Identify and Access Management (IAM) | Processes and tools used to manage user IT accounts throughout the account lifecycle. These include the creation (provisioning) of the account, management of attributes and privileges during the account's active lifetime, password management, and finally the removal (de-provisioning) of the account when that lifetime is over.
| ITP-SEC038
|
Identity Proofing | The process of verifying the real life identity being claimed by a person. | ITP-SEC039
|
Identity Verification | A service is used to ensure that users provide information that is associated with the identity of a real person. It can involve the verification of identity information (fields) against independent and authoritative sources, such as credit bureau or commonwealth data. | ITP-SEC039 |
IEEE | The Institute of Electrical and Electronics Engineers, a non-profit, technical professional association and leading authority in technical areas ranging from computer engineering, biomedical technology and telecommunications, to electric power, aerospace and consumer electronics, among others. | ITP-NET001 |
Illegal Use | Use which violates local, state, or federal law as well as CoPA or agency IT policy. | MD 245.18 |
Imaged Document | A copy of an original hardcopy (paper) record that has been electronically imaged to an electronic storage system. An imaged document contains all the recorded information that appears on the original document and be able to serves the purpose(s) for which the original was created or retained. | MD 210.12 IRS Rev. Procedure 97-22 |
Immediate Maintenance (Enterprise Services) | Maintenance necessary when a problem exists on any Enterprise infrastructure component or Enterprise Service that has the potential to cause major disruptions to one or more agencies. | ITP-SYM010 |
Inactive Account
| An Inactive Account shall be any account that hasn’t been
used in 18 months or one which lacks any role or related attribute that would
be used to authorize its use to access an Information Technology System; or
any account where the AD userAccountControl attribute is set to “Disabled”.
| ITP-SEC007
|
Inappropriate Use | A violation of the goals, purpose and intended use of the network.
| MD 245.18 |
Incident
| Unplanned interruption to an IT service or reduction in the quality of an IT service.
| ITP-SYM010
|
Incident (Security) | A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. Examples of an incident are denial of service, malicious code, unauthorized access and inappropriate usage. | ITP-SEC021 |
Incident Response (Security)
| The manual and automated procedures used to respond to reported incidents (real or suspected), system failures and errors, and other undesirable events. | ITP-SEC021 |
Incident Response Process Document (Security)
| A
set of processes that outlines what to do in a Cyber Security Incident or
potentially suspected Cyber Security Incident.
| ITP-SEC024
|
Independent Third Party
| An entity that is not currently implementing or
managing the system(s) in scope.
| ITP-SEC023
|
Indicators of Compromise (IOCs)
| Evidence
or an artifact observed on a system or network that indicates a potential
intrusion.
| ITP-SEC024
|
Information
| Data, text, images, sounds, codes, computer programs, software, data bases, or the like. | MD 210.12
|
Information Asset
| Information relevant to the enterprise’s business functions,
including captured and tacit knowledge of employees, customers or business
partners; data and Information stored in highly-structured databases; data and
Information stored in textual form and in less-structured databases such as
messages, e-mail, workflow content and spreadsheets; Information stored in
digital and paper documents; purchased content; and public content from the
internet or other sources.
| ITP-INF000
|
Information Life Cycle
| The stages through which Information passes,
typically characterized as creation or collection, processing, dissemination, use,
storage, and disposition.
| ITP-INF000
|
Information Resources | Information and related resources, such as personnel, equipment, funds, and information technology.
| 44 U.S.C. Section 3502 |
Information Security | Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: Integrity, Confidentiality, Availability. | 44 U.S.C. Section 3542 |
Information Silo
| An Information Silo is an information management system that is
unable to freely communicate with other information management systems.
Communication within an Information Silo is always vertical, making it difficult or
impossible for the system to work with unrelated systems. Information Silos occur
when different individuals or groups generate or record new data, but don’t integrate or
aggregate that information for other parts of the business to view or use in a strategic
way. Additionally, it occurs from the tool sprawl and the poor or no integration of
business applications and processes.
| ITP-INF011
|
Information System | A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. | NIST 800-39 ITP-BUS008 |
Information Technology | The resources applied in an enterprise for the purpose of storing, retrieving, transmitting, and manipulating data through use of software and hardware infrastructure. | ITP-BUS000 |
Information Technology Policy (IT Policy, ITP) | A document published by OA/OIT that defines the expectations, requirements, standards, technical specifications, procedures, and guidelines to agencies that use and manage IT resources and services. Defined general areas (domains) in which IT policies encompass and are categorized. The policy domains and their abbreviations are: Accessibility (ACC), Application (APP), Business (BUS), Information (INF, INFG, INFRM), Integration (INT), IT Procurement (PRO), Network (NET), Platform (PLT), Privacy (PRV), Project Management (EPM), Security (SEC), Services (SER), Software (SFT), Systems Management (SYM).
| ITP-BUS000 ITP-BUS004 |
Information Technology Systems or Systems
| Information Technology Systems or Systems include computer applications,
servers, laptops, databases, routers, switches, wireless devices, mobile devices
and other computer related hardware and software.
| ITP-SEC007
|
Information Type | A specific category of information (e.g. privacy, medical, proprietary, financial, investigative, contractor sensitive, security management) defined by an organization, specific law, executive order, directive, policy, or regulation. | Federal Information Processing Standards (FIPS) 199
|
Infrastructure
| Refers to the enterprise's entire collection of hardware, software, networks, data centers, facilities and related equipment used to develop, test, operate, monitor, manage and/or support information technology services.
| ITP-BUS001
|
Infrastructure as a Service (IaaS)
| A Cloud Computing Service through which agencies provision processing, storage, networks, and other computing resources where the agency can deploy and run software, which can include operating systems and applications. The agency does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components.
| ITP-SEC040 ITP-SFT000
|
Integrated Development Environments (IDE)
| Provides frameworks used in modern programming languages and provide components with similar-user interfaces, minimizing the amount of mode switching compared to discrete collections of disparate development programs. IDEs offer robust capabilities to create service-oriented architecture (SOA) components and applications.. IDEs increase productivity by providing customizable interfaces, integrated debugging, testing and deployment tools, and integration with existing technology through SOA.
| ITP-SFT009
|
Integration Testing | The phase of software testing in which individual software modules are combined and tested as a group. It follows unit testing and precedes system testing. | ITP-SFT000
|
Integrity | Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. | 44 U.S.C. Section 3542 Federal Information Processing Standards (FIPS) 199
|
Internet Facing Web Application
| An application that uses the Internet to provide citizens, Commonwealth employees, and business partners with access to agency-specific data or services and that resides on Commonwealth IT Resources. This includes content generated from a data visualization or business analytics platform.
| ITP-SEC005
|
Internet Security Protocol (IPsec)
| Consists of a set of open standards to provide security equivalence to a private network in the shared public infrastructure (internet). IPsec provides security at the network layer and encrypts data within application communications.
| ITP-SEC010
|
Invitation For Bids (IFB) | Competitive sealed bidding for an IT product
or Service. Refer to Part I, Chapter 02, “Definitions” and Section A of Part I
Chapter 06 “Method of Awarding Contracts” of the Procurement Handbook. | ITP-BUS002
|
Invitation To Qualify (ITQ) | A multiple award contract used to procure IT
services from contractors pre-qualified in various IT service categories. Refer to
Part I, Chapter 02, “Definitions” and Section A of Part I Chapter 06, “Method of
Awarding Contracts” of the Procurement Handbook. | ITP-BUS002
|
ISO | Information Security Office/Officer
| MD 240.12 |
IT Governance
| The processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. It requires specification of the decision rights and accountability framework to encourage desirable behavior in the use of information technology.
| ITP-SEC040
|
IT Investment
| The purchase or procurement of any IT services that meet the criteria specified in ITP-BUS002.
| ITP-BUS001
|
IT Operations
| Commonwealth-sponsored ongoing routine IT activities or business processes which include, but are not limited to, reportable activities which support existing IT products or services throughout their defined service lifecycle, and do not meet the planning and classification criteria for an IT Project.
| ITP-SEC040
|
IT Policy Business Owner | OA/OIT personnel or program area responsible for ensuring assigned IT policy aligns with the enterprise's current IT environment. | ITP-BUS000 |
IT Policy Coordinator | OA/OIT personnel responsible for the management of the IT policy life cycle and facilitating the IT policy governance process. | ITP-BUS000 |
IT Policy Domain Owner | OA/OIT personnel responsible for the management of a specific domain of IT policies. | ITP-BUS000 |
IT Policy Waiver | A temporary exemption granted to commonwealth agencies for non-compliance with a specific OA/OIT IT Policy. | ITP-BUS004 |
IT Project
| A Commonwealth-sponsored IT Project is an undertaking that is not a routine operation or business process, but a specific set of tasks that are planned, organized, tracked, and executed by multiple resources, and has a defined start and end date. IT Projects are classified in one of three Investment Classes: Run, Grow or Transform.
| ITP-BUS001
|
IT Resources | (MD version): Include, but are not limited to, the following: the commonwealth’s computer systems, together with any electronic resource used for communications, which includes, but is not limited to laptops, individual desktop computers, wired or wireless telephones, cellular phones, pagers, beepers, personal data assistants and handheld devices, and, further, includes use of the internet, electronic mail (email), instant messaging, texting, voice mail, facsimile, copiers, printers or other electronic messaging through commonwealth facilities, equipment or networks (collectively "IT Resources").
(ITP version): Include, but are not limited to, the staff, software, hardware, systems, services, tools, plans, data, and related training materials and documentation that, in combination, support business activities. Examples of IT Resources include, but not limited to, desktop computers, mobile devices, email. telephones, servers, and network switches/routers.
| MD 205.34 MD 205.42 MD 240.11
ITP-SEC012 |