fips191_14
FIPS PUB 191
2.2 Security Services and Mechanisms
A security service is the collection of mechanisms, procedures and other controls that are
implemented to help reduce the risk associated with threat. For example, the identification and
authentication service helps reduce the risk of the unauthorized user threat. Some services
provide protection from threats, while other services provide for detection of the threat
occurrence. An example of this would be a logging or monitoring service. The following
services will be discussed in this section:
• Identification and authentication - is the security service that helps ensure that the LAN
is accessed by only authorized individuals.
• Access control - is the security service that helps ensure that LAN resources are being
utilized in an authorized manner.
• Data and message confidentiality - is the security service that helps ensure that LAN data,
software and messages are not disclosed to unauthorized parties.
• Data and message integrity - is the security service that helps ensure that LAN data,
software and messages are not modified by unauthorized parties.
• Non-repudiation - is the security service by which the entities involved in a communication
cannot deny having participated. Specifically the sending entity cannot deny having sent a
message (non-repudiation with proof of origin) and the receiving entity cannot deny having
received a message (non-repudiation with proof of delivery).
• Logging and Monitoring - is the security service by which uses of LAN resources can be
traced throughout the LAN.
The mechanisms, procedures and guidance provided in this section should not be considered as
mandatory requirements in this document. This FIPS Guideline is voluntary, and the controls
listed here should be considered as potential solutions, and not required solutions. Determining
the appropriate controls and procedures to use in any LAN environment is the responsibility of
those in each organization charged with providing adequate LAN protection.
16