NYS Information Technology Policies, Standards, and Best Practice Guidelines

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
Term Definition Location
AAL Authenticator Assurance Level NYS-S14-006
Access Point A hardware device or a computer's software that acts as a communication hub for users of a wireless device to connect to a wired Local Area Network. NYS-S15-003
Account Archived Accounts that have not been used for x years are off-loaded via long term storage solutions. NYS-S14-006
Account Disabled Account is in an unusable state and can only be made usable again through an administrative action. NYS-S14-006
Account Locked Account is not useable until either an administrator resets a token or the end user resets the token through one of the forgotten password self service functions. NYS-S14-006
Address of Record The official location where an individual can be found that is on record with a trusted or authoritative entity such as a government agency, the individual’s employer, financial institution, or utility company. The address of record always includes the residential street address of an individual and may also include the mailing address of the individual. NYS-S20-001

Logo, graphic, text, sound, video, or any other means intended to promote or market a service, facility, or product offered by an entity for a commercial purpose. Advertising includes messages containing qualitative or comparative language, price information or other indications of savings or value, an endorsement, or an inducement to purchase, sell, or use any company, service, facility, or product.

Displaying the name, logo, product or service of a non-government entity in exchange for money, services, or other special consideration, including reduced cost for a product or service may also constitute ‚advertising‚ for example, "Powered by Company X" or "Web design by Company X". Linking to external sites that provide a particular commercial product or service. A State Entity should ensure that all links to non-government websites further the agency's mission, functions, and responsibilities.

Agency For purposes of this Standard, the definition of state agency is as defined in Open Meetings Law § 103, which states "'agency' shall mean only a state department, board, bureau, division, council or office and any public corporation the majority of whose members are appointed by the governor," and, for the purposes of this policy, includes any state agency, department, office, board, commission or other instrumentality of the State, but not a public authority. NYS-S07-001
Aircard/MiFi An aircard can be connected to a cellular network and provide internet access for a single device. A MiFi device can be connected to a cellular network and provide internet access for up to ten devices. The use of an aircard/MiFi requires a data plan. ITS-P18-007
AP See "Access Point" NYS-S15-003
Architecture Architecture is a set of components, their structure and inter-relationships, and the methods, guidelines, and standards governing their application and evolution over time. In the case of NYS and the NYS EA, the components being dealt with are the business, operational and information technology components of the enterprise. NYS-P03-002
Asset Anything that has value to an organization, including, but not limited to, another organization, person, computing device, information technology (IT) system, IT network, IT circuit, software (both an installed instance and a physical instance), virtual computing platform (common in cloud and virtualized computing), and related hardware (e.g., locks, cabinets, keyboards). NYS-S14-002
Authenticated Scan A credential based scan that provides sufficient access to allow the vulnerability scan engine to scan the operating system and all applications running on the system. NYS-S15-002
Authentication The process of establishing confidence in the identity of users or information systems. NYS-P03-002, NYS-S14-006
Authentication Factors Something you know, something you have, and something you are. NYS-S14-006
Authentication Method The authentication mechanism used at the time of user account login. NYS-P20-001
Authentication Protocol A defined sequence of messages between a Claimant and a Verifier that demonstrates that the Claimant has possession and control of a valid token to establish their identity, and optionally, demonstrates to the Claimant that they are communicating with the intended Verifier. NYS-S14-006
Authenticator Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant‚ identity (e.g. token). NYS-S14-006, NYS-P20-001
Authorization Access privileges granted to a user, program, or process or the act of granting those privileges. NYS-S13-001
Availability The extent to which information is operational, accessible, functional and usable upon demand by an authorized entity (e.g., a system or user). NYS-S13-005, NYS-S13-001, NYS-S14-002 andNYS-S14-003
B   back to top
Banner Ad Typically rectangular advertisement placed on a Web site, above, below, or to the side of the site's main content area. NYS-P10-001
Bitrate In digital multimedia, bitrate is the number of bits used per unit of time to represent a continuous medium such as audio or video after source coding (data compression). In this sense it corresponds to the term digital bandwidth consumption. While often referred to as "speed," bitrate does not measure distance/time but quantity/time. NYS-G07-002
Breach Acquiring of information by a person without valid authorization or through unauthorized acquisition. NYS-P03-002
Business Analysis and Risk Assessment Defined by the ESRA regulation as "identifying and evaluating various factors relevant to the selection of an electronic signature for use or acceptance in an electronic transaction.  Such factors include, but are not limited to, relationships between parties to an electronic transaction, value of the transaction, risk of intrusion, risk of repudiation of an electronic signature, risk of fraud, functionality and convenience, business necessity and the cost of employing a particular electronic signature process." NYS-G04-001
