[Data Security] Acronym for Certificate Authority.

cable plant

[Network] All of an installation's passive communications elements (e.g., optical fiber, twisted pair, or coaxial cable, connectors, splices, etc.) between transmitters and receivers.


1. [Computer System] To store data temporarily for expedited access.

2. [Computer System] The location in which data is stored temporarily.

There are a variety of cache types. Read cache holds data in anticipation that it will be requested. Write cache holds data written by a client until it can be stored on other (typically slower) storage media such as disk or tape. See buffer, disk cache, write back cache, write through cache.


[Storage System] An enclosure for a single disk or tape.

Canisters are usually designed to mount in shelves that supply power, cooling, and I/O interconnect services to the devices. They are used to minimize RF emissions and to simplify insertion and removal of devices in multi-device storage subsystems. See shelf.

CAP Theorem (Consistency, Availability, and Partition Tolerance)

A hypothesis that it is impossible for a distributed system to provide Consistency, Availability, and Partition Tolerance guarantees at the same time.

See eventual consistency.

capacity optimization methods

[Storage System] Methods which reduce the consumption of space required to store a data set, such as compression, data deduplication, thin provisioning, and delta snapshots.

RAID 5 and 6 may also be considered as capacity optimizing methods, as they use less space than ordinary mirroring to perform a necessary function: protecting data from storage device failure.

capacity optimizing system

[Storage System] A system which employs at least one capacity optimization method.

capacity planning

[General] The process of optimizing supply of a given resource to satisfy current and future demand for that resource.

Common methods used for capacity planning include tracking, trending, forecasting and scenario planning to predict future demand.


[Data Recovery] A media handling robot in which the media are stored in and selected from a rotating wheel.

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

[Network] A physical layer data transmission protocol used in Ethernet and fast Ethernet networks.

Carrier sense refers to arbitration for a shared link. Unlike "always on" physical protocols, carrier sense protocols require a node wishing to transmit to wait for the absence of carrier (indicating that another node is transmitting) on the link. Multiple access refers to the party line nature of the link. A large number of nodes (up to 500 in the case of Ethernet) share access to a single link. Collision detection refers to the possibility that two nodes will simultaneously sense absence of carrier and begin to transmit, interfering with each other. Nodes are required to detect this interference, and cease transmitting. In the case of Ethernet, each node detecting a collision is required to wait for a random interval before attempting to transmit again.


[Fibre Channel] The process of connecting two or more Fibre Channel hubs or switches together to increase the number of ports or extend distances.


1. [Data Recovery] A stored list of backed up files and directories and the locations (media identifiers) of the backup copies.

2. [File System] A persistent data structure used by some file systems to keep track of the files they manage.


[Data Security] Acronym for Cipher Block Chaining.


[Data Security] Acronym for Common Criteria.


[SCSI] Acronym for Command Descriptor Block.


[Standards] Acronym for Cloud Data Management Interface.


[Data Recovery] Acronym for Continuous Data Protection.


[Fibre Channel] Acronym for Clock and Data Recovery.


[Data Security] A data structure signed with a digital signature that is based a public key and which asserts that the key belongs to a subject identified in the structure.

Certificate Authority (CA)

[Data Security] In a Public Key Infrastructure (PKI), the authority and organization responsible for issuing and revoking user certificates, and ensuring compliance with the PKI policies and procedures.

The reputation of the certificate authority determines the trust that may be placed in the identity assurance provided by the certificates issued by the authority.

Certificate Revocation List (CRL)

[Data Security] A time-stamped list of certificates, signed by the issuing Certification Authority, that have been revoked by that CA.

The CRL is made available to entities that need to rely on a certificate for authentication.

chain of custody

[Legal] A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer. [NIST SP 800-72]


[Data Security] A step in an authentication dialog that must be answered using either a secret or process assumed to be known only by the other party.

A challenge can be as simple as “What’s your password?” or as complex as “Send me the result of a retinal scan of your right eye.”

