Term 31
Azure VPN Gateway
A cloud-based virtual private network gateway in Microsoft Azure that securely connects on-premises networks to Azure virtual networks over encrypted tunnels.
Acronym study
Terms 31–60 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 31
A cloud-based virtual private network gateway in Microsoft Azure that securely connects on-premises networks to Azure virtual networks over encrypted tunnels.
Term 32
A backup policy is a documented set of rules that defines what data to back up, how often, where to store it, and how long to keep it, ensuring data can be restored after loss.
Term 33
A formal security model that prevents users from reading information at a higher classification level than their own and from writing information down to a lower classification level.
Term 34
Biba is a security model that uses a lattice-based system to enforce integrity, ensuring that data cannot be corrupted by unauthorized or less trustworthy subjects.
Term 35
A BitLocker policy is a set of configuration rules that IT administrators use to manage how BitLocker Drive Encryption is enabled, enforced, and recovered on Windows devices within an organization.
Term 36
A branch policy is a set of rules and conditions enforced on a Git branch to control how code changes are proposed, reviewed, and merged, ensuring code quality and protecting critical branches.
Term 37
Brewer-Nash is a security model that prevents conflicts of interest by restricting access to data based on the user's past access history and organizational membership.
Term 38
Broken access control is a security vulnerability that occurs when an application does not properly enforce restrictions on what authenticated users are allowed to do, allowing them to access unauthorized data or perform unauthorized actions.
Term 39
A systematic process used to identify and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency.
Term 40
A trusted entity that issues digital certificates to verify the identity of websites, devices, and users in secure online communications.
Term 41
Certificate pinning is a security technique that associates a specific digital certificate or public key with a particular server, so that an app or system will only trust that exact certificate, rejecting any others even if they are issued by a trusted certificate authority.
Term 42
A Certificate Signing Request (CSR) is a specially formatted message sent by an applicant to a Certificate Authority (CA) to request a digital certificate that binds their public key to their identity.
Term 43
A certificate warning is a security alert a web browser or application displays when it cannot fully trust the digital certificate presented by a website or service.
Term 44
Change management is the structured process of planning, approving, implementing, and reviewing changes to IT systems to minimize risk and disruption.
Term 45
A security model that enforces data integrity by ensuring that only authorized, well-formed transactions change data, and that those changes are logged and controlled.
Term 46
Cloud Audit Logs are a record of actions taken by users, services, and resources inside a cloud environment, capturing who did what, when, and from where.
Term 47
Cloud IAM (Identity and Access Management) is a framework of policies and technologies that ensures the right individuals have appropriate access to cloud resources at the right time and for the right reasons.
Term 48
Cloud security architecture is the design and organization of security controls, policies, and technologies used to protect data, applications, and infrastructure in a cloud computing environment.
Term 49
Cloud security posture management is the continuous process of monitoring cloud environments to detect misconfigurations, compliance violations, and security risks, and automatically remediating them to maintain a strong security posture.
Term 50
A Cloud VPN is a service that securely connects your private network to a cloud provider's network over the public internet using encryption and authentication.
Term 51
Control Objectives for Information and Related Technologies — an IT governance framework for managing and auditing IT processes.
Term 52
A set of principles and rules that guide IT professionals to act with integrity, honesty, and responsibility in their work.
Term 53
Common Criteria is an international standard (ISO 15408) that provides a common framework for evaluating the security features and capabilities of information technology products.
Term 54
Communication Compliance is the set of policies, tools, and practices used by organizations to monitor, capture, and review electronic communications in order to meet regulatory, legal, and internal governance requirements.
Term 55
Compartmented security mode is a multilevel security (MLS) system where subjects are cleared for all sensitivity levels but only have access to specific compartments of information based on their need-to-know.
Term 56
A compensating control is a security measure implemented to reduce risk when a primary control cannot be used or is insufficient.
Term 57
Compliance is the process of ensuring that an organization follows laws, regulations, standards, and internal policies that apply to its operations and data handling.
Term 58
A Compliance Manager is a tool or service that helps organizations assess, monitor, and improve their adherence to regulatory standards, industry frameworks, and internal policies.
Term 59
A compliance policy is a set of rules that ensures devices, users, and applications meet an organization's security and regulatory requirements before they can access corporate resources.
Term 60
A compliance scan is an automated security assessment that checks systems, networks, and applications against a defined set of regulatory or organizational standards to verify adherence to required policies.