactions.

Security Assertion Markup Language (SAML)

An XML-based open standard used for exchanging authentication and authorization data between an identity provider and a service provider. SAML promotes single sign-on (SSO), where users can access multiple applications with one set of login credentials.

Security Information and Event Management (SIEM)

A solution that enables organizations to automate the monitoring and prevention of security threats and incidents. SIEM systems actively collect, analyze, and correlate security event logs and information from diverse sources in real-time, delivering valuable threat intelligence and alerts to enhance data-centric security measures.

Segregation of Duties (SoD)

Internal controls designed to prevent error and fraud by ensuring that a minimum of two individuals oversee distinct components of a task. For example, an individual authorizing access to sensitive payroll information should not be the same person who processes payroll. This division of responsibilities helps to avoid conflicts of interest.

Single Sign-On

A mechanism by which a single act of user authentication and log on enables access to multiple independent resources.

Software as a Service (SaaS)

A cloud computing model that allows users to access and use cloud-based applications over the Internet. Typically offered via a subscription model, the application’s infrastructure, software, and associated data are managed and stored in the SaaS provider's data center.

Structured Data

Data that is organized in a predefined format that can be easily deciphered, stored, retrieved, and processed by computing systems. Structured data includes dates, credit card numbers and names.

Service Level Agreement (SLA)

A formal contract between a service provider and a customer that outlines the expected level of service. An SLA specifies the metrics by which service is measured, the responsibilities of the service provider and the customer's rights.

Threat Intelligence

The collection and analysis of information about existing or emerging threats and vulnerabilities that organizations face. This intelligence helps organizations understand the risks associated with cyber threats such as malware, ransomware, and advanced persistent threats (APTs).

Unstructured Data

Data that does not have a predefined format, and thus cannot be analyzed with traditional data processing methods. It includes information such as social media posts, charts, images, CAD files etc.

User Provisioning

The creation, modification, disabling and deletion of user accounts across IT infrastructure and business applications. Provisioning tools allow businesses to automate user account management, streamlining processes such as onboarding and offboarding while ensuring regulatory compliance.

Virtualization

A technology that allows for the creation of virtual versions of physical hardware, software, storage, and network resources. Virtualization enables multiple virtual systems, servers, or environments to run on a single physical system, effectively separating the computing environment from the hardware infrastructure.

Vulnerability Assessment

The process of identifying and evaluating vulnerabilities in computer systems, networks, or applications. It involves scanning and analyzing systems for weaknesses, misconfigurations, or known security flaws to determine potential risks.

XACML

An XML-based markup language designed specifically for ABAC. The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.

Zero Trust Architecture

A security model that employs a data-centric methodology that focuses on protecting resources over the network perimeter. Its key principles include “never trust, always verify”, “assume breach” and “least privilege access”.

Zero Trust Maturity Model

A framework by the Cybersecurity and Infrastructure Security Agency (CISA) that guides organizations in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity”. The model outlines stages or levels of maturity, from initial awareness and adoption of zero trust principles to fully integrated and automated systems.

Zero Trust Policy Management

An approach involves the creation, enforcement, and continuous monitoring of zero trust policies and the management of identity and access management (IAM) systems.