| (I) The ability and means to communicate with or otherwise
interact with a system in order to use system resources to either
handle information or gain knowledge of the information the system
contains.
(O) "A specific type of interaction between a subject and an
object that results in the flow of information from one to the
other." [NCS04]
(C) In this Glossary, "access" is intended to cover any ability to
communicate with a system, including one-way communication in
either direction. In actual practice, however, entities outside a
security perimeter that can receive output from the system but
cannot provide input or otherwise directly interact with the
system, might be treated as not having "access" and, therefore, be
exempt from security policy requirements, such as the need for a
security clearance.
|