BYOD Bring Your Own Device NYS-S14-012
C   back to top
Cell Phone A telephone with access to a cellular radio system so it can be used over a wide area, without a physical connection to a network. A cell phone only allows users to place and receive voice calls and text messages. Requires only a voice plan. ITS-P18-007
Chief Information Officer See "State Chief Information Officer" NYS-P08-002; NYS-S16-001
CIO See "State Chief Information Officer" ITS-P17-011, NYS-P08-002; NYS-S16-001; ITS-P18-005; NYS-P13-001
CISO Chief Information Security Office(r) NYS-P13-001
Claimant A party whose identity is to be verified using an authentication protocol. NYS-S20-001
Clear GIF A graphic with a unique identifier, similar to a cookie, used to track the online movements of users. Clear gifs are also known as pixel tags, web beacons, or web bugs. NYS-G02-001
Click-through A message on a user's computer screen, requiring that the user respond to a question and, as a result, provide information by clicking on an icon. NYS-G02-001
Cloud Broker An entity that manages the use, performance, and delivery of cloud services, and negotiates relationships between cloud providers and cloud consumers. As cloud computing evolves, the integration of cloud services may be too complex for cloud consumers to manage alone. ITS-P19-002
CND See "Computer Network Defense" NYS-S13-005
Collaborative Computing Device Collaborative computing devices may include, but are not limited to, networked white boards, cameras, and microphones that are connected to NYS IT systems for the purposes of conducting government business collaboratively. NYS-P03-002
Computer Network Defense Using defensive measures in order to protect information, information systems, and networks from threats. NYS-S13-005
Computer Security Event An anomaly that has been reported or noticed in a system or network. NYS-S13-005
Computer Security Incident A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. A computer security incident is also defined as any event that adversely affects the confidentiality, integrity, or availability of system and its data. NYS-S13-005
Confidentiality The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. NYS-P14-001, NYS-S13-005, NYS-S13-001, NYS-S14-010, NYS-S14-003
Consolidated Log Infrastructure The hardware, software, networks, and media used to generate, transmit, store, analyze, and dispose of log data. NYS-S14-005
Consultant See "ITS Consultant" ITS-P00-002; ITS-P15-002; ITS-P15-001; ITS-P18-006; ITS-G18-001; ITS-P18-004
Contiguous United States (CONUS) The 48 contiguous states of the United States and the District of Columbia. This definition specifically excludes the states of AK and HI as they are not part of the contiguous states and are included in the definition of Non-Foreign, Outside the Continental United States (OCONUS) locations. NYS-P03-002
Contract Award A written determination from ITS to an Offerer indicating that ITS has accepted its bid or offer. NYS-P01-001
Contractor Refers to any entity that contracts with ITS. ITS-P18-002; ITS-P15-001; ITS-S18-001; ITS-P18-006; ITS-P17-011; NYS-P98-003
Control An action taken to enhance the likelihood that established goals or objectives will be achieved (in the context of this policy, generally an action taken to reduce risk). NYS-P03-002
Cookie A unique text file stored on a user's computer by an Internet browser. These text files are used as a means of distinguishing among users of a website and as a means of customizing the website according to the user's preferences and interests. A cookie will not include personal information unless the user has volunteered that information. NYS-G02-001
CPE Continuing Professional Education NYS-S10-001
Credential An object that authoritatively binds an identity to a token possessed and controlled by a person or entity. NYS-G10-001
Credential Service Provider A trusted entity that issues or registers subscriber authenticators and issues electronic credentials to subscribers. NYS-S20-001, NYS-S14-006
Critical Infrastructure Systems and assets, whether physical or virtual, so vital to New York State that the incapacity or destruction of such systems and assets would have a debilitating impact on security, economic security, public health or safety, or any combination of those matters. NYS-P03-002
Criticality The degree to which a State Entity depends on the information or information system for the success of a mission or of a business function. NYS-P03-002
Cryptographic Related to cryptography which is (1) The mathematical science used to secure the confidentiality and authentication of data by replacing it with a transformed version that can be reconverted to reveal the original data only by someone holding the proper cryptographic algorithm and key; (2) A discipline that embodies the principles, means, and methods for transforming data in order to hide its information content, prevent its undetected modification, and/or prevent its unauthorized uses. NYS-G04-001
Cryptographic Keys Data used to encrypt or decrypt a message or information. NYS-G04-001
CTO Chief Technology Office(r) ITS-P19-005; ITS-P19-002
Custodian A person or entity who is responsible for a device. ITS-P21-001
D   back to top
Data A subset of information in an electronic format that allows it to be retrieved or transmitted. NYS-S13-001; ITS-P07-002
Digital Object Any discrete set of digital data that can be individually selected and manipulated. This can include shapes, pictures, string of numbers, or characters that appear on a display screen as well as less tangible software entities. NYS-G04-001