Challenge Handshake Authentication Protocol (CHAP)

[Data Security] A password-based authentication protocol that uses a challenge to verify that a user has access rights to a system.

A hash of the supplied password with the challenge is sent for comparison so the cleartext password is never sent over the connection.

changed block point in time copy

[Storage System] Deprecated synonym for delta snapshot.


1. [Storage System] The electrical circuits that sense or cause the state changes in recording media and convert between those state changes and electrical signals that can be interpreted as data bits.

2. [Computer System] Synonym for I/O interconnect.

The term channel has other meanings in other branches of computer technology. The definitions given here are commonly used when discussing storage and networking. See device channel, I/O interconnect, host I/O bus.


1. [Computer System] Synonym for byte.

2. [Fibre Channel] A 10-bit information unit transmitted and received by FC-1, consisting of 8 bits of data encoded as a 10 bit transmission character using 8B/10B encoding

Some transmission characters used in FC-1 correspond to special codes and some 10 bit sequences represent invalid transmission characters.

character cell interface

[Computer System] Synonym for Command Line Interface.

check data

[Storage System] Synonym for parity data.


1. [Data Recovery] The recorded state of an application at an instant of time, including data, in-memory variables, program counter, and all other context that would be required to resume application execution from the recorded state.

2. [File System] An activity of a file system, such as the High Performance File System, (HPFS) or the Andrew File System (AFS), in which cached metadata (data about the structures of the file system) is periodically written to the file system's permanent store, allowing the file system to maintain consistency if an unexpected stop occurs.


[Data Security] A value computed across a set of data, used to detect change.

A checksum is often used for error and manipulation detection.


[Storage System] Deprecated synonym for strip.

chunk size

[Storage System] Deprecated synonym for stripe depth and strip size.

C-H-S addressing

[Storage System] Synonym for Cylinder-Head-Sector addressing.


[iSCSI] Acronym for Connection Identifier.


[File System] Acronym for Common Internet File System.


[Management] [Network] Acronym for Common Information Model.


[Data Security] A cryptographic system where plaintext is rearranged through transposition and/or substitution under direction of a cryptographic key.

When a cipher is applied to plaintext to produce ciphertext, the process is called encryption. When the cipher is applied to ciphertext to produce plaintext, the process is called decryption.

cipher suite

[Data Security] A named combination of a key exchange algorithm (for authentication), a bulk encryption algorithm, a message authentication code (MAC) algorithm, and a pseudorandom function (PRF) that may be negotiated and used to establish the security settings for a network connection using the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) network protocol.


[Data Security] Data that has been encrypted.

See cleartext.

Cipher Block Chaining (CBC)

[Data Security] A block cipher mode of operation, in which each block of plaintext is XORed with the previous ciphertext block before being encrypted, making each ciphertext block dependent on all preceding plaintext blocks.


[Fibre Channel] [Network] Synonym for communication circuit.


[Data Communication] Shorthand for Compliant Jitter Tolerance Pattern.

CKD (architecture)

[Storage System] Synonym for Count-Key-Data disk architecture.

Class 1

[Fibre Channel] A connection-oriented class of Fibre Channel communication service in which the entire bandwidth of the link between two ports is dedicated for communication between the ports and not used for other purposes.

Class 1 is also known as dedicated connection service, and is not widely implemented. See intermix.

Class 2

[Fibre Channel] A connectionless Fibre Channel communication service which multiplexes frames from one or more N_Ports or NL_Ports.

Class 2 frames are explicitly acknowledged by the receiver, and notification of delivery failure is provided. This class of service includes end to end flow control.

Class 3

[Fibre Channel] A connectionless Fibre Channel communication service that multiplexes frames to or from one or more N_Ports or NL_Ports.

Class 3 frames are datagrams, that is they are not explicitly acknowledged, and delivery is on a "best effort" basis.

class of service

1. [Network] A mechanism for managing traffic in a network by specifying message or packet priority or delivery acknowledgement.

