(AD) Active Directory
A directory service developed by Microsoft that centralizes network and security administration in Windows environments. Active Directory authenticates and authorizes all users and computers on the network, assigns and enforces security policies, and installs software on network computers.
Ad Hoc File Transfer
A method used to easily transmit large files on a one-time, person-to-person basis—without the delivery, security, and tracking risks often associated with email and FTP-based transfers. Ad hoc file transfers are generally part of a larger MFT solution.
AES (Advanced Encryption Standard)
An open encryption standard for electronic data that offers fast encryption at 128-bit, 192-bit and 256-bit strengths. AES is a symmetric encryption algorithm, which means that the same key is used for encrypting and decrypting data.
AS2 (Applicability Statement 2)
A network protocol that uses HTTPS (Hypertext Transfer Protocol Secure) and S/MIME (Secure/Multipurpose Internet Mail Extensions) to transmit data securely and reliably over the Internet.
B2B (Business-to-Business)
The exchange of products, services, or information between businesses rather than between businesses and consumers (B2C) or businesses and government (B2G).
Basel II
An international standard developed by the Basel Committee on Banking Supervision that requires financial institutions to maintain enough cash reserves to cover their operational risks.
Basel III
An international standard developed by the Basel Committee on Banking Supervision that builds on Basel I and II to strengthen the banking sector’s ability to deal with financial stress. Basel III effectively triples the size of the capital reserves that the world’s banks must hold against losses. The new rules will be phased in from January 2013 through January 2019.
Check 21
A U.S. law enacted in 2003 that enabled banks to phase out paper check handling by allowing electronic check images (especially TIFF-formatted files) to serve the same legal roles as original paper checks.
Checkpoint Restart
The procedures used for resuming a file transfer after it has been halted, either accidentally or deliberately. A checkpoint is a reference to the location of a file at a point in time during the transfer. In the event of a halted transfer, the last checkpoint serves as a recovery point from which to restart the transfer.
Checksum Verification
A method of verifying file integrity after a transfer. The file is “hashed” before and after the transfer. The hash values are compared to confirm the file was not altered in transit.
Data at Rest
Refers to data resting on a storage device. Data is typically referred to as “secured at rest” when it is encrypted while on the storage device.
Deprovisioning
The act of deactivating user accounts—removing access rights and freeing up resources reserved by users and their file transfer workflows.
DMZ (Demilitarized Zone)
The use of firewalls to create a network segment that sits between a corporate LAN and a public network such as the Internet. Computers placed in the DMZ are exposed to the Internet so that they can provide a controlled conduit for data flowing into and out of the corporate network.
DMZ Streaming
A method of moving data and files between a private internal network and a public network through the DMZ. With streaming, data never physically resides on DMZ servers.
EDI (Electronic Data Interchange)
The electronic transfer of strictly formatted data from one computer system to another, without human intervention. EDI is different from email in that it implies a sequence of messages between two parties and the processing of received messages is by computer only.
FIPS 140-2 (Federal Information Processing Standard 140-2)
A computer security standard published by the National Institute of Standards and Technology (NIST) that is used to accredit cryptographic modules. FIPS 140-2 defines the U.S. government security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. FIPS 140-2 includes specifications for algorithms, hash algorithms, and key negotiation standards.
FIPS Validated
Verification that a cryptographic module or implementation has been formally validated by the National Institute of Standards and Technology (NIST) laboratories.
FTP (File Transfer Protocol)
A standard network protocol used to transfer files from one host to another over TCP-based networks, such as the Internet. Information transmitted via FTP travels over the network in cleartext, which means anyone with a sniffer can read it. Logons to FTP servers require user names and passwords, which also travel in unprotected cleartext and can be easily grabbed by unscrupulous individuals.
FTPS (FTP Secure)
An extension to the FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
FTP with PGP (File Transfer Protocol with Pretty Good Privacy)
The combination of PGP (for encryption and integrity) and nonsecure FTP. With this combination, the file payload is protected in transit, but user credentials still flow in cleartext.
GLBA (Gramm-Leach-Bliley Act)
A U.S. law enacted in 1999 to protect the personal financial information of consumers that is held by financial institutions. Under GLBA, financial institutions are required to implement safeguards that provide information security, privacy, and data integrity.
Guaranteed Delivery
A combination of techniques used to ensure the successful delivery of files and to recover from failed transfers. These techniques include the restarting of a transfer upon failure detection and proactive alerting to support personnel so that remediation steps can be taken.
HIPAA (Health Insurance Portability and Accountability Act)
A U.S. law enacted in 1996 that preserves the privacy and security of personal health records. HIPAA requires that organizations in the healthcare industry adhere to specific physical, administrative, and technical safeguards in order to prevent unauthorized access to and manipulation of electronically stored and transmitted patient health information.