Digital Signatures Produced by two mathematically linked cryptographic keys, a private key used to sign, and a public key used to validate the signature. A digital signature is created when a person uses their private key to create a unique mark (called a "signed hash") on an electronic document. The recipient of the document employs the person’s public key to validate the authenticity of the digital signature and to verify that the document was not altered subsequent to signing. Digital signatures are often used within the context of a Public Key Infrastructure (PKI) in which a trusted third party known as a Certification Authority (CA) binds individuals to private keys. NYS-G04-001
Direct Application Access ​Accessing an application directly with the application providing its own security (e.g., webmail, https). NYS-S14-010
Disclose Shall have the same meaning as defined in State Technology Law §202. This shall mean to reveal, release, transfer, disseminate, or otherwise communicate information orally, in writing or by electronic or other means, other than to the person who is the subject of such information. NYS-G02-001
DLA ITS Division of Legal Affairs ITS-P17-011, ITS-P07-002, ITS-P00-001, ITS-P02-004, ITS-P04-011, ITS-P06-004, ITS-P08-001, ITS-P13-001, ITS-P18-002, ITS-P18-004, ITS-P18-005, ITS-P18-006, NYS-G02-001, NYS-G04-001, NYS-P01-001, NYS-P08-002, NYS-P10-001, NYS-P10-004; ITS-P19-002
DNS This refers to all the domains and subdomains within the Internet Domain Name System (DNS). ITS-G18-003, ITS-S16-003, ITS-S16-002, ITS-S16-007
DOB Division of the Budget ITS-P10-004, ITS-P15-002, ITS-P16-002, ITS-P16-003, ITS-P17-011, NYS-P08-001, NYS-S20-001
Domain A region of jurisdiction on the World Wide Web (Internet) for naming assignment. The General Services Administration is responsible for registrations in the dot-gov domain, and has delegated this authority to the CIO for all State Entities. NYS-P08-003
Domain Name A name assigned to an Internet server, requested from ITS by a State Entity. NYS-P08-003
E   back to top
e-Authentication Also known as electronic authentication. The process of establishing confidence in user identities electronically presented to an information system. NYS-P20-001
EES Enterprise eDiscovery Services ITS-P21-003, ITS-P21-005
e-Government The use of computer technology to provide faster, more convenient, and better delivery of government services to customers by reducing paper processes and the need to go to government offices for the service. Customers in e- Government can include citizens, businesses, and other governments. Typically, these services are available over the Internet on a government agency‚ website or a government portal, like NY.GOV ID. NYS-P20-001
Electronic Evidence Electronic evidence as defined by the US DOJ Electronic Crime Scene Investigation is information and data of investigative value that is stored on or transmitted by an electronic device. NYS-S13-005
Electronic Record Information, evidencing any act, transaction, occurrence, event, or other activity, produced or stored by electronic means and capable of being accurately reproduced in forms perceptible by human sensory capabilities. NYS-G04-001
Electronic Signature Shall have the same meaning as defined in State Technology Law §302. This shall mean "an electronic sound, symbol, or process, attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the record." This definition conforms to the definition found in the Federal E-Sign Law. NYS-G04-001
Electronic Transaction Shall mean an action or set of actions occurring through the use of electronic technology by or with a governmental entity. NYS-G04-001
Elements HTML tags NYS-P03-002
Employee Any employee, contractor, or consultant who works for ITS in any capacity, regardless of the employee’s bargaining unit, employment location, and employment status. ITS-P16-004, ITS-P02-002, ITS-G18-001, ITS-P08-001; ITS-P16-002; ITS-P06-004
Encoder A device used to change a signal (such as a bitstream) or data into a code. The code may serve any of a number of purposes such as compressing information for transmission or storage, encrypting or adding redundancies to the input code, or translating from one code to another. This is usually done by means of a programmed algorithm, especially if any part of the code is digital. NYS-G07-002
Encoding The process of preparing content for sending to viewers. Audio and video are converted to a format that matches the chosen distribution technique and attributes and is also compressed. NYS-G07-002
Encryption A cryptographic operation that is used to enhance security and protect the State’s electronic data ("data") by transforming readable information ("plaintext") into unintelligible information ("ciphertext"). NYS-S14-007
Endorsement Statement of approval of a product, service or individual business, person or any other non-governmental entity. NYS-P10-001
Entropy A measure of the amount of uncertainty that an attacker faces to determine the value of a secret such as a password. Entropy is usually stated in bits. See NIST 800-63 Recommendation for Electronic Authentication. NYS-G04-001
EPR Event Participation Request Form ITS-P10-002; ITS-P06-004
e-Record See "Electronic Record" NYS-G04-001
ESI Electronically Stored Information ITS-P21-003, ITS-P21-005
e-Signature See "Electronic Signature" NYS-G04-001
Ethics Officer Ethics Officer at the Division of Legal Affairs ITS-P06-004
ETL Extract, Transform and Load ITS-P20-001
Explicit Indication A signal or alert to user(s) physically present providing notice that a collaborative computing device sensor has been activated. NYS-P03-002
F   back to top
FDS Annual statements of financial disclosure submitted to JCOPE. ITS-P06-004
Fundamental Alteration A change in the fundamental characteristic of the product, not merely a cosmetic or esthetic change. NYS-P08-005