Network mechanisms include identification and grouping of data packets based on a priority label (in the packet header) or via mechanisms such as "per hop behavior", defined by the IETF's Differentiated Services.

2. [Fibre Channel] The characteristics and guarantees of the transport layer of a Fibre Channel circuit.

Fibre Channel classes of service include connection-based services (Class 1), acknowledged frame delivery with end to end flow control (Class 2), and packetized frame datagrams (Class 3). Different classes of service may simultaneously exist in a fabric. The form and reliability of delivery in Class 3 circuits may vary with the topology.


[Data Security] Alternative term for plaintext. Stating that data is in cleartext implies that the data is not scrambled or rearranged, and is in its raw form.


[Computer System] Acronym for Command Line Interface.


1. [Computer System] An intelligent device or system that requests services from other intelligent devices, systems, or appliances.

See server.

2. [General] An asymmetric relationship with a second party (a server) in which the client initiates requests and the server responds to those requests.

client-side data deduplication

[Capacity Optimization] Deprecated synonym for source data deduplication.


[Data Management] Synonym for snapshot.

Clones and snapshots are full copies. See delta snapshot.

cloud auditor

[Cloud] A party trusted conduct independent assessment of cloud services, information system operations, performance and information security of the cloud implementation.

cloud carrier

[Cloud] An intermediary that provides connectivity and transport of cloud services between cloud providers and cloud consumers.

cloud consumer

[Cloud] A person or organization that uses cloud services.

Cloud Data Management Interface (CDMI)

[Standards] A SNIA Architecture standard for Data storage as a Service (DaaS).

CDMI is an interface for both the data path and the control path of cloud storage.

CDMI can also be used to manage storage in Cloud Computing deployments.

cloud digital archive service

[Data Management] A cloud-based offering providing a digital archive service.

cloud infrastructure

[Cloud] A set of data processing components that can be automatically provisioned by consumers, accessed over a network and that provide secure multitenancy.

cloud provider

[Cloud] An entity responsible for making cloud services available to cloud consumers. [ISO/IEC 17788].

cloud security audit

[Cloud] Systematic evaluation of a cloud system by assessing how well it conforms to a set of established security criteria.

cloud service

[Cloud] A function useful to a cloud consumer provided by a cloud provider.

cloud storage

[Services] Synonym for Data storage as a Service.


[Computer System] A collection of computers that are interconnected (typically at high speeds) for the purpose of improving reliability, availability, serviceability, load balancing and/or performance.

Often, clustered computers have access to a common pool of storage, and run special software to coordinate the component computers' activities.


[Management] [Network] Acronym for Common Management Information Protocol.

coaxial cable

[Network] An electrical transmission medium consisting of two concentric conductors separated by a dielectric material with the spacings and material arranged to give a specified electrical impedance.

See triaxial cable.

code bit

[Computer System] A bit (binary digit) of an encoded datum.

Sequences of code bits make up symbols, each of which corresponds to a data element (word, byte, or other unit).

code byte

[Computer System] A byte of an encoded datum.

Sometimes called a symbol. Code bytes are the output of encoding or encryption processes. In communication theory contexts, a code byte is often referred to as a code word. See data byte.

code violation

[Fibre Channel] The error condition that occurs when a received transmission character cannot be decoded into a valid data byte or special code using the validity checking rules specified by the transmission code.

cold backup

[Data Recovery] Synonym for offline backup.

See hot backup, online backup.

cold data

[Data Management] Data that is accessed infrequently.

cold storage

[Data Management] Data storage device, system, or service used to store cold data at a cost that is at least an order of magnitude less than the cost of primary storage.

Cold Storage features large capacity, energy saving and long-term data preservation, in order to achieve low-cost rather than performance.

cold swap

[Computer System] The substitution of a replacement unit (RU) in a system for a defective one, where external power must be removed from the system in order to perform the substitution.

