Glossary
This glossary provides clear definitions of terms, acronyms, and concepts used across DigiCert®'s technical documentation. It is intended to promote consistency, improve understanding, and serve as a quick reference for readers. Terms are listed alphabetically for easy access.
Term | Definition |
|---|---|
A (IPv4 address) record | A DNS record that maps a domain name to an IPv4 address. |
AAAA (IPv6 address) record | A DNS record that maps a domain name to an IPv6 address. |
Access control | The process of restricting who or what can view or use resources in a system. |
Access Control List (ACL) | A list of rules that defines which users or systems are granted or denied access to resources. |
Access token | A credential used to authenticate a user or application and grant access to resources. |
Account | A registered profile that allows a user or organization to access a system or service. |
Account administrator | A user with full permissions to manage an account, including users, settings, and resources. |
Account friendly ID | A human-readable identifier used to distinguish an account. |
Account log | A record of actions and events related to an account. |
Account manager | A person responsible for managing a customer relationship and account services. |
Account user | An individual with access to an account, typically with limited permissions. |
Activity log | A chronological record of actions performed within a system. |
Address pool | A range of IP addresses available for assignment to devices or services. |
Administrator | A user with elevated privileges to configure and manage systems. |
Adobe Approved Trust List (AATL) | A list of trusted certificate authorities recognized by Adobe for validating digital signatures. |
Advanced Electronic Signature (AES) | A type of electronic signature that uniquely identifies the signer and is linked to the signed data. |
Advanced Encryption Standard (AES) | A widely used symmetric encryption algorithm for securing data. |
Advanced Interactive Executive (AIX) | A Unix-based operating system developed by IBM. |
Advanced permissions | Granular access settings that allow fine control over user actions. |
Agent | Software that performs tasks on behalf of a user or system, often for monitoring or automation. |
Alert | A notification triggered by specific conditions or events. |
Alias | A set of rules or instructions used to perform a task, especially in computing or cryptography. |
Algorithm | An alternative name that points to another resource, such as a domain or record. |
Allowed values dataset | A predefined list of acceptable values for a field or configuration. |
Allowlist | A list of approved entities allowed access to a system. |
Apex alias | A DNS configuration that allows a root domain to point to another resource. |
Application Programming Interface (API) | A set of rules that allows different software systems to communicate. |
Artifact | A generated file or output, such as a certificate or report. |
Asset rating | A classification of an asset’s importance or risk level. |
Asymmetric cryptography | A cryptographic method using a pair of keys (public and private). |
Asymmetric encryption | Encryption that uses a public key for encryption and a private key for decryption. |
Atomic update | An update that completes fully or not at all, preventing partial changes. |
Attack surface | The total number of potential entry points for attackers. |
Attribute | A property or characteristic of an object or entity. |
Audit event | A recorded action or occurrence relevant to security or compliance. |
Audit log | A record of system activities used for monitoring and compliance. |
Audit trail | A traceable record showing the sequence of activities or changes. |
Authentication | The process of verifying the identity of a user or system. |
Authentication Certificate Authority (CA) | A CA that issues certificates used specifically for authentication purposes. |
Authentication certificate | A digital certificate used to verify identity. |
Authentication failure | An unsuccessful attempt to verify identity. |
Authentication method | The mechanism used to verify identity (e.g., password, biometrics). |
Authentication policy | Rules governing how authentication is performed. |
Authentication token | A piece of data used to verify identity after login. |
Authoritative DNS | DNS data that is the official source for a domain. |
Authoritative DNS server | A server that provides authoritative answers for a domain. |
Authoritative Zone Transfer (AXFR) | A method of copying DNS zone data between servers. |
Authority Information Access (AIA) | An extension in certificates that provides information about the issuing CA. |
Authorization | The process of granting or denying access after authentication. |
Auto-enrollment server | A system that automatically issues and manages certificates. |
Automated Certificate Management Environment (ACME) | A protocol for automating certificate issuance and renewal. |
Automation job | A scheduled or triggered task executed automatically. |
Automation profile | A configuration defining how automation tasks are performed. |
Automation service | A system that manages automated processes. |
Availability rule | A rule that defines conditions for system or service availability. |
Term | Definition |
|---|---|
Backup | A copy of data stored separately so it can be restored in case of loss, corruption, or failure. |
Base64 | An encoding method that converts binary data into text using a limited set of characters, often used in certificates and email. |
Baseline requirements (CA/B Forum) | Industry standards set by the CA/Browser Forum that define minimum security and validation requirements for issuing digital certificates. |
Biometric authentication | A method of verifying identity using unique physical traits, such as fingerprints or facial recognition. |
Bit length | The size of a cryptographic key measured in bits, indicating its strength. |
Blockchain | A distributed ledger technology that records transactions securely and immutably across multiple systems. |
BMPString | A character encoding format used in ASN.1 that supports a wide range of Unicode characters. |
Bootstrap certificate | An initial certificate used to establish trust and enable secure communication when a device or system is first set up. |
Botnet | A network of compromised devices controlled by an attacker to perform coordinated malicious activities. |
Browser root store | A collection of trusted root certificates maintained by a web browser to validate secure connections. |
Brute force attack | A method of attempting many possible combinations to guess passwords or encryption keys. |
Build agent | A system or service that executes automated build and deployment tasks in a development pipeline. |
Build attestation | A verifiable record that confirms how software was built, helping ensure its integrity and origin. |
Bulk signing | The process of signing multiple files or code artifacts in a single operation. |
Business unit | A division within an organization responsible for a specific function or product area. |
Term | Definition |
|---|---|
CAA (Certification Authority Authorization) record | A DNS record that specifies which certificate authorities are allowed to issue certificates for a domain. |
CertCentral | DigiCert®’s platform for managing digital certificates, users, and related security services. |
Certificate | A digital file that binds a public key to an identity, enabling secure communication. |
Certificate Authority (CA) | A trusted organization that issues and manages digital certificates. |
Certificate chain | A sequence of certificates linking an end-entity certificate to a trusted root certificate. |
Certificate event | An action or occurrence related to a certificate, such as issuance, renewal, or revocation. |
Certificate expiration | The date and time when a certificate is no longer valid. |
Certificate fingerprint | A unique hash value used to identify a specific certificate. |
Certificate lifecycle | The full process of managing a certificate from request and issuance to renewal and revocation. |
Certificate Management Protocol (CMP) | A protocol used to automate certificate enrollment, issuance, and management. |
Certificate manager | A user or system responsible for handling certificate operations. |
Certificate owner | The individual or organization responsible for a certificate. |
Certificate pinning | A security technique that associates a service with a specific certificate or public key. |
Certificate profile | A predefined set of rules and attributes used when issuing certificates. |
Certificate renewal | The process of replacing a certificate before it expires. |
Certificate request | A formal request submitted to a CA to issue a certificate. |
Certificate revocation | The process of invalidating a certificate before its expiration date. |
Certificate Revocation List (CRL) | A list of revoked certificates published by a CA. |
Certificate rotation | The practice of regularly replacing certificates to maintain security. |
Certificate Signing Request (CSR) | A file containing information used by a CA to create a certificate. |
Certificate status | The current state of a certificate (e.g., valid, expired, revoked). |
Certificate template | A reusable configuration that defines certificate properties. |
Certificate Transparency (CT) log | A public log that records issued certificates to improve visibility and detect misuse. |
Certificate validity period | The time span during which a certificate is considered valid. |
Chain of trust | The hierarchical relationship between certificates that establishes trust. |
Cipher | An algorithm used to encrypt and decrypt data. |
Cipher suite | A set of cryptographic algorithms used during secure communication. |
Client authentication certificate | A certificate used to verify the identity of a client in a secure connection. |
Client certificate | A certificate installed on a client device to authenticate it to a server. |
Click-to-Sign | A DigiCert® feature that allows users to sign code or documents through a simple interface. |
Cloud security | Practices and technologies used to protect cloud-based systems and data. |
Cloud signature | A digital signature created using a cloud-based key management system. |
Cloud Signature Consortium (CSC) | An industry group that defines standards for cloud-based digital signatures. |
CNAME (Canonical Name) record | A DNS record that maps one domain name to another. |
Code integrity | The assurance that code has not been altered or tampered with. |
Code signing | The process of digitally signing software to verify its origin and integrity. |
Compliance | Adherence to laws, regulations, and industry standards. |
Compliance boundary | The defined scope within which compliance requirements apply. |
Compliance control | A safeguard or measure used to meet compliance requirements. |
Compliance evidence | Documentation or data that demonstrates adherence to compliance requirements. |
Compliance framework | A structured set of guidelines for managing compliance (e.g., SOC 2, ISO 27001). |
Compliance policy | A formal document outlining rules and expectations for compliance. |
Compliance report | A document that summarizes compliance status and findings. |
Compliance scope | The systems, processes, and data covered by compliance requirements. |
Compromise | A situation where a system, key, or certificate is exposed or misused. |
Confidentiality | The protection of information from unauthorized access. |
Configuration management | The process of maintaining consistent system settings and configurations. |
Connection state | The current status of a network connection (e.g., open, closed, established). |
Connector | A tool or integration that links systems or services together. |
Container security | The protection of containerized applications and environments. |
Content Signing Service | A service that signs digital content to verify authenticity and integrity. |
Control | A safeguard implemented to reduce risk or meet security/compliance requirements. |
Credential rotation | The practice of regularly changing credentials such as passwords or keys. |
Credential store | A secure location for storing authentication credentials. |
Cross-Site Scripting (XSS) | A web vulnerability that allows attackers to inject malicious scripts into web pages. |
Cryptographic key | A value used in encryption and decryption processes. |
Term | Definition |
|---|---|
Data breach | Unauthorized access to sensitive or protected data. |
Data encryption | The process of converting data into a secure format to prevent unauthorized access. |
Data Loss Prevention (DLP) | Tools and processes used to prevent sensitive data from being lost or exposed. |
Data integrity | The assurance that data remains accurate and unaltered. |
Data Transfer Object (DTO) | A simple object used to transfer data between systems or layers. |
Decryption | The process of converting encrypted data back into its original form. |
Denial of Service (DoS) | An attack that overwhelms a system to make it unavailable. |
Denylist | A list of entities (such as IPs or domains) that are denied access or flagged as malicious. |
Dependency risk | Risk introduced by relying on external software, libraries, or services. |
Deployment | The process of releasing software or configurations to a target environment. |
Deployment limit | A restriction on the number or frequency of deployments. |
Deployment state | The current status of a deployment (e.g., pending, successful, failed). |
Deployment target | The environment or system where a deployment is applied. |
Detached signature | A digital signature stored separately from the signed data. |
Device authentication | Verifying the identity of a device before granting access. |
Device deployment result | The outcome of deploying configurations or certificates to a device. |
Device field mapping | The process of linking device data fields between systems. |
Device group | A collection of devices managed together. |
Device identity | A unique identifier assigned to a device. |
Device identity management | The process of managing identities and credentials for devices. |
Device lifecycle | The stages a device goes through, from provisioning to decommissioning. |
Device logs | Records of events generated by a device. |
Device profiles | Predefined configurations applied to devices. |
Device record | A stored entry containing information about a device. |
DigiCert® Device Trust Manager | A DigiCert® solution for managing device identities and security at scale. |
DevSecOps | An approach that integrates security into the software development lifecycle. |
Diffie-Hellman | A cryptographic method for securely exchanging keys. |
Digest | A hash value representing data, used to verify integrity. |
DigiCert® CH | DigiCert®’s Swiss-based trust service offering. |
DigiCert® EU | DigiCert®’s European trust services environment. |
DigiCert® gateway | A DigiCert® component that facilitates secure communication or integration between systems. |
DigiCert ONE | DigiCert®’s platform for managing digital trust services. |
DigiCert ONE Clients | Client software used to interact with DigiCert ONE services. |
DigiCert® site seal | A visual indicator on websites showing they are secured by DigiCert®. |
DigiCert® Trust Assistant | A tool that helps automate certificate lifecycle management. |
DigiCert® X9 PKI | A DigiCert® public key infrastructure offering aligned with financial industry standards (X9). |
Digital certificate | An electronic credential that verifies identity and enables secure communication. |
Digital identity | A digital representation of an entity used for authentication. |
Digital signature | A cryptographic mechanism used to verify authenticity and integrity. |
Directional DNS | A DNS configuration that routes queries based on rules or conditions. |
Directional group | A group used to apply directional routing rules. |
Directional pool | A set of resources used in directional routing. |
Directional rule | A rule that determines how DNS queries are routed. |
Directory service | A system that stores and manages information about network resources. |
Discovery | The process of identifying assets such as certificates or devices. |
Distinguished Name (DN) | A unique identifier used in certificates to represent an entity. |
Distributed Denial of Service (DDoS) | An attack using multiple systems to overwhelm a target. |
Division | An organizational unit within a company. |
DNS caching | The temporary storage of DNS query results to improve performance. |
DNS challenge | A method of domain validation using DNS records. |
DNS firewall | A security solution that filters DNS traffic to block threats. |
DNS hierarchy | The structured organization of DNS domains. |
DNS integration | The connection of DNS services with other systems. |
DNS propagation | The time it takes for DNS changes to spread across the internet. |
DNS proxy | A server that forwards DNS queries on behalf of clients. |
DNS record | An entry in DNS that maps domain information. |
DNS resolver | A server that resolves domain names into IP addresses. |
DNS Security Extensions (DNSSEC) | A set of extensions that adds authentication to DNS data. |
DNS zone | A portion of the DNS namespace managed as a unit. |
Document integrity | The assurance that a document has not been altered. |
Document signer | An individual or system that signs documents digitally. |
Document signing certificate | A certificate used to sign documents. |
Document workflow | The process of creating, reviewing, and approving documents. |
Domain | A unique name that identifies a website or resource. |
Domain Control Validation (DCV) | A process to verify control over a domain before issuing a certificate. |
Domain name | The human-readable address of a website. |
Domain Name System (DNS) | A system that translates domain names into IP addresses. |
Domain pre-validation | The process of validating a domain before certificate requests. |
Domain Validation (DV) | A certificate validation level that verifies domain ownership. |
Downtime | A period when a system is unavailable. |
DS (Delegation Signer) record | A DNS record used in DNSSEC to establish trust between zones. |
Dual control | A security principle requiring two individuals to perform critical actions. |
Duplicate certificate | A copy of an existing certificate with the same details. |
Dynamic analysis | The testing of software during execution to find issues. |
Dynamic authentication | An authentication method that adapts based on context or risk. |
Term | Definition |
|---|---|
Eavesdropping | Unauthorized interception of communications to access sensitive information. |
Edge device | A device located at the boundary of a network that processes data closer to its source. |
Edge security | Security measures applied at the network edge to protect devices and data. |
Elastic scaling | The ability to automatically adjust resources based on demand. |
Electronic Identification, Authentication, and Trust Services (eIDAS) | An EU regulation that standardizes electronic identification and trust services across member states. |
Electronic Machine-Readable Travel Documents (eMRTD) | Digital travel documents (like ePassports) containing embedded chips with identity data. |
Electronic seal (e-seal) | A digital equivalent of a company seal used to ensure document origin and integrity. |
Electronic signature (e-signature) | A digital method of signing documents to confirm identity and intent. |
Elliptic Curve Digital Signature Algorithm (ECDSA) | The full name of ECDSA; a method for generating secure digital signatures. |
Email security | Practices and tools used to protect email systems from threats like phishing and malware. |
Encryption | The process of converting data into a secure format to prevent unauthorized access. |
Encryption key | A value used to encrypt and decrypt data. |
End entity certificate | A certificate issued to a user, device, or server (not a CA). |
Endpoint security | Security measures applied to devices such as laptops, servers, and mobile devices. |
Enrollment | The process of requesting and obtaining a digital certificate. |
Enrollment endpoint URL | A web address used to submit certificate enrollment requests. |
Enrollment methods | Different ways of requesting certificates (e.g., manual, automated). |
Enrollment over Secure Transport (EST) | A protocol for securely enrolling and managing certificates. |
Enrollment profile | A configuration that defines how certificates are requested and issued. |
Enrollment protocol | A standardized method for certificate enrollment (e.g., ACME, EST). |
Enterprise account | An account designed for organizations with advanced management needs. |
Enterprise JavaBeans Certificate Authority (EJBCA) | An open-source certificate authority software platform. |
Enterprise PKI | A private PKI implementation used within an organization. |
Enterprise trust platform | A system for managing digital trust across an enterprise. |
Entropy | Randomness used in cryptographic processes to ensure security. |
Environment segmentation | The separation of systems into distinct environments (e.g., dev, test, production). |
Environment variable | A dynamic value that affects system behavior or configuration. |
Escrow | The secure storage of keys or sensitive data for recovery purposes. |
EU Trusted Lists (EUTL) | Official lists of trusted service providers under eIDAS. |
Event | An occurrence or action within a system. |
Event logging | The process of recording system events. |
Event payload | The data included in an event message. |
Event type | The category or classification of an event. |
Exploit | Code or techniques used to take advantage of a vulnerability. |
Extended Detection and Response (XDR) | A security solution that provides integrated threat detection across multiple systems. |
Extended Key Usage (EKU) | A certificate extension that defines its allowed purposes. |
Extended Validation (EV) | A certificate validation level requiring strict identity verification. |
Extension Mechanisms for DNS (EDNS0) | Enhancements to DNS that allow larger message sizes and additional features. |
External audit | An independent review of systems and processes for compliance or security. |
Term | Definition |
|---|---|
Failover | The automatic switching to a backup system when the primary system fails. |
Fallback | A secondary option or process used when the primary one is unavailable. |
False negative | A security result where a real threat is incorrectly identified as safe. |
False positive | A security result where a safe activity is incorrectly flagged as a threat. |
Federal Information Processing Standards (FIPS) | U.S. government standards for security and data protection, often required for cryptographic modules. |
Federated identity | A system that allows users to access multiple services using a single set of credentials. |
File integrity monitoring | A process that detects unauthorized changes to files. |
Fingerprint | A unique hash value used to identify a certificate or cryptographic object. |
Firewall | A system that monitors and controls incoming and outgoing network traffic based on security rules. |
Firmware | Low-level software embedded in hardware devices. |
Firmware security | Measures to protect firmware from tampering or unauthorized access. |
Flex certificate | A DigiCert® certificate offering flexible usage or licensing across multiple domains or systems. |
Forensics | The investigation and analysis of systems after a security incident. |
Forward secrecy | A property ensuring that past communications remain secure even if encryption keys are compromised. |
Framework | A structured set of guidelines or tools used to build or manage systems, often in security or compliance contexts. |
Fraud detection | The process of identifying suspicious or fraudulent activities. |
Friendly name | A human-readable label assigned to a certificate or object for easier identification. |
Full disk encryption | Encryption of all data on a storage device to protect it from unauthorized access. |
Fully Qualified Domain Name (FQDN) | The complete domain name that specifies a location in the DNS hierarchy (e.g., www.example.com). |
Fuzz testing | A testing technique that inputs random data into a system to identify vulnerabilities. |
Term | Definition |
|---|---|
Gateway | A system or service that acts as an entry point between networks, often enforcing security controls. |
General Data Protection Regulation (GDPR) | An EU law governing data privacy and protection. |
Geo-blocking | Restricting access to content or services based on a user’s geographic location. |
Geographic region | A defined physical area used for organizing services, infrastructure, or access policies. |
GET (HTTP method) | An HTTP request method used to retrieve data from a server. |
Git security | Practices for protecting source code repositories from unauthorized access or tampering. |
Global sign governance | Policies and processes for managing globally trusted digital signatures and identities. |
Glue record | A DNS record that provides the IP address of a nameserver to avoid circular dependencies. |
Go>Sign Mobile | A mobile application used for creating secure digital signatures. |
Google Authenticator | An app that generates time-based one-time passwords for multi-factor authentication. |
GNU Privacy Guard (GPG) | An open-source encryption tool used for secure communication and data protection. |
Granular access | Fine-grained control over permissions and user actions. |
GraphQL security | Measures to protect GraphQL APIs from vulnerabilities and misuse. |
Group policy | A feature used to manage configurations and security settings across multiple systems or users. |
Term | Definition |
|---|---|
Handling script | A script used to process, route, or respond to events or data within a system. |
Hardening | The process of securing a system by reducing vulnerabilities and unnecessary features. |
Hardware root of trust | A trusted hardware component that provides a secure foundation for cryptographic operations. |
Hardware Security Module (HSM) | A physical device that securely generates, stores, and manages cryptographic keys. |
Hardware-backed key | A cryptographic key stored and protected within secure hardware. |
Hash | A fixed-length value generated from data, used to verify integrity. |
Hash collision | A situation where two different inputs produce the same hash value. |
Hash function | An algorithm that converts data into a fixed-length hash. |
Hashing | The process of generating a hash from input data. |
Health check | A test to determine if a system or service is functioning properly. |
Health probe | An automated request used to check the availability of a service. |
Health status | The current operational condition of a system or service. |
Helm | A package manager for Kubernetes that simplifies application deployment. |
Helm repository | A storage location for Helm charts. |
High availability | A system design that ensures minimal downtime and continuous operation. |
High-volume signing | The ability to sign large numbers of files or transactions efficiently. |
HINFO (Host Information) record | A DNS record that provides information about a host’s hardware and operating system. |
HMAC | A cryptographic method that uses a hash function and a secret key to verify data integrity. |
Honeypot | A decoy system used to detect and analyze attacks. |
Host | A device or system connected to a network. |
Host-based security | Security measures applied directly to a host or endpoint. |
Hostname verification | The process of confirming that a certificate matches the intended domain. |
HSM isolation | Separating HSM resources to enhance security and prevent unauthorized access. |
Hypertext Transfer Protocol Secure (HTTPS) | A policy that forces browsers to use HTTPS for secure communication. |
HTTP/2 security | A domain validation method where control is proven by serving a specific file or response over HTTP/HTTPS. |
HTTP Event Collector (HEC) | A service that collects event data over HTTP for logging and monitoring. |
HTTP probe | A request used to test the availability of a web service. |
HTTP status code | A numeric code returned by a server indicating the result of an HTTP request. |
HTTP/HTTPS practical demonstration DCV method | Security considerations and protections specific to the HTTP/2 protocol. |
HTTP Strict Transport Security (HSTS) | A secure version of HTTP that uses encryption (TLS). |
Hybrid cloud | A computing environment that combines on-premises and cloud resources. |
Hypervisor security | Measures to protect virtual machine environments managed by a hypervisor. |
Term | Definition |
|---|---|
IAM (Identity and Access Management) | A framework for managing user identities and controlling access to resources. |
Identity assurance level | The degree of confidence that an identity has been properly verified. |
Identity authentication | The process of verifying a claimed identity. |
Identity lifecycle | The stages of managing an identity from creation to deactivation. |
Identity proofing | The process of verifying that an identity is real and belongs to a specific entity. |
Identity Provider (IdP) | A service that authenticates users and provides identity information to applications. |
Identity Verification (IDV) | The process of confirming an individual’s identity using documentation or data. |
Immutable build | A build process where artifacts cannot be changed after creation. |
Immutable logs | Logs that cannot be altered once written, ensuring integrity. |
In-toto sign | A step in the in-toto framework used to sign software supply chain metadata. |
In-toto verify | A process in the in-toto framework that verifies the integrity of software supply chains. |
Inbound traffic | Network traffic entering a system. |
Incident response | The process of detecting, responding to, and recovering from security incidents. |
Incremental Zone Transfer (IXFR) | A DNS method that transfers only changes between zone updates. |
Infrastructure security | Measures to protect underlying IT systems and networks. |
Initial placeholder | A temporary value or object used until real data is available. |
Inline onboarding | A process where onboarding occurs within an active workflow. |
Input folder | A directory where incoming files are placed for processing. |
Install key | A key used to activate or install software securely. |
Integration | The process of connecting systems or components. |
Intermediate Certificate Authority (ICA) | A CA that issues certificates under a root CA. |
Internet of Things (IoT) | A network of connected devices that communicate and exchange data. |
Internet Protocol (IP) | A protocol used to route data across networks. |
IoT Trust Manager | A DigiCert® solution for managing IoT device identities and security. |
IoT platform | A system for managing and operating IoT devices and data. |
Insider threat | A risk posed by individuals within an organization. |
Integrity | The assurance that data is accurate and unaltered. |
Intermediate certificate | A certificate issued by a root CA used to sign end-entity certificates. |
Internal PKI | A private certificate infrastructure within an organization. |
Intrusion Detection System (IDS) | A system that monitors for suspicious activity. |
Intrusion Prevention System (IPS) | A system that detects and blocks threats. |
Inventory | A list of assets such as devices, certificates, or systems. |
IP address | A unique identifier assigned to a device on a network. |
IPv4 address | A 32-bit IP address format. |
IPv6 address | A 128-bit IP address format. |
Isolation | The separation of systems or processes to limit risk. |
Issuance profile | A configuration that defines how certificates are issued. |
Issue type | A classification of a request or ticket. |
Issuer | The entity that creates and signs a certificate. |
Issuer CA | The certificate authority that issued a certificate. |
Issuing CA | A CA that directly issues certificates to end entities. |
Term | Definition |
|---|---|
Jarsigner | A Java tool used to digitally sign and verify JAR (Java Archive) files. |
Java Keystore (JKS) | A repository used to store cryptographic keys and certificates in Java applications. |
Javascript object notation (JSON) | A lightweight data format used for exchanging structured data between systems. |
Job | A task or process scheduled or executed within a system. |
Job status | The current state of a job (e.g., pending, running, completed, failed). |
JIT (Just-In-Time) access | A security approach where access is granted only when needed and for a limited time. |
JSON Web Encryption (JWE) | A standard for encrypting data in JSON format. |
JSON Web Signature (JWS) | A standard for signing data in JSON format to ensure integrity. |
JSON Web Token (JWT) | A compact token format used for securely transmitting information between parties. |
Term | Definition |
|---|---|
Kerberos | A network authentication protocol that uses tickets to securely verify user identities. |
Key compromise | A situation where a cryptographic key is exposed or accessed by unauthorized parties. |
Key custody | The responsibility for securely storing and managing cryptographic keys. |
Key escrow | The secure storage of cryptographic keys with a trusted third party for recovery purposes. |
Key generation | The process of creating cryptographic keys. |
Key length | The size of a key in bits, which affects its security strength. |
Key Management Service (KMS) | A system used to create, store, and manage cryptographic keys. |
Key pair | A set of two related keys (public and private) used in asymmetric cryptography. |
Key rotation | The practice of periodically replacing cryptographic keys. |
Key Signing Key (KSK) | A key used in DNSSEC to sign zone signing keys. |
Key size restriction | Limits placed on acceptable key sizes for security or compliance reasons. |
Key Storage Provider (KSP) | A software or hardware component that stores and manages cryptographic keys. |
Key type | The classification of a key based on its algorithm (e.g., RSA, ECC). |
Key usage | A certificate attribute that defines how a key can be used. |
Key usage policy | Rules governing acceptable uses of cryptographic keys. |
Keypair | Another term for a key pair. |
Keypair alias | A human-readable name assigned to a keypair. |
Keypair generation | The process of creating a keypair. |
Keypair ID | A unique identifier for a keypair. |
Kotlin Symbol Processing (KSP) | A tool for processing annotations in Kotlin code during compilation. |
Known vulnerability | A publicly identified weakness in software or systems. |
Kubernetes | An open-source platform for automating deployment and management of containerized applications. |
Term | Definition |
|---|---|
Lateral movement | Techniques used by attackers to move within a network after gaining initial access. |
Layered security | A defense strategy that uses multiple security controls to protect systems. |
Least privilege | A principle where users are given only the access they need to perform their tasks. |
Level of Assurance (LoA) | A measure of confidence in the identity verification process. |
License | A legal agreement that defines how software or services can be used. |
License compliance | Adherence to the terms and conditions of a software license. |
License key | A code used to activate or validate licensed software. |
Lifecycle management | The process of managing an asset from creation through retirement. |
Lifecycle state | The current phase of an asset within its lifecycle. |
Lightweight Directory Access Protocol (LDAP) | A protocol used to access and manage directory services. |
Limited user | A user with restricted permissions. |
Liveness detection | A method used to confirm that a biometric sample is from a real, live person. |
Load balancer | A system that distributes network traffic across multiple servers. |
Lockout policy | Rules that lock user accounts after repeated failed login attempts. |
Log | A record of events or activities in a system. |
Log management | The process of collecting, storing, and analyzing log data. |
Logging infrastructure | The systems and tools used to manage and store logs. |
Long-Term Validation (LTV) | A method that ensures digital signatures remain valid over time, even after certificate expiration. |
Term | Definition |
|---|---|
Machine identity | A digital identity assigned to a device, application, or service for authentication. |
Machine learning security | Practices for protecting machine learning models and data from threats. |
Mage | A build automation tool used in Go projects. |
Malware | Malicious software designed to harm or exploit systems. |
Managed automation solution | A service that automates tasks like certificate management on behalf of an organization. |
Managed certificate | A certificate that is automatically issued, renewed, and managed by a service. |
Managed PKI | A PKI solution operated by a third party, such as DigiCert®. |
Managed Services Provider (MSP) | A company that remotely manages IT services for customers. |
Management API | An interface used to programmatically manage systems or services. |
Manufacturing provisioning | The process of securely embedding identities or credentials into devices during production. |
MariaDB | An open-source relational database system. |
Memory safety | Protection against errors like buffer overflows that can lead to vulnerabilities. |
Message authentication | The process of verifying the integrity and origin of a message. |
Message chunking | Breaking a message into smaller parts for transmission or processing. |
Message Queuing Telemetry Transport (MQTT) | A lightweight messaging protocol commonly used in IoT. |
Metadata | Data that describes other data. |
Metric | A measurable value used to track performance or status. |
Microservices security | Security practices for protecting distributed, service-based architectures. |
Microsoft certificate type extension | A certificate extension used to define certificate types in Microsoft environments. |
Misconfiguration | Incorrect system settings that can create security risks. |
Mitigation | Actions taken to reduce the impact or likelihood of a threat. |
Mobile Device Management (MDM) | Tools used to manage and secure mobile devices. |
Module-Lattice-based Digital Signature Algorithm (ML-DSA) | A post-quantum cryptographic algorithm based on lattice mathematics. |
Monitoring | The continuous observation of systems for performance and security. |
MSP hub account | A central account used by an MSP to manage multiple customer environments. |
Multi-Factor Authentication (MFA) | A security method requiring multiple forms of verification. |
Mutual Transport Layer Security (mTLS) | A form of TLS where both client and server authenticate each other. |
MX (Mail Exchange) record | A DNS record that specifies mail servers responsible for receiving email. |
Term | Definition |
|---|---|
Nameserver | A server that translates domain names into IP addresses. |
Nameserver set | A group of nameservers assigned to manage a domain’s DNS. |
Namespace | A container that organizes and isolates resources or identifiers. |
Naming Authority Pointer (NAPTR) | A DNS record used for dynamic service discovery and rewriting rules. |
National Institute of Standards and Technology (NIST) | A U.S. agency that provides widely used cybersecurity standards and guidelines. |
Network | A collection of connected devices that communicate with each other. |
Network Address Translation (NAT) | A method of mapping private IP addresses to a public IP address. |
Network security | Practices and technologies used to protect networks from threats. |
Network segmentation | The division of a network into smaller sections to improve security. |
Network scan | The process of probing a network to identify devices and vulnerabilities. |
Network Time Protocol (NTP) | A protocol that synchronizes time across systems on a network. |
Node security | Security measures applied to individual nodes in a network. |
Noise protocol | A framework for building secure cryptographic protocols. |
Non-exportable key | A key that cannot be extracted from its secure storage location. |
Non-interactive signing | Automated signing processes that do not require user interaction. |
Non-repudiation | The assurance that an action or transaction cannot be denied by the party involved. |
Notification rule | A configuration that triggers alerts based on defined conditions. |
NS (Name Server) record | A DNS record that specifies authoritative nameservers for a domain. |
NuGet | A package manager for .NET used to distribute and manage libraries. |
Null cipher | A cipher that provides no encryption, leaving data unprotected. |
Term | Definition |
|---|---|
OAuth | A protocol for secure, delegated access to resources without sharing credentials. |
Object Identifier (OID) | A unique identifier used to name objects in standards and certificates. |
Observability | The ability to monitor and understand system behavior through data. |
OCSP stapling | A method where a server provides certificate status information during a TLS handshake. |
Offline key | A cryptographic key stored in a system not connected to a network. |
One-Time Password (OTP) | A password valid for a single login or transaction. |
Online Certificate Status Protocol (OCSP) | A protocol used to check a certificate’s revocation status in real time. |
Online key | A cryptographic key stored on a system connected to a network. |
OpenAPI definition | A specification that describes how an API works. |
OpenSSL | An open-source toolkit for implementing encryption and TLS. |
Operating system hardening | The process of securing an operating system by reducing vulnerabilities. |
Operational certificate | A certificate used in live production environments. |
Operational signing | The use of signing processes in production workflows. |
Orchestration security | Security practices for managing automated system processes. |
Organization | A registered entity that owns or manages resources or certificates. |
Organization approver | A person authorized to approve organization-related actions. |
Organization identifier | A unique value used to identify an organization. |
Organization validation | A certificate validation level verifying an organization’s identity. |
Outage | A period when a system or service is unavailable. |
Over-The-Air (OTA) | The remote delivery of updates or data to devices. |
OWASP | An organization that provides resources on web application security risks. |
Term | Definition |
|---|---|
Parent account | A main account that manages sub-accounts. |
Passcode | A code used to authenticate a user or device. |
Password hashing | The process of converting a password into a secure hash. |
PATCH (HTTP method) | An HTTP method used to partially update a resource. |
Patch management | The process of updating systems to fix vulnerabilities. |
PDF Advanced Electronic Signatures (PAdES) | A standard for applying advanced electronic signatures to PDF documents. |
Penetration testing | Simulated attacks used to identify security weaknesses. |
Perfect Forward Secrecy (PFS) | A feature ensuring past communications remain secure even if keys are compromised. |
Permission set | A collection of access rights assigned to users. |
Person-In-The-Middle (PITM) | An attack where a third party intercepts communication between two systems. |
Phishing | A fraudulent attempt to steal sensitive information. |
Pipeline gate | A checkpoint in a pipeline that controls progression based on conditions. |
Pipeline hardening | Securing CI/CD pipelines against threats. |
Placeholder | A temporary value used until real data is available. |
Placeholder hash | A placeholder hash value used for testing or processing. |
Platform integration | Connecting systems to work together. |
Platform security | Measures to protect a platform’s infrastructure and services. |
Policy | A set of rules governing system behavior. |
Policy enforcement | The process of applying policy rules. |
Policy engine | A system that evaluates and enforces policies. |
Policy evaluation order | The sequence in which policies are applied. |
POST (HTTP method) | An HTTP method used to submit data to a server. |
Post-quantum cryptography | Cryptography designed to resist quantum computing attacks. |
Postman | A tool for testing and interacting with APIs. |
Primary domain | The main domain associated with an account or service. |
Primary IP set | The main group of IP addresses used by a system. |
Principal | An entity (user, service, or device) that can be authenticated. |
Private CA | A certificate authority used within an organization. |
Private data lake | A secure repository for storing large volumes of data. |
Private key | A secret key used in cryptographic operations. |
Private TLS certificate | A certificate issued for internal or private use. |
Privilege escalation | Gaining higher access rights than intended. |
Probe interval | The time between health checks. |
Probe timeout | The maximum time to wait for a probe response. |
Profile | A set of predefined settings or configurations. |
Profile category | A grouping of similar profiles. |
Profile ID | A unique identifier for a profile. |
Proof of signing | Evidence that a signing action occurred. |
Protocol | A set of rules for communication between systems. |
Provisioning | The process of setting up systems, users, or resources. |
Provisioning workflow | The sequence of steps used to provision resources. |
Proxy | An intermediary that forwards requests between clients and servers. |
Proxy check | A validation to ensure proxy functionality or compliance. |
Proxy configuration | Settings that define how a proxy operates. |
Proxy server | A server that routes requests between clients and other servers. |
PTR (Pointer) record | A DNS record that maps an IP address to a domain name. |
Public key | A key used to encrypt data or verify signatures. |
Public key pinning | A technique that restricts which keys are trusted for a service. |
Public Key Cryptography Standards (PKCS) | A set of standards for public key cryptography. |
Public Key Infrastructure (PKI) | A system for managing digital certificates and keys. |
Term | Definition |
|---|---|
QoS security | Measures to protect and prioritize network traffic quality. |
Qualified Electronic Signature (QES) | An eIDAS-compliant digital signature with the highest legal validity in the EU. |
Qualified Trust Service Provider (QTSP) | A provider certified under eIDAS to deliver trusted digital services. |
Quantum computing | A computing model that uses quantum mechanics to solve complex problems. |
Quantum resistance | The ability of cryptography to withstand attacks from quantum computers. |
Quarantine | Isolating files, devices, or systems to prevent threats from spreading. |
Query injection | An attack that inserts malicious input into database or system queries. |
Query volume | The number of queries processed over a period of time. |
Quick Response (QR) code | A scannable code used to store and quickly access data. |
Term | Definition |
|---|---|
Ransomware | Malware that blocks access to data until a payment is made. |
Record | A single entry in a system or database. |
Record deletion | The removal of a record from a system. |
Record filtering | Selecting specific records based on criteria. |
Record retrieval | Accessing stored records. |
Record set | A group of related records. |
Record type | The classification of a record (e.g., DNS record type). |
Recovery plan | A strategy for restoring systems after a failure or incident. |
Recursive resolver | A DNS server that queries other servers to resolve domain names. |
Red team | A group that simulates attacks to test security defenses. |
Registered values | Predefined or approved values used in a system. |
Registration Authority (RA) | An entity that verifies identities before certificate issuance. |
Registration officer | A person responsible for validating and approving registrations. |
Regulated e-signature | A digital signature that meets specific legal or regulatory requirements. |
Reissue | The process of issuing a replacement certificate. |
Release | A version of software made available for use. |
Release artifact | A compiled output or package from a software release. |
Remote access security | Measures to protect remote connections to systems. |
Remote Identity Verification (RIV) | A process for verifying identity without in-person interaction. |
Remote signing | Signing data using a remote or cloud-based key. |
Rendezvous service | A service that helps systems discover and connect to each other. |
Renewal | The process of extending or replacing a certificate before expiration. |
Renewal window | The time period when renewal is allowed. |
Replay attack | An attack where valid data is reused maliciously. |
Report | A document or output summarizing data or activity. |
Report library | A collection of predefined reports. |
Reporting interval | The frequency at which reports are generated. |
Representational State Transfer (REST) | An architectural style for building web APIs. |
Repudiation | The ability to deny an action or transaction. |
Requester | The entity that initiates a request. |
Resilience | The ability to withstand and recover from disruptions. |
Resource representation | The format in which a resource is presented (e.g., JSON, XML). |
Restore job (ZBR) | A task that restores data from backups. |
Retry count | The number of times an operation is retried. |
Retry logic | Rules that determine how retries are handled. |
Reverse DNS (rDNS) | A lookup that maps an IP address to a domain name. |
Reverse proxy | A server that forwards client requests to backend servers. |
Revocation | The invalidation of a certificate before its expiration. |
Revocation checking | Verifying whether a certificate has been revoked. |
Risk assessment | The process of identifying and evaluating risks. |
Risk score | A value representing the level of risk. |
Rivest-Shamir-Adleman (RSA) | A widely used public-key cryptographic algorithm. |
Role | A set of permissions assigned to users. |
Role-Based Access Control (RBAC) | A method of restricting access based on roles. |
Rollback | Reverting a system to a previous state. |
Root CA | The top-level certificate authority in a trust hierarchy. |
Root certificate | A self-signed certificate that serves as a trust anchor. |
Root of trust | A trusted component that establishes system security. |
Root store | A collection of trusted root certificates. |
Root zone | The top level of the DNS hierarchy. |
Rotation policy | Rules for periodically updating keys or certificates. |
RSA key | A cryptographic key used in the RSA algorithm. |
Runtime protection | Security measures applied while systems are running. |
Term | Definition |
|---|---|
Sandbox | An isolated environment used for testing code safely. |
Scan engine | A tool that scans systems for vulnerabilities or threats. |
Scope assignment | Defining which resources or users a policy applies to. |
Sealer | An entity or tool that applies a digital seal to a document. |
SealSign 2.0 | A DigiCert® solution for creating and managing digital signatures. |
Seat | A licensed user or usage allocation. |
Secondary domain | An additional domain associated with an account. |
Secondary IP set | A backup group of IP addresses. |
Security assertion | A statement about a user’s identity or permissions. |
Secure boot | A process that ensures only trusted software runs during startup. |
Secure coding | Practices for writing secure software. |
Secure device lifecycle management | Managing device security from provisioning to decommissioning. |
Secure email (S/MIME) certificate | A certificate used to encrypt and sign email. |
Secure file | A file protected with encryption or access controls. |
Secure Hash Algorithm 3 (SHA-3) | A cryptographic hash function used for data integrity. |
Secure Shell (SSH) | A protocol for secure remote access to systems. |
Secure Socket Layer (SSL) | An older protocol for encrypting internet communications. |
Security Assertion Markup Language (SAML) | A standard for exchanging authentication data. |
Security audit | An evaluation of system security controls. |
Security Information and Event Management (SIEM) | A system for monitoring and analyzing security events. |
Security policy | Rules governing system security. |
Security posture | An organization’s overall security status. |
Self-service portal | A platform where users manage services independently. |
Sender | The originator of a message or data. |
Sensor | A device or tool that detects activity or changes. |
Serial number | A unique identifier assigned to a certificate or device. |
Server authentication EKU | A certificate extension for server authentication. |
Service account | An account used by applications or services. |
Service health status | The current condition of a service. |
Service user | A user account used for service operations. |
Signature Activation Data (SAD) | Data used to authorize a signing operation. |
Signature algorithm | The method used to create a digital signature. |
Signature block | The portion of data containing a digital signature. |
Signature Creation Device (SCD) | A device used to securely create signatures. |
Signature hash | A hash value used in the signing process. |
Signature log | A record of signing activities. |
Signatures replenishment | The process of renewing or refilling available signature capacity. |
Signature unit | A unit representing a single signing operation. |
Signature validation | Checking whether a signature is valid. |
Signature verification | Confirming a signature’s authenticity. |
Signed Certificate Timestamp (SCT) | Proof that a certificate is logged in CT logs. |
Signer | An entity that creates a digital signature. |
Signing | The act of applying a digital signature. |
Signing application | Software used to sign data. |
Signing event | An instance of a signing action. |
Signing Manager Controller (SMCTL) | A tool for managing signing operations. |
Signing policy | Rules governing how signing is performed. |
Simple Certificate Enrollment Protocol (SCEP) | A protocol for automating certificate enrollment. |
Simple Electronic Signature (SES) | A basic form of electronic signature. |
Simple signing | A straightforward signing process without advanced controls. |
Single Sign-On (SSO) | A method allowing one login for multiple systems. |
SOA (Start of Authority) record | A DNS record defining zone authority information. |
SOC 2 | A compliance standard for service organizations. |
Soft HSM | A software-based hardware security module. |
Software Bill of Materials (SBOM) | A list of components used in software. |
Software composition analysis | Identifying and managing software dependencies. |
Software supply chain | The processes and components involved in software creation. |
Sole Control Assurance Level (SCAL) | A level ensuring only the signer controls signing keys. |
SPF (Sender Policy Framework) record | A DNS record that helps prevent email spoofing. |
Spoofing | Impersonating a trusted source. |
SRV (Service) record | A DNS record specifying service locations. |
SSL Inspection | Examining encrypted traffic for threats. |
Stateful inspection | A firewall method that tracks connection states. |
Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) | A post-quantum signature algorithm based on hash functions. |
Static analysis | Analyzing code without executing it. |
Status indicator | A visual or numeric display of system status. |
Subdomain | A subdivision of a domain. |
Subject Alternative Name (SAN) | A certificate field listing additional domains. |
Subject Key Identifier (SKI) | An identifier for a certificate’s public key. |
Subscription | An agreement for ongoing service access. |
Subscription license pool | A shared pool of licenses. |
Subtenant | A subdivision of a tenant in multi-tenant systems. |
Supply chain attack | An attack targeting software or service supply chains. |
Swagger | A toolset for designing and documenting APIs. |
Symmetric encryption | Encryption using a single shared key. |
System scan | A scan of a system for vulnerabilities or issues. |
Term | Definition |
|---|---|
Tag | A label used to categorize or identify resources. |
Tampering | Unauthorized modification of data or systems. |
Telemetry | Data collected remotely for monitoring and analysis. |
Threat detection | The process of identifying potential security threats. |
Threat intelligence | Information about threats used to improve security. |
Threat model | A structured approach to identifying and addressing threats. |
Threat vector | The path or method used to carry out an attack. |
Threshold | A defined limit that triggers an action or alert. |
Time to Live (TTL) | The duration data is cached before refresh. |
Timestamp | A record of the date and time of an event. |
Timestamp URL | An endpoint used to request trusted timestamps. |
Timestamping Authority (TSA) | A service that provides trusted timestamps for data. |
TLS handshake | The process of establishing a secure TLS connection. |
Tokenization | Replacing sensitive data with non-sensitive tokens. |
Top-Level Domain (TLD) | The highest level in the domain name system (e.g., .com). |
TLS/SSL (Transport Layer Security/Secure Sockets Layer) | Protocols used to secure internet communications. |
Tokenless signing | A signing method that does not require a physical token. |
Traffic analysis | Monitoring network traffic patterns. |
Traffic management | Controlling and optimizing network traffic. |
Transaction Signature (TSIG) | A method for authenticating DNS transactions. |
Transport encryption | Encryption used to protect data in transit. |
True-Sign V | A DigiCert® solution for secure digital signing. |
Trust anchor | A trusted root used to validate certificates. |
Trust bundle | A collection of trusted certificates. |
Trust chain | A sequence of certificates establishing trust. |
Trust Lifecycle Manager (TLM) | A DigiCert® platform for managing certificate lifecycles. |
Trust object | An entity used to establish or represent trust. |
Trust Service Provider (TSP) | An organization that provides digital trust services. |
Trust store | A repository of trusted certificates. |
Trust validation | The process of verifying trust relationships. |
Trusted Platform Module (TPM) | A hardware component that securely stores cryptographic keys. |
TrustEdge agent | A DigiCert® agent used for managing trust services on devices. |
Tunnel encryption | Encryption applied to data traveling through a network tunnel. |
Two-Factor Authentication (2FA) | A method requiring two forms of identity verification. |
TXT (Text) record | A DNS record used to store text-based information. |
Term | Definition |
|---|---|
UltraDDR | A DigiCert® solution for managing distributed device registration and trust. |
UltraDDR Root Certificate Authority | The root CA used within DigiCert®’s UltraDDR system. |
Unauthorized access | Access to systems or data without permission. |
Unified endpoint management | A system for managing and securing all endpoint devices from a single platform. |
Universal 2nd Factor (U2F) | An authentication standard for secure second-factor login. |
Unrevoke | The process of restoring a previously revoked certificate. |
Unsupported hash function | A hash algorithm that is no longer considered secure or accepted. |
Update campaign | A coordinated rollout of updates to systems or devices. |
Update management | The process of managing software updates and patches. |
Uptime | The amount of time a system remains operational. |
URL filtering | Blocking or allowing web access based on URLs. |
Usage policy | Rules governing how a system or resource can be used. |
Usage report | A summary of how resources or services are used. |
Usage statistics | Data showing patterns of system usage. |
User | An individual or system that interacts with a service. |
User account | A record representing a user in a system. |
User and Entity Behavior Analytics (UEBA) | A security approach that analyzes behavior to detect anomalies. |
User authentication | The process of verifying a user’s identity. |
User experience (UX) | The overall experience of interacting with a system. |
User group | A collection of users with shared permissions. |
User identifier | A unique value assigned to a user. |
User interface (UI) | The visual elements through which users interact with a system. |
User principal | An identity used for authentication in a system. |
User provisioning | The process of creating and managing user accounts. |
User role | A set of permissions assigned to a user. |
User type | A classification of users based on roles or access levels. |
Term | Definition |
|---|---|
Validation | The process of confirming that information or a request is accurate and meets requirements. |
Validation rule | A condition that must be met for validation to succeed. |
Validation service | A system that performs validation checks. |
Validation specialist | A person responsible for verifying information or requests. |
Validity | The state of being valid or acceptable. |
Validity period | The time during which something (e.g., a certificate) is valid. |
Vault | A secure system for storing sensitive data like keys or secrets. |
Verification | The process of confirming identity or authenticity. |
Verification policy | Rules governing how verification is performed. |
Verified individual | A person whose identity has been confirmed. |
Verified Mark Certificate (VMC) | A certificate that enables verified brand logos in email clients. |
Version control security | Practices for securing code repositories and version control systems. |
Virtual Private Network (VPN) | A secure connection over a public network. |
Virtualization security | Security measures for virtual machines and environments. |
Virus | Malicious software that spreads by infecting files or systems. |
Visibility | The ability to monitor and understand system activity. |
Vulnerability | A weakness that can be exploited. |
Vulnerability assessment | The process of identifying and evaluating vulnerabilities. |
Voucher | A token or credential used to authorize or validate an action. |
Term | Definition |
|---|---|
Watched folder | A directory monitored for new files to trigger automated actions. |
Waterfall model | A linear development approach where each phase is completed before the next begins. |
Weak cipher | An encryption algorithm considered insecure due to vulnerabilities. |
Web Application Firewall (WAF) | A security tool that protects web applications by filtering HTTP traffic. |
Web forwarding | Redirecting one web address to another. |
Web security | Practices for protecting websites and web applications. |
Webhook | A method for sending real-time data between systems via HTTP callbacks. |
Wildcard certificate | A certificate that secures a domain and its subdomains. |
Windows clients installer | A tool used to install client software on Windows systems. |
Windows credential manager | A Windows feature for securely storing login credentials. |
Wireless security | Measures to protect wireless networks from unauthorized access. |
Workload identity | A digital identity assigned to applications or services. |
Worm | A type of malware that spreads automatically across networks. |
Term | Definition |
|---|---|
X.509 certificate | A standard format for digital certificates used in TLS and PKI. |
XML encryption | A method for encrypting XML data to protect confidentiality. |
X-Task-ID | A custom identifier used to track tasks or requests in systems. |
XML signature | A standard for digitally signing XML data to ensure integrity and authenticity. |
Term | Definition |
|---|---|
YAML security | Practices for securing YAML configurations and preventing misconfigurations. |
YARA rules | Patterns used to identify and classify malware. |
YubiKey | A hardware device used for secure authentication (e.g., MFA). |
Term | Definition |
|---|---|
Zero-day vulnerability | A security flaw that is unknown or unpatched by the vendor. |
Zero knowledge proof | A method of proving something is true without revealing the underlying data. |
Zero Touch Provisioning (ZTP) | Automatically configuring devices with minimal or no manual setup. |
Zero trust | A security model that requires continuous verification of all users and devices. |
Zero-trust signing model | A signing approach where every request is verified with no implicit trust. |
ZertES | A Swiss law governing electronic signatures and trust services. |
Zone | A portion of the DNS namespace managed as a unit. |
Zone delegation | Assigning authority over a DNS subdomain to another nameserver. |
Zone file | A file containing DNS records for a domain. |
Zone Signing Key (ZSK) | A key used in DNSSEC to sign DNS zone data. |
Zone transfer | The process of copying DNS zone data between servers. |