G   back to top
Guideline (NYS-P09-003) Guidance, best practices, recommendations, or administrative instructions to perform a specific task. A guideline can be a standalone document or make a policy or standard more meaningful and effective. Compliance with a guideline is not compulsory, but strongly suggested. NYS-P09-003
Guideline (NYS-S13-001) Non-mandatory suggested course of action. NYS-S13-001
H   back to top
Hardware Security Model A physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. ITS-S16-003
Hashing Producing hash values for accessing data or for security. A hash value (or simply hash) is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value. Hashes play a role in security systems where they are used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they are the same, there is a very high probability that the message was transmitted intact. NYS-G04-001
I   back to top
IaaS Infrastructure as a Service ITS-P19-002
IAL See "Identity Assurance Level" NYS-S20-001
ICT "Information Communication Technology" NYS-P08-005
Identity Assurance Level The degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued, and the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. NYS-S14-006, NYS-P20-001, NYS-S20-001
Identity Provider The party that manages the individual’s primary authentication credentials and issues assertions derived from those credentials. This is commonly the Credential Service Provider (CSP) as defined in the ITS Glossary. NYS-P20-001
idP see Identity Provider NYS-P20-001
Impact The magnitude of harm that could be caused by a threat. NYS-S14-001
Incident Response The manual and automated procedures used to respond to reported network intrusions (real or suspected); network failures and errors; and other undesirable events. NYS-S13-005
Incident Response Stakeholders IR Stakeholders are any individuals‚ technical or non- technical, directly responding to or overseeing IR activities. NYS-S13-005
Independently Verified Information provided by a user is verified to a source that is independent of the user (most often a trusted database) which finds that the claimed identity exists and is consistent with the identity and address information provided. NYS-G04-001
Individual Account A unique account issued to a single user. The account enables the user to authenticate to systems with a digital identity. After a user (e.g., NYS citizen, resident, employee, or other applicable user type) is authenticated, the user is authorized or denied access to the system based on the permissions that are assigned directly or indirectly to that user. NYS-S14-013
Information Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual. An instance of an information type. All CISO Policies; ITS-P07-002
Information Communication Technology Shall have the same meaning as set forth in 36 C.F.R. Appendix A to Part 1194, information technology and other equipment, systems, technologies, or processes, for which the principal function is the creation, manipulation, storage, display, receipt, or transmission of electronic data and information, as well as any associated content. NYS-P08-005
Information Owner An individual or organizational unit responsible for making classification and control decisions regarding use of information. NYS-P03-002
Information Security The concepts, techniques and measures used to protect information from accidental or intentional unauthorized access, modification, destruction, disclosure or temporary or permanent loss. NYS-P03-002
Information System A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. NYS-S14-002
Information Technology Shall have the same meaning as set forth in 40 U.S.C. § 11101(6): (A) any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by a State Entity, if the equipment is used by the State Entity directly or is used by a contractor under a contract with the State Entity that requires the use (1) of that equipment; or (2) of that equipment to a significant extent in the performance of a service or the furnishing of a product; (B) includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but (C) does not include any equipment acquired by a State contractor incidental to a State contract. NYS-P08-005
Information Technology Resources Equipment, software or services used to input, store, process, transmit, and output information, including, but not limited to, desktops, laptops, mobile devices, servers, telephones, fax machines, copiers, printers, Internet, email, and social media sites. NYS-P14-001, ITS-S16-007
Integrity The property that data has not been altered or destroyed from its intended form or content in an unintentional or an unauthorized manner. NYS-P14-001, NYS-S13-005, NYS-S13-001, NYS-S14-003
Interested Party A participant in the procurement process and those who are a participant in the procurement process and those who participate in the procurement process which has been foreclosed by the actions of ITS. NYS-P01-001
Internet Shall have the same meaning as defined in State Technology Law §202. This shall mean a system of linked computer networks, international in scope, that facilitate DATA transmission and exchange. NYS-G02-001
Internet Protocol Address A numerical identifier assigned either to a user's Internet service provider or directly to a user's computer. NYS-G02-001
IP Address See "Internet Protocol Address" NYS-G02-001
ISO Information Security Officer NYS-P13-001, NYS-S14-013, NYS-S15-002
ITBM Information Technology Business Management ITS-S18-002
ITS Consultant Refers to any individual who performs services for ITS and/or its customers pursuant to a contract with ITS. ITS-P06-004, ITS-P18-004; ITS-P00-002; ITS-P15-002; ITS-P18-006
ITS Employee see "Employee" ITS-P00-001; ITS-P06-004; ITS-P15-003; ITS-P15-001; ITS-P18-002; ITS-P18-003