A cold swap is a physical substitution as well as a functional one. See automatic swap, hot swap, warm swap.

comma character

[Fibre Channel] In an encoded data stream using 8B/10B encoding, either of the seven bit sequences 0011111 or 1100000.

Command Descriptor Block (CDB)

[SCSI] A sequence of bytes that defines a single SCSI command sent to a SCSI target.

A CDB may have a fixed length of up to 16 bytes or a variable length of between 12 and 260 bytes. A CDB may specify a logical block address; contrast with C-H-S addressing.

Command Line Interface (CLI)

[Computer System] A form of human interface to intelligent devices characterized by non-directive prompting and character string user input.

CLIs are used by system consoles and remote shell sessions (RSH, SSH). They are very useful for scripting and other administrative purposes, but are usually perceived by end users to be more difficult to comprehend and use than graphical user interfaces (GUIs).

command security

[SCSI] The application of security techniques such as authentication, integrity checking and encryption to individual SCSI commands.

Common Criteria (CC)

[Data Security] A multi-part International Standard that is meant to be used as the basis for evaluation of security properties of IT products and systems.

The CC is specified in ISO/IEC 15408-1:1999, ISO/IEC 15408-2:1999, and ISO/IEC 15408-3:1999.

Common Information Model (CIM)

[Data Management] [Network] An object oriented description of the entities and relationships in a business' management environment maintained by the Distributed Management Task Force.

CIM is divided into a Core Model and Common Models. The Core Model addresses high-level concepts (such as systems and devices), as well as fundamental relationships (such as dependencies). The Common Models describe specific problem domains such as computer system, network, user or device management. The Common Models are subclasses of the Core Model and may also be subclasses of each other.

Common Internet File System (CIFS)

[Network] A network file system access protocol primarily used by Windows clients to communicate file access requests to Windows servers.

CIFS was originally called Server Message Block (SMB). Today, other implementations of the CIFS protocol allow other clients and servers to use it for intercommunication and interoperation with Microsoft operating systems.

Common Management Information Protocol (CMIP)

[Management] [Network] A network management protocol built on the Open Systems Interconnection (OSI) communication model.

CMIP is more complete, and therefore larger than, SNMP.

Common Schema Definition Language (CSDL)

[Management] An OASIS standard language used to define a model over which an OData service acts.

communication circuit

1. [Fibre Channel] A bidirectional path for message exchange within a Fibre Channel fabric.

2. [Network] A specific logical or physical path between two points over which communications occur.

communications security

[Network] [Data Security] Protection of information while it's being transmitted, particularly via telecommunications.

A particular focus of communications security is message authenticity. Communications security may include cryptography, transmission security, emission security, and physical security.

community cloud

[Cloud] A cloud infrastructure shared by several organizations and supporting a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).

compensating control

[Data Security] A way - also known as a band-aid - of mitigating a known risk where it may not be feasible to deploy specific technical enablement.

complex array

[Storage System] A disk array whose control software protects and maps data according to more complex algorithms than those of the Berkeley RAID Levels.

The most common complex arrays are multi-level disk arrays, which perform more than one level of data address mapping, and adaptive arrays, which are capable of changing data address mapping dynamically.


1. [General] The state of being in accordance with a standard, specification, or clearly defined requirements.

2. [Legal] The state of being in accordance with legal requirements.

The "compliance market" is centered around storage and systems that support the retention and discovery of data as required by law or regulation.

Compliant Jitter Tolerance Pattern (CJTPAT)

[Data Communication] A test pattern for jitter testing.


[General] Synonym for data compression.

compression ratio

[Storage System] A space reduction ratio that only includes the effects of compression.


[Data Security] An incident that subjects data to unauthorized disclosure, modification, destruction, or loss.

compute virtualization

[Computer System] Software that enables a single server hardware platform to support multiple concurrent instances of an operating system and applications.

computer security

[Data Security] Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.