HTTP (Hypertext Transfer Protocol)
The network protocol used in communications over the World Wide Web. Its versatility supports the delivery of both HTML pages and files from servers to user desktops.
HTTPS (Hypertext Transfer Protocol Secure)
A secure network protocol, used for communications over the World Wide Web, which combines HTTP with SSL/TLS.
J-SOX (Japanese Sarbarnes-Oxley Act)
The Japanese version of SOX, a U.S. law enacted in 2002 that regulates financial practices and corporate governance of public companies. Designed to protect the integrity of a public company’s financial data, J-SOX mandates that Japanese companies use a framework for internal controls over financial reporting systems (including the underlying information technology).
LDAP (Lightweight Directory Access Protocol)
An Internet protocol that applications use to obtain directory information, such as email addresses and public keys. Because LDAP is an open protocol, applications are able to access any server hosting the directory.
MD5 (Message Digest Algorithm)
A common data integrity check standard in file transfer software that is no longer considered a secure hash. MD5 codes are 128-bit numbers and are usually represented in hexadecimal format (e.g., “9508bd6aab48eedec9845415bedfd3ce”).
MFT (Managed File Transfer)
Technology that manages an organization's file transfer processes—provisioning, monitoring, controlling, and securing all aspects of file movement between users, businesses, and systems.
Multiprotocol Support
In the context of MFT software, the ability to transfer files using multiple file transfer protocols, such as FTP, FTPS, SFTP, and HTTPS.
Nonrepudiation
The ability to prove that a file was sent by a particular party to another party. In the context of MFT, nonrepudiation is achieved via digital signatures, which prove that a sender has sent a specific file/message and that the recipient has received that file/message.
Onboarding
The process of defining and configuring the necessary user accounts, file transfers, and access rights needed for B2B file exchanges. This process is also frequently referred to as “provisioning” or “user provisioning.”
PCI DSS (Payment Card Industry Data Security Standard)
A U.S. industry standard maintained by the PCI Security Standards Council that dictates rules for handling sensitive cardholder data—both in-transit and in-storage. Because PCI DSS is an industry standard, there are no government penalties for violations. But businesses (credit card companies, merchants, and service providers) that fail to comply may be restricted in their use of credit card services.
PGP (Pretty Good Privacy)
A data encryption and decryption technology. PGP is often used for signing, encrypting, and decrypting files before transmitting them over file transfer or email technologies.
Provisioning
The process of defining and configuring the necessary user accounts, file transfers, and access rights needed for B2B file exchanges. This process is also frequently referred to as “user provisioning” or “onboarding.”
SCP (Secure Copy)
Secure network protocol used for transferring files. SCP is a component of the SSH protocol.
Self-Provisioning
The ability of individual users and partners to set up their own accounts, typically with limited rights. Self-provisioning reduces system maintenance costs, but sacrifices some measure of oversight by system administrators.
SFTP (SSH File Transfer Protocol)
A secure network protocol used for transferring files. Designed by the Internet Engineering Taskforce, SFTP is an extension of the SSH protocol. Note: SFTP is not FTP run over SSH. It is a new protocol designed from the ground up.
SLA (Service Level Agreement)
The section of a contract that specifies service performance levels. For example, a SLA could require guaranteed delivery of a file by a prescribed time.
SOX (Sarbanes-Oxley Act)
A U.S. law enacted in 2002 to protect the financial information of public companies. SOX requires that companies ensure the integrity of data used in public financial statements. It holds CEOs and CFOs accountable for the accuracy of financial statements. And it specifies financial reporting responsibilities, including adherence to internal controls and procedures designed to ensure the validity of financial records. The Securities and Exchange Commission oversees SOX compliance.
SSH (Secure Shell)
A network protocol initially designed for remote system administration that has been enhanced to support secure file transfer. The SCP and SFTP file transfer protocols are based on SSH.
SSL (Secure Sockets Layer)
A standard protocol used to encrypt information traveling over the Internet. Today, the phrases “protected by SSL,” “secured by SSL,” or “encrypted by SSL,” really mean “protected by TLS or SSL version 3,” whichever gets negotiated first.
TLS (Transport Layer Security)
The IETF-defined version of Secure Sockets Layer (SSL), a standard protocol used to encrypt information traveling over the Internet.
Trading Partners
Two or more organizations exchanging data electronically.
X.509 Certificate
Digital certificates that secure files and other data through encryption and digital signing. X.509 certificates secure SSL/TLS channels; authenticate SSL/TLS servers and clients; encrypt/sign S/MIME, AS1, AS2, AS3 and some “secure zip” payloads; and provide nonrepudiation to the AS1, AS2, and AS3 protocols. They are used with the SSL/TLS and other protocols to provide confidentiality and integrity in data communications.