MAC - (Mandatory Access Control) - An access policy that restricts subjects\' access to objects based on the security clearance of the subject and the classification of the object. The system enforces the security policy, and users cannot share their files with other users.
MAD - (Maximum Allowable Downtime) - The measure of how long an organization can survive an interruption of critical functions.
maintenance hook - Instructions within a program\'s code that enable the developer or maintainer to enter the program without having to go through the usual access control and authentication processes. Maintenance hooks should be removed from the code
malware - Malicious software. Code written to perform activities that circumvent the security policy of a system. Examples are viruses, malicious applets, Trojan horses, logical bombs, and worms.
mandatory access control - An access policy that restricts subjects\' access to objects based on the security clearance of the subject and the classification of the object. The system enforces the security policy, and users cannot share their files with other users.
masquerading - Impersonating another user, usually with the intention of gaining unauthorized access to a system.
maximum allowable downtime - The measure of how long an organization can survive an interruption of critical functions.
maximum tolerable downtime - The measure of how long an organization can survive an interruption of critical functions.
media - Any object that contains data.
message authentication code - In cryptography, a message authentication code (MAC) is a generated value used to authenticate a message. A MAC can be generated by HMAC or CBC-MAC methods. The MAC protects both a message\'s integrity (by ensuring that a different MAC will be produced if the message has changed) and its authenticity, because only someone who knows the secret key could have modified the message.
message digest - A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.
metadata - Information about the data.
misuse case - A use case from the point of view of an actor hostile to the system under design.
MPLS - (MultiProtocol Label Switching) - A converged data communications protocol designed to improve the routing speed of high-performance networks.
MTD - (Maximum Tolerable Downtime) - The measure of how long an organization can survive an interruption of critical functions.
multi-condition coverage - These criteria require sufficient test cases to exercise all possible combinations of conditions in a program decision.
multi-factor authentication - Ensures that a user is who he or she claims to be. The more factors used to determine a person
multifactor authentication - Authentication mechanisms that employ more than one factor. Factors are things a user knows (e.g., password), has (e.g., a hardware token), or is (e.g., biometrics).
multilevel security - A class of systems containing information with different classifications. Access decisions are based on the subject\'s security clearances, need to know, and formal approval.
Multiprotocol Label Switching - A converged data communications protocol designed to improve the routing speed of high-performance networks.