[Network] [Storage System] A logical joining of two series of data, usually represented by the symbol “|”.

In data communications, two or more datums are often concatenated to provide a unique name or reference (e.g., S_ID | X_ID). Volume managers concatenate disk address spaces to present a single larger address spaces.


[Computer System] The property of overlapping in time, often in reference to the execution of I/O operations or I/O requests.

concurrent copy

[Storage System] A hybrid point in time copy mechanism which creates a split mirror copy by copying blocks from the source as they are requested by the host, while copying so-far unrequested blocks in the background until the mirror is complete.

A concurrent copy initially occupies at least the amount of storage required to hold accessed blocks and grows to occupy as much storage as the copy source.

concurrent operations

[Computer System] Operations that overlap in time.

The concept of concurrent I/O operations is central to the use of independent access arrays in throughput-intensive applications.


[General] The processing of a signal for the purpose of making it conform more closely to an ideal.

Power conditioning is used to minimize voltage and frequency variations in an external power. Signal conditioning is used to reduce noise in logic or data signals.


[Data Security] The property that data cannot be accessed by unauthorized parties.

Confidentiality may be created by the use of encryption or access controls.


1. [Storage System] The process of installing or removing hardware or software components required for a system or subsystem to function.

2. [Storage System] Assignment of the operating parameters of a system, subsystem or device, such as designating a disk array’s member disks or extents and parameters such as stripe depth, RAID model, cache allowance, etc.

3. [Storage System] The collection of a system's hardware and software components and operating parameters. See array configuration, physical configuration.

configuration management

[General] The management of system features and behaviors through the control of changes made to hardware, software, firmware documentation and related resources throughout the life cycle of an information system.

Congestion Notification (CN)

[Network] A DCB component that specifies protocols, procedures and managed objects that support congestion management of long-lived data flows within network domains of limited bandwidth delay.


1. [Fibre Channel] Short form of dedicated connection.

2. [iSCSI] A communication path between the initiator and target using a TCP/IP connection.

In iSCSI, one or more connections make up a session. Connections carry control messages, SCSI commands, parameters, and data within iSCSI PDUs.

Connection ID

[Fibre Channel] A value that uniquely identifies an NVMeoFC connection.

connection identifier

[iSCSI] An identifier generated by the initiator and sent to the target upon logging in or out, that uniquely identifies each connection within a session.

connection initiator

[Fibre Channel] An N_Port that initiates a Class 1 connection with a destination N_Port through a connect-request and which receives a valid response from the destination N_Port to establish the connection.

connection recipient

[Fibre Channel] An N_Port that receives a Class 1 connect-request from a connection initiator and accepts the connection request by transmitting a valid response.

connectionless buffer

[Fibre Channel] A receive buffer used in a connectionless service that is capable of receiving connectionless frames.

connectionless frame

[Fibre Channel] A frame used in a connectionless service (i.e., Class 1 frames with SOF(C1), Class 2, and Class 3 frames referred to individually or collectively).

connectionless integrity service

[Data Security] A security service that provides data integrity service for an individual IP datagram by detecting modification of the datagram without regard to the ordering of the datagram in a stream of datagrams.

connectionless service

[Fibre Channel] Communication between two N_Ports or NL_Ports without a dedicated connection.

consistency group

[Storage System] A collection of replication sets grouped together to ensure write order consistency across all the replication sets' primary volumes.

An operation on a consistency group, such as changing replication from asynchronous to synchronous, applies to all the replication sets within the consistency group, and consequently their volumes.

consistent volume

1. [Storage System] A volume that satisfies the consistency criteria of the system on which it is hosted.

2. [File System] In LTFS, a volume in which all partitions are complete, and the last LTFS Index in the Index Partition has a back pointer to the last LTFS Index in the Data Partition.

If an LTFS volume is not consistent, some form of recovery may be necessary.


1. [Computer System] A device for graphical or textual visual output from a computer system.

2. [Computer System] In systems, network and device management, an application that provides graphical and textual feedback regarding operation and status, and that may accept operator commands and input influencing operation and status.

Sophisticated consoles designed for the management of many systems from one location are sometimes called enterprise management consoles.

content-agnostic data deduplication

[Storage System] A data deduplication method that does not require awareness of specific application data formats.

See content-aware data deduplication.

content-aware data deduplication

[Storage System] A data deduplication method that leverages knowledge of specific application data formats.

See content-agnostic data deduplication.

Continuous Data Protection (CDP)

[Data Recovery] A class of mechanisms that continuously capture or track data modifications enabling recovery to previous points in time.

continuously increasing relative offset

[Fibre Channel] A transmission control algorithm in which the frames containing the subblocks that comprise a block of information are transmitted strictly in the order of the subblocks.

Continuously increasing relative offset offers simpler reassembly and detection of lost frames compared to random relative offset.

control software

[Storage System] A body of software that provides common control and management for one or more disk arrays or tape arrays.

Control software presents the arrays of disks or tapes it controls to its operating environment as one or more virtual disks or tapes. Control software may execute in a disk controller or intelligent host bus adapter, or in a host computer. When it executes in a disk controller or adapter, control software is often referred to as firmware.


1. [Storage System] The control logic in a disk or tape that performs command decoding and execution, host data transfer, serialization and deserialization of data, error detection and correction, and overall management of device operations.

2. [Management] The control logic in a storage subsystem that performs command transformation and routing, aggregation (RAID, mirroring, striping, or other), high-level error recovery, and performance optimization for multiple storage devices.

controller based array
controller based disk array

[Storage System] A disk array whose control software executes in a disk subsystem controller.

controller cache

[Storage System] A cache that resides within a controller and whose primary purpose is to improve disk or array I/O performance.

See cache, disk cache, host cache.

controlling FCF

[Fibre Channel] A controlling switch that supports lossless Ethernet MACs.

controlling switch

[Fibre Channel] A switch able to control a set of FCDFs in order to create a distributed switch.

converged infrastructure

[Computer System] The pooling of compute, storage, and networking resources using either common management tools or common (shared) physical resources.

Copy On Write (COW)

[Storage System] [Backup] A technique for maintaining a point in time copy of a collection of data by copying only data that is modified after the instant of replicate initiation; the original source data is used to satisfy read requests for both the source data itself and for the unmodified portion of the point in time copy.

See pointer remapping.


[Storage System] The replacement of a properly functioning array member by another disk, including copying of the member’s contents to the replacing disk.

Copyback, which is most often used to create or restore a particular physical configuration for an array (e.g., a particular arrangement of array members on device I/O interconnects), is accomplished without reduction of the array.

Core N_Port_Name

[Fibre Channel] A set of entities with the same Core Switch_Name that may host multiple Virtual Switches.

A Core Switch may be a set of ports in a physical chassis, or in multiple physical chassis.

Core Switch

[Fibre Channel] An N_Port_Name associated with the Physical N_Port of a VFT Tagging N_Port, and not with any other FC_Port within the scope of its Name_Identifier format.

Core Switch_Name

[Fibre Channel] In a Virtual Fabric capable Switch, the Switch_Name identifying the Core Switch.

Count-Key-Data (CKD)

[Storage System] A disk data organization model in which the disk is assumed to consist of a fixed number of tracks, each having a maximum data capacity.

Multiple records of varying length may be written on each track of a Count-Key-Data disk, and the usable capacity of each track depends on the number of records written to it. The CKD architecture derives its name from the record format, which consists of a field containing the number of bytes in the key and data fields and a record address, an optional key field by which particular records can be easily recognized, and the data itself. CKD is the storage architecture used by IBM Corporation's System 390 series of mainframe computer systems. See fixed block architecture.

counter measure

[Data Security] Any action, device, procedure, technique, or other measure that reduces the vulnerability of or threat to a system.

covert channel

[Data Security] An unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates a security policy.


[Computer System] Acronym for Copy On Write.


[Data Security] Information, passed from one entity to another, used to establish the sending entity's identity and/or access rights.


1. [Fibre Channel] The number of receive buffers allocated to a transmitting N_Port, NL_Port, or F_Port.

2. [Fibre Channel] For links using buffer to buffer flow control, the number of receive buffers allocated to a transmitting N_Port, NL_Port, or F_Port.

The credit is the maximum number of outstanding frames that can be transmitted by that N_Port, NL_Port, or F_Port without causing a buffer overrun condition at the receiver.


[Data Communication] [Storage System] Acronym for Cyclic Redundancy Check.


[Data Security] Acronym for Certificate Revocation List.


[General] Acronym for Customer Replaceable Unit.


[Data Security] A set of operations performed in converting encrypted information to plaintext without initial knowledge of the algorithm and/or key employed in the encryption.

cryptographic erase

[Data Security] Method of sanitization in which the encryption key for the encrypted target data is sanitized, making recovery of the decrypted target data infeasible. [ISO/IEC 27040]

cryptographic algorithm

[Data Security] An algorithm whose outputs have cryptanalytic security properties with respect to its inputs, or vice versa.

cryptographic erasure

[Data Security] A method for rendering encrypted data unrecoverable by securely deleting the keying material required to decrypt the data.

The encrypted data itself is not modified. The protection offered by cryptographic erasure is bounded by the work factor involved in discovering the decryption key or mounting a cryptanalytic attack on the encryption algorithm itself.

cryptographic hash function

[Data Security] A function that maps plaintext strings of any length to bit strings of fixed length, such that it is computationally infeasible to find correlations between inputs and outputs, and such that given one part of the output, but not the input, it is computationally infeasible to predict any bit of the remaining output.

Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. The output from a cryptographic hash function is known as a message digest or hash value.


[Data Security] The principles, means and methods for rendering information unintelligible, and for restoring encrypted information to intelligible form.


[Data Security] The field of knowledge encompassing both cryptography and cryptanalysis.


[Data Security] The time span during which a specific key is authorized for use or in which the keys for a given system or application may remain in effect. [NIST SP 800-57 Part 1]


[Data Security] A system for encrypting and decrypting data.


[Management] Shorthand for Common Schema Definition Language.


[Network] Acronym for Carrier Sense Multiple Access with Collision Detection.

cumulative incremental backup

[Data Recovery] A backup in which all data objects modified since the last full backup are copied.

To restore data when cumulative incremental backups are in use, only the latest full backup and the latest cumulative incremental backup are required. See differential incremental backup, full backup.

current running disparity

[Fibre Channel] The running disparity present at a transmitter when the encoding of a valid data byte or special code is initiated, or at a receiver when the decoding of a transmission character is initiated.

Customer Replaceable Unit (CRU)

[General] A unit, or component of a system that is designed to be replaced by “customers;” i.e., individuals who may not be trained as computer system service personnel.

See Field Replaceable Unit.

cut through (switching)

[Fibre Channel] A switching technique that allows a routing decision to be made and acted upon as soon as the destination address of a frame is received.

Cyclic Redundancy Check (CRC)

[Data Communication] [Storage System] A scheme for checking the integrity of data that has been transmitted or stored and retrieved.

A CRC consists of a fixed number of bits computed as a function of the data to be protected, and appended to the data. When the data is read or received, the function is recomputed, and the result is compared to that appended to the data. Cyclic redundancy checks differ from error correcting codes in that they can detect a wide range of errors, but are not capable of correcting them. See error correcting code.

Cylinder-Head-Sector (C-H-S) addressing

[Storage System] A form of addressing data stored on a disk in which the cylinder, head/platter combination, and relative sector number on a track are specified.

See block addressing.