ITSM IT Service Management ITS-P13-002; ITS-S16-006; ITS-P20-004; ITS-P18-003; ITS-P19-002
J   back to top
JCOPE Joint Commission on Public Ethics ITS-P06-004, ITS-P18-005
K   back to top
Knowledge-Based Verification (KBV) Identity verification method based on knowledge of private information associated with the claimed identity. This is often referred to as knowledge-based authentication (KBA) or knowledge-based proofing (KBP). NYS-S20-001
L   back to top
Least Privilege Granting users, programs or processes only the access they specifically need to perform their business task and no more. NYS-S13-001
M   back to top
MiFi ​see "Aircard/Mifi" ITS-P18-007
Mobile Device A computing device in a small portable form factor that has at least one network connection interface, non-removable and/or removable storage, and is portable, including but not limited to smartphones, Personal Digital Assistants (PDAs), tablets, laptops, smart watches and wearable devices. NYS-S14-007, NYS-S14-009
Multi-Factor Authentication Using more than one of the following factors to authenticate to a system. Something you know (e.g., user-ID, password, personal identification number (PIN), or passcode). Something you have (e.g., a one-time password authentication token, smart card). Something you are (e.g., fingerprint, retina scan) NYS-S20-001
N   back to top
NIST "National Institute of Standards and Technology" NYS-S20-001
Nonce A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge- response authentication protocols must not be repeated until authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable. NYS-S14-006
NYS Private Cloud The NY State Private Cloud is a framework of services that provide New York State entities with secure technology services and solutions. ITS-P19-002
O   back to top
Offerer An individual, bidder, or entity who has submitted an offer in response to a solicitation for commodities or services issued by ITS. NYS-P01-001
OGS Office of General Services ITS-G18-002, ITS-P04-005, ITS-P17-011, ITS-P15-001, ITS-P15-002, ITS-S18-001, NYS-P08-001, ITS-S20-003
Online Service A service accessed via the Internet or other networks which provides access to citizens, businesses, business partners, other State Entities, local government entities, and the State workforce. NYS-P20-001, ITS-P15-003, NYS-P08-001
OOB Out-of-Band NYS-S14-006
OSS Open Source Software ITS-P19-005
P   back to top
PaaS Platform as a Service ITS-P19-002
Password Expiration The frequency in which a user is required to choose a new password (i.e., forced to change the password after x days). NYS-S14-006
Patch Management Vulnerabilities that can be addressed by a software or firmware update (patch) and applies to all software used on NYS systems. NYS-S15-001; ITS-G18-003; NYS-S14-008
Penetration Testing Test of the overall strength of an SE‚ defenses (technology, processes, people) by simulating the objectives and actions of an attacker. NYS-P03-002
Peripheral A device or component associated with a workplace device, used to input/output data from a workplace device. Examples of peripherals include keyboard, mice, and LCD displays. ITS-P21-001
Persistent Cookie A cookie that remains on the user's computer. NYS-G02-001
Personal Information Any information concerning a natural person which, because of name, number, symbol, personal mark, or other identifier, can be used to identify that natural person. NYS-G02-001
Personal, Private or Sensitive Information Any information where unauthorized access, disclosure, modification, destruction or disruption of access to or use of such information could severely impact the SE, its critical functions, its employees, its customers, third parties, or New Yorkers This term shall be deemed to include, but is not limited to
  • Personal Information;
  • Private Information;
  • Information that identifies specific structural, operational, or technical information of the State‚ Critical Infrastructure, such as maps, mechanical or architectural drawings, floor plans, operational plans or procedures, training and security procedures, descriptions of technical processes and technical architecture, plans for disaster recovery and business continuity;
  • Reports, logs, surveys, or audits that contain sensitive information;
  • Security related information (e.g., vulnerability reports, risk assessments, security logs);
  • Other information that is protected from disclosure by law or relates to subjects and areas of concern as determined by SE executive management.
NYS-G10-001, NYS-P03-002; NYS-S14-005
Physical and Environmental Security Measures taken to protect systems and physical infrastructure against threats associated with their physical environment. Physical and environmental security controls include the following broad areas:
  • The facility's general geographic operating location determines the characteristics of natural threats, such as earthquakes and flooding; threats made by people such as burglary, civil disorders, or interception of transmissions and emanations; and damaging nearby activities, including toxic chemical spills, explosions, fires, and electromagnetic interference from emitters, such as radars.
  • Supporting facilities are those services, both technical and human, that underpin the operation of the system. The system's operation usually depends on supporting facilities such as electric power, heating and air conditioning, and telecommunications. The failure or substandard performance of these facilities may interrupt operation of the system and may cause physical damage to system hardware or stored data.
Physical Infrastructure A generic description of any area containing non end-user IT equipment and subsidiary hardware, e.g.
  • Mainframes;
  • Servers;
  • Communications equipment;
  • Printing facilities;
  • Media libraries; and
  • Wiring closets.
PO Purchase Order ITS-P15-001, ITS-P17-011, NYS-P08-001
Policy (1) A prescribed or proscribed course of action or behavior which is to be followed with respect to the acquisition, deployment, implementation or use of information technology resources. All CISO Policies
Policy (2) A formal, high-level statement that outlines an organization's general beliefs, values, goals, objectives, and expectations for a specified subject area. Compliance with a policy is required. NYS-P09-003
Policy maker An ITS employee who holds a policy-making position, as annually determined by ITS and available upon request to the Ethics Officer. ITS-P06-004
Pop Up Ad Type of window that appears on top of (over) the browser window of a Web site that a user has visited. In contrast to a pop-under ad, which appears behind (in back of) the browser window, a pop- up is more obtrusive as it covers other windows, particularly the window that the user is trying to read. Pop-ups ads are used extensively in advertising on the Web. NYS-P10-001
Portable Storage Device A storage device that is capable of being physically transported, including but not limited to USB/flash drives/thumb drives, external hard drives, tapes, CDs, DVDs and cameras. NYS-S14-007
Portal The classic intranet portal site functions as an informational hub (i.e., topical tree listing of sites combined with a search engine), aggregating links that connect the portal's constituency of visitors to related information sources. Portals are typically positioned as starting points for users. Private sector examples include Google and Yahoo. NYS-S05-002
Portals A server that offers access to one or more applications through a single centralized interface that provides authentication (e.g., web-based portal, virtual desktop interface (VDI)). NYS-S14-010
PPSI See "Personal, Private, Sensitive Information" NYS-P03-002
Private Information As defined in State Technology Law, shall mean personal information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted or encrypted with an encryption key that has also been acquired; (1) social security number; (2) driver's license number or non-driver identification card number; or (3) account number, credit or debit card number, in combination with any required security code, access code, or password which would permit access to an individual's financial account. Private information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. NYS-P03-002
Private Key A cryptographic key kept secret or known only by the holder. Private keys can be used to create e-signatures or decrypt messages or files. The same private key used to sign should not be used to decrypt. NYS-G04-001
Privileged Account An account which provides increased access and requires additional authorization. Examples include a network, system or security administrator account. NYS-S14-013, NYS-G10-001
Procedure A set of administrative instructions for implementation of a policy or standard. NYS-P03-002
Product Shall include, without limitation&%2358; when solicited from a vendor in State government contracts, RFPs, IFBs, or mini-bids, any piece or component of equipment, hardware, firmware, middleware, custom or commercial software, or internal components or subroutines therein which perform any date/time data recognition function, calculation, comparing or sequencing. Where services are being furnished, e.g., consulting, systems integration, code or data conversion or data entry, the term "Product" shall include resulting deliverables. NYS-P98-003
Project Sunlight An initiative which authorized the creation of an online database ( where the public can access to see the names of individuals and entities interacting with government decision makers, and imposes reporting requirements on certain state employees ("covered employees"). ITS-P13-001
Proof of Value An ITS Proof-of-Value (POV) is a formal evaluation of an un-procured technology to demonstrate that the technology has practical potential to fill a business need. ITS-P18-001
Protest A written challenge by an interested party to a contract award made by ITS. NYS-P01-001
Public Authority For purposes of this standard, the definition of public authorities is as defined in POL § 103, a public authority or public benefit corporation created by or existing under any State law, at least one of whose members is appointed by the Governor (including any subsidiaries of such public authority or public benefit corporation), other than an interstate or international authority or public benefit corporation. NYS-S07-001
Public Key Infrastructure (PKI) The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based asymmetric or public key cryptographic system. The PKI consists of systems that collaborate to provide and implement e-signatures, encryption, and authentication services. NYS-G04-001
R   back to top
RA See "Registration Authority" NYS-S20-001
Registration Authority A trusted entity that establishes and vouches for the identity of an applicant to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s). NYS-S20-001
Re-issuance A new credential is created with a new identity and/or a new token. For example, a password token is re-issued by having the user select a new password. NYS-S14-006
Relying Party An entity that relies upon the claimant’s token and credentials or a verifier's assertion of a claimant’s identity, typically to process a transaction or grant access to information or a system. NYS-S20-001
Remote Access The ability to access non-public computing resources from locations other than the State’s internal network. NYS-S14-010
Remote System Control ​Controlling a system remotely from a location other than the State’s internal network. NYS-S20-001
Renewal The usage or validity period of the token and credential is extended without changing the token or re-verifying the user‚ identity. Examples of tokens that would be renewed or extended include hard tokens, out of band tokens, one time passwords, and soft tokens. NYS-S14-006
Residual Risk (NYS-S14-001) The remaining potential risks after all IT security measures are applied. NYS-S14-001
RFP Request for Proposal ITS-P17-011, NYS-P08-001
RFQ Request for Quote ITS-P17-011, NYS-P08-001
Risk Assessment The process of identifying threats to information or information systems, determining the likelihood of occurrence of the threat, and identifying system vulnerabilities that could be exploited by the threat. NYS-P03-002
Risk Management A process that includes taking actions to assess risk and avoid or reduce risk to acceptable levels. NYS-S14-001
S   back to top
SE See "State Entity" NYS-G10-001; NYS-S14-008; ITS-P12-002; ITS-P19-005
Secure Coding Coding practices to avoid the occurrence of common coding vulnerabilities and to be resilient to high-risk threats before being deployed in production. NYS-S13-002
Secure Sockets Layer (SSL) An older version of the TLS proto. ITS-S16-003
Security Level The degree of trust that is associated with a user account, based upon Identification method; one of the attributes of a user account. NYS-P03-002
Sensitivity A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection. NYS-S14-001
Service Oriented Architecture ​A form of distributed systems architecture that is typically characterized by the following properties: Logical view: The service is an abstracted, logical view of actual programs, databases, business processes, etc., defined in terms of what it does, typically carrying out a business-level operation. Message orientation: The service is formally defined in terms of the messages exchanged between provider agents and requester agents, and not the properties of the agents themselves. The internal structure of an agent, including features such as its implementation language, process structure and even database structure, are deliberately abstracted away in the SOA: using the SOA discipline one does not and should not need to know how an agent implementing a service is constructed. A key benefit of this concerns so-called legacy systems. By avoiding any knowledge of the internal structure of an agent, one can incorporate any software component or application that can be "wrapped" in message handling code that allows it to adhere to the formal service definition. Description orientation: A service is described by machine-processable meta data. The description supports the public nature of the SOA: only those details that are exposed to the public and important for the use of the service should be included in the description. The semantics of a service should be documented, either directly or indirectly, by its description. Granularity: Services tend to use a small number of operations with relatively large and complex messages. Network orientation: Services tend to be oriented toward use over a network, though this is not an absolute requirement. Platform neutral: Messages are sent in a platform-neutral, standardized format delivered through the interfaces. XML is the most obvious format that meets this constraint.​​ ITS-P20-001
Service Set Identifier (SSID) The name assigned to a Wi-Fi (wireless) network. All devices in the network must use this name to communicate over Wi-Fi. NYS-S15-003
Session cookie A cookie that is erased during browser operation or when the browser is closed. NYS-G02-001
SFS Statewide Financial System ITS-P15-001, ITS-P15-001, ITS-P15-002, ITS-P16-003, ITS-P17-011, NYS-P08-001
Shared Account Any account where more than one person knows the password and/or uses the same authentication token. Use of shared accounts is only allowed when there is a system or business limitation preventing use of individual accounts. These cases must be documented by the information owner and reviewed by the Information Security Officer (ISO)/ designated security representative. NYS-S14-013
Significant Change Includes but is not limited to: Adding/deleting/modifying features/functionality to existing systems; Substantial redesign of the existing system or environment; or, other modifications that could substantially affect the system security. Exclusions include, but are not limited to changes to wording, adding links to an outside site, adding a document to a web site, installing vendor supplied security patches to the underlying software or operating system, uploading data to the database. NYS-S13-001
Single-Factor Authentication Using one of the following to authenticate to a system:
  • Something you know (e.g., user-ID, password, memorized personal identification number (PIN), or passcode)
  • Something you have (e.g., a one-time password authentication token, smart card‚)
  • Something you are (e.g., fingerprint, retina scan)
Smart Card A hardware token that incorporates one or more integrated circuit (IC) chips to implement cryptographic functions and possesses some inherent resistance to tampering. NYS-G04-001
SOA See "Service Oriented Architecture" ITS-P20-001
Social Media Media that is created to be shared freely across different web publishing platforms. NYS-P11-001
Sound Mixer A device which takes two or more audio signals, mixes them together and provides one or more output signals. NYS-G07-002
Sponsorship Logo, graphic, text, sound, video or any other identifier recognizing an individual business, person or any other non-governmental entity in exchange for donation of services, support, underwriting a project, etc. NYS-P10-005, NYS-P10-001
SSID See "Service Set Identifier" NYS-S15-003
Standard Sets of rules for implementing policy. Standards make specific mention of technologies, methodologies, implementation procedures and other detail factors. All CISO Policies NYS-P09-003
State State of New York. All CISO Policies
State Chief Information Officer See "CIO" NYS-P08-002; ITS-P17-011; ITS-P15-001
State Entity Any entity that falls within the definition of "State Government" entities as defined in Executive Order 117 or "State Agencies" as defined in Section 101 of the State Technology Law. NYS-P08-002
NYS-S14-009; NYS-S14-008; ITS-P12-002; NYS-P09-003
State Government Entity See "State Entity" NYS-P10-004, NYS-P08-003
Supervisor An individual responsible for day-to-day management or supervision of a User. NYS-P14-001
Synchronized Text Captioning Text transcript that is synchronized or coordinated in time with the audio and video track (also referred to as synchronized text captions). NYS-G07-002
System An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, applications, and communications. NYS-P14-001
T   back to top
Tablet A tablet is a wireless touch screen personal computer (PC) that is smaller than a notebook/laptop but larger than a smartphone. Modern tablets are built with wireless Internet or local area network (LAN) connectivity and a variety of software applications, including business applications, and Web browsers. A tablet may be used 1) with a data plan or 2) without a data plan by connecting it to a LAN, tethering it to a smartphone, or connecting it to a Wi-Fi or MiFi device. ITS-P18-007
Target Implementation Environment The deployment environment in which the new or modified system is installed or fielded for use by a defined set of users after system acceptance has been completed. This is often referred to as the "production" environment. NYS-S15-002
Taxonomy Science of classification according to a predetermined system, with the resulting catalog used to provide a conceptual framework for discussion, analysis, or information retrieval. ITS-S18-002
TBM Counsel The TBM Council is a nonprofit professional organization dedicated to advancing the discipline of technology business management (TBM). TBM provides technology leaders with standards and validated best practices to communicate the cost, quality, and value of IT investments to their business partners. In turn, IT is able to drive innovation for their organization. The TBM Council and its community focus on collaboration, standardization, and education to advance TBM and the IT profession. ITS-S18-002
Threat A potential circumstance, entity or event capable of exploiting vulnerability and causing harm. Threats can come from natural causes, human actions, or environmental conditions. A threat does not present a risk when there is no vulnerability. NYS-P03-002
Token Something that a user possesses and controls (typically a key or password) used to authenticate the user’s identity. A token incorporates one or more of the three factors of authentication: something you know (e.g., user-ID, password, personal identification number (PIN), or passcode); something you have (e.g., a one-time password authentication token, ‘smart card’); or something you are (e.g., fingerprint, retina scan). NYS-P03-002; NYS-S14-006; NYS-G04-001; NYS-S14-013; NYS-S15-003; NYS-S14-010
TOS "Terms of Service" NYS-P11-001
Transport Layer Security (TLS) A network protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. ITS-S16-003
Trusted Party An entity with which the State Entity has established a business relationship through a service level agreement, memorandum of understanding, contract or other comparable mechanism. For purposes of this standard, the trusted party must be evaluated and accepted per the NYS Federation/Partner Process. NYS-S20-001
Tunneling A secure communication channel through which information can be transmitted between networks (e.g., Virtual Private Network (VPN)) NYS-S14-010
U   back to top
Undue Burden Significant difficulty or expense. In determining whether an action would result in an undue burden, state government entities must consider all resources available for use in the funding and operation of the service, program, or activity. NYS-P08-005
URL Uniform Resource Locator, colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identifier (URI), although many people use the two terms interchangeably. ITS-G18-003, ITS-S16-003
User Shall have the same meaning as defined in State Technology Law §202. This shall mean any natural person who uses the internet to access a state agency website. NYS-G02-001
V   back to top
Verifier An entity that verifies the claimant’s identity by verifying the claimant’s possession and control of one or two authenticators using an authentication protocol.  NYS-S20-001
Visual Inspection Inspection of valid current photo ID that contains the applicant’s picture and either address of record or nationality (e.g., driver’s license or Passport). Inspection will include comparing picture to applicant and recording ID number, address and date of birth. NYS-S20-001
VSMO Vendor Sourcing and Management Organization ITS-G20-001; ITS-P18-005
Vulnerabilities A weakness that can be accidentally triggered or intentionally exploited. NYS-P03-002
W   back to top
WCAG "Web Content Accessibility Guidelines" NYS-P08-005
Webcast A broadcast produced in one location and transmitted to any PC or video-capable device connected to the internet. NYS-G07-002
White Balance A setting in a camera that compensates for the differences in color temperature of the surrounding light. In both analog and digital electronic cameras that use CCD and CMOS sensors to capture the image, the white balance must be adjusted to ensure that all colors in the scene will be represented faithfully. It can be adjusted automatically by the camera, by selecting presets (tungsten, fluorescent, etc.) or by aiming the lens at a totally white surface (the white card) and selecting "lock white balance." Alternatively, a gray card with 18% gray is sometimes used. NYS-G07-002
Wireless Local Area Network (WLAN) A group of wireless networking nodes within a limited geographic area that serve as an extension to existing wired local area networks, and which are based on the IEEE 802.11 standard and its amendments. NYS-S15-003
Wireless Technology Technology that permits the transfer of information between separated points without physical connection. Currently wireless technologies use infrared, acoustic, radio frequency, and optical. NYS-P03-002
WLAN See "Wireless Local Area Network" NYS-S15-003
Workplace Device An IT hardware device, connected to a State or third-party network, used to access applications. ITS-P21-001

Contact Information

Questions concerning this glossary may be directed to the New York State Office of Information Technology Services by e-mailing [email protected].