Security Glossary - Anne & Lynn Wheeler

Fastpath

access control, assurance, attack, audit, authentication, authorization, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, cyberspace, evaluation, identity, key management, privacy, requirements, risk, risk management, security, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, users,

3DES AADS ABC ACC ACH ACL ACO ADM ADP AE AH AICPA AIG AIN AIN AIRK AIS AJ AJP AK AKDC AKD/RCU AKMC AKMS ALC AMPS AMS AMS ANDVT ANSI AOSS APC API API APU ARPANET ASCII ASIM ASN.1 ASPJ ASSIST ASU ATM AUP AUTH AUTODIN AV AVP BBS BCA BCI BCP BER BIA BIN BLP BPI BPR BS7799 C2 C2W C3 C3I C4 C&A CA CA CAAT CADS CAPI CASE CAW CAW CBC CC1 CC2 CC CCA CCEP CCI CCITSE CCO CCTL CCTP CDMA CDS CDSA CDSA CEM CEOI CEPR CER CER CERT CERT CFB CFD CGI CHAP CIAC CIAC CIK CIK CIO CIP CIPSO CIRK CIRT CISSP CK CKG CKL CM CMCS CNA CNCS CND CNK COAST COBIT CoCo COCOMO COMPUSEC COMSEC CONOP COPS COR COR COSO COTS CPM CPS CPS CPU CRAM CRC CRL CRP CSE CSIRC CSIRT CSOR CSP CSP CSS CSS CSS CSS CSSM CSSO CSTVRP CTAK CTCPEC CT&E CTTA CUP DA DAA DAA DAA DAC DAC DAMA DASD DASS DBA DBMS DCE DCID DCL DCS DCS DCSP DD DDL DDoS DDP DDS DEA DEK DES DFD DIAP DIB DII DISN DITSCAP DLED DMA DML DMS DMZ DN DNS DOI DoS DPL DSA DSN DSS DSS DSVT DTD DTLS DTS DUA EA EAL EAM EAP EBT ECB ECC ECCM ECDSA ECM ECPL EDAC EDC EDESPL EDI EDM EDMS EES EFD EFP EFT EFTO EFTS EGADS EIS EISA EKMS ELINT ELSEC EMC EMI EMRT EMSEC EMSEC EMV EP EPL EQA ERP ERTZ ES ESA ESP ETL ETPL EUC EUCI EV EW FAX FCv1 FDDI FDIU FDMA FEP FIPS140 FIPS FIRST FNBDT FOCI FOUO FPC FPKI FSM FSRS FSTS FTAM FTLS FTP FTS FUD GAO GCA GCCS GETS GIG GNIE GPS GRIP GSS-API GSSP GTS GUI GULS GWEN HDM HIPO HMAC HTML HTTP HUS HUSK I&A I&A IA IAB IANA IBAC IC ICANN ICMP ICQ ICRL ICU IDEA IDIOT IDS IEEE IEMATS IESG IETF IFF IFFN IIA IIRK IKE ILS IMAP4 INFOSEC INFOSEC IO I/O IP IPM IPRA IPsec IPSO IR IRK IRR IS ISA ISACA ISACF ISAKMP ISD ISDN IS/IT ISO ISO ISOC ISP ISS ISSA ISSE ISSM ISSO ISSO IT ITAR ITF ITSEC ITSEC ITU IUT IV IW KAK KDC KEA KEK KEK KG KMASE KMC KMI KMID KMID KMODC KMP KMPDU KMS KMSA KMUA KP KPK KSD KSOS KTC KVG L2F L2TP LAN LDAP LEAD LEAF LKG LMD LMD/KP LME LMI LOCK LOTOS LPC LPD LPI LRIP LSI MAC MAC MAD MAN MAN MATSYM MCA MCCB MDC MEECN MEI MEP MER MHS MI MIB MIJI MIME MINTERM MIPS MISPC MISSI MLS MNS MOSS MRT MSE MSP MTBF MTBO MTSR MTTF MTTR NACAM NACSI NACSIM NAK NAT NCCD NCS NCS NCS NCSC NCSC/TG004 NIAP NIC NII NISAC NIST NKSR NLSP NLZ NORA NPV NQA NSA NSAD NSD NSDD 145 NSDD NSEP NSI NSO NSTAC NSTISSAM NSTISSC NSTISSD NSTISSI NSTISSP NTCB NTIA NTISSAM NTISSD NTISSD NTISSI NTISSP NVLAP OADR OCR OCSP OFAC OFB OID OOP OPCODE OPSEC ORA OSE OSI OSI OSIRM OTAD OTAR OTAT OTP OTP OTT P1363 P2P PAA PAAP PAD PAE PAIIN PAIN PAL PAN PAP PBX PC PCA PCMCIA PCO PCT PCZ PDA PDCA PDR PDS PDS PDU PEM PERT PES PGP PIN PIV PKA PKC PKCS PKI PKSD PNE PNEK POP3 POS PP PPD PPL PPP PPS PPTP PRBAC PROM PROPIN PSE PSL PSYOP PTM PWDS QA QA/QC QC QFD QOP RA RACE RAD RADIUS RAID RAM RAMP RBAC RC2 RC4 RFC RFI RFP RJE ROM RPC RQT RSA SA SABI SAID SAISS SAML SAO SAP SAP SAR SARK SASL SBU SCA SCADA SCI SCIF SCM SDE SDLC SDNRIU SDNS SDR SDSI SENV SET SF SFA SFP SFUG SHA-1 SHA S-HTTP SI SIGSEC SILS SIO SISS SKIP SMDS SMI S/MIME SML SMTP SMU SNMP SOF SP3 SP4 SPC SPC SPI SPI SPK SPKI SPKI/SDSI SPS SQA SQL SRA SRR SS-7 SSAA SSH SSL SSL SSO SSO SSP SSPI SSSO ST STD STE ST&E STS STU SUT SV SV&V SWOT TA TACACS+ TACTED TACTERM TAG TCB TCD TCP TCP/IP TCSEC TCSEC TD TDMA TED TEK TEP TESS TFM TFS TLS TLS TLSO TLSP TNI TNIEG TOE TPC TPEP TPI TQM TRANSEC TRB TRI-TAC TSA TSC TSCM TSEC TSF TSFI TSIG TSK TSP TTR UA UDP UIRK UIS UORA UPP UPS URI URL URN USDE VAN VPN V&V W3 WAIS WAN WAP WBS WWW XDM/X XML

Terms

*-property

(N) (Pronounced 'star property'.) See: 'confinement property' under Bell-LaPadula model. [RFC2828] (see also confinement property, access control, model, Bell-LaPadula security model, property)

2-factor authentication

Authentication processing using two factors, typically: 'something you have' and 'something you know'. [misc] (see also process, 3-factor authentication)

3-factor authentication

Authentication processing using three factors:

something you have
something you know
something you are

ABA Guidelines

(N) 'American Bar Association (ABA) Digital Signature Guidelines', a framework of legal principles for using digital signatures and digital certificates in electronic commerce. [RFC2828] (see also association, certificate, digital signature, signature)

abend

An unexpected processing termination that may indicate that program coding was incorrectly performed and that earlier testing was not adequate or not adequately controlled. Abend stands for abnormal ending. [SRV] (see also control, failure, process, program, test)

abort

The termination of computer program execution prior to its completion. [SRV] (see also computer, failure, program)

Abrams, Jojodia, Podell essays (AJP)

M. Abrams, S. Jajodia, and H. Podell, eds, Information Security An Integrated Collection of Essays, IEEE Computer Society Press, January 1995. [AJP] (see also computer, information, information security, security)

Abstract Syntax Notation One (ASN.1)

(N) A standard for describing data objects. (C) OSI standards use ASN.1 to specify data formats for protocols. OSI defines functionality in layers. Information objects at higher layers are abstractly defined to be implemented with objects at lower layers. A higher layer may define transfers of abstract objects between computers, and a lower layer may define transfers concretely as strings of bits. Syntax is needed to define abstract objects, and encoding rules are needed to transform between abstract objects and bit strings. (C) In ASN.1, formal names are written without spaces, and separate words in a name are indicated by capitalizing the first letter of each word except the first word. For example, the name of a CRL is 'certificateRevocationList'. [RFC2828] (see also certificate, computer, function, information, object, protocols, public-key infrastructure, revocation, standard) (includes Basic Encoding Rules, Distinguished Encoding Rules, object identifier)

abuse of privilege

When a user performs an action that they should not have, according to organizational policy or law. [AFSEC] (see also insider threat, policy, users, threat)

acceptable level of risk

A judicious and carefully considered assessment by the appropriate authority that a computing activity or network meets the minimum requirements of applicable security directives. The assessment should take into account the value of assets; threats and vulnerabilities; countermeasures and operational requirements. [AFSEC] Authority determination of the level of potential harm to an operation, program, or activity as a result of a the loss of information that the authority is willing to accept. [DSS] The level of risk that the organization line manager decides is tolerable. This decision is based on an analysis of threats and vulnerabilities, the sensitivity of data and applications, and cost/benefit, technical, and operational feasibility of available controls. However, some installations are critical to the organization's mission or have the potential to cause the loss of human life or serious injury to humans. For these installations, management may consider controls for implementation that are not cost effective. [NASA] (see also analysis, application, assessment, authority, control, countermeasures, critical, network, operation, requirements, vulnerability, threat)

acceptable risk

A concern that is acceptable to responsible management, due to the cost and magnitude of implementing security controls. [800-37] The level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system. [CIAO] (see also control, system, risk)

acceptable use policy (AUP)

A set of rules and guidelines that specify in more or less detail the expectations in regard to appropriate use of systems or networks. [RFC2504] It documents permitted system uses and activities for a specific user, and the consequences of noncompliance. [FFIEC] This refers to policies that restrict the way in which a network may be used. Usually, a network administrator makes and enforces decisions dealing with acceptable use. [AFSEC] (see also network, system, users, policy)

acceptance criteria

The criteria that a system or component must satisfy in order to be accepted by a user, customer, or other authorized entity. [IEEE610] (see also authorized, entity, system, users, acceptance procedure, criteria)

acceptance inspection

The final inspection to determine whether or not a facility or system meets the specified technical and performance standards. Note: this inspection is held immediately after facility and software testing and is the basis for commissioning or accepting the information system. [AJP][NCSC/TG004] (see also information, security testing, software, standard, system, test, acceptance procedure)

acceptance procedure

A procedure which takes objects produced during the development, production, and maintenance processes for a Target of Evaluation and, as a positive act, places them under the controls of a Configuration Control system. [AJP][ITSEC] (see also control, control systems, process, system, target, software development, target of evaluation) (includes acceptance criteria, acceptance inspection, acceptance testing, object)

acceptance testing

Formal testing conducted to determine whether or not a system satisfies its acceptance criteria and to enable the customer to determine whether or not to accept the system. [IEEE610] Testing to determine whether products meet the requirements specified in the contract or by the user. [SRV] (see also criteria, requirements, system, users, acceptance procedure, security testing, test)

access

(1) A specific type of interaction between a subject and an object that results in the flow of information from one to the other. (2) The ability and the means necessary to approach, to store or retrieve data, to communicate with, or to make use of any resource of an ADP system. [TNI] (1) The ability and means to communicate with (i.e. input to or receive output from) or otherwise make use of any information, resource, or component in an information technology (IT) product. (2) A specific type of interaction between a subject and an object that results in the flow of information from one to the other. Note: An individual does not have 'access' if the proper authority or a physical, technical, or procedural measure prevents him or her from obtaining knowledge or having an opportunity to alter information, material, resources, or components. [AJP] (I) The ability and means to communicate with or otherwise interact with a system in order to use system resources to either handle information or gain knowledge of the information the system contains. (O) 'A specific type of interaction between a subject and an object that results in the flow of information from one to the other.' (C) In this Glossary, 'access' is intended to cover any ability to communicate with a system, including one-way communication in either direction. In actual practice, however, entities outside a security perimeter that can receive output from the system but cannot provide input or otherwise directly interact with the system, might be treated as not having 'access' and, therefore, be exempt from security policy requirements, such as the need for a security clearance. [RFC2828] 1) The right to enter or use a system and its resources; to read, write, modify, or delete data; or to use software processes or network bandwidth. 2) Opportunity to make use of an information system (IS) resource. [CIAO] A specific type of interaction between a subject and an object that results in the flow of information from one to the other. [NCSC/TG004][TCSEC] A specific type of interaction between a subject and an object that results in the flow of information from one to the other. A subject's right to use an object. [SRV] Ability and means to communicate with (i.e. input to or receive output from), or otherwise make use of any information, resource, or component in an Information Technology (IT) Product. Note: An individual does not have 'access' if the proper authority or a physical, technical, or procedural measure prevents them from obtaining knowledge or having an opportunity to alter information, material, resources, or components. [FCv1] Ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions. [CNSSI-4009] Ability and opportunity to obtain knowledge of classified information. [DSS] Ability to make use of any information system (IS) resource. [SP 800-32] Any access that violates the stated security policy. [CNSSI-4009] Opportunity to make use of an information system (IS) resource. [CNSSI] (see also ACL-based authorization, Automated Information System security, Bell-LaPadula security model, Clark Wilson integrity model, Defense Central Security Index, Defensive Information Operations, Department of Defense National Agency Check Plus Written Inquiries, Escrowed Encryption Standard, Freedom of Information Act, IA product, IT security policy, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, KOA agent, Network File System, PHF, PIV issuer, POSIX, Post Office Protocol, version 3, RA domains, SOCKS, SSO PIN, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, USENET, accreditation range, accredited security parameter, acoustic security, activation data, active wiretapping, ad hoc network, adequate security, adjudication, adjudication authority, adversary, adverse information, alternative compensatory control measures, anonymous and guest login, anonymous login, appeal, applicant, application, application program interface, application proxy, application server attack, archiving, associated markings, attack, attack signature, attribute-based authorization, audit, audit trail, authenticate, authentication, authentication mechanism, authentication period, authority, authorization, authorized, authorized adjudicative agency, authorized investigative agency, authorized person, authorized user, automated information system media control system, availability, availability service, backdoor, balanced magnetic switch, base station, bastion host, benign, between-the-lines-entry, billets, boundary, brute force password attack, buffer overflow, call back, capability, carve-out, category, central office, centralized authorization, certification practice statement, classified, classified contract, classified information procedures act, classified visit, clearance, clearance certification, clearance level, cleared escort, client, client server, closed storage, cloud computing, co-utilization, collateral information, common gateway interface, communications, compartment, compartmentalization, compartmentation, compartmented intelligence, compartmented mode, compelling need, component reference monitor, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, console logon, continuous operation, contractor/command program security officer, control, controlled security mode, controlled sharing, controlled space, cookies, covert channel, covert channel analysis, cracker, credentials, critical, critical program information, critical system, cross domain solution, cryptographic application programming interface, data asset, data compromise, data integrity service, data management, debriefing, dedicated mode, default account, default file protection, demilitarized zone, demon dialer, denial-of-service, determination authority, device distribution profile, dictionary attack, directory service, disclosure of information, disclosure record, diskette, distributed plant, domain, domain name system, domain parameter, dominated by, dual control, eligibility, encapsulation, entry control, exception, exploit, exploitation, external security controls, external system exposure, extranet, extraordinary security measures, facility security clearance, failed logon, false acceptance, false acceptance rate, false rejection rate, federated identity, federation, fedline, fetch protection, file encryption, file protection, file security, file series, firewall, flooding, flow, foreign disclosure, foreign ownership, control, or influence, foreign travel briefing, foreign visit, formulary, full disk encryption, government-approved facility, granularity, guard, guest system, hackers, high assurance guard, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, immediate family member, impersonation, inadvertent disclosure, inadvertent disclosure incident, incident of security concern, individual accountability, individual electronic accountability, indoctrination, inference, information, information assurance, information assurance product, information category, information security, information security risk, information sharing environment, information steward, information systems security, inside threat, insider, insider threat, integrity, intercept, interception, interface, internal security controls, internal system exposure, internal vulnerability, internet protocol security, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection and prevention system, intrusion detection systems, intrusion detection tools, isolator, joint personnel adjudication system, kerberos, key recovery, key-escrow, kiosk, labeled security protections, least privilege, letter of compelling need, list-oriented, local logon, lock-and-key protection system, lockout, logged in, logic bombs, logical completeness measure, login, logoff, logon, maintenance hook, major application, malicious intruder, malicious logic, management client, masquerade, masquerading, minor application, mission critical, mode of operation, modes of operation, motivation, multi-releasable, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, need-to-know, need-to-know determination, network component, network reference monitor, network security, network weaving, nicknames, no-lone zone, non-disclosure agreement, non-discretionary security, non-discussion area, noncomputing security methods, office of personnel management, online attack, open storage area, operations and support, operations manager, operator, overwriting, packet filter, packet filtering, partitioned security mode, password protected, password system, passwords, peer-to-peer communication, penetration, penetration testing, perimeter-based security, permanent records, permissions, personal computer system, personal identification number, personnel security, personnel security - issue information, personnel security clearance, personnel security exceptions, personnel security interview, personnel security investigation, personnel security program, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, pii confidentiality impact level, platform it interconnection, point-to-point tunneling protocol, policy, pop-up box, port, portal, primary services node (prsn), privacy, privilege management, privileged accounts, privileged user, probe, procedural security, process, program channels or program security channels, program material, program office, program security officer, programmable read-only memory, protected network, protection ring, protection-critical portions of the TCB, protective security service, proximity, proxy, proxy server, public-key certificate, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, reinstatement, relying party, remote administration tool, remote authentication dial-in user service, remote login, replay attacks, repository, requirements, resource, resource encapsulation, response force, restricted area, revocation, risk avoidance, rootkit, routine changes, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, sandboxed environment, sandboxing, scattered castles, scoping guidance, screen scraping, secure data device, secure single sign-on, secure state, secure working area, security, security assurance, security attribute, security banner, security clearance, security compromise, security controls, security director, security domain, security incident, security intrusion, security kernel, security label, security level, security management, security management infrastructure, security policy, security safeguards, security service, security violation, security-relevant event, segregation of duties, senior foreign official, senior review group, sensitive activities, sensitive compartmented information, sensitive compartmented information courier, sensitive information, sensitivity label, service, signature, simple network management protocol, simple security condition, simple security property, single scope background investigation - periodic reinvestigation, single sign-on, social engineering, software, software-based fault isolation, source program, special program review group, sponsoring agency, spoof, spoofing, storage object, store, subcontract, subject security level, subset-domain, suspicious contact, system, system entry, system high mode, system resources, system software, system-high security mode, target vulnerability validation techniques, tcpwrapper, technical countermeasures, technical policy, technological attack, technology, technology control plan, temporary help/job shopper, term rule-based security policy, theft, threat, ticket, ticket-oriented, timing attacks, tokens, transaction, trapdoor, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, unauthorized disclosure, unauthorized person, unclassified internet protocol router network, unclassified sensitive, unfavorable personnel security determination, uniform resource locator, unprotected network, user PIN, users, vault, verification, virus, vulnerability, war driving, web browser cache, web content filtering software, website, wide-area network, wimax, wireless gateway server, wiretapping, workstation, world wide web, write) (includes Directory Access Protocol, Internet Message Access Protocol, version 4, Law Enforcement Access Field, Lightweight Directory Access Protocol, Terminal Access Controller Access Control System, access approval, access approval authority, access authority, access category, access control, access control center, access control lists, access control mechanisms, access control officer, access control service, access control system, access eligibility determination, access evaluation, access level, access list, access mediation, access mode, access national agency check and inquiries, access period, access point, access port, access profile, access roster, access termination, access type, access with limited privileges, accesses, accessibility, accessioned records, acknowledged special access program, acquisition special access program, administrative access, approved access control device, attribute-based access control, browse access protection, code division multiple access, common access card, context-dependent access control, controlled access area, controlled access program coordination office, controlled access program oversight committee, controlled access programs, controlled access protection, delete access, demand assigned multiple access, direct access storage device, direct memory access, discretionary access control, execute access, failure access, ferroelectric random access memory, file transfer access management, formal access approval, frequency division multiple access, handle via special access control channels only, identity based access control, intelligence special access program, interim access authorization, last mile broadband access, limited access authorization, local access, logical access, logical access control, mandatory access control, media access control address, merge access, multiple access rights terminal, need for access, network access, network access control, non-discretionary access control, non-volatile random access memory, object, on-access scanning, one-time access, partition rule base access control, peer access approval, peer access enforcement, physical access control, policy-based access control, privileged access, program access request, random access memory, read access, remote access, remote access software, risk-adaptable access control, role-based access control, special access office, special access program, special access program facility, special access program/special access required, special access programs central office, special access programs coordination office, special access required programs oversight committee, subject, surrogate access, tactical special access program facility, temporary access eligibility, time division multiple access, umbrella special access program, unacknowledged special access program, unauthorized access, update access, waived special access program, wi-fi protected access-2, wireless access point, write access)

access approval

Formal authorization for an individual to have access to classified or sensitive information within a Special Access Program or a Controlled Access Program, including Sensitive Compartmented Information. Access requires formal indoctrination and execution of a nondisclosure agreement. [DSS] (see also authorization, classified, security clearance, access)

access approval authority

Individual responsible for final access approval and/or denial determination. [DSS] (see also access)

access authority

An entity responsible for monitoring and granting access privileges for other authorized entities. [CNSSI-4009] (see also access)

access category

One of the classes to which a user, program, or process may be assigned on the basis of the resources or groups of resources that each user, program, or process is authorized to use. [SRV] (see also authorized, process, program, resource, users, access)

access control

(1) The limiting of rights or capabilities of a subject to communicate with other subjects, or to use functions or services in a system or network. (2) Restrictions controlling a subject's access to an object. [TNI] (1) The process of limiting access to the resources of an information technology (IT) product only to authorized users, programs, processes, systems (in a network), or other IT products. (Synonymous with controlled access and limited access.) (2) The limiting of rights or capabilities of a subject to communicate with other subjects, or to use functions or services in a system or network. (3) Restrictions controlling a subject's access to an object. [AJP] (I) Protection of system resources against unauthorized access; a process by which use of system resources is regulated according to security policy and is permitted by only authorized entities (users, programs, processes, or other systems) according to that policy. (O) 'The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.' [RFC2828] 1) Limiting access to information system resources to authorized users, programs, processes, or other systems only. 2) Procedures and controls that limit or detect access to MEI Resource Elements (People, Technology, Applications, Data and/or Facilities) thereby protecting these resources against loss of Integrity, Confidentiality Accountability and/or Availability. [CIAO] A security service that prevents the unauthorized use of information system resources (hardware and software) only to authorized users and the unauthorized disclosure or modification of data (stored and communicated). [IATF] Enable authorized use of a resource while preventing unauthorized use or use in an unauthorized manner. [800-33] Limiting access to information system resources only to authorized users, programs, processes, or other systems. [CNSSI] Process of limiting access to the resources of an IT product only to authorized users, programs, processes, systems, or other IT products. [FCv1] The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances). [CNSSI-4009][FIPS 201] The process of limiting access to the resources of a system only to authorized programs, processes, or other systems (in a network). [NCSC/TG004] The process of limiting access to the resources of a system only to authorized programs, processes, or other systems (in a network). Synonymous with controlled access and limited access. [SRV] (see also *-property, Bell-LaPadula security model, Clark Wilson integrity model, Defensive Information Operations, Escrowed Encryption Standard, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, Network File System, PIV issuer, POSIX, RA domains, SOCKS, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, accreditation range, active wiretapping, adequate security, adversary, application, application program interface, application proxy, archiving, attack, audit, audit trail, authenticate, authentication, authorized, availability, availability service, backdoor, bastion host, benign, between-the-lines-entry, boundary, boundary host, breach, buffer overflow, call back, capability, category, classified, clearance level, client, client server, common gateway interface, communications, compartment, compartmentalization, compartmented mode, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, controlled security mode, controlled space, covert channel, covert channel analysis, cracker, credentials, critical, critical system, cryptographic application programming interface, cryptographic equipment room, data compromise, data integrity service, data management, dedicated mode, default account, demilitarized zone, demon dialer, denial-of-service, dictionary attack, directory service, disclosure of information, domain, domain name system, domain parameter, dominated by, dual control, encapsulation, exploit, exploitation, external security controls, external system exposure, extranet, federated identity, federation, fedline, firewall, flooding, formulary, function, guard, hackers, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, impersonation, inadvertent disclosure, individual accountability, individual electronic accountability, inference, information, information assurance product, information category, information security, information systems security, integrity, interception, interface, internal security controls, internal system exposure, internet protocol security, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection tools, kerberos, key recovery, key-escrow, kiosk, labeled security protections, list-oriented, lock-and-key protection system, lockout, logic bombs, logical completeness measure, maintenance hook, major application, malicious intruder, malicious logic, masquerade, masquerading, minimum essential infrastructure, mode of operation, modes of operation, motivation, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, network, network component, network security, network weaving, no-lone zone, non-discretionary security, noncomputing security methods, operations manager, operator, packet filtering, partitioned security mode, password system, passwords, peer-to-peer communication, penetration, permissions, personal identification number, personnel security, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, policy, pop-up box, privacy, probe, procedural security, process, program, protected network, protection ring, protection-critical portions of the TCB, proximity, proxy server, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, remote administration tool, remote authentication dial-in user service, repository, resource, resource encapsulation, restricted area, rootkit, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, scoping guidance, screen scraping, secure single sign-on, security clearance, security compromise, security controls, security domain, security incident, security intrusion, security label, security management, security management infrastructure, security policy, security safeguards, security violation, segregation of duties, sensitive compartmented information, sensitive information, signature, simple network management protocol, simple security condition, simple security property, single sign-on, social engineering, software, source program, spoof, spoofing, storage object, subject security level, subset-domain, system, system high mode, system resources, system software, system-high security mode, tcpwrapper, technological attack, technology, term rule-based security policy, theft, threat, threat consequence, ticket, ticket-oriented, timing attacks, tokens, transaction, trapdoor, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, uniform resource locator, unprotected network, user PIN, verification, virus, vulnerability, web browser cache, website, wide-area network, wireless gateway server, wiretapping, workstation, world wide web, Automated Information System security, access, authorization, control, risk management, security, security-relevant event, trusted computing base, users) (includes IT default file protection parameters, centralized authorization, classified information, component reference monitor, controlled sharing, cookies, default file protection, entry control, fetch protection, file protection, file security, granularity, logged in, login, logoff, logon, need-to-know, network reference monitor, privileged, sandboxed environment, secure state, security kernel, security perimeter, sensitivity label, system entry, technical policy)

access control center (ACC)

(I) A computer containing a database with entries that define a security policy for an access control service. (C) An ACC is sometimes used in conjunction with a key center to implement access control in a key distribution system for symmetric cryptography. [RFC2828] (see also computer, cryptography, key, policy, security, system, access, control)

access control lists (ACL)

(1) A list of subjects authorized for specific access to an object. (2) A list of entities, together with their access rights, which are authorized to have access to a resource. [TNI] (1) A mechanism implementing discretionary access control in an IT product that identifies the users who may access an object and the type of access to the object that a user is permitted. (2) A list of subjects authorized for specific access to an object. (3) A list of entities, together with their access rights, which are authorized to have access to a resource. [AJP] (I) A mechanism that implements access control for a system resource by enumerating the identities of the computer system entities that are permitted to access the resource. [RFC2828] 1. A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. 2. A mechanism that implements access control for a system resource by enumerating the system entities that are permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each entity. [CNSSI-4009] A list of the subjects that are permitted to access an object and the access rights of each subject. [SRV] A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources. [800-82] A register of: 1. users (including groups, machines, processes) who have been given permission to use a particular system resource, and 2. the types of access they have been permitted. [SP 800-12] Mechanism implementing discretionary access control in an IT product that identifies the users who may access an object and the type of access to the object that a user is permitted. [FCv1] Mechanism implementing discretionary and/or mandatory access control between subjects and objects. [CNSSI][IATF] (see also authorized, communications security, computer, control, object, process, program, resource, subject, system, users, access) (includes ACL-based authorization)

access control mechanisms

(1) Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an IT product. (2) Hardware or software features, operating procedures, management procedures, and various combinations of these designed to detect and prevent unauthorized access and to permit authorized access in an automated system. [AJP] Hardware or software features, operating procedures, management procedures, and various combinations of these designed to detect and prevent unauthorized access and to permit authorized access in an automated system. [NCSC/TG004][SRV] Measures or procedures designed to prevent unauthorized access for protecting information or facilities. [DSS] Security safeguard designed to detect and deny unauthorized access and permit authorized access in an IS. [CNSSI] Security safeguards (i.e. hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access and permit authorized access to an information system. [CNSSI-4009] Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an IT product. [FCv1] (see also authorized, management, security, software, system, unauthorized access, access, control)

access control officer (ACO)

(see also access, control)

access control service

(I) A security service that protects against a system entity using system resource in a way not authorized by the systems security policy; in short, protection of system resources against unauthorized access. (C) This service includes protecting against use of a resource in an unauthorized manner by an entity that is authorized to use the resource in some other manner. The two basic mechanisms for implementing this service are ACLs and tickets. [RFC2828] (see also authorized, entity, policy, resource, security, system, unauthorized access, access, control)

access control system

Procedure for identifying and/or admitting personnel with proper security clearance and required access approval to information or facilities using physical, electronic, and/or human controls. [DSS] (see also security, access)

access eligibility determination

A formal determination that a person meets the personnel security requirements for access to a specified type or types of classified information. [DSS] (see also classified, requirements, security, access)

access evaluation

Process of reviewing the security qualifications of employees. [DSS] (see also security, access, evaluation)

access level

A category within a given security classification limiting entry or system connectivity to only authorized persons. [CNSSI-4009] Hierarchical portion of the security level used to identify the sensitivity of IS data and the clearance or authorization of users. Access level, in conjunction with the nonhierarchical categories, forms the sensitivity label of an object. [CNSSI] The hierarchical portion of the security level used to identify the sensitivity of data and the clearance or authorization of users. Note: The access level, in conjunction with the non-hierarchical categories, forms the sensitivity label of an object. [AJP][NCSC/TG004][SRV] (see also authorization, identify, object, users, access, security level)

access list

(IS) Compilation of users, programs, or processes and the access levels and types to which each is authorized. (COMSEC) Roster of individuals authorized admittance to a controlled area. [CNSSI] A list of users, programs, and/or processes and the specifications of access categories to which each is assigned. [NCSC/TG004][SRV] Roster of individuals authorized admittance to a controlled area. [CNSSI-4009] (see access control lists) (see also access)

access mediation

Process of monitoring and controlling access to the resources of an IT product, including but not limited to the monitoring and updating of policy attributes during accesses as well as the protection of unauthorized or inappropriate accesses. [AJP][FCv1] (see also authorized, control, policy, process, resource, access)

access mode

(I) A distinct type of data processing operation-- e.g. read, write, append, or execute--that a subject can potentially perform on an object in a system. [RFC2828] (see also object, operation, process, subject, system, access, automated information system)

access national agency check and inquiries

Personnel security investigation for access to classified information conducted by the Office of Personnel Management, combining a national agency check and written inquiries to law enforcement agencies, former employers and supervisors, references, and schools as well as a credit check. [DSS] (see also classified, security, access)

access period

A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail. [AJP][NCSC/TG004][SRV] (see also access)

access point

A device that logically connects wireless client devices operating in infrastructure to one another and provides access to a distribution system, if connected, which is typically an organization's enterprise wired network. [SP 800-48; SP 800-121] (see also access)

access port

A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams. [AJP][NCSC/TG004][SRV] (see also computer, access)

access profile

Associates each user with a list of protected objects the user may access. [CNSSI] Association of a user with a list of protected objects the user may access. [CNSSI-4009] (see also object, users, access, file, profile)

access roster

Database or listing of individuals briefed to a Special Access Program. [DSS] (see also access)

access termination

Removal of an individual from access to a Special Access Program or other program information. [DSS] (see also access)

access type

Account Management, User - Involves 1) the process of requesting, establishing, issuing, and closing user accounts; 2) tracking users and their respective access authorizations; and 3) managing these functions. [SP 800-12] Privilege to perform action on an object. Read, write, execute, append, modify, delete, and create are examples of access types. [CNSSI] Privilege to perform action on an object. Read, write, execute, append, modify, delete, and create are examples of access types. See Write. [CNSSI-4009] The nature of an access right to a particular device, program, or file (e.g. read, write, execute, append, modify, delete, or create). [AJP][NCSC/TG004][SRV] (see also authorization, file, management, object, program, users, access)

access with limited privileges

A user who can circumvent the security controls and processes of a domain or application within an IT system [NASA] (see also application, control, domain, process, security, system, users, access)

accesses

Indoctrination to classified material that has additional security requirements or caveats. This may be Sensitive Compartmented Information, Special Access Program information, or collateral-level accesses such as North Atlantic Treaty Organization or Critical Nuclear Weapons Design Information. [DSS] (see also classified, critical, requirements, security, access)

accessibility

The ability to obtain the use of a computer system resource, or the ability and means necessary to store data, retrieve data, or communicate with a system. [SRV] (see also computer, resource, system, access)

accessioned records

Records of permanent historical value in the legal custody of the National Archives and Records Administration. [DSS] (see also access)

account aggregation

A service that gathers information from many websites, presents that information to the customer in a consolidated format and, in some cases, may allow the customer to initiate activity on the aggregated accounts. Aggregation services typically involve three different entities: (1) The aggregator that offers the aggregation service and maintains information on the customer's relationships/accounts with other online providers. (2) The aggregation target or website/entity from which the information is gathered or extracted by means of direct data feeds or screen scraping. (3) The aggregation customer who subscribes to aggregation services and provides customer IDs and passwords for the account relationships to be aggregated. [FFIEC] (see also entity, information, target)

account authority digital signature (AADS)

relying party obtains public key from its own account registery record for digital signature authentication [misc] (see also authentication, key, public-key, authority, public-key infrastructure, signature)

account fraud

Form of identity theft involving fraudulent transactions against victim's account or opening new accounts in the victim's name [FTC] (see also entity, theft, fraud, identity theft)

account hijacking

assumption of a customer's identity on a valid existing account [FTC] (see account fraud)

account management

Activities such as balance inquiry, statement balancing, transfers between the customer's accounts at the same financial institution, maintenance of personal information, etc. [FFIEC] (see also information)

account takeover

(see account fraud)

accountability

(1) Means of linking individuals to their interactions with an IT product, thereby supporting identification of and recovery from unexpected or unavoidable failures of the control objectives. (2) The quality or state that enables actions on an ADP system to be traced to individuals who may then be held responsible. These actions include violations and attempted violation of the security policy, as well as allowed actions. (3) The property that enables activities on a system to be traced to individuals who may then be held responsible for their actions. [AJP] (I) The property of a system (including all of its system resources) that ensures that the actions of a system entity may be traced uniquely to that entity, which can be held responsible for its actions. (C) Accountability permits detection and subsequent investigation of security breaches. [RFC2828] (IS) Process of tracing IS activities to a responsible source. (COMSEC) Principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information. [CNSSI] 1) Principle that responsibilities for ownership and/or oversight of IS resources are explicitly assigned and that assignees are answerable to proper authorities for stewardship of resources under their control. 2) The explicit assignment of responsibilities for oversight of areas of control to executives, managers, staff, owners, providers, and users of MEI Resource Elements. [CIAO] Assigning of a document control number (including copy number) used for establishing responsibility for the document and permits traceability and disposition of the document. [DSS] Means of linking individuals to their interactions with an IT product, thereby supporting identification of and recovery from unexpected or unavoidable failures of the control objectives. [FCv1] Principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information. [CNSSI-4009] Property that allows auditing of activities in an automated information system (AIS) to be traced to persons who may then be held responsible for their actions. [IATF] Property that allows the ability to identify, verify, and trace system entities as well as changes in their status. Accountability is considered to include authenticity and non-repudiation. [800-37] The principle that individuals using a facility or a computer system must be able to be identified. With accountability, violations or attempted violation of system security can be traced to individuals who can then be held responsible for their actions. [AFSEC] The property that enables activities on a system to be traced to individuals who may then be held responsible for their actions. [NCSC/TG004][SRV] The property that ensures that the actions of an entity may be traced uniquely to the entity. [SC27] The quality or state which enables actions on an ADP system to be traced to individuals who may then be held responsible. These actions include violations and attempted violation of the security policy, as well as allowed actions. [TNI] The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non- repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. [SP 800-27] The security objective that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. [800-30][800-33] (see also audit, authority, communications security, computer, control, deterrence, entity, failure, fault isolation, identify, information, intrusion, intrusion detection, intrusion prevention, key, minimum essential infrastructure, non-repudiation, owner, policy, process, property, quality, recovery, resource, security objectives, system, trust, security goals) (includes automated information system, identification, object, users)

accounting legend code (ALC)

Numeric code used to indicate the minimum accounting controls required for items of accountable COMSEC material within the COMSEC Material Control System. [CNSSI] Numeric code used to indicate the minimum accounting controls required for items of accountable communications security (COMSEC) material within the COMSEC Material Control System. [CNSSI-4009] (see also communications security, control, control systems, security, system, code)

accounting number

Number assigned to an item of COMSEC material to facilitate its control. [CNSSI][CNSSI-4009] (see also communications security, control)

accreditation

(1) The procedure for accepting an IT system to process sensitive information within a particular operational environment. (2) The formal procedure for recognizing both the technical competence and the impartiality of an IT test laboratory (evaluation body) to carry out its associated tasks. (3) Formal declaration by a designated approving authority that an Automated Information System (AIS) is approved to operate in a particular security configuration using a prescribed set of safeguards. (4) The managerial authorization and approval granted to an ADP system or network to process sensitive data in an operational environment, made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the computer system meet pre-specified technical requirements, e.g. TCSEC (Trusted Computer System Evaluation Criteria), for achieving adequate data security. Management can accredit a system to operate at a higher or lower level than the risk level recommended (e.g. by the requirements guideline) for the certification level of the computer system. If management accredits the system to operate at a higher level than is appropriate for the certification level, management is accepting the additional risk incurred. (5) A formal declaration by the DAA (designated approving authority) that the AIS is approved to operate in a particular security mode using a prescribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. [AJP] (I) An administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. (C) An accreditation is usually based on a technical certification of the computer system's security mechanisms. The terms 'certification' and 'accreditation' are used more in the U.S. Department of Defense and other government agencies than in commercial organizations. However, the concepts apply any place where managers are required to deal with and accept responsibility for security risks. The American Bar Association is developing accreditation criteria for CAs. [RFC2828] A formal declaration by the DAA that the AIS is approved to operate in a particular security mode using a perscribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. [NCSC/TG004] A management's formal acceptance of the adequacy of a computer system's security. [SRV] Formal certification by a cognizant security authority that a facility, designated area, or information system has met Director of National Intelligence security standards for handling, processing, discussing, disseminating, or storing Sensitive Compartmented Information. [DSS] Formal declaration by a Designated Accrediting Authority (DAA) that an IS is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. [CNSSI] Formal declaration by a Designated Approving Authority that an IS is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. [GSA] Formal declaration by a designated approving authority that an Automated Information System (AIS) is approved to operate in a particular security configuration using a prescribed set of safeguards. [FCv1] Formal declaration by the responsible management approving the operation of an automated system in a particular security mode using a particular set of safeguards. Accreditation is the official authorization by management for the operation of the computer system, and acceptance by that management of the associated residual risks. Accreditation is based on the certification process as well as other management considerations. [SC27] Has two definitions according to circumstances: a)the procedure for accepting an IT system for use within a particular environment; b)the procedure for recognizing both the technical competence and the impartiality of a test laboratory to carry out its associated tasks. [ITSEC] Of information system. Approval to use an Information System to process classified information in a specified environment at an acceptable level of risk based upon technical, managerial, and procedural safeguards. [DSS] The authorization of an IT system to process, store, or transmit information, granted by a management official. Accreditation, that is required under OMB Circular A-130, is based on an assessment of the management, operational, and technical controls associated with an IT system. [800-37] The managerial authorization and approval, granted to an ADP system or network to process sensitive data in an operational environment, made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the computer system meet pre-specified technical requirements, e.g. TCSEC, for achieving adequate data security. Management can accredit a system to operate at a higher/lower level than the risk level recommended (e.g. by the Requirements Guideline-) for the certification level of the computer system. If management accredits the system to operate at a higher level than is appropriate for the certification level, management is accepting the additional risk incurred. [TNI] The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls. [800-60][800-82] Two definitions according to circumstances: 1) Operational system accreditation: The authorization that is granted for use of an IT system to process sensitive information in its operational environment. (ANSI modified) 2) Laboratory accreditation: The formal recognition that a testing laboratory is technically competent to carry out its specified tasks. [JTC1/SC27] (see also Common Criteria Testing Laboratory, approved technologies list, approved test methods list, assessment, association, authority, authorization, cascading, certificate, certificate revocation list, certification phase, certifier, classified, computer, control, controlled security mode, criteria, dedicated security mode, evaluation, external security controls, function, information, intelligence, multilevel security mode, national information assurance partnership, network, operation, partitioned security mode, pre-certification phase, process, requirements, risk, security evaluation, security testing, site certification, standard, system, system-high security mode, test, trust, trusted computer system, type certification, certification) (includes DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation boundary, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, identification and accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation)

accreditation authority

Entity trusted by all members of a group of entities for the purposes of the generation of private accreditation information. [SC27] (see also entity, information, trust, accreditation, authority)

accreditation body

An independent organization responsible for assessing the performance of other organizations against a recognized standard, and for formally confirming the status of those that meet the standard. [NIAP] (see also standard, accreditation, national information assurance partnership)

accreditation boundary

1. (IA) - Identifies the information resources covered by an accreditation decision, as distinguished from separately accredited information resources that are interconnected or with which information is exchanged via messaging. (Synonymous with Security Perimeter) 2. (IC) - For the purposes of identifying the Protection Level for confidentiality of a system to be accredited, the system has a conceptual boundary that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system (DCID 6/3, 5 Jun 99) [CNSSI] All components of an information system to be accredited by an authorizing official and excludes separately accredited systems, to which the information system is connected. [800-60] (see also security perimeter, information, resource, security, system, users, accreditation, boundary)

accreditation disapproval

The system does not meet the security requirements and security controls as stated in the security plan; residual risk is too great, and mission criticality does not mandate the immediate operational need. Therefore, the developmental system is not approved for operation or, if the system is already operational, the operation of the system is halted. [800-37] (see also control, critical, operation, requirements, risk, security, system, accreditation)

accreditation multiplicity parameter

Positive integer equal to the number of items of secret accreditation information provided to an entity by the accreditation authority. [SC27] (see also authority, entity, information, accreditation)

accreditation package

Product comprised of a System Security Plan (SSP) and a report documenting the basis for the accreditation decision. [CNSSI] The accreditation letter and supporting documentation and rationale for the accreditation decision. [800-37] (see also security, system, accreditation)

accreditation phase

The accreditation phase is the third phase of the certification and accreditation process. Its purpose is to complete the final risk assessment on the IT system, update the security plan, prepare the certification findings, and issue the accreditation decision. [800-37] (see also assessment, process, risk, security, system, update, accreditation)

accreditation range

The accreditation range of a host with respect to a particular network is a set of mandatory access control levels (according to 'Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments,' CSC-STD-003-85) for data storage, processing, and transmission. The accreditation range will generally reflect the sensitivity levels of data that the accreditation authority believes the host can reliably keep segregated with an acceptable level of risk in the context of the particular network for which the accreditation range is given. Thus, although a host system might be accredited to use the mandatory access control levels Confidential, Secret, and Top Secret in stand-alone operation, it might have an accreditation range consisting of the single value Top Secret for attachment to some network. [AJP] (see also access, access control, authority, computer, computer security, control, criteria, evaluation, network, operation, process, requirements, risk, security, system, trust, trusted computer system, accreditation)

accredited

Formally confirmed by an accreditation body as meeting a predetermined standard of impartiality and general technical, methodological, and procedural competence. [NIAP] (see accreditation)

accredited security parameter

Security classification levels, compartments, and subcompartments at which an Information System or network is accredited to operate [for example TOP SECRET or Special Access Required]Security classification levels, compartments, and subcompartments at which an Information System or network is accredited to operate [for example TOP SECRET or Special Access Required] [DSS] (see also access, security)

accrediting authority

Customer official who has the authority to decide on accepting the security safeguards prescribed or who is responsible for issuing an accreditation statement that records the decision to accept those safeguards. [DSS] Synonymous with Designated Accrediting Authority (DAA). See also Authorizing Official. [CNSSI-4009] Synonymous with designated accrediting authority (DAA). [CNSSI] (see also security, authority)

accuracy

A qualitative assessment of correctness, or freedom from error. [SRV] (see also assessment)

ACH debit fraud

unauthorized payment, using fraudulently obtained account number [FTC] (see also authorized, fraud, identity theft)

acknowledged special access program

Special Access Program acknowledged to exist and whose purpose is identified (for example, the B-2 or the F-117 aircraft program) while the details, technologies, materials, techniques, of the program are classified as dictated by their vulnerability to exploitation and the risk of compromise. Program funding is generally unclassified. (Note: Members of the four Congressional Defense Committees are authorized access to the program.) [DSS] (see also authorized, classified, compromise, risk, vulnerability, access)

ACL-based authorization

A scheme where the authorization agent consults an ACL to grant or deny access to a principal. [misc] (see also access, access control lists, authorization) (includes distributed computing environment)

acoustic intelligence

Intelligence information derived from collection and analysis of acoustical phenomena. [DSS] (see also acoustic security, analysis, intelligence)

acoustic security

Security measures designed and used to deny aural access to classified information. [DSS] (see also access, acoustic intelligence, classified, security)

acoustic warfare

Action involving the use of underwater acoustic energy to determine, exploit, reduce, or prevent hostile use of the underwater acoustic spectrum and actions which retain friendly use of the underwater acoustic spectrum. [DOD] (see also warfare)

acquirer

(N) SET usage: 'The financial institution that establishes an account with a merchant and processes payment card authorizations and payments.' (O) 'The institution (or its agent) that acquires from the card acceptor the financial data relating to the transaction and initiates that data into an interchange system.' [RFC2828] (see also authorization, process, system, Secure Electronic Transaction)

acquisition

Networks or systems generally used for industrial controls or to manage infrastructure such as pipelines and power systems. [CNSSI-4009] (see also control)

acquisition plan

A document that records management's decisions; contains the requirements; provides appropriate analysis of technical options and the lifecycle plans for development, production, training, and support of material items. [SRV] (see also analysis, requirements)

acquisition program

Directed, funded effort that provides a new, improved, or continuing materiel, weapon, or information system, or service capability in response to an approved need. [DSS]

acquisition special access program

A Special Access Program established primarily to protect sensitive research, development, testing, and evaluation or procurement activities in support of sensitive military and intelligence requirements. [DSS] (see also evaluation, intelligence, requirements, access)

acquisition strategy

The conceptual framework for conducting systems acquisition, encompassing the broad concepts and objectives that direct and control the overall development, production, and deployment of a system. It evolves in parallel with the system's maturation. It must be stable enough to provide continuity but dynamic and flexible enough to accommodate change. It is tailored to fit the needs for developing, producing, and fielding the system. The set of decisions that determines how products and services will be acquired, including contracting method, contract duration, contract pricing, and quantities. [SRV] (see also control, object, system)

acquisition systems protection

Safeguarding of Defense systems anywhere in the acquisition process as defined in Department of Defense Directive 5000.1, the defense technologies being developed that could lead to weapon or Defense systems, and Defense research data. Acquisition Systems Protection integrates all security disciplines, counterintelligence, other defensive methods for denying foreign collection efforts and preventing unauthorized disclosure to deliver to our forces uncompromised combat effectiveness over the live expectancy of the system. [DSS] (see also authorized, compromise, foreign, intelligence, security)

activation data

Private data, other than keys, that are required to access cryptographic modules. [SP 800-32] (see also access)

active attack

An attack on the authentication protocol where the attacker transmits data to the claimant or verifier. Examples of active attacks include a man-in-the-middle, impersonation, and session hijacking. [800-63] An attack on the authentication protocol where the attacker transmits data to the claimant, Credential Service Provider, verifier, or relying party. Examples of active attacks include man-in-the-middle, impersonation, and session hijacking. [SP 800-63] An attack that alters a system or data. [CNSSI-4009] (see also authentication, impersonation, protocols, attack)

active content

Electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user. [SP 800-28] Software in various forms that is able to automatically carry out or trigger actions on a computer platform without the intervention of a user. [CNSSI-4009] WWW pages which contain references to programs which are downloaded and executed automatically by WWW browsers. [SRV] (see also program, software)

active security testing

Hands-on security testing of systems and networks to identify their security vulnerabilities. [800-115] Security testing that involves direct interaction with a target, such as sending packets to a target. [SP 800-115] (see also system, target, vulnerability, security testing, test)

active state

The key lifecycle state in which a cryptographic key is available for use for a set of applications, algorithms, and security entities. [800-130] (see also deactivated state, algorithm, application, cryptographic, key, lifecycle, security, key lifecycle state)

active wiretapping

The attaching of an unauthorized device, such as a computer terminal, to a communications circuit for the purpose of obtaining access to data through the generation of false messages or control signals, or by altering the communications of legitimate users. [SRV] (see also access, access control, authorized, communications, computer, control, message, users, wiretapping)

activities

An assessment object that includes specific protection-related pursuits or actions supporting an information system that involve people (e.g., conducting system backup operations, monitoring network traffic). [SP 800-53A]

activity

Department of Defense unit, organization, or installation performing a function or mission. [DSS]

activity analysis

The analysis and measurement (in terms of time, cost, and throughput) of distinct units of work (activities) that make up a process. [SRV] (see also process, analysis, security software)

activity security manager

Individual specifically designated in writing and responsible for an activity's information security program who ensures classified and controlled unclassified information is properly handled during its entire lifecycle. That overview includes ensuring material is appropriately identified, marked, stored, disseminated, disposed of, and accounted for, as well as providing guidance on the handling of security incidents to minimize adverse effects and ensure that appropriate corrective action is taken. The security manager may be assigned responsibilities in other security disciplines such as personnel and physical security. [DSS] (see also classified, information security, security incident, security)

activity-based costing (ABC)

(see also business process)

actuator

A pneumatic, hydraulic, or electrically powered device that supplies force and motion so as to position a valve's closure member at or between the open or closed position. [800-82]

ad hoc

Something that is ad hoc or that is done on an ad hoc basis happens or is done only when the situation makes it necessary or desirable, rather than being arranged in advance or being part of a general plan. [OVT]

ad hoc network

A wireless network that dynamically connects wireless client devices to each other without the use of an infrastructure device, such as an access point or a base station. [SP 800-121] (see also access, network)

ad hoc testing

Testing carried out using no recognised test case design technique. [OVT] (see also security testing, test)

ad-lib test

A test executed without prior planning; especially if the expected test outcome is not predicted beforehand. An undocumented test. [OVT] (see also test)

adaptive predictive coding (APC)

add-on security

(I) 'The retrofitting of protection mechanisms, implemented by hardware or software, after the [automatic data processing] system has become operational.' [RFC2828] Incorporation of new hardware, software, or firmware safeguards in an operational IS. [CNSSI] Incorporation of new hardware, software, or firmware safeguards in an operational information system. [CNSSI-4009] The retrofitting of protection mechanisms, implemented by hardware or software, after the computer system has become operational. [SRV] The retrofitting of protection mechanisms, implemented by hardware or software. [AJP][NCSC/TG004] (see also computer, operation, process, software, system, security)

address

A sequence of bits or characters that identifies the destination and the source of a transmission. [SRV]

address indicator group (AIG)

address of record

The official location where an individual can be found. The address of record always includes the residential street address of an individual and may also include the mailing address of the individual. In very limited circumstances, an Army Post Office box number, Fleet Post Office box number or the street address of next of kin or of another contact individual can be used when a residential street address for the individual is not available. [800-63]

address spoofing

A type of attack in which the attacker steals a legitimate network (e.g. IP) address of a system and uses it to impersonate the system that owns the address. [misc] (see also impersonation, network, system, masquerade, spoof, spoofing) (includes ip spoofing)

adequate security

Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. [800-37] Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. Note: This includes assuring that information systems operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls. [CNSSI-4009; SP 800-37] Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that information systems operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls. (OMB Circular A-130) [CNSSI] Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. [SP 800-53; FIPS 200; OMB Circular A-130, App. III] (see also access, access control, authorized, availability, control, information, integrity, management, operation, risk, system, unauthorized access, security)

adjudication

Evaluation of personnel security investigations and other relevant information to determine if it is clearly consistent with the interests of national security for persons to be granted (or retain) eligibility for access to classified information and continue to hold positions requiring a trustworthiness decision. [DSS] (see also access, classified, evaluation, security, trust)

adjudication authority

Entity that provides adjudication for eligibility or access. [DSS] (see also access)

adjudicative process

An examination of a sufficient period of a person's life to make an affirmative determination that the person is an acceptable security risk. [DSS] (see also risk, security)

adjudicator

Personnel security specialist who performs adjudications. [DSS] (see also security)

administration documentation

The information about a Target of Evaluation supplied by the developer for use by an administrator. [AJP][ITSEC] (see also information, target, target of evaluation)

administrative access

Individuals or terminals authorized to perform network administrator or system administrator functions. [FFIEC] (see also authorized, function, system, access)

administrative account

A user account with full privileges on a computer. [SP 800-69] (see also computer, users)

administrative safeguards

Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic health information and to manage the conduct of the covered entity's workforce in relation to protecting that information. [SP 800-66] (see also development, security)

administrative security

(I) Management procedures and constraints to prevent unauthorized access to a system. (O) 'The management constraints, operational procedures, accountability procedures, and supplemental controls established to provide an acceptable level of protection for sensitive data.' (C) Examples include clear delineation and separation of duties, and configuration control. [RFC2828] The management constraints and supplemental controls established to provide an acceptable level of protection for data. [AJP][NCSC/TG004][NSAINT] The management constraints and supplemental controls established to provide an acceptable level of protection for data. Synonymous with procedural security. [SRV] (see procedural security) (see also security)

administrator

A person in contact with the Target of Evaluation who is responsible for maintaining its operational capability. [AJP][ITSEC] (see also operation, target, target of evaluation)

advanced development model (ADM)

(see also software development)

advanced encryption standard

(AES) The Advanced Encryption Standard specifies a U.S. Government- approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. [FIPS 197] (N) A future FIPS publication being developed by NIST to succeed DES. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm, available royalty-free worldwide. [RFC2828] A U.S. Government-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. [CNSSI-4009] FIPS approved cryptographic algorithm that is a symmetric block cypher using cryptographic key sizes of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. [CNSSI] (see also algorithm, classified, cryptographic, key, National Institute of Standards and Technology, encryption, standard, symmetric cryptography)

advanced intelligence network (AIN)

(see also intelligence, network)

advanced intelligent network (AIN)

An evolving architecture that allows rapid creation and modification of telecommunication services. [SRV] (see also network)

advanced key processor

A cryptographic device that performs all cryptographic functions for a management client node and contains the interfaces to 1) exchange information with a client platform, 2) interact with fill devices, and 3) connect a client platform securely to the primary services node (PRSN). [CNSSI-4009] (see also management, key)

Advanced Mobile Phone Service (AMPS)

The standard system for analog cellular telephone service in the U.S. AMPS allocates frequency ranges within the 800 -- 900 MHz spectrum to cellular telephones. Signals cover an area called a cell. Signals are passed into adjacent cells as the user moves to another cell. The analog service of AMPS has been updated to include digital service. [IATF] (see also standard, system, update, users)

advanced narrowband digital voice terminal (ANDVT)

advanced persistent threats

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders. efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. [SP 800-39] (see also attack, critical, cyberspace, target, threat)

Advanced Research Projects Agency Network (ARPANET)

(see also network)

advanced self-protection jammer (ASPJ)

(see also assurance, communications security, jamming)

adversary

(I) An entity that attacks, or is a threat to, a system. [RFC2828] Individual, group, organization, or Government that must be denied critical information. An adversary is synonymous with competitor/enemy. [DSS] Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. [SP 800-30] Person or organization that must be denied accesses to information. [IATF] (see also C2-attack, C2-protect, RED team, access, access control, advisory, attack, camouflage, command and control warfare, communications cover, communications deception, compromise, counterintelligence, countermeasures, cover, critical, cryptographic key, damage, data aggregation, deception, eavesdropping, entity, imitative communications deception, indicator, information, information assurance, information operations, information superiority, information warfare, intelligence, intelligent threat, malware, man-in-the-middle attack, motivation, national information infrastructure, non-technical countermeasure, operations security, operations security indicator, perceived collection threat, radio frequency jamming, random, replay attacks, risk, security environment threat list, security threat, social engineering, system, target, threat, threat analysis, traffic analysis, vulnerability, vulnerability analysis, vulnerability assessment, security) (includes adversary collection methodology, adversary threat strategy)

adversary collection methodology

Resource and method available to and used by an adversary for the collecting and exploiting sensitive/ critical information or indicators thereof. [DSS] (see also critical, adversary)

adversary threat strategy

Process of defining, in narrative or graphical format, a threat presented to an operation, program, or project. The adversary threat strategy should define the potential adversaries, the courses of action those adversaries might take against the operation, and the information needed by the adversaries to execute those actions. [DSS] (see also adversary, threat)

adverse action

Removal from employment, suspension from employment of more than 14 days, reduction in grade, reduction of pay, or furlough of 30 days or less. [DSS]

adverse information

Information that can adversely reflect on the integrity or character of a cleared employee suggested that his or her ability to safeguard classified information may be impaired, or that his or her access to classified information may not be in the interest of national security. [DSS] (see also access, classified, security)

advisory

Notification of significant new trends or developments regarding the threat to the IS of an organization. This notification may include analytical insights into trends, intentions, technologies, or tactics of an adversary targeting ISs. [CNSSI] Notification of significant new trends or developments regarding the threat to the information systems of an organization. This notification may include analytical insights into trends, intentions, technologies, or tactics of an adversary targeting information systems. [CNSSI-4009] (see also Internet Architecture Board, adversary, computer emergency response team, development, target, threat) (includes Computer Incident Advisory Capability, National COMSEC Advisory Memorandum, National Industrial Security Advisory Committee, National Security Telecommunications Advisory Committee, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, TEMPEST advisory group)

affiliate

Entity effectively owned or controlled by another entity. [DSS]

agency

Any executive agency, as section 105, title 5 of the United States Code defines, and any other entity within the executive branch that comes into the possession of classified information. [DSS] Any executive department, military department, government corporation, government-controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include: 1) the Government Accountability Office; 2) the Federal Election Commission; 3) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or 4) government- owned contractor-operated facilities, including laboratories engaged in national defense research and production activities. [FIPS 200; 44 U.S.C., Sec. 3502] Federal department, major organizational unit within a department, or independent agency. [CIAO] (see also classified, control)

agent

A host-based intrusion detection and prevention program that monitors and analyzes activity and may also perform prevention actions. [800-94] A program acting on behalf of a person or organization. [SP 800-95] A program used in distributed denial of service (DDoS) attacks that sends malicious traffic to hosts based on the instructions of a handler. [800-61] Person who engages in clandestine activity. [DSS] (see also attack, intrusion, intrusion detection, malicious, program)

agent of the government

Contractor employee designated in writing by the Government Contracting Officer authorized to act on behalf of the Government. [DSS] (see also authorized)

aggregation

(I) A circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it. [RFC2828] (see also classified, information, security)

aggressive mode

Mode used in IPsec phase 1 to negotiate the establishment of an IKE SA through three messages. [800-77] (see also establishment, internet protocol security, internet security protocol, message)

agreement

A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. It is usually preceded by a formal MOA/MOU that defines high-level roles and responsibilities in management of a cross-domain connection. [CNSSI-4009] (see also management, security)

alarm

A device or function that signals the existence of an abnormal condition by making an audible or visible discrete change, or both, so as to attract attention to that condition. [800-82] (see also alert, countermeasures, function)

alarm reporting

An OSI terms that refers to the communication of information about a possible detected fault. This information generally includes the identification of the network device or network resource in which the fault was detected, the type of the fault, its severity, and its probable cause. [SRV] (see also fault, identification, information, network, resource, security software)

alarm surveillance

The set of functions that enable: (1) the monitoring of the communications network to detect faults and fault-related events or conditions; (2) the logging of this information for future use in fault detection and other network management activities; and (3) the analysis and control of alarms, notifications, and other information about faults to ensure that the resources of network management are directed toward faults that affect the operation of the communications network. Analysis of alarms consists of alarm filtering, alarm correlation, and fault prediction. [SRV] (see also analysis, communications, control, fault, function, information, network, operation, resource, security software)

alert

A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events. [NSAINT] A notification of an important observed event. Anomaly-Based Detection: The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. [800-94] Notice of specific attack directed at an organization's IS resources. [CIAO] Notification that a specific attack has been directed at an organization's information systems. [CNSSI-4009] Notification that a specific attack has been directed at the IS of an organization. [CNSSI] (see also alarm, anomaly, attack, audit, communications security, critical, identify, message, network, process, resource, security)

algorithm

(I) A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer. [RFC2828] A mathematical procedure that can usually be explicitly encoded in a set of computer language instructions that manipulate data. Cryptographic algorithms are mathematical procedures used for such purposes as encrypting and decrypting messages and signing documents digitally. [AJP] (see also CAST, Clipper chip, Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security, Computer Security Objects Register, Diffie-Hellman, Digital Signature Standard, Escrowed Encryption Standard, FIPS PUB 140-1, FIPS approved security method, Fortezza, Internet Security Association and Key Management Protocol, OAKLEY, Rivest Cipher 2, Rivest Cipher 4, SET qualifier, Simple Key-management for Internet Protocols, Skipjack, Type 4 product, Type I cryptography, Type II cryptography, Type III cryptography, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, active state, advanced encryption standard, approved, asymmetric cryptography, asymmetric encipherment system, biometric template, block cipher, break, brute force attack, certification request, checksum, cipher, cipher block chaining, cipher feedback, cipher suite, ciphertext, ciphertext-only attack, code, communications security, computer, computer cryptography, cryptanalysis, cryptographic, cryptographic functions, cryptographic key, cryptographic logic, cryptographic module, cryptographic system, cryptographic token, cryptography, cryptonet, cryptoperiod, cycle time, cyclic redundancy check, data authentication code, data authentication code vs. Data Authentication Code, data encryption standard, decrypt, digital envelope, digital signature, domain of interpretation, effective key length, electronically generated key, elliptic curve cryptography, encipherment, encrypt, encryption, encryption strength, frequency hopping, hash, hash function, hybrid encryption, indistinguishability, initial transformation, initialization value, initialization vector, intelligent threat, internet protocol security, key, key agreement, key distribution, key generating function, key generator, key pair, key recovery, key space, key transport, key-escrow system, keyed hash, known-plaintext attack, link encryption, man-in-the-middle attack, message, message authentication code, message authentication code vs. Message Authentication Code, message digest, metrics, mode of operation, one-time pad, out-of-band, output transformation, parameters, pretty good privacy, private key, process controller, protection suite, pseudo-random, public-key, public-key cryptography standards, public-key forward secrecy, public-key information, secret key, secret-key cryptography, secure hash standard, secure hypertext transfer protocol, secure socket layer, security mechanism, security strength, semantic security, signature generation, signature verification, stream cipher, strength of mechanisms, symmetric cryptography, symmetric key, trapdoor, triple DES, trust, tunnel, type 1 products, type 2 product, type 3 product, validate, virus definitions) (includes Data Authentication Algorithm, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, International Data Encryption Algorithm, Key Exchange Algorithm, MAC algorithm key, NULL encryption algorithm, RSA algorithm, Rivest-Shamir-Adleman algorithm, algorithm transition, asymmetric algorithm, asymmetric cryptographic algorithm, asymmetric encryption algorithm, control algorithm, cryptographic algorithm, cryptographic algorithm for confidentiality, data encryption algorithm, digital signature algorithm, encipherment algorithm, encryption algorithm, hash algorithm, keyed hash algorithm, message authentication code algorithm, message digest algorithm 5, public-key algorithm, secure hash algorithm, symmetric algorithm, symmetric encipherment algorithm, symmetric encryption algorithm)

algorithm transition

The processes and procedures used to replace one cryptographic algorithm with another. [800-130] (see also cryptographic, process, algorithm)

alias

(I) A name that an entity uses in place of its real name, usually for the purpose of either anonymity or deception. [RFC2828] (see also anonymous, entity, masquerade)

alien

Person not a citizen of the United States. [DSS] (see also United States citizen)

alignment

The degree of agreement, conformance, and consistency among organizational purpose, mission, vision, and values; structures, systems, and processes; and individual values, skills, and behaviors. [SRV] (see also process, system)

all-hazards

A grouping classification encompassing all conditions, environmental or manmade, that have the potential to cause injury, illness, or death; damage to or loss of equipment, infrastructure services, or property; or alternatively causing functional degradation to social, economic, or environmental aspects. [NIPP]

allocation

The process an organization employs to determine whether security controls are defined as system-specific, hybrid, or common. The process an organization employs to assign security controls to specific information system components responsible for providing a particular security capability (e.g., router, server, remote sensor). [SP 800-37] (see also control, security)

allowed traffic

Packets forwarded as a result of the rule set of the device under test/system under test (DUT/SUT). Firewalls typically are configured to forward only those packets explicitly permitted in the rule set. Forwarded packets must be included in calculating the bit forwarding rate or maximum bit forwarding rate of the DUT/SUT. All other packets must not be included in bit forwarding rate calculations. [RFC2647] (see also bit forwarding rate, ruleset, system, test)

alternate COMSEC custodian

Individual designated by proper authority to perform the duties of the COMSEC custodian during the temporary absence of the COMSEC custodian. [CNSSI][CNSSI-4009] (see also authority, communications security)

alternate work site

Governmentwide, national program allowing federal employees to work at home or at geographically convenient satellite offices for part of the work week (e.g., telecommuting). [CNSSI-4009]

alternative compensatory control measures

Used to safeguard sensitive intelligence or operations and support information (acquisition programs do not qualify) when normal measures are insufficient to achieve strict need-to-know controls and where Special Access Program controls are not required. [DSS] (see also access, intelligence)

alternative work site

Government-wide, national program allowing Federal employees to work at home or at geographically convenient satellite offices for part of the work week (e.g., telecommuting). [CNSSI] (see also program)

American institute of certified public accountants (AICPA)

American National Standards Institute (ANSI)

(N) A private, not-for-profit association of users, manufacturers, and other organizations, that administers U.S. private sector voluntary standards. (C) ANSI is the sole U.S. representative to the two major non-treaty international standards organizations, ISO and, via the U.S. National Committee (USNC), the International Electrotechnical Commission (IEC). [RFC2828] organization responsible for approving standards, including computers and communications. [misc] (see also association, automated information system, communications, computer, users, standard)

American Standard Code for Information Interchange (ASCII)

analog signal

A continuous electrical signal whose amplitude varies in direct correlation with the original input. [SRV]

analysis

Process by which information is examined to identify significant facts and/or derive conclusions. [DSS] The examination of acquired data for its significance and probative value to the case. [SP 800-72] (see also evaluation, test, Federal Standard 1027, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acceptable level of risk, acoustic intelligence, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, counterintelligence assessment, countermeasures, cryptology, cryptoperiod, damage assessment, data historian, diagnostics, digital forensics, electronic security, elliptic curve cryptography, emanations security, emission security, emissions security, error seeding, evaluation assurance, fault injection, financial crimes enforcement network, flaw hypothesis methodology, flooding, formal language, functional test case design, global requirements, hashed message authentication code, independent validation and verification, instrumentation, intelligence, intelligence sources and methods, judgment sample, known-plaintext attack, limited network analyzer, local requirements, measurement and signature intelligence, model, national computer security assessment program, network sniffing, one-time pad, operations security, operations security process, operations security survey, personal computer system, portfolio, privacy impact assessment, reference monitor, reference validation mechanism, remote maintenance, risk assessment, risk identification, risk management, robustness, sanitization, sanitizing, security test and evaluation, significant change, symbolic execution, system development, system development methodologies, target vulnerability validation techniques, telemetry, telemetry intelligence, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, verification, vulnerability, vulnerability assessment) (includes SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit, cost/benefit analysis, cost/benefit estimate, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, gap analysis, information sharing and analysis center, mutation analysis, network behavior analysis system, requirements analysis, risk analysis, risk reduction analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, stateful protocol analysis, static analysis, target identification and analysis techniques, technical threat analysis, threat analysis, traffic analysis, value analysis, vulnerability analysis)

analysis of alternatives

The process of determining how an organization's information needs will be met. It is an analysis to compare and evaluate the costs and benefits of various alternatives for meeting a requirement for the purpose of selecting the alternative that is most advantageous to the organization. [SRV] (see also information, process, analysis)

ankle-biter

A person who aspires to be a hacker/cracker but has very limited knowledge or skills related to AIS's. Usually associated with young teens who collect and use simple malicious programs obtained from the Internet. [NSAINT] (see also internet, malicious, program, threat)

anomaly

An anomaly is a rule or practice that is different from what is normal or usual, and that is therefore unsatisfactory. Anything observed in the documentation or operation of software that deviates from expectations based on previously verified software products or reference documents. [OVT] Any condition that departs from the expected. This expectation can come from documentation (e.g. requirements specifications, design documents, user documents) or from perceptions or experiences. An anomaly is not necessarily a problem in the software, but a deviation from the expected, so that errors, defects, faults, and failures are considered anomalies. [SRV] (see also alert, bug, failure, fault, operation, problem, requirements, software, users) (includes anomaly detection, anomaly detection model)

anomaly detection

Detecting intrusions by looking for activity that is different from the user's or system's normal behavior. [CIAO] (see also countermeasures, intrusion, system, users, anomaly, security software)

anomaly detection model

A model where intrusions are detected by looking for activity that is different from the user's or system's normal behavior. [NSAINT] (see also intrusion, system, users, anomaly, model, security policy model)

anomaly-based detection

The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. [SP 800-94]

anonymity

A security service that prevents the disclosure of information that leads to the identification of the end users. [IATF] (see also identification, information, security, users)

anonymous

(I) The condition of having a name that is unknown or concealed. (C) An application may require security services that maintain anonymity of users or other system entities, perhaps to preserve their privacy or hide them from attack. To hide an entity's real name, an alias may be used. For example, a financial institution may assign an account number. Parties to a transaction can thus remain relatively anonymous, but can also accept the transaction as legitimate. Real names of the parties cannot be easily determined by observers of the transaction, but an authorized third party may be able to map an alias to a real name, such as by presenting the institution with a court order. In other applications, anonymous entities may be completely untraceable. [RFC2828] (see also alias, application, attack, authorized, entity, privacy, security, system, users)

anonymous and guest login

Services may be made available without any kind of authentication. This is commonly done, for instance, with the FTP protocol to allow anonymous access. Other systems provide a special account named 'guest' to provide access, typically restricting the privileges of this account. [RFC2504] (see also access, authentication, protocols, system, login)

anonymous login

(I) An access control feature (or, rather, an access control weakness) in many Internet hosts that enables users to gain access to general-purpose or public services and resources on a host (such as allowing any user to transfer data using File Transfer Protocol) without having a pre-established, user-specific account (i.e. user name and secret password). (C) This feature exposes a system to more threats than when all the users are known, pre-registered entities that are individually accountable for their actions. A user logs in using a special, publicly known user name (e.g. 'anonymous', 'guest', or 'ftp'). To use the public login name, the user is not required to know a secret password and may not be required to input anything at all except the name. In other cases, to complete the normal sequence of steps in a login protocol, the system may require the user to input a matching, publicly known password (such as 'anonymous') or may ask the user for an e-mail address or some other arbitrary alphanumeric string. [RFC2828] (see also access, control, file, passwords, protocols, resource, system, threat, users, internet, login)

anti-jam

Countermeasures ensuring that transmitted information can be received despite deliberate jamming attempts. [CNSSI-4009] Measures ensuring that transmitted information can be received despite deliberate jamming attempts. [CNSSI][IATF] (see also information, jamming, communications security)

anti-jamming (AJ)

(see also jamming, communications security)

anti-spoof

Countermeasures taken to prevent the unauthorized use of legitimate Identification & Authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker. [CNSSI-4009] Measures taken to prevent the unauthorized use of legitimate Identification & Authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker. [CNSSI] (see also spoofing, attack, authentication, authorized, identification, security software, subject, spoof)

anti-tamper

Systems engineering activities intended to deter and/ or delay exploitation of critical technologies in a U.S. Defense system intended to impede countermeasure development, unintended technology transfer, or alteration of a system. [DSS] (see also critical, tamper)

anti-tamper executive agent

Department of Defense Anti-Tamper Executive Agent, chartered by the Under Secretary of Defense for Acquisition, Technology, and Logistics, and assigned to the Directorate for Special Programs, Office of the Assistant Secretary of the Air Force for Acquisition. [DSS] (see also tamper)

antispyware software

A program that specializes in detecting both malware and non- malware forms of spyware. [SP 800-69] (see also malware, program, software)

antisubmarine warfare

Operations conducted with the intention of denying the enemy the effective use of submarines. [DOD] (see also warfare)

antivirus software

A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents. [800-83][SP 800-83] A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents. Application-Based Intrusion Detection and Prevention System: A host-based intrusion detection and prevention system that performs monitoring for a specific application service only, such as a Web server program or a database server program. [800-94] Computer programs that offer protection from viruses by making additional checks of the integrity of the operating system and electronic files. Also known as virus protection software [FFIEC] (see also application, computer, countermeasures, file, identify, incident, integrity, intrusion, intrusion detection, malware, program, system, security software, software, virus)

antivirus tools

Software products and technology used to detect malicious code, prevent it from infecting a system, and remove malicious code that has infected the system. [800-82] (see also code, countermeasures, malicious, software, system, technology, virus)

appeal

Formal request under the provisions of section 5.2 of Executive Order 12968 for review of a denial or revocation of access eligibility. [DSS] (see also access)

appendix

A string of bits formed by the signature and an optional text field. [SC27] (see also signature)

applet

A small program that typically is transmitted with a Web page. [FFIEC] Small applications written in various programming languages which are automatically downloaded and executed by applet-enabled WWW browsers. [SRV] (see also application, program, world wide web)

applicant

A person who has applied to become a key holder, prior to the time at which keys and certificates are issued to and accepted by them. [800-103] An entity (organisation, individual etc.) which requests the assignment of a register entry and entry label. [SC27] Person other than an employee who received an authorized conditional offer of employment for a position requiring access to classified information. [DSS] The subscriber is sometimes called an 'applicant' after applying to a certification authority for a certificate, but before the certificate issuance procedure is completed. [SP 800-32] (see also access, authorized, certificate, certification, classified, entity, key)

applicant assertion

A party undergoing the processes of registration and identity proofing. A statement from a verifier to a relying party that contains identity information about a Subscriber. Assertions may also contain verified attributes. [800-63] (see also entity, identity, information, process, registration)

application

1) All application systems, internal and external, utilized in support of the core process. 2) A software package designed to perform a specific set of functions, such as word processing or communications. [CIAO] A computer program designed and operated to achieve a set of goals or provide a set of services. [800-130] A computer program designed to perform specific functions, such as inventory control, scheduling, and payroll. [SRV] A program that performs a function directly for a user, such as ftp and telnet. [misc] A software program hosted by an information system. [SP 800-37] Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges. [CNSSI][CNSSI-4009] Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges. Examples include office automation, electronic mail, Web services, and major functional or mission software programs. [DSS] (see also COMSEC end-item, Common Criteria for Information Technology Security, Defense Information Infrastructure, Distinguished Encoding Rules, Europay, MasterCard, Visa, FIPS PUB 140-1, Federal Public-key Infrastructure, Generic Upper Layer Security, IT security certification, IT security support functions, Java, Lightweight Directory Access Protocol, Network File System, OSI architecture, Open Systems Interconnection Reference model, PIV issuer, PKIX, POSIX, S/Key, SOCKS, TOE security functions interface, X.500 Directory, acceptable level of risk, access, access control, access with limited privileges, active state, anonymous, antivirus software, applet, archive, asynchronous transfer mode, automated information system, backup, backup generations, banner grabbing, baseline management, bastion host, bill payment, blacklist, certificate policy, certification, certification authority workstation, certification phase, certification practice statement, circuit proxy, clean system, closed security environment, collaborative computing, command and control warfare, common security, communications, component operations, computer, computer architecture, computer fraud, computer related controls, computing environment, control, control server, cookies, critical system files, cryptographic system, cybersecurity, data dictionary, data encryption key, decrypt, defense-in-depth, degauss, denial-of-service, designation policy, digital forensics, directly trusted CA, disaster recovery plan, distributed computing environment, documentation, dual-homed gateway firewall, email, emanations security, encryption, end entity, end-user, extensible markup language, extension, extranet, fail soft, file infector virus, file transfer protocol, firewall, firmware, formal language, function, general controls, general support system, global information grid, hash function, hijacking, host, host-based firewall, hybrid encryption, hypertext markup language, hypertext transfer protocol, identity management systems, interface, internet vs. Internet, interpretation, interpreted virus, kerberos, key generating function, key management, key-encrypting key, least privilege, legacy systems, line managers, link encryption, lockout, macro virus, malicious applets, malicious code, malicious program, malware, management server, meta-language, middleware, mode of operation, modem, motion control network, multipurpose internet mail extensions, national security system, naval special warfare, network protocol stack, network service worm, on-line system, online certificate status protocol, open security, open security environment, open system interconnection model, operating system, operations security, outcome, packet filter, passive fingerprinting, password cracker, patch, penetration testing, personal identification number, personality label, physical security, platform, portability, pretty good privacy, process, program, protocol analyzer, prototyping, proxy, proxy server, public-key cryptography standards, public-key infrastructure, purge, random, realm, registration authority, rekey, relying party, repair action, reusability, review techniques, risk analysis, routing control, run manual, scalability, scope of a requirement, screened host firewall, secure socket layer, security assertion markup language, security evaluation, security requirements, security support programming interface, security testing, session key, significant change, simple mail transfer protocol, simple network management protocol, single sign-on, site accreditation, smartcards, software security, source code generator, starting variable, statistical process control, support software, system, system accreditation, system software, systems engineering, systems software, target identification and analysis techniques, technical controls, technology area, teleprocessing, telnet, test bed, test facility, transmission control protocol, transmission security, transport layer security, trust-file PKI, trusted gateway, type accreditation, unauthorized access, unit of transfer, user data protocol, user partnership program, users, validate, validation, verification, version scanning, virus, virus signature, vulnerability, vulnerability assessment, water supply system, whitelist, workgroup computing, workstation, world wide web, software) (includes Cryptographic Application Program Interface, Generic Security Service Application Program Interface, application controls, application data backup/recovery, application entity, application gateway firewall, application generator, application level gateway, application program interface, application programming interface, application proxy, application server attack, application software, application system, application-level firewall, cryptographic application programming interface, key management application service element, major application, rapid application development, wireless application protocol)

application controls

Controls related to individual application systems, which help ensure that transactions are valid, complete, authorized, processed, and reported. [SRV] Controls related to transactions and data within application systems. Application controls ensure the completeness and accuracy of the records and the validity of the entries made resulting from both programmed processing and manual data entry. Examples of application controls include data input validation, agreement of batch totals and encryption of data transmitted [FFIEC] (see also authorized, encryption, process, program, security controls, system, validation, application, control)

application data backup/recovery

Data backup is the process of saving software and information on magnetic media and storing the media in a location away from the IT facility. This process provides the means to ensure application recovery; that is, the means to restore the application and/or information after damage to or destruction of the IT hardware, software, or information. [NASA] (see also damage, information, process, software, application, availability, backup)

application entity (AE)

(see also application, entity)

application gateway firewall

A type of firewall system that runs an application, called a proxy, that acts like the server to the Internet client. The proxy takes all requests from the Internet client and, if allowed, forwards them to the Intranet server. Application gateways are used to make certain that the Internet client and the Intranet server are using the proper application protocol for communicating. Popular proxies include Telnet, ftp, and http. Building proxies requires knowledge of the application protocol. [misc] (see also internet, protocols, system, application, firewall, gateway)

application generator

A type of tool that uses software designs and/or requirements to generate entire software applications automatically, including program source code and program control statements. [SRV] (see also code, control, program, requirements, software, application)

application level gateway

A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host. [NSAINT] (see also application proxy, connection, firewall, process, system, application, gateway)

application program interface (API)

A set of standard software interrupts, calls, and data formats that application programs use to initiate contact with network services, mainframe communications programs, telephone equipment, or program-to-program communications. [IATF] System access point or library function that has a well-defined syntax and is accessible from application programs or user code to provide well-defined functionality. [AJP][FCv1] (see also access, access control, code, communications, function, network, standard, system, users, application, interface, program, security, software)

application programming interface (API)

The interface between the application software and the application platform (i.e. operating system), across which all services are provided. [GAO] The interface between the application software and the application platform, across which all services are provided. The API is primarily in support of application portability, but system and application interoperability is also supported by a communication API. [SRV] (see also interoperability, software, system, application, interface, program)

application proxy

A proxy service that is set up and torn down in response to a client request, rather than existing on a static basis. Circuit proxies always forward packets containing a given port number if that port number is permitted by the rule set. Application proxies, in contrast, forward packets only once a connection has been established using some known protocol. When the connection closes, a firewall using application proxies rejects individual packets, even if they contain port numbers allowed by a rule set. [RFC2647] An application that forwards application traffic through a firewall. It is also called a proxy server. Proxies tend to be specific to the protocol they are designed to forward, and may provide increased access control or audit. [SRV] (see also application level gateway, access, access control, audit, connection, control, protocols, response, application, firewall, proxy) (includes gateway)

application server attack

A computer responsible for hosting applications to user workstations. An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality. [800-82] (see also access, authorized, availability, compromise, computer, information, integrity, resource, system, users, application, attack)

application software

Programs that perform specific tasks, such as word processing, database management, or payroll. Software that interacts directly with some nonsoftware system (e.g. human, robot, etc.). [SRV] (see also process, program, system, application, software)

application system

An integrated set of computer programs designed to serve a well-defined function and having specific input, processing, and output activities (e.g., general ledger, manufacturing resource planning, human resource management). [FFIEC] (see also automated information system, computer, function, process, program, resource, application, system)

application-level firewall

A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing; application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host. In contrast to packet filtering firewalls, this firewall must have knowledge of the application data transfer protocol and often has rules about what may be transmitted and what may not. [IATF] (see also connection, process, protocols, system, application, firewall, security)

approach

The method used or steps taken in setting about a task, problem, etc. [SC27]

approval for service use (ASU)

approval to operate

The official management decision issued by a DAA or PAA to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. [CNSSI-4009] (see also management, risk)

approval/accreditation

The official authorization that is granted to an ADP system to process sensitive information in its operational environment, based upon comprehensive security evaluation of the computer system's hardware, firmware, and software security design, configuration, and implementation, and of the other system procedural, administrative, physical, TEMPEST, personnel, and communications security controls. [AJP][TCSEC] (see also TEMPEST, authorization, communications, communications security, computer, control, evaluation, information, operation, process, security, software, system, accreditation)

approved

FIPS approved or NIST recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation. [800-63] FIPS-approved and/or NIST-recommended. [FIPS 140-2] FIPS-approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, 2) adopted in a FIPS or NIST Recommendation, or 3) specified in a list of NIST approved security functions. [FIPS 186] Federal Information Processing Standard (FIPS)-approved or National Institute of Standards and Technology (NIST)- recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation. [FIPS 201] (see also algorithm, function, security)

approved access control device

Any access control device that meets the requirements of Department of Defense 5220.22-M as approved by the Facility Security Officer. [DSS] (see also requirements, security, access)

approved built-in combination lock

Combination lock, equipped with a top reading dial conforming to Underwriters Laboratory Standard Number UL 768, Group IR. [DSS]

approved combination padlock

Three-position, dial-type changeable combination padlock listed on the Government Services Administration Qualified Products List as meeting the requirements of Federal Specification FF-P-110. [DSS] (see also requirements)

approved electronic, mechanical, or electromechanical device

Specific device meeting the requirements of Department of Defense standard 5220.22-M as approved by the Facility Security Officer. [DSS] (see also requirements, security)

approved key-operated padlock

Padlock meeting the requirements of MIL-SPEC-P-43607 (shrouded shackle), National Stock Number 5340-00-7998248, or MIL-SPEC-P-43951 (regular shackle), National Stock Number 5340-00-799-8016. [DSS] (see also requirements, key)

approved mode of operation

A mode of the cryptographic module that employs only Approved security functions (not to be confused with a specific mode of an Approved security function, e.g., Data Encryption Standard Cipher- Block Chaining (DES CBC) mode). [FIPS 140-2] (see also security)

approved security container

Security file container, originally procured from a Federal Supply Schedule supplier, conforming to Federal specifications and bears a 'Test Certification Label' on the locking drawer attesting to the security capabilities of the container and lock. Such containers must be labeled 'General Services Administration Approved Security Container' on the face of the top drawer. Acceptable tests of the containers can be performed only by a testing facility specifically approved by General Services Administration. [DSS] (see also certification, security)

approved security function

A security function (e.g., cryptographic algorithm, cryptographic key management technique, or authentication technique) that is either a) specified in an Approved Standard; b) adopted in an Approved Standard and specified either in an appendix of the Approved Standard or in a document referenced by the Approved Standard; or c) specified in the list of Approved security functions. [FIPS 140-2] (see also authentication, management, security)

approved technologies list

The list of approved information technology areas maintained by the NIAP Oversight Body which can be selected by a CCTL in choosing its scope of accreditation, that is, the types of IT security evaluations that can be conducted using NVLAP accredited test methods. [NIAP] (see also IT security, accreditation, computer security, evaluation, information, security, technology, test, Common Criteria Testing Laboratory, national information assurance partnership)

approved test methods list

The list of approved test methods maintained by the NIAP Oversight Body which can be selected by a CCTL in choosing its scope of accreditation, that is, the types of IT security evaluations that it will be authorized to conduct using NVLAP accredited test methods. [NIAP] (see also IT security, accreditation, authorized, computer security, evaluation, security, Common Criteria Testing Laboratory, national information assurance partnership, test)

approved vault

Vault constructed in accordance with Department of Defense Standard 5220.22-M and approved by the General Services Administration. [DSS]

approved vault door

Vault door and frame unit originally procured form the Federal Supply Schedule (Federal Supply Classification Group 71, Part III, Section E, Federal Supply Classification Class 7110), meeting Federal Specification AA-D-600. [DSS]

architectural design

A phase of the development process wherein the top-level definition and design of a Target of Evaluation are specified. [AJP][ITSEC] (see also process, target, software development, target of evaluation)

architecture

A description of all functional activities to be performed to achieve the desired mission, the system elements needed to perform the functions, and the designation of performance levels of those system elements. An architecture also includes information on the technologies, interfaces, and location of functions and is considered an evolving description of an approach to achieving a desired mission. [SRV] A highly structured specification of an acceptable approach within a framework for solving a specific problem. An architecture contains descriptions of all the components of a selected, acceptable solution while allowing certain details of specific components to be variable to satisfy related constraints (e.g., costs, local environment, user acceptability). [GSA] (see also function, information, interface, system, users)

archive

(I) (1.) Noun: A collection of data that is stored for a relatively long period of time for historical and other purposes, such as to support audit service, availability service, or system integrity service. (2.) Verb: To store data in such way. (C) A digital signature may need to be verified many years after the signing occurs. The CA--the one that issued the certificate containing the public key needed to verify that signature--may not stay in operation that long. So every CA needs to provide for long-term storage of the information needed to verify the signatures of those to whom it issues certificates. [RFC2828] Long-term storage of system information and records. Items commonly archived include but are not limited to magnetic media copies of operating system software, application software, and data; and hardcopies of system records such as console logs, data listings, and software and firmware listings. [NASA] Long-term, physically separate storage [GSA] To place an electronic cryptographic key into a long-term electronic storage medium which will be maintained even if the storage technology changes. Also, the location where archived keys are stored. [800-130] (see also archiving, application, audit, backup, certificate, cryptographic, digital signature, information, integrity, key, non-repudiation service, operation, public-key, public-key infrastructure, redundancy, retrieval, signature, software, software library, system, technology, uniform resource locator, recovery)

archiving

Moving electronic files no longer being used to less accessible and usually less expensive storage media for safe keeping. [SRV] (see also archive, access, access control, backup, file)

area interswitch rekeying key (AIRK)

(see also key, rekey)

areas of control

Collectively, controls consist of the policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. [CIAO] (see also assurance, object, control)

areas of potential compromise

These broad topical areas represent categories where losses can occur that will impact both a department or agency's MEI and its ability to conduct core missions. [CIAO] (see also minimum essential infrastructure, compromise, vulnerability)

ARPANET

(N) Advanced Research Projects Agency Network, a pioneer packet-switched network that was built in the early 1970s under contract to the U.S. Government, led to the development of today's Internet, and was decommissioned in June 1990. [RFC2828] (see also internet, network)

as-is process model

A model that portrays how a business process is currently structured. In process improvement efforts, it is used to establish a baseline for measuring subsequent business improvement actions and progress. [SRV] (see also baseline, business process, model, process)

assessment

Evaluation of the worth, significance, or status of something, especially to give an expert judgment of its value or merit. [DSS] Surveys and Inspections; an analysis of the vulnerabilities of an AIS. Information acquisition and review process designed to assist a customer to determine how best to use resources to protect information in systems. [NSAINT] Verification of a deliverable against a standard using the corresponding method to establish compliance and determine the assurance. [SC27] (see also Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, acceptable level of risk, accreditation, accreditation phase, accuracy, analysis, assurance, authorize processing, binding of functionality, certification, certification package, certification phase, cost-risk analysis, deliverable, ease of use, evaluation, evaluation pass statement, evaluator, information, management countermeasure, metrics, monitoring and evaluation, operations security, operations security process, portfolio, pre-certification phase, process, process assurance, rating, resource, risk analysis, risk avoidance, risk management, scheme, security, security category, security fault analysis, site certification, standard, strength of mechanisms, suitability of functionality, system, threat monitoring, verification, vulnerability) (includes computer incident assessment capability, counterintelligence assessment, criticality assessment, damage assessment, independent assessment, national computer security assessment program, operations security assessment, privacy impact assessment, qualitative risk assessment, risk assessment, threat assessment, vulnerability assessment, web risk assessment)

assessment method

One of three types of actions (i.e. examine, interview, test) taken by assessors in obtaining evidence during an assessment. [SP 800-53A]

assessment object

The item (i.e. specifications, mechanisms, activities, individuals) upon which an assessment method is applied during an assessment. [SP 800-53A]

assessment objective

A set of determination statements that expresses the desired outcome for the assessment of a security control or control enhancement. [SP 800-53A] (see also control, security)

assessment procedure

A set of assessment objectives and an associated set of assessment methods and assessment objects. [SP 800-53A]

asset

Anything that has value to the organization, its business operations and their continuity. [SC27] Anything that has value to the organization. [SC27] Anything that has value to the organization. [ISO/IEC PDTR 13335-1 (11/2001)] Anything that has value to the organization, its business operations and their continuity. [SC27] Information or resources to be protected by the countermeasures of a TOE. [CC2][CC21][SC27] Information resources that support an organization's mission. [SRV] Person, structure, facility, information, material, or process that has value. In the context of the NIPP, people are not considered assets. [NIPP] Resource-person, group, relationship, instrument installation, supply-at the disposition of an intelligence agency for use in an operational or support role. A person who contributes to a clandestine mission but is not a fully controlled agent. [DSS] (see also countermeasures, information, intelligence, operation, resource, target of evaluation)

asset identification

Security Content Automation Protocol (SCAP) constructs to uniquely identify assets (components) based on known identifiers and/or known information about the assets. [SP 800-128] (see also security)

asset reporting format

SCAP data model for expressing the transport format of information about assets (components) and the relationships between assets and reports. [SP 800-128]

assignment

A data item that is a function of the witness and possibly of a part of the message, and forms part of the input to the signature function. [SC27] A data item that is a function of the witness and possibly of a part of the message, and forms part of the input to the signature function. [ISO/IEC 14888-1: 1998, ISO/IEC 9796-3: 2000] The specification of an identified parameter in a component. [SC27] Requirement in a protection profile taken directly as stated, without change, from the list of components or derived by placing a bound on a threshold definition. Note: The assignment of environment-specific requirements to generic component requirements is performed when a component requirement corresponds to an environment-specific requirement. [AJP][FCv1] The specification of an identified parameter in a component. [CC2][CC21][SC27] (see also file, function, message, profile, signature, protection profile)

associated markings

Markings, other than those designating classification level, required to be placed on classified documents. These include markings such as 'classified by' line, downgrading and declassification instructions, special control notices, and Special Access Program caveats. [DSS] (see also access, classified)

association

(I) A cooperative relationship between system entities, usually for the purpose of transferring information between them. [RFC2828] (see also ABA Guidelines, American National Standards Institute, IPsec Key Exchange, PCMCIA, U.S. person, accreditation, authentication header, binding, certification authority, cookies, data integrity service, data origin authentication service, dynamic binding, encapsulating security payload, hijack attack, information, internet key exchange protocol, internet protocol security, key establishment, key recovery, key transport, keying material, man-in-the-middle attack, on-line cryptosystem, peer entity authentication, peer entity authentication service, primary account number, protocols, proxy server, repudiation, risk, security parameters index, security situation, spam, static binding, system, transport mode vs. tunnel mode, unit of transfer) (includes Internet Security Association and Key Management Protocol, information systems audit and control association, information systems security association, personal computer memory card international association, security association, security association identifier, security association lifetime, symmetric measure of association)

assurance

(1) The degree of confidence that a TOE adequately fulfills the security requirements. (2) A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. Note: The two main aspects of assurance are effectiveness and correctness (ITSEC - European Information Technology Security Evaluation Criteria) or development and evaluation assurance (Federal Criteria). [AJP] (I) (1.) An attribute of an information system that provides grounds for having confidence that the system operates such that the system security policy is enforced. (2.) A procedure that ensures a system is developed and operated as intended by the systems security policy. [RFC2828] A measure of confidence that a security feature and architecture of an automated information system mediates and enforces a security policy. [IATF] A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. [NCSC/TG004][NSAINT] Confidence that a computer system design meets its requirements, that its implementation meets its specification, or that some specific property is satisfied. [SRV] Grounds for confidence that a system design meets its requirements, or that its implemented satisfies specifications, or that some specific property is satisfied. [CIAO] Grounds for confidence that an entity meets its security objectives. [CC2][CC21][SC27] Grounds for confidence that an entity meets its security objectives. [ISO/IEC 15408-1: 1999] Performance of appropriate activities or processes to instill confidence that a deliverable meets its security objectives. [SC27] Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. 'Adequately met' includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or bypass. [800-30][SP 800-27] Grounds for confidence that the other four security objectives (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. 'Adequately met' includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or bypass. [800-33] In the context of OMB 04-04 and NIST SP 800-63, assurance is defined as 1) the degree of confidence in the vetting process used to establish the identity of an individual to whom the credential was issued, and 2) the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. [800-63] In the context of OMB M-04-04 and this document, assurance is defined as 1) the degree of confidence in the vetting process used to establish the identity of an individual to whom the credential was issued, and 2) the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. [SP 800-63] Measure of confidence that the security features, practices, procedures, and architecture of an IS accurately mediates and enforces the security policy. [CNSSI] Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy. [CNSSI-4009; SP 800-39] Performance of appropriate activities or processes to instill confidence that a deliverable meets its security objectives. [SC27] The confidence that may be held in the security provided by a Target of Evaluation. [ITSEC] The degree of confidence that a TOE adequately fulfills the security requirements. Note: The two main aspects of assurance are effectiveness and correctness. [JTC1/SC27] The grounds for confidence that the set of intended security controls in an information system are effective in their application. [SP 800-37; SP 800-53A] (see also Common Criteria for Information Technology Security, Defensive Information Operations, Information Technology Security Evaluation Criteria, RED team, Trusted Computer System Evaluation Criteria, advanced self-protection jammer, areas of control, assessment, augmentation, authentication, authentication mode, authentication tag, availability, backtracking resistance, bebugging, beyond A1, cardholder certificate, certificate, certification, class 2, 3, 4, or 5, closed security environment, common criteria, communications deception, communications security, component dependencies, component extensibility, component hierarchy, computer, computer security, computer security toolbox, computing security methods, confidentiality, control, controlled access protection, criteria, cross domain solution, cryptographic system, cybersecurity, data privacy, defense-in-depth, deliverable, demilitarized zone, electronic protection, enclave, entity, entity authentication of A to B, environmental failure protection, error seeding, evaluation products list, explicit key authentication from A to B, exploit, extension, fetch protection, file protection, function, functional protection requirements, hardening, identity, implicit key authentication from A to B, information, information protection policy, information systems security manager, infrastructure protection, internal system exposure, key authentication, key confirmation, key confirmation from A to B, level of protection, levels of concern, likelihood of occurrence, lock-and-key protection system, minimum level of protection, mutual authentication, mutual entity authentication, network security, non-repudiation, notarization, object, open security, open security environment, outsourced information technology based process, package, physical protection, platform it interconnection, policy, port protection device, prediction resistance, privacy protection, privileged user, process, product rationale, property, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, public-key infrastructure, purge, quality of protection, questions on controls, requirements, security evaluation, security mechanism, security objectives, security target, signature validation, software, suspicious activity report, system, system administrator, target, technology, trusted computer system, trusted computing system, trusted foundry, trusted network interpretation, type 3 product, unilateral authentication, users, validation, virtual private network, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, security goals, target of evaluation) (includes assurance approach, assurance authority, assurance case, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, assure, automated information system, confidence, configuration management, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, evidence, high assurance guard, identification and authentication, information assurance, information assurance component, infrastructure assurance, integrity, mission assurance category, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, security assurance, site information assurance manager, software assurance, software quality assurance, supporting information assurance infrastructures, test)

assurance approach

A grouping of assurance methods according to the aspect examined. [SC27] (see also assurance)

assurance authority

A person or body responsible (accountable) for the selection, implementation and acceptance of assurance. NOTE - In specific schemes or organisations, the term for assurance authority may be different such as evaluation authority. [SC27] (see also assurance, authority)

assurance case

A structured set of arguments and a body of evidence showing that an information system satisfies specific claims with respect to a given quality attribute. [SP 800-53A; SP 800-39] (see also assurance)

assurance component

Security assurance components are used to express ordered sets of requirements for developer and evaluator actions, and for the content and presentation of evaluation deliverables. Components are grouped into families (e.g. High Level Design) and into classes (e.g. Development). [CC1] (see also requirements, Common Criteria for Information Technology Security Evaluation, assurance, component)

assurance element

A process or activity of an assurance method, in itself recognised to provide reproducible assurance results. [SC27] (see also process, assurance)

assurance level

(I) Evaluation usage: A specific level on a hierarchical scale representing successively increased confidence that a target of evaluation adequately fulfills the requirements. [RFC2828] A relative measure of confidence in the quality of a credential; when used in Eauth the assurance level ranges from level 1 (little or no confidence) to level 4 (very high degree of confidence) [GSA] In evaluation criteria, a specific level on a hierarchical scale representing successively increased confidence that a TOE adequately fulfills the security requirements. [AJP][JTC1/SC27] The amount of assurance obtained according to the specific scale used by the assurance method. The amount of assurance obtained generally is related to the effort expended on the activities performed. NOTE - The assurance level may not be measurable in quantitative terms. [SC27] (see also confidence, criteria, federation, quality, requirements, target, assurance)

assurance method

Documented set of assurance elements recognised to obtain reproducible assurance results. [SC27] (see also assurance)

assurance profile

An assurance requirement for a TOE whereby different levels of confidence are required in different security enforcing functions. [AJP][ITSEC] (see also confidence, function, assurance, file, profile)

assurance results

Documented numerical or qualitative assurance statement obtained by applying an assurance method. [SC27] (see also assurance)

assurance scheme

The administrative and regulatory framework under which an assurance method is applied by an assurance authority within a specific community or organisation. [SC27] (see also authority, assurance)

assurance stage

The deliverable lifecycle stage on which a given assurance method is focused. The overall deliverable assurance takes into account the results of the assurance methods applied throughout the deliverable lifecycle. [SC27] (see also assurance)

assure

For the purposes of these procedures and guidelines, to guarantee through independent management processes that GRC's IT Security Program elements are carried out. [NASA] (see also IT security, ensure, process, program, assurance)

assured information sharing

The ability to confidently share information with those who need it, when and where they need it, as determined by operational need and an acceptable level of security risk. [CNSSI-4009] (see also risk, security)

assured software

Computer application that has been designed, developed, analyzed, and tested using processes, tools, and techniques that establish a level of confidence in it. [CNSSI-4009] Software that has been designed, developed, analyzed and tested using processes, tools, and techniques that establish a level of confidence in its trustworthiness appropriate for its intended use. [CNSSI] (see also process, test, trust, software)

astragal strip

Narrow strip of material applied over the gap between a pair of doors for protection from unauthorized entry and sound attenuation. [DSS] (see also authorized)

asymmetric algorithm

An encryption algorithm that requires two different keys for encryption and decryption. These keys are commonly referred to as the public and private keys. Asymmetric algorithms are slower than symmetric algorithms. Furthermore, speed of encryption may be different than the speed of decryption. Generally asymmetric algorithms are either used to exchange symmetric session keys or to digitally sign a message. RSA, RPK, and ECC are examples of asymmetric algorithms. [IATF][misc] (see also encryption, key, message, algorithm, asymmetric cryptography) (includes Diffie-Hellman, Rivest-Shamir-Adleman algorithm, elliptic curve cryptosystem, private key, public-key, public-key cryptography standards)

asymmetric cipher

Alternative term for asymmetric encipherment system. [SC27] (see also encipherment, system, asymmetric cryptography, cipher)

asymmetric cryptographic algorithm

An encryption algorithm that requires two different keys for encryption and decryption. These keys are commonly referred to as the public and private keys. Asymmetric algorithms are slower than symmetric algorithms. Furthermore, speed of encryption may be different than the speed of decryption. Generally asymmetric algorithms are either used to exchange symmetric session keys or to digitally sign a message. RSA, RPK, and ECC are examples of asymmetric algorithms. [IATF][misc] (see also message, algorithm, cryptographic, encryption, key)

asymmetric cryptographic technique

A cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. [SC27] A cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. NOTE - A system based on asymmetric cryptographic techniques can either be an encipherment system, a signature system, a combined encipherment and signature system, or a key agreement system. With asymmetric cryptographic techniques there are four elementary transformations: sign and verify for signature systems, encipher and decipher for encipherment systems. The signature and decipherment transformation are kept private by the owning entity, whereas the corresponding verification and encipherment transformation are published. There exist asymmetric cryptosystems (e.g. RSA) where the four elementary functions may be achieved by only two transformations: one private transformation suffices for both signing and decrypting messages, and one public transformation suffices for both verifying and encrypting messages. However, since this is not the general case, throughout ISO/IEC 9798 the four elementary transformations and the corresponding keys are kept separate. [SC27] A cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. NOTE - A system based on asymmetric cryptographic techniques can either be an encipherment system, a signature system, a combined encipherment and signature system, or a key agreement system. With asymmetric cryptographic techniques there are four elementary transformations: sign and verify for signature systems, encipher and decipher for encipherment systems. The signature and decipherment transformation are kept private by the owning entity, whereas the corresponding verification and encipherment transformation are published. There exist asymmetric cryptosystems (e.g. RSA) where the four elementary functions may be achieved by only two transformations: one private transformation suffices for both signing and decrypting messages, and one public transformation suffices for both verifying and encrypting messages. However, since this is not the general case, throughout ISO/IEC 9798 the four elementary transformations and the corresponding keys are kept separate. [ISO/IEC 9798-1: 1997] A cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. [ISO/IEC 11770-1: 1996, ISO/IEC FDIS 15946-3 (02/2001)] A cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. NOTE - A system based on asymmetric cryptographic techniques can either be an encipherment system, a signature system, a combined encipherment and signature system, or a key agreement system. With asymmetric cryptographic techniques there are four elementary transformations: sign and verify for signature systems, encipher and decipher for encipherment systems. The signature and the decipherment transformation are kept private by the owning entity, whereas the corresponding verification and encipherment transformation are published. There exist asymmetric cryptosystems (e.g. RSA) where the four elementary functions may be achieved by only two transformations: one private transformation suffices for both signing and decrypting messages, and one public transformation suffices for both verifying and encrypting messages. However, since this does not conform to the principle of key separation, throughout this part of ISO/IEC 11770 the four elementary transformations and the corresponding keys are kept separate. [ISO/IEC 11770-3: 1999] Cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. [SC27] A cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. NOTE - A system based on asymmetric cryptographic techniques can either be an encipherment system, a signature system, a combined encipherment and signature system, or a key agreement system. With asymmetric cryptographic techniques there are four elementary transformations: sign and verify for signature systems, encipher and decipher for encipherment systems. The signature and the decipherment transformation are kept private by the owning entity, whereas the corresponding verification and encipherment transformation are published. There exist asymmetric cryptosystems (e.g. RSA) where the four elementary functions may be achieved by only two transformations: one private transformation suffices for both signing and decrypting messages, and one public transformation suffices for both verifying and encrypting messages. However, since this does not conform to the principle of key separation, throughout this part of ISO/IEC 11770 the four elementary transformations and the corresponding keys are kept separate. [SC27] Cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. [SC27] (see also cipher, cryptographic system, encipherment, entity, function, key, message, property, public-key, signature, system, verification, asymmetric cryptography, cryptographic)

asymmetric cryptography

(I) A modern branch of cryptography (popularly known as 'public-key cryptography') in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm. (C) Asymmetric algorithms have key management advantages over equivalently strong symmetric ones. First, one key of the pair does not need to be known by anyone but its owner; so it can more easily be kept secret. Second, although the other key of the pair is shared by all entities that use the algorithm, that key does not need to be kept secret from other, non-using entities; so the key distribution part of key management can be done more easily. (C) For encryption: In an asymmetric encryption algorithm, when Alice wants to ensure confidentiality for data she sends to Bob, she encrypts the data with a public key provided by Bob. Only Bob has the matching private key that is needed to decrypt the data. (C) For signature: In an asymmetric digital signature algorithm, when Alice wants to ensure data integrity or provide authentication for data she sends to Bob, she uses her private key to sign the data (i.e. create a digital signature based on the data). To verify the signature, Bob uses the matching public key that Alice has provided. (C) For key agreement: In an asymmetric key agreement algorithm, Alice and Bob each send their own public key to the other person. Then each uses their own private key and the other's public key to compute the new key value. [RFC2828] Cryptography that uses separate keys for encryption and decryption; also known as public key cryptography. [800-77] See Public Key Cryptography. [CNSSI-4009] (see also algorithm, authentication, confidentiality, digital signature, encryption, integrity, key, key management, owner, public-key, signature, cryptography) (includes asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public-key derivation function, public-key information, public-key system)

asymmetric encipherment system

A system based on asymmetric cryptographic techniques whose public transformation is used for encipherment and whose private transformation is used for decipherment. [SC27] A system based on asymmetric cryptographic techniques whose public transformation is used for encipherment and whose private transformation is used for decipherment. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)] System based on asymmetric cryptographic techniques whose public transformation is used for encipherment and whose private transformation is used for decipherment. NOTE - An asymmetric encipherment system is an asymmetric cryptographic technique that is also an encryption algorithm. [SC27] System based on asymmetric cryptographic techniques whose public transformation is used for encipherment and whose private transformation is used for decipherment. NOTE - An asymmetric encipherment system is an asymmetric cryptographic technique that is also an encryption algorithm. [SC27] (see also algorithm, cryptographic, encryption, asymmetric cryptography, cipher, encipherment, system)

asymmetric encryption algorithm

Alternative term for asymmetric encipherment system. [SC27] (see also cipher, encipherment, system, algorithm, asymmetric cryptography, encryption)

asymmetric key pair

A pair of related keys where the private key defines the private transformation and the public key defines the public transformation. [SC27] A pair of related keys where the private key defines the private transformation and the public key defines the public transformation. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)] Pair of related keys where the private key defines the private transformation and the public key defines the public transformation. [SC27] Pair of related keys where the private key defines the private transformation and the public key defines the public transformation. [SC27] (see also public-key, asymmetric cryptography, key)

asymmetric keys

Two related keys, a public key and a private key that are used to perform complementary operations, such as encryption and decryption or signature generation and signature verification. [800-63][FIPS 201] (see also encryption, operation, public-key, signature, verification, key)

asymmetric signature system

A system based on asymmetric cryptographic techniques whose private transformation is used for signing and whose public transformation is used for verification. [SC27] (see also cryptographic, verification, asymmetric cryptography, signature, system)

asynchronous attacks

Attacks that take advantage of dynamic system actions and the ability to manipulate the timing of those actions. [AFSEC] (see also system, attack)

asynchronous communication

Two modems communicating asynchronously rely upon each one to send the other start and stop signals in order to pace the exchange of information. [SRV] (see also information, communications)

asynchronous transfer mode (ATM)

A dedicated connection switching technology that organizes digital data into fixed byte cell units and transmits those units over a physical medium using digital signal technology. It is implemented by hardware, therefore, very fast processing and switching speeds are possible. [IATF] A fast-packet technology that was developed for use in area networks using fixed-length cells. It appears to be the best alternative for multimedia applications where data are mixed with voice, images, or full-motion video. [SRV] (see also application, connection, network, process, technology, security)

attack

(I) An assault on system security that derives from an intelligent threat, i.e. an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

Active vs. passive: An 'active attack' attempts to alter system resources or affect their operation. A 'passive attack' attempts to learn or make use of information from the system but does not affect system resources.
Insider vs. outsider: An 'inside attack' is an attack initiated by an entity inside the security perimeter (an 'insider'), i.e. an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization. An 'outside attack' is initiated from outside the perimeter, by an unauthorized or illegitimate user of the computer system (an 'outsider'). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.


+ - - - - - - - - - - - - +  + - - - - +  + - - - - - - - - - - -+
| An Attack:              |  |Counter- |  | A System Resource:   |
| i.e. A Threat Action   |  | measure |  | Target of the Attack |
| +----------+            |  |         |  | +-----------------+  |
| | attacker |<==================||<=========                 |  |
| | i.e.    | Passive    |  |         |  | | Vulnerability   |  |
| | A Threat |<=================>||<========>                 |  |
| | Agent    | or Active  |  |         |  | +-------|||-------+  |
| +----------+  Attack    |  |         |  |         VVV          |
|                         |  |         |  | Threat Consequences  |
+ - - - - - - - - - - - - +  + - - - - +  + - - - - - - - - - - -+

[RFC2828] 1) A discrete malicious action of debilitating intent inflicted by one entity upon another. A threat might attack a critical infrastructure to destroy or incapacitate it. 2) Intentional attempt to bypass the physical or information security measures and controls protecting an IT system. [CIAO] An attempt to bypass security controls on a computer. An active attack alters data. A passive attack releases data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. [AFSEC] An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. [NSAINT] An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. The act of trying to bypass security controls on a system. An attack may be active, resulting in the alteration of data; or passive, resulting in the release of data. Note: The fact that an attack is made does not necessarily mean that it will succeed. The degree of success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures. [OVT] An attempt to exploit an IT system vulnerability. [SC27] An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. [SP 800-32] An attempt to obtain a Subscriber's token or to fool a verifier into believing that an unauthorized individual possess a claimant's token. [800-63] Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. [CNSSI-4009] Attack Sensing and Warning (AS&W) - Detection, correlation, identification, and characterization of intentional unauthorized activity with notification to decision makers so that an appropriate response can be developed. [CNSSI-4009] Attempt to gain unauthorized access to an IS's services, resources, or information, or the attempt to compromise an IS's integrity, availability, or confidentiality. [CNSSI] The act of trying to bypass security controls on a system. An attack may be active, resulting in the alteration of data; or passive, resulting in the release of data. Note: The fact that an attack is made does not necessarily mean that it will succeed. The degree of success depends on the vulnerability of the computer system or activity and the effectiveness of existing countermeasures. [AJP][NCSC/TG004][SRV] The intentional act of attempting to bypass security controls on an automated information system. [IATF] (see also security software, Diffie-Hellman, POP3 APOP, RED team, SOF-basic, SOF-high, SOF-medium, US-CERT, access, access control, advanced persistent threats, adversary, agent, alert, anonymous, anti-spoof, authentication header, authorization, authorized, availability, availability service, bastion host, blinding, blue team, bot-network operators, buffer overflow, challenge-response protocol, checksum, code red, compromise, computer, computer emergency response team, computer emergency response teams' coordination center, computer network operations, control, cookies, countermeasures, cracker, criminal, criminal groups, critical, cross site scripting, cryptanalysis, cybersecurity, defense-in-depth, demilitarized zone, disconnection, electronic warfare, elliptic curve cryptography, emergency action plan, entity, entropy, evasion, exploit, exploit code, firewall, flaw hypothesis methodology, guessing entropy, hackers, handler, hash function, hijacking, honeypot, host-based security, impact, incident of security concern, incident response plan, indicator, information, information security, information system resilience, insider, integrity, internet, intrusion, intrusion detection systems, jamming, kerberos, key validation, keyed hash, layered solution, mailbomb, malicious, man-in-the-middle attack, management message, manipulation detection code, min-entropy, misappropriation, motivation, network, nonce, one-time passwords, operation, pharming, physical security, policy, precursor, privacy system, protected checksum, proxy, purge, radio frequency jamming, remote administration tool, resource, risk plane, risk value, salt, scenario, scrambling, secret key, security audit, security environment threat list, security management infrastructure, signature, spammers, strength of a requirement, strength of function, strength of mechanisms, survivability, system, target, threat action, threat consequence, tiger team, traceability, traffic analysis, trapdoor, tri-homed, trojan horse, trusted process, unilateral authentication, users, victim, virus, vulnerability, vulnerability assessment, white team, zombie, incident, risk, security, threat) (includes Attack Sensing and Warning, C2-attack, ICMP flood, IP splicing/hijacking, Star Trek attack, TTY watcher, active attack, application server attack, asynchronous attacks, attack potential, attack signature, attack signature recognition, attackers, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, brute force password attack, buffer overflow attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial-of-service, dictionary attack, eavesdropping, eavesdropping attack, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, key logger, keystroke monitoring, killer packets, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle attack, masquerade attack, masquerading, mimicking, nak attack, off-line attack, online attack, online guessing attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attacks, rootkit, scanning, scavenging, session hijack attack, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, supply chain attack, synchronous flood, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping)

attack potential

The perceived potential for success of an attack, should an attack be launched, expressed in terms of an attacker's expertise, resources and motivation. [CC2][CC21][OVT][SC27] (see also resource, attack)

Attack Sensing and Warning

Detection, correlation, identification, and characterization of intentional unauthorized activity with notification to decision makers so that an appropriate response can be developed. [CNSSI] (see also authorized, identification, response, attack)

attack signature

A characteristic byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of malicious network activities. [CNSSI-4009] A specific sequence of events indicative of an unauthorized access attempt. [SP 800-12] Activities or alterations to an IS indicating an attack or attempted attack, detectable by examination of audit trail logs. [CIAO] (see also access, audit, attack, signature)

attack signature recognition

To recognize specific identifiable characteristics technical, procedural, or equipment-based of known attack profiles. [CIAO] (see also file, profile, attack, security software, signature) (includes virus signature)

attackers

A party who acts with malicious intent to assault an information system. [800-63] Someone with a strong interest in computers, who enjoys learning about them and experimenting with them. [800-82] (see also computer, information, malicious, min-entropy, system, attack)

attribute

A characteristic that describes a person, thing, or event. An inherent quality that an item either has or does not have. [SRV] Attributes are properties of an entity. An entity is said to be described by its attributes. In a database, the attributes of an entity have their analogues in the fields of a record. In an object database, instance variables may be considered attributes of the object. [SRV] (see also entity, object, quality)

attribute authority

(I) A CA that issues attribute certificates. (O) 'An authority, trusted by the verifier to delegate privilege, that issues attribute certificates.' [RFC2828] An entity trusted by one or more entities to create and sign attribute certificates. Note that a CA may also be an AA. [SC27] An entity, recognized by the Federal Public Key Infrastructure (PKI) Policy Authority or comparable agency body as having the authority to verify the association of attributes to an identity. [SP 800-32] (see also certificate, entity, identity, trust, authority, public-key infrastructure)

attribute certificate

(I) A digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate. (O) 'A set of attributes of a user together with some other information, rendered unforgeable by the digital signature created using the private key of the CA that issued it.' (O) 'A data structure which includes some attribute values and identification information about the owner of the attribute certificate, all digitally signed by an Attribute Authority. This authority's signature serves as the guarantee of the binding between the attributes and their owner.' (C) A public-key certificate binds a subject name to a public key value, along with information needed to perform certain cryptographic functions. Other attributes of a subject, such as a security clearance, may be certified in a separate kind of digital certificate, called an attribute certificate. A subject may have multiple attribute certificates associated with its name or with each of its public-key certificates. (C) An attribute certificate might be issued to a subject in the following situations:

Different lifetimes: When the lifetime of an attribute binding is shorter than that of the related public-key certificate, or when it is desirable not to need to revoke a subject's public key just to revoke an attribute.
Different authorities: When the authority responsible for the attributes is different than the one that issues the public-key certificate for the subject. (There is no requirement that an attribute certificate be issued by the same CA that issued the associated public-key certificate.)

attribute sampling

In attribute sampling, the selected sampling units are measured or evaluated in terms of whether they have the attribute of interest, and some statistical measure (statistic) is computed from these measurements to estimate the proportion of the population that has the attribute. [SRV]

attribute-based access control

Access control based on attributes associated with and about subjects, objects, targets, initiators, resources, or the environment. An access control rule set defines the combination of attributes under which an access may take place. [SP 800-53; CNSSI-4009] (see also target, access, control)

attribute-based authorization

A structured process that determines when a user is authorized to access information, systems, or services based on attributes of the user and of the information, system, or service. [CNSSI-4009] (see also access, authorization)

audit

A family of security controls in the technical class dealing with ensuring activity involving access to and modification of sensitive or critical files is logged, monitored, and possible security violations investigated. [800-37] A service that keeps a detailed record of events. [IATF] An independent examination of a work product or set of work products to assess compliance with specifications, standards, contractual agreements, or other criteria. [IEEE610] Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures. [CNSSI][SP 800-32] Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. [CNSSI-4009] Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established security policies and procedures, and/or to recommend necessary changes in controls, policies, or procedures to meet security objectives. [CIAO] Independent review and examination of records and activities to assess the adequacy of system controls; to ensure compliance with established policies and operational procedures; and to recommend necessary changes in controls, policies, or procedures. [GSA] Independent review and examination of records and activities to determine compliance with established usage policies and to detect possible inadequacies in product technical security policies of their enforcement. [AJP][FCv1] The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures. [NSAINT] The independent examination of records to asses their veracity and completeness. To record independently and examine documents or system activity (e.g. logins and logouts, file accesses, security violations). [AFSEC] The official review, examination, and verification of system records and activities to ensure the adequacy of established IT security controls and procedures; to identify any nonfunctional controls or new vulnerabilities [NASA] The procedures performed by an audit administrator to collect, analyze, and summarize the data required in a report to the system administrator regarding the security of the system. [800-130] (see also Government Accountability Office, IT security, IT security training, Identification Protocol, POSIX, access, access control, accountability, alert, application proxy, archive, attack signature, confidence, control, controlled access program oversight committee, controlled access protection, criteria, critical, distributed computing environment, file, fraudulent financial reporting, function, functional component, gap analysis, host based, identify, independence, intrusion detection, intrusion detection systems, key management, key-escrow, keystroke monitoring, login, network based, network component, object, operation, policy, policy management authority, population, resource encapsulation, sas 70 report, secure single sign-on, security controls, security features, security software, security-relevant event, sniffer, standard, system, system administrator, system security officer, technical countermeasures, threat monitoring, trust, verification, vulnerability, vulnerability analysis, work program, security) (includes COMSEC account audit, audit charter, audit data, audit log, audit plan, audit program, audit record, audit reduction tools, audit service, audit software, audit trail, audit/review, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, institute of internal auditors, multihost based auditing, security audit, test, vulnerability audit)

audit charter

A document approved by the board of directors that defines the IT audit function's responsibility, authority to review records, and accountability. [FFIEC] (see also authority, function, audit)

audit data

Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event. [GSA][SP 800-32] (see also system, audit)

audit log

A chronological record of system activities. Includes records of system accesses and operations performed in a given period. [CNSSI-4009] (see also audit)

audit plan

A description and schedule of audits to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited, the type of work planned, the high-level objectives and scope of the work and includes other items such as budget, resource allocation, schedule dates, and type of report issued. [FFIEC] (see also object, resource, audit)

audit program

The audit policies, procedures, and strategies that govern the audit function, including IT audit. [FFIEC] (see also function, audit, program)

audit record

An individual item of information contained in an audit trail [NASA] (see also information, audit)

audit reduction tools

Preprocessors designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tools can remove many audit records known to have little security significance. These tools generally remove records generated by specified classes of events, such as records generated by nightly backups. [SP 800-12; CNSSI-4009] (see also audit)

audit service

(I) A security service that records information needed to establish accountability for system events and for the actions of system entities that cause them. [RFC2828] (see also information, system, audit)

audit software

Generic software consisting of computer programs to analyze data stored on computer media. The software can be used to sample data, compare data fields, match data files, perform computations, etc. [SRV] (see also computer, file, program, audit, software)

audit trail

(1) A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions. (2) A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results. (3) Information collected or used to facilitate a security audit. Note: Audit trail may apply to information in an IT product or an AIS or to the transfer of COMSEC (communications security) material. [AJP] (1) A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions. (2) Information collected or used to facilitate a Security Audit. [TNI] A chronological record of system activities that is sufficient to enable the reconstruction, review, and examination of the sequence of events and activities surrounding or leading to each event in the path of a transaction from its inception to the output of final results. The ability to trace data or transactions from origination to output and back. [SRV] A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results. [NCSC/TG004][SRV] A chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event. Note: Audit trail may apply to information in an IT product or an AIS or to the transfer of COMSEC material. [FCv1] A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result. [CNSSI-4009] A record showing who has accessed an Information Technology (IT) system and what operations the user has performed during a given period. [SP 800-47] A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions. [TCSEC] Chronological record of system activities or message routing that permits reconstruction and examination of a sequence of events. [CIAO] Chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event. [CNSSI] In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized. [NSAINT] In computer security systems, a chronological record of when users login, how long they are engaged in various activities, what they were doing, whether any actual or attempted security violations occurred. An automated or manual set of chronological records of system activities that may enable the reconstruction and examination of a sequence of events and/or changes in an event. [AFSEC] The chronological record of system activities sufficient to enable the reconstruction, review, or examination of the sequence of internal environments and activities surrounding or leading to each event in the path of a user transaction from its inception to output of final results. [NASA] (see also logging, access, access control, authorized, communications, communications security, computer, computer security, evidence, file, information, login, message, operation, process, resource, system, users, audit, threat monitoring) (includes automated information system, console logs, security audit trail)

audit/review

The assessment of an information system to evaluate the adequacy of implemented security controls, assure that they are functioning properly, identify vulnerabilities, and assist in implementation of new security controls where required. This assessment is conducted annually or whenever significant change has occurred and may lead to recertification of the information system. [CNSSI-4009] The survey of an IT system to evaluate the adequacy of implemented controls, assure that they are functioning properly, identify vulnerabilities, and assist in implementation of new controls where required. This survey is conducted annually or whenever significant change has occurred for all IT systems and may lead to recertification of the IT system. [NASA] (see also certification, control, function, identify, system, vulnerability, audit)

auditing tool

Tools to analyze computer systems or networks in regard to their security status or in relation to the set of services provided by them. COPS (Computer Oracle Password and Security analyzer) and SATAN (Security Administrator's Tool for Analyzing Networks) are famous examples of such tools. [RFC2504] (see also computer, network, passwords, system, audit)

augmentation

The addition of one or more assurance component(s) from Part 3 to an EAL or assurance package. [CC2][CC21][SC27] (see also assurance)

authentic signature

(I) A signature (particularly a digital signature) that can be trusted because it can be verified. [RFC2828] (see also digital signature, trust, signature)

authenticate

(1) To verify the identity of a user, device, or other entity in a system, often as a prerequisite to allowing access to resources in a system. (2) To verify the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification. [NCSC/TG004][SRV] (1) To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IT product. (2) To verify the validity of a claimed identity of a user, device, or other entity in a system, often as a prerequisite to allowing access to resources in a system. (3) To verify the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification. [AJP] (I) Verify (i.e. establish the truth of) an identity claimed by or for a system entity. (D) In general English usage, this term usually means 'to prove genuine' (e.g. an art expert authenticates a Michelangelo painting). But the recommended definition carries a much narrower meaning. For example, to be precise, an ISD SHOULD NOT say 'the host authenticates each received datagram'. Instead, the ISD SHOULD say 'the host authenticates the origin of each received datagram'. In most cases, we also can say 'and verifies the datagram's integrity', because that is usually implied. (D) ISDs SHOULD NOT talk about authenticating a digital signature or digital certificate. Instead, we 'sign' and then 'verify' digital signatures, and we 'issue' and then 'validate' digital certificates. [RFC2828] In networking, to establish the validity of a user or an object (i.e. communications server). [AFSEC] To confirm the identity of an entity when that identity is presented. [GSA][SP 800-32] To establish the validity of a claimed identity. [NSAINT][TCSEC] To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IS, or to establish the validity of a transmission. [CNSSI] To verify the identity of a user, user device, or other entity. [CNSSI-4009] Verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IT product. [FCv1] (see also access, access control, authorized, certificate, communications, digital signature, entity, identity, integrity, network, object, public-key infrastructure, resource, signature, system, users, validate, authentication)

authentication

Authentication is the process of establishing confidence in user identities. This is accomplished by establishing that someone is in fact who he or she claims to be. [GSA] (1) To establish the validity of a claimed identity. (2) To provide protection against fraudulent transactions by establishing the validity of a message, station, individual, or originator. [TNI] (1) To establish the validity of a claimed identity. (2) To provide protection against fraudulent transactions by establishing the validity of a message, station, individual, or originator. (3) Means of verifying an entity's (e.g. individual user's, machine's, or software component's) eligibility to receive specific categories of information. [AJP] (I) The process of verifying an identity claimed by or for a system entity. (C) An authentication process consists of two steps:

Identification step: Presenting an identifier to the security system. (Identifiers should be assigned carefully, because authenticated identities are the basis for other security services, such as access control service.)
Verification step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier.

[RFC2828] A process that establishes the origin of information or determines an entity's identity. [SP 800-21] Authentication refers to mechanisms which are used to verify the identity of a user. The process of authentication typically requires a name and a password to be supplied by the user as proof of his identity. [RFC2504] Encompasses identity verification, message origin authentication, and message content authentication. [FIPS 190] For the purposes of this guide, the process of verifying the identity claimed by a WiMAX device. [800-127] Means of verifying an entity's (e.g. individual user, machine, software component) eligibility to receive specific categories of information. [FCv1] Providing assurance regarding the identity of a subject or object, for example ensuring that a particular user is who he or she claims to be. [SRV] Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to access specific types of information. [CIAO] Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. [800-37][CNSSI][DSS][IATF] The process of confirming an asserted identity with a specified or understood level of confidence. [GAO] The process of establishing confidence in the identity of users or information systems. [800-63][SP 800-63] The process of establishing confidence of authenticity. [FIPS 201] The process of establishing confidence of authenticity; in this case, in the validity of a person's identity and the PIV Card. [GSA] The process of identifying an individual, in computer systems this is usually based on a username and password. In security systems, authentication is distinct from authorization , that is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. [800-103] The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. [VA] The process of verifying that a user requesting a network resource is who he, she, or it claims to be, and vice versa. Trust is a critical concept in network security. Any network resource (such as a file server or printer) typically requires authentication before granting access. Authentication takes many forms, including but not limited to IP addresses; TCP or UDP port numbers; passwords; external token authentication cards; and biometric identification such as signature, speech, or retina recognition systems. The entity being authenticated might be the client machine (for example, by proving that a given IP source address really is that address, and not a rogue machine spoofing that address) or a user (by proving that the user really is who he, she, or it claims to be). Servers might also authenticate themselves to clients. Testers should be aware that in an increasingly mobile society, authentication based on machine-specific criteria such as an IP address or port number is not equivalent to verifying that a given individual is making an access request. At this writing systems that verify the identity of users are typically external to the firewall, and may introduce additional latency to the overall SUT. [RFC2647] The process of verifying the claimed identity of an individual user, machine, software component, or any other entity. [FFIEC] The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data. [CNSSI-4009] The provision of assurance of the claimed identity of an entity. [SC27] The validation and confirmation of an IT user's claim of identity, occasionally referred to as personal authentication The validation and identification of a computer network node, transmission, or message [NASA] To positively verify the identity of a user, device, or other entity in a system, often as a prerequisite to allowing access to resources in a system. [NSAINT] To positively verify the identity of a user, device, or other entity in a system, often as a prerequisite to allowing access to resources in a system. The verification of the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification. [AFSEC] Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in a system. [800-33] Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. [800-53][800-60][800-82][SP 800-53; SP 800-53A; SP 800-27; FIPS 200; SP 800-30] (see also COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IA product, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Security Association and Key Management Protocol, KMI protected channel, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman algorithm, S-box, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access, access control, account authority digital signature, active attack, anonymous and guest login, anti-spoof, approved security function, assurance, asymmetric cryptography, authenticity, authorization, authorized, backup, biometric measurement, biometrics, call back, certificate, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge-response protocol, challenge/response, claimant, code, common data security architecture, communications security, computer, computer cryptography, computer network, confidence, control, credentials, criteria, critical, critical security parameters, cryptographic algorithm, cryptographic key, cryptography, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distinguishing identifier, distributed computing environment, domain name system, dongle, eavesdropping attack, electronic credentials, encapsulating security payload, entity, exchange multiplicity parameter, file, file encryption, fingerprint, fraud, full disk encryption, handshaking procedures, hash function, impersonation, individual electronic accountability, information, information assurance, information assurance product, information systems security, information systems security equipment modification, initiator, integrity, interleaving attack, internet protocol security, keyed hash, keyed hash algorithm, keying material, language, man-in-the-middle attack, masquerading, message, message integrity code, network component, non-repudiation, non-repudiation service, nonce, object, off-line attack, one-time passwords, online attack, origin authenticity, passive attack, password system, passwords, point-to-point protocol, practice statement, pretty good privacy, privacy enhanced mail, process, proof of possession protocol, protection suite, protocol run, proxy, proxy server, public key enabling, public-key forward secrecy, public-key infrastructure, realm, registration, registration authority, replay attacks, resource, responder, sandboxed environment, secret, secret seed, secure DNS, secure communication protocol, secure hash standard, secure shell, secure socket layer, security assertion markup language, security association, security association identifier, security controls, security mechanism, security service, session hijack attack, shared secret, signature, simple network management protocol, single sign-on, software, spoof, spoofing, subject, subscriber, symmetric key, system, system entity, system entry, technical countermeasures, test, third party trusted host model, tokens, transport layer security, trust, trusted third party, unsigned data, user identifier, users, validate vs. verify, validation, verification, verifier, verifier impersonation attack, virtual private network, vulnerability, zero-knowledge password protocol, quality of protection, security) (includes 3-factor authentication, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, SAML authentication assertion, Simple Authentication and Security Layer, authenticate, authentication code, authentication data, authentication exchange, authentication header, authentication header protocol, authentication mechanism, authentication mode, authentication period, authentication protocol, authentication service, authentication system, authentication tag, authentication token, authentication tools, biometric authentication, challenge and reply authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, electronic authentication, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification, implicit key authentication from A to B, key authentication, logon, low-cost encryption/authentication device, message authentication code, message authentication key, multifactor authentication, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication)

authentication code

(D) ISDs SHOULD NOT use this term as a synonym for any form of checksum, whether cryptographic or not. The word 'authentication' is misleading because the mechanism involved usually serves a data integrity function rather than an authentication function, and the word 'code' is misleading because it implies that either encoding or encryption is involved or that the term refers to computer software. [RFC2828] A cryptographic checksum based on an Approved security function (also known as a Message Authentication Code [MAC]). [FIPS 140-2] (see also computer, cryptographic, cryptography, encryption, function, information, integrity, process, software, system, users, authentication, code)

authentication data

Information used to verify the claimed identity of a user. [CC2][CC21][SC27] (see also entity, identity, information, users, authentication)

authentication exchange

(I) A mechanism to verify the identity of an entity by means of information exchange. (O) 'A mechanism intended to ensure the identity of an entity by means of information exchange.' [RFC2828] (see also entity, identity, information, authentication)

authentication header (AH)

(I) An Internet IPsec protocol designed to provide connectionless data integrity service and data origin authentication service for IP datagrams, and (optionally) to provide protection against replay attacks. (C) Replay protection may be selected by the receiver when a security association is established. AH authenticates upper-layer protocol data units and as much of the IP header as possible. However, some IP header fields may change in transit, and the value of these fields, when the packet arrives at the receiver, may not be predictable by the sender. Thus, the values of such fields cannot be protected end-to-end by AH; protection of the IP header by AH is only partial when such fields are present. (C) AH may be used alone, or in combination with the IPsec ESP protocol, or in a nested fashion with tunneling. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a host and a gateway. ESP can provide the same security services as AH, and ESP can also provide data confidentiality service. The main difference between authentication services provided by ESP and AH is the extent of the coverage; ESP does not protect IP header fields unless they are encapsulated by AH. [RFC2828] A field that immediately follows the IP header in an IP datagram and provides authentication and integrity checking for the datagram. [NSAINT] An IP device used to provide connectionless integrity and data origin authentication for IP datagrams. [IATF] (see also authentication header protocol, association, attack, confidentiality, connection, gateway, integrity, internet, internet security protocol, protocols, tunnel, authentication, internet protocol security, security protocol)

authentication header protocol

IPsec security protocol that can provide integrity protection for packet headers and data through authentication. [800-77] (see also authentication header, integrity, internet protocol security, internet security protocol, authentication, protocols)

authentication information

(I) Information used to verify an identity claimed by or for an entity. (C) Authentication information may exist as, or be derived from, one of the following:

Something the entity knows.
Something the entity possesses.
Something the entity is.

[RFC2828] (see also entity, identity, 3-factor authentication, information)

authentication mechanism

Hardware or software-based mechanisms that forces users, devices, or processes to prove their identity before accessing data on an information system. [CNSSI-4009] Hardware-or software-based mechanisms that force users to prove their identity before accessing data on a device. [SP 800-72; SP 800-124] (see also access, identity, software, users, authentication)

authentication mode

A block cipher mode of operation that can provide assurance of the authenticity and, therefore, the integrity of data. [SP 800-38B] (see also assurance, authentication)

authentication period

The maximum acceptable period between any initial authentication process and subsequent reauthentication processes during a single terminal session or during the period data is being accessed. [CNSSI-4009] (see also access, authentication)

authentication protocol

A defined sequence of messages between a claimant and a verifier that demonstrates that the claimant has possession and control of a valid token to establish his/her identity, and optionally, demonstrates to the claimant that he or she is communicating with the intended verifier. [SP 800-63] A defined sequence of messages between a claimant and a verifier that protocol demonstrates that the claimant has control of a valid token to establish his/her identity, and optionally, demonstrates to the claimant that he or she is communicating with the intended verifier. [800-63] A well-specified message exchange process between a claimant and a verifier that enables the verifier to confirm the claimant's identity. [CNSSI-4009] (see also control, cryptographic, entity, identity, key, message, process, authentication, protocols)

authentication service

(I) A security service that verifies an identity claimed by or for an entity. (C) In a network, there are two general forms of authentication service: data origin authentication service and peer entity authentication service. [RFC2828] (see also entity, identity, network, authentication)

authentication system

Cryptosystem or process used for authentication. [CNSSI] (see also cryptographic system, cryptography, process, authentication, system)

authentication tag

A pair of bit strings associated to data to provide assurance of its authenticity. [SP 800-38B] (see also assurance, authentication)

authentication token

A portable authenticating device that uses techniques such as challenge/response and time-based code sequences. [misc] Authentication information conveyed during an authentication exchange. [FIPS 196] (see also code, response, authentication, tokens)

authentication tools

(see also authentication, security software)

authenticator

Means used to confirm the identity of a station, originator, or individual. [CNSSI] Secrets that create the binding between credentials and it's presenter. [800-103] The means used to confirm the identity of a user, process, or device (e.g., user password or token). [SP 800-53; CNSSI-4009] The means used to confirm the identity or to verify the eligibility of a station, originator, or individual. [AJP][NCSC/TG004] (see also backup, entity, identity)

authenticity

(I) The property of being genuine and able to be verified and be trusted. [RFC2828] The principle that ensures that a message is received in exactly the same form in which it was sent. [AFSEC] The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. [800-53][800-60] The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See Authentication. [SP 800-53; SP 800-53A; CNSSI-4009; SP 800-39] The property that data originated from its purported source. [800-63] The property that ensures that the identity of a subject or resource is the one claimed. Authenticity applies to entities such as users, processes, systems and information. [SC27] Undisputed identity or origin. [DSS] (see also authentication, confidence, entity, identity, information, message, process, property, resource, subject, system, trust, users, integrity)

authority

authority certificate

(D) 'A certificate issued to an authority (e.g. either to a certification authority or to an attribute authority).' (C) ISDs SHOULD NOT use this term or definition because they are ambiguous with regard to which specific types of PKI entities they address. [RFC2828] (see also certification, authority, certificate)

authority revocation list

(I) A data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire. (O) 'A revocation list containing a list of public-key certificates issued to authorities, which are no longer considered valid by the certificate issuer.' [RFC2828] (see also certificate, key, public-key, validate, authority, revocation)

authorization (to operate)

The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls. [SP 800-53; SP 800-53A; CNSSI-4009; SP 800-37] (see also control, management, risk, security, authorization)

authorization

Access privileges granted to a user, program, or process or the act of granting those privileges. [CNSSI-4009] Access privileges granted to a user, program, or process. [CIAO][CNSSI] Access rights granted to a user, program, or process. [AJP][FCv1] Authorization is the process of giving someone, once identified (i.e. authenticated), permission to do or have something. [GSA] Determining whether a subject is trusted to act for a given purpose, for example allowed to read a particular file. [SRV] Permission to perform some action. [800-103] The granting of access rights to a user, program, or process. [NCSC/TG004] The granting of appropriate access privileges to authenticated users. [GAO] The granting or denying of access rights to a user, program, or process. [800-33] The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated a user, the user may be authorized different types of access or activity. [AFSEC][IATF] The process of determining what types of activities or access are permitted for a given physical or logical resource. Once the identity of the user has been authenticated, they may be authorized to have access to a specific location, system, or service. In the context of logical access control, the process whereby a user's privileges to access and manipulate data objects are assigned. [GSA] The process of giving access to parts of a system, typically based on the business needs and the role of the individual within the business. [FFIEC] The process of granting or denying access to a network resource. Most computer security systems are based on a two-step process. The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on the user's identity. [VA] The process of granting or denying permission for different types of access or activity. [misc] The process that takes place after authentication is complete to determine which resources/services are available to a WiMAX device. [800-127] The right or a permission that is granted to a system entity to access a system resource. [800-82] (see also Bell-LaPadula security model, Identification Protocol, RA domains, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, access, access approval, access level, access type, accreditation, acquirer, approval/accreditation, attack, authentication, case-by-case basis, category, certificate update, clearance, closed security environment, computer, connection approval, control, covert channel, cracker, credentials, dedicated security mode, discretionary access control, eavesdropping, entity, export license, file, firewall, hackers, identity, identity based access control, insider, intelligence sources and methods, interconnection security agreements, interface control document, interim accreditation, interim approval to operate, interim approval to test, internal system exposure, intruder, intrusion, intrusion detection, kerberos, key-encryption-key, key-escrow system, language, malicious intruder, management controls, mandatory access control, mode of operation, modes of operation, multilevel secure, multilevel security mode, open security environment, partitioned security mode, passwords, payment gateway, periods processing, personality label, personnel security, policy-based access control, privilege management infrastructure, privileged accounts, process, program, registration, reinstatement, remote authentication dial-in user service, resource, risk executive, risk index, risk management, risk-adaptable access control, role, role-based access control, security, security assertion markup language, security clearance, security intrusion, security management infrastructure, security perimeter, sensitive compartmented information facility accreditation, simple network management protocol, skimming, system, system-high security mode, trojan horse, trust, unfavorable personnel security determination, update (a certificate), user partnership program, vulnerability, users) (includes ACL-based authorization, access control, attribute-based authorization, authorization (to operate), authorization boundary, authorization key, authorization to process, authorize processing, authorized, delegation, interim access authorization, joint authorization, limited access authorization, list-oriented, multilevel security, need-to-know determination, permissions, pre-authorization, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented)

authorization boundary

All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected. [CNSSI-4009; SP 800-53; SP 800-53A; SP 800-37] (see also authorization)

authorization key

A key exchanged between the base station and subscriber station/mobile station to authenticate one another prior to the traffic encryption key (TEK) exchange. [800-127] (see also authorization, key)

authorization to process

A signed declaration by a GRC line manager that the IT system is ready to process. [NASA] (see also system, authorization, process)

authorize processing

Occurs when management authorizes a system based on an assessment of management, operational, and technical controls. By authorizing processing in a system the management official accepts the risk associated with it. [800-37] (see also assessment, control, operation, risk, system, authorization, process)

authorized

(I) (1.) An 'authorization' is a right or a permission that is granted to a system entity to access a system resource. (2.) An 'authorization process' is a procedure for granting such rights. (3.) To 'authorize' means to grant such a right or permission. (O) SET usage: 'The process by which a properly appointed person or persons grants permission to perform some action on behalf of an organization. This process assesses transaction risk, confirms that a given transaction does not raise the account holder's debt above the account's credit limit, and reserves the specified amount of credit. (When a merchant obtains authorization, payment for the authorized amount is guaranteed--provided, of course, that the merchant followed the rules associated with the authorization process.)' [RFC2828] Entitled to a specific mode of access. [AJP][FCv1] (see also ACH debit fraud, Attack Sensing and Warning, Automated Information System security, Bell-LaPadula security model, COMSEC equipment, COMSEC facility, DD 254 - Final, Defense Central Security Index, Escrowed Encryption Standard, FIPS PUB 140-1, IP splicing/hijacking, IS related risk, IT security database, IT security incident, IT-related risk, PIV issuer, RED team, SOCKS, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, TOP SECRET, U.S.-controlled facility, U.S.-controlled space, acceptance criteria, access, access category, access control, access control lists, access control mechanisms, access control service, access mediation, acknowledged special access program, acquisition systems protection, active wiretapping, adequate security, administrative access, agent of the government, anonymous, anti-spoof, applicant, application controls, application server attack, approved test methods list, astragal strip, attack, audit trail, authenticate, authentication, automated information system media control system, automated security incident measurement, availability, between-the-lines-entry, bound metadata, browse access protection, call back, call back security, capability, carve-out, certification, certification authority, change control and lifecycle management, classification, classification levels, classification markings and implementation working group, classified, classified information, clearance, cleared commercial carrier, client server, communications security, compromise, compromised key list, computer abuse, computer intrusion, computer network defense, computer security intrusion, confidential, confidentiality, configuration control, control zone, controlled access area, controlled space, controlled unclassified information, courier, covert channel, covert channel analysis, critical system, cryptographic key, cryptographic officer, cryptography, cryptoperiod, damage assessment, damage to the national security, data compromise, data confidentiality, data confidentiality service, data integrity, data integrity service, data security, deception, declassification, delegation of disclosure authority letter, deliberate compromise of classified information, deliberate exposure, demon dialer, denial-of-service, designated, designated laboratories list, disaster plan, disclosure of information, discretionary access control, downgrade, eavesdropping, egress point, electronic security, emanations security, emission security, emissions security, encryption, entity, entry control, exposures, extranet, extraordinary security measures, failure access, false acceptance rate, falsification, fetch protection, file protection, file security, firewall, fishbowl, forced entry, foreign disclosure, foreign liaison officer, foreign military sales, foreign ownership, control, or influence, fraud, frequency hopping, guard, hackers, hacking, handcarrier, honeypot, human error, identity, illegal drug use, impact, impersonation, implant, inadvertent disclosure, inadvertent disclosure incident, incident of security concern, inference, information assurance, information assurance product, information security, information systems security, insertion, insider, integrity, integrity policy, intelligence activities, intelligence activity, intelligence community classification and control markings implementation, interception, internal security controls, intranet, intrusion, intrusion detection, intrusion detection systems, intrusion detection tools, issuer, joint personnel adjudication system, key distribution service, key owner, key recovery, leakage, least privilege, level of concern, list-oriented, logic bombs, logical access, logical access control, logoff, logon, major application, malicious applets, malicious code, malicious logic, malicious program, malware, masquerade, masquerading, media protection, misappropriation, mission critical, mode of operation, modes of operation, motivation, national security information, national security system, need for access, need-to-know, need-to-know determination, network security, no-lone zone, non-disclosure agreement, non-discussion area, open storage, operational data security, original classification, original classification authority, overt channel, passive, passive attack, passive threat, passwords, penetration, permissions, personal firewall, phage, physical and environmental protection, physical security, piggyback, piggyback entry, pre-activation state, principal disclosure authority, privacy, privileged access, privileged process, probe, procedural security, process, program channels or program security channels, program protection plan, protected network, protection ring, protective security service, proxy, random selection, regrade, remote access, resource, risk, rogue device, safeguarding statement, scavenging, secrecy policy, secret, secure state, security, security clearance, security compromise, security in-depth, security incident, security violation, segregation of duties, sensitive information, session hijack attack, signature, skimming, social engineering, special access program/special access required, split knowledge, sponsor, spoof, spoofing, store, subcommittee on Automated Information System security, subcommittee on telecommunications security, subject, substitution, superuser, surreptitious entry, suspicious contact, system, system integrity, system integrity service, system security officer, system-high security mode, tamper, tamper resisting, tampering, tcpwrapper, theft of data, theft of functionality, theft of service, threat, ticket-oriented, time bomb, traditional INFOSEC program, transmission, trapdoor, trespass, trojan horse, trusted agent, trusted computing base, trusted identification forwarding, two-person control, two-person integrity, unclassified, unclassified controlled nuclear information, unclassified sensitive, unforgeable, upgrade, user representative, usurpation, vault, violation of permissions, vulnerability, war driving, authorization) (includes authorized adjudicative agency, authorized classification and control markings register, authorized data security association list, authorized investigative agency, authorized person, authorized user, authorized vendor, authorized vendor program, unauthorized access, unauthorized disclosure, unauthorized person)

authorized adjudicative agency

Agency authorized by law or regulation, or direction of the Director of National Intelligence, to determine eligibility for access to classified information in accordance with Executive Order 12698. [DSS] (see also access, classified, intelligence, authorized)

authorized classification and control markings register

Also known as the 'CAPCO Register,' this is the official list of authorized security control markings and abbreviated forms of such markings for use by elements of the Intelligence Community for classified and unclassified information. [DSS] (see also classified, intelligence, security, authorized)

authorized data security association list

A list that the BS provides to the SS/MS that indicates which data encryption SAs the SS/MS is authorized to use. [800-127] (see also authorized, security)

authorized investigative agency

Agency authorized by law, executive order, regulation, or the Director of the Office of Management and Budget under Executive Order 13381 to conduct counterintelligence investigations or investigations of persons who are proposed for access to sensitive or classified information to determine whether those persons satisfy criteria for obtaining and retaining access to such information. [DSS] (see also access, classified, intelligence, authorized)

authorized person

A person who has a need-to-know for classified information in the performance of official duties and who has been granted a personnel clearance at the required level. [AFSEC] Person who has a favorable determination of eligibility for access to classified information, has signed an approved nondisclosure agreement, and has a need-to-know for the specific classified information in the performance of official duties. [DSS] (see also authorized user, access, classified, information, authorized)

authorized user

A user who may, in accordance with the TSP, perform an operation. [CC2][CC21][SC27] Appropriately cleared individual with a requirement to access a Department of Defense information system in order to perform or assist in a lawful and authorized governmental function. [DSS] (see also authorized person, access, operation, authorized, users)

authorized vendor

Manufacturer of INFOSEC equipment authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers. Eligible buyers are typically U.S. Government organizations or U.S. Government contractors. [CNSSI] (see also cryptography, requirements, authorized)

authorized vendor program (AVP)

Program in which a vendor, producing an INFOSEC product under contract to NSA, is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers. Eligible buyers are typically U.S. Government organizations or U.S. Government contractors. Products approved for marketing and sale through the AVP are placed on the Endorsed Cryptographic Products List (ECPL). [CNSSI] Program in which a vendor, producing an information systems security (INFOSEC) product under contract to NSA, is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers. Eligible buyers are typically U.S. Government organizations or U.S. Government contractors. Products approved for marketing and sale through the AVP are placed on the Endorsed Cryptographic Products List (ECPL). [CNSSI-4009] (see also cryptographic, requirements, security, authorized, program)

authorizing official

A senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation. [SP 800-53; SP 800-53A; SP 800-37] Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. [800-60] Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority. [FIPS 200] Senior federal official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation. [CNSSI-4009] (see also authority, function, information, operation, risk, system)

auto-manual system (AMS)

(see also system)

automated clearing house (ACH)

Computer-based clearing and settlement facility for interchange of electronic debits and credits among financial institutions. [FFIEC] (see also computer)

automated data processing (ADP)

(see automated information system)

automated data processing security

(see Automated Information System security) (see also security)

automated data processing system

An assembly of computer hardware, firmware, and software configured for the purpose of classifying, sorting, calculating, computing, summa, transmitting and receiving, storing, and retrieving data, with a minimum of human intervention. [AJP][TCSEC] (see also computer, software, automated information system, process, system)

automated information system (AIS)

(1) Any equipment or interconnected systems or subsystems of equipment that are used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data and include computer firmware, software, and hardware. (2) An assembly of computer hardware, software, and/or Automated Information System (AIS) firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information. Note: Included are computers, word processing systems, networks or other electronic information handling systems, and associated equipment. [AJP] (I) An organized assembly of resources and procedures-- i.e. computing and communications equipment and services, with their supporting facilities and personnel--that collect, record, process, store, transport, retrieve, or display information to accomplish a specified set of functions. [RFC2828] An assembly of computer hardware, software and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information. [NCSC/TG004] Any equipment or interconnected systems or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of data and includes computer firmware, software, and hardware. Note: Included are computers, word processing systems, networks, or other electronic information handling systems, and associated equipment. [FCv1] Generic term applied to electronic computing systems. Automated Information System comprising computer hardware (that is, automated data processing equipment and associated devices that may include communication equipment), firmware, operating systems, and other applicable software. Automated Information Systems collect, store, process, create, disseminate, communicate, or control data or information. [DSS] The entire infrastructure, organization, personnel, and components for the collection, processing, storage, transmission, display, dissemination, and disposition of information. [IATF] (see also American National Standards Institute, American Standard Code for Information Interchange, Backus-Naur form, PCMCIA, application, application system, computer, control, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, function, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, nibble, object code, object-oriented programming, operation, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, resource, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload, accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, information, modes of operation, process, security, system) (includes Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed dataprocessing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, lifecycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, network, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation)

automated information system media control system

System of procedures, approved by the Program Security Officer, that provides controls over use, possession, and movement of magnetic media in a Special Access Program Facility. The procedures must ensure that magnetic media (classified and unclassified) are adequately protected to avert any unauthorized use, duplication, or removal of the media. The media must be secured in limited access containers or labeled with the Identity of the individual responsible for maintaining the material. [DSS] (see also access, authorized, classified, identity, security)

Automated Information System security

Measures and controls that protect an AIS against denial of service and unauthorized (accidental or intentional) disclosure, modification, or destruction of AISs and data. AIS security includes consideration of all hardware and/or software functions, characteristics, and/or features; operational procedures, accountability procedures, and access controls at the central computer facility, remote computer, and terminal facilities; management constraints; physical structures and devices; and personnel and communication controls needed to provide an acceptable level of risk for the AIS and for the data and information contained in the AIS. It includes the totality of security safeguards needed to provide an acceptable protection level for an AIS and for data handled by an IT product. [AJP][NCSC/TG004] (see also computer security, access, authorized, computer, control, denial-of-service, function, operation, security software, software, automated information system, information, process, risk management, subcommittee on Automated Information System security, system) (includes IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards)

automated key distribution

The distribution of cryptographic keys, usually in encrypted form, using electronic means, such as a computer network (e.g. down-line key loading, the automated key distribution protocols of ANSI X9.17). [FIPS140] The distribution of cryptographic keys, usually in encrypted form, using electronic means, such as a computer network. [SRV] (see also computer, computer network, cryptographic, network, protocols, key management)

automated key management center (AKMC)

(see also key management)

automated key management system (AKMS)

(see also key management, system)

automated key transport

The transport of cryptographic keys, usually in encrypted form, using electronic means such as a computer network (e.g., key transport/agreement protocols). [FIPS 140-2] (see also key)

automated logon sequences

A computer program or script that performs user connection to IT without user intervention after initiation [NASA] (see also computer, connection, program, users, logon)

automated office support systems (AOSS)

(see also system)

automated password generator

An algorithm which creates random passwords that have no association with a particular user. [FIPS 181]

automated security incident measurement (ASIM)

Monitors network traffic and collects information on targeted unit networks by detecting unauthorized network activity. [NSAINT] (see also authorized, information, network, target, incident, security incident, security software)

automated security monitoring

All security features needed to provide an acceptable level of protection for hardware, software, and classified, sensitive, unclassified or critical data, material, or processes in the system. [NSAINT] The use of automated procedures to ensure that security controls are not circumvented. [AJP][NCSC/TG004][SRV] Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the IS. [CNSSI] Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system. [CNSSI-4009] (see also classified, control, critical, process, software, subject, system, risk management, security software)

automatic declassification

Declassification of information based solely on the occurrence of a specific date or event as determined by the original classification authority, or the expiration of a maximum timeframe for duration of classification established under this order. [DSS]

automatic digital network (AUTODIN)

(see also network)

automatic key distribution center (AKDC)

(see also control, key, rekey)

automatic log-on

A feature offered by some aggregation services allowing customers to log on by clicking on a hyperlink and thereby causing the usernames and passwords stored at the aggregator to be used to log onto other websites. [FFIEC] (see also users)

automatic remote rekeying (AK)

Procedure to rekey a distant cryptographic equipment electronically without specific actions by the receiving terminal operator. [CNSSI] Procedure to rekey a distant cryptographic equipment electronically without specific actions by the receiving terminal operator. See Manual Remote Rekeying. [CNSSI-4009] (see also key, rekey)

autonomous message switch (AMS)

(see also message)

autonomous system

One or more routers under a single administration operating the same routing policy. [SP 800-54] (see also policy, router, system)

auxiliary power unit (APU)

auxiliary vector (AV)

availability

(1) The ability to access a specific resource within a specific timeframe as defined within the IT product specification. (2) The ability to use or access objects and resources as required. The property relates to the concern that information objects and other system resources are accessible when needed and without undue delay. (3) The prevention of the unauthorized withholding of information resources. [AJP] (I) The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e. a system is available if it provides services according to the system design whenever users request them. (O) 'The property of being accessible and usable upon demand by an authorized entity.' [RFC2828] 1) Timely, reliable access to data and information services for authorized users. 2) The ability to have access to MEI Resource Elements when required by the mission and core supporting process(es), both now and in the future. It also concerns the safeguarding of those resources and associated capabilities. [CIAO] 37; FIPS 200; FIPS 199; 44 U.S.C., Sec. 3542 The property of being accessible and useable upon demand by an authorized entity. [CNSSI-4009] Ability to access a specific resource within a specific timeframe as defined within the IT product specification. [FCv1] Assurance that information, services, and IT system resources are accessible to authorized users and/or system-related processes on a timely and reliable basis and are protected from denial of service. [800-37] Assuring information and communications services will be ready for use when expected. [NSAINT][OVT] Computer hardware and software system working efficiently and the system is able to recover quickly and completely if a disaster occurs. The principle that ensures that computer systems and data are working and available to users. Denial of Service is an attack on availability. [AFSEC] Ensuring timely and reliable access to and use of information. [800-60][SP 800-53; SP 800-53A; SP 800-27; SP 800-60; SP 800-] The ability to use or access objects and resources as required. The property relates to the concern that information objects and other system resources are accessible when needed and without undue delay. [JTC1/SC27] The prevention of the unauthorized withholding of information resources. [ITSEC][NIAP] The probability that a given resource will be usable during a given time period. [SRV] The property of being accessible and usable upon demand by an authorized entity. [IATF][SC27] The property that a given resource will be usable during a given time period. [SRV] The security objective that generates the requirement for protection against

Intentional or accidental attempts to (1) perform unauthorized deletion of data or (2) otherwise cause a denial of service or data
Unauthorized use of system resources.

[800-30] The security objective that generates the requirement for protection against intentional or accidental attempts to (1) perform unauthorized deletion of data or (2) otherwise cause a denial of service or data. [800-33] The state wherein information and systems are in the place needed by the user, at the proper time, and in the form that the user requests [NASA] Timely, reliable access to data and information services for authorized users as defined in Department of Defense Directive 8500.01E. [DSS] Timely, reliable access to data and information services for authorized users. [CNSSI] (see also Common Criteria for Information Technology Security, IT security, IT security controls, IT security incident, National Computer Security Center, access, access control, adequate security, application server attack, assurance, attack, authorized, baseline security, communications, computer, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial-of-service, entity, entry-level certification, failure, fault tolerant, hardening, high impact, high-impact system, impact, impact level, impact value, incident, information, information assurance, information security, information system and network security, intrusion, level of concern, levels of concern, line managers, low impact, low-impact system, maintainability, malicious code, malware, mid-level certification, minimum essential infrastructure, mirroring, mission assurance category, moderate impact, moderate-impact system, post-accreditation phase, potential impact, process, property, redundant control server, reliability, remediation, requirements for procedures and standards, resource, resource starvation, retro-virus, risk, security category, security controls, security event, security policy, security requirements, security safeguards, security service, simple network management protocol, software, system, tactical edge, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, users, vaulting, vulnerability, risk management, security, security goals) (includes application data backup/recovery, availability of data, availability service, business continuity plan, business impact analysis, contingency planning, continuity of operations, environmentally controlled area, fire barrier, fire suppression system, high availability, object, privacy, authentication, integrity, non-repudiation, recovery, system retention/backup, token backup)

availability of data

The state when data are in the place needed by the user, at the time the user needs them, and in the form needed by the user. [OVT] (see also users, availability)

availability service

(I) A security service that protects a system to ensure its availability. (C) This service addresses the security concerns raised by denial-of-service attacks. It depends on proper management and control of system resources, and thus depends on access control service and other security services. [RFC2828] (see also access, access control, attack, control, denial-of-service, resource, system, availability)

awareness (information security)

Activities which seek to focus an individual's attention on an (information security) issue or set of issues. [SP 800-50] (see also security)

back up vs. backup

(I) Verb 'back up': To store data for the purpose of creating a backup copy. (I) Noun/adjective 'backup': (1.) A reserve copy of data that is stored separately from the original, for use if the original becomes lost or damaged. (2.) Alternate means to permit performance of system functions despite a disaster to system resources. [RFC2828] (see also damage, function, resource, system, backup, contingency plan)

backdoor

(I) A hardware or software mechanism that (a) provides access to a system and its resources by other than the usual procedure, (b) was deliberately left in place by the system's designers or maintainers, and (c) usually is not publicly known. (C) For example, a way to access a computer other than through a normal login. Such access paths do not necessarily have malicious intent; e.g. operating systems sometimes are shipped by the manufacturer with privileged accounts intended for use by field service technicians or the vendor's maintenance programmers. [RFC2828] A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; A hidden software or hardware mechanism used to circumvent security controls. A breach created intentionally for the purpose of collecting, altering or destroying data. [AFSEC] A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls. [NSAINT] A malicious program that listens for commands on a certain Transmission Control Protoco (TCP) or User Datagram Protocol (UDP) port. [800-83] An undocumented way of gaining access to a computer system. A backdoor is a potential security risk. [800-82][SP 800-82] Hidden software or hardware mechanism used to circumvent security controls. Synonymous with trap door. [CNSSI] Synonymous with trapdoor. [SRV] Typically unauthorized hidden software or hardware mechanism used to circumvent security controls. [CNSSI-4009] a hidden means of reentering a computer that a hacker or cracker can use if the original entry point has been detected. [FJC] (see also trapdoor, access, access control, computer, control, login, malicious, privileged, program, protocols, resource, risk, security, software, system, users, malicious code)

background investigation

Personnel security investigation consisting of both record reviews and interviews with sources of information covering the most recent 5 years of an individual's life or since the 18th birthday, whichever is shorter, provided that at least 2 years are covered and that no investigation is conducted before an individual's 16th birthday. [DSS] (see also security)

backhaul

Typically a high capacity line from a remote site or network to a central site or network. [800-127]

backtracking resistance

Backtracking resistance is provided relative to time T if there is assurance that an adversary who has knowledge of the internal state of the Deterministic Random Bit Generator (DRBG) at some time subsequent to time T would be unable to distinguish between observations of ideal random bitstrings and (previously unseen) bitstrings that were output by the DRBG prior to time T. The complementary assurance is called Prediction Resistance. [SP 800-90A] (see also assurance)

backup

A copy of files and programs made to facilitate recovery, if necessary. [SP 800-34; CNSSI-4009] Copy of files and applications made to avoid loss of data and facilitate recovery in the event of a system crash. [CIAO] Copy of files and programs made to facilitate recovery, if necessary. [CNSSI] The process of placing at least one copy of a key in a safe facility or facilities so that the key can be quickly retrieved if the original key is lost or modified. [800-130] (see also X.509 certificate revocation list, application, archive, archiving, attribute certificate, authentication, authenticator, certificate renewal, certification, certification authority, certify, contingency plan, contingency planning, cryptographic key management system, digital certificate, digital signature, fallback procedures, file, key, key recovery, logic bombs, mirroring, national telecommunications and information system security directives, operations manager, process, program, public-key infrastructure, redundancy, redundant control server, registration, remediation, retrieval, retro-virus, security event, system, system administrator, time-stamp token, token management, valid certificate, validate vs. verify, validity period, vaulting, recovery) (includes application data backup/recovery, back up vs. backup, backup generations, backup operations, backup plan, backup procedures, binding of functionality, binding of security functionality, card backup, dynamic binding, static binding, system retention/backup, token backup)

backup generations

A methodology for creating and storing backup files whereby the youngest (or most recent file) is referred to as the 'son,' the prior file is called the 'father,' and the file two generations older is the 'grandfather.' This backup methodology is frequently used to refer to master files for financial applications. [FFIEC] (see also application, file, backup, contingency plan)

backup operations

Methods for accomplishing essential business tasks subsequent to disruption of a computer facility and for continuing operations until the facility is sufficiently restored. [SRV] (see also business process, computer, backup, contingency plan, operation)

backup plan

Synonymous with contingency plan. [SRV] (see also backup, contingency plan)

backup procedures

The provisions made for the recovery of data files and program libraries and for restart or replacement of computer equipment after the occurrence of a system failure or a disaster. [SRV] (see also computer, failure, file, program, system, backup, recovery)

Backus-Naur form

(also Backus normal form), a metalanguage used to formally describe the syntax of another language. A metalanguage used to formally describe the syntax of a language. [OVT] (see also automated information system)

baggage

(D) ISDs SHOULD NOT use this term to describe a data element except when stated as 'SET(trademark) baggage' with the following meaning: (O) SET usage: An 'opaque encrypted tuple, that is included in a SET message but appended as external data to the PKCS encapsulated data. This avoids superencryption of the previously encrypted tuple, but guarantees linkage with the PKCS portion of the message.' [RFC2828] (see also encryption, message, Secure Electronic Transaction)

balanced magnetic switch

Type of intrusion detection system sensor that may be installed on any rigid, operable opening (that is, doors, windows) through which access may be gained to Special Access Program Facility. [DSS] (see also access, intrusion)

bandwidth

(1) A characteristic of a communication channel that is the amount of information that can be passed through it in a given amount of time, usually expressed in bits per second. (2) Rate at which information is transmitted through a channel. Note: Bandwidth was originally a term used in analog communication, measured in hertz, and related to the information rate by the 'sampling theorem' (generally attributed to H. Nyquist, although the theorem was in fact known before Nyquist used it in communication theory). Nyquist's sampling theorem says that the information rate in bits (samples) per second is at most twice the bandwidth in hertz of an analog signal created from a square wave. In a covert-channel context, 'bandwidth' is given in bits per second rather than hertz and is commonly used, in a nonstandard use of terminology, as a synonym for information rate. [AJP] (I) Commonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second. [RFC2828] A characteristic of a communication channel that is the amount of information that can be passed through it in a given amount of time, usually expressed in bits per second. [TCSEC] In communications, the difference between the highest and lowest frequencies in a given range. In computer networks, greater bandwidth indicates faster data-transfer capabilities (i.e. the rate at which information can be transmitted in bits/second.) [SRV] Rate at which information is transmitted through a channel. Note: Bandwidth is originally a term used in analog communication, measured in Hertz, and related to information rate by the 'sampling theorem' (generally attributed to H. Nyquist although the theorem was in fact known before Nyquist used it in communication theory). Nyquist's sampling theorem says that the information rate in bits (samples) per second is at most twice the bandwidth in Hertz of an analog signal created from a square wave. In a covert-channel context 'bandwidth' is given in bits/ second rather than Hertz and is commonly used, in an abuse of terminology, as a synonym for information rate. [FCv1] (see also channel capacity, communications, computer, computer network, covert, network, standard, information)

bank identification number (BIN)

(N) The digits of a credit card number that identify the issuing bank. (O) SET usage: The first six digits of a primary account number. [RFC2828] (see also identify, Secure Electronic Transaction, identification)

banking and finance

A critical infrastructure characterized by entities, such as retail and commercial organizations, investment institutions, exchange boards, trading houses, and reserve systems, and associated operational organizations. Also includes government operations, and support activities, that are involved in all manner of monetary transactions, including its storage for saving purposes, its investment for income purposes, its exchange for payment purposes, and its disbursement in the form of loans and other financial instruments. [CIAO] (see also critical, operation, system, critical infrastructures)

banner

Display on an IS that sets parameters for system or data use. [CNSSI] Display on an information system that sets parameters for system or data use. [CNSSI-4009] (see also system)

banner grabbing

The process of capturing banner information such as application type and version.that is transmitted by a remote port when a connection is initiated. [SP 800-115] The process of capturing banner information, such as application type and version, that is transmitted by a remote port when a connection is initiated. [800-115] (see also application, connection, information, process, version)

bar code

The set of vertical bars of irregular widths representing coded information placed on consumer products and other items (such as identification cards) that may require this type of identification. [GSA] (see also identification, information, code)

barograph

A recording barometer. [SRV]

barometer

An instrument for measuring atmospheric pressure, used in weather forecasting and in determining elevation. It gives notice of fluctuations. It is an indicator of atmospheric pressure. [SRV]

base station

The node that logically connects fixed and mobile subscriber stations to operator networks. The BS governs access to the operator networks and maintains communications with client devices. A BS consists of the infrastructure elements necessary to enable wireless communications, i.e. antennas, transceivers, and other electromagnetic wave transmitting equipment. BSs are typically fixed nodes, but in a tactical environment, they may also be considered mobile. [800-127] (see also access)

baseline

A specification or product that has been formally reviewed and agreed upon, that thereafter serves as the basis for further development, and that can be changed only through formal change control procedures. [IEEE610] A version of software used as a starting point for later versions. [SRV] Hardware, software, databases, and relevant documentation for an information system at a given point in time. [CNSSI-4009] (see also as-is process model, control, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version, security) (includes baseline architecture, baseline controls, baseline management, baselining, security requirements baseline)

baseline architecture

The initial architecture that is or can be used as a starting point for subsequent architectures, or to measure progress. [SRV] (see also baseline)

baseline configuration

A set of specifications for a system, or Configuration Item (CI) within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes. [SP 800-128] (see also control)

baseline controls

A minimum set of safeguards established for a system or organization. [SC27] (see also security controls, system, baseline, control)

baseