Published by the National Institute of Standards and Technology

Glossary terms and definitions last updated March 28, 2023

This Glossary only consists of terms and definitions extracted verbatim from NIST’s cybersecurity- and privacy-related publications–Federal Information Processing Standards (FIPS), NIST Special Publications (SPs), and NIST Internal/Interagency Reports (IRs)–as well as from Committee on National Security Systems (CNSS) Instruction CNSSI-4009. Only terms that are defined in final publications—not drafts—are included here.

Multiple definitions. Some terms have multiple definitions. Terminology changes over time, and may differ based on the topic being addressed. Always refer to the source publication for the authoritative term and definition, and to see that information in its proper context.

information

Definition(s):

  An instance of an information type.

Source(s):
FIPS 200 under INFORMATION from FIPS 199
NIST SP 800-137 under Information from FIPS 199
NIST SP 800-39 under Information from FIPS 199
NIST SP 800-60 Vol. 1 Rev. 1 under Information from FIPS 199
NIST SP 800-60 Vol. 2 Rev. 1 under Information from FIPS 199

  Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual. An instance of an information type.
Source(s):
NIST SP 800-30 Rev. 1 under Information from CNSSI 4009, FIPS 199

  Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.
Source(s):
NIST SP 800-39 under Information from CNSSI 4009
NISTIR 8170 under Information from CNSSI 4009, FIPS 199

  2. Knowledge — e.g., data, instructions — in any medium or form that can be communicated between system entities.
Source(s):
CNSSI 4009-2015 from IETF RFC 4949 Ver 2

  1. Facts and ideas, which can be represented (encoded) as various forms of data. 2. Knowledge—e.g., data, instructions—in any medium or form that can be communicated between system entities.
Source(s):
NIST SP 800-12 Rev. 1 under Information from IETF RFC 4949 Ver 2

  1. Facts, data, or instructions in any medium or form. 2. The meaning that a human assigns to data by means of the known conventions used in their representation.
Source(s):
NIST SP 800-59 under Information from DoD JP 1-02

  Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, electronic, or audiovisual forms.
Source(s):
NIST SP 800-172 from OMB Circular A-130 (2016)
NIST SP 800-172A from OMB Circular A-130 (2016)
NIST SP 800-37 Rev. 2 from OMB Circular A-130 (2016)
NIST SP 800-53 Rev. 5 from OMB Circular A-130 (2016)
NIST SP 800-53A Rev. 5 from OMB Circular A-130 (2016)
NIST SP 800-53B from OMB Circular A-130 (2016)
NIST SP 800-171 Rev. 2 from OMB Circular A-130 (2016)

  Facts and ideas, which can be represented (encoded) as various forms of data.
Source(s):
CNSSI 4009-2015

  Meaningful interpretation or expression of data.
Source(s):
NIST SP 800-88 Rev. 1 under Information

  Knowledge that is exchangeable amongst users, about things, facts, concepts, and so on, in a universe of discourse.
Source(s):
NIST SP 800-160v1r1 from ISO/IEC 10746-2:2009

  Data that has semantic content (i.e. meaning) in a certain context.
Source(s):
NISTIR 4734 under Information

The full glossary is available on the publisher’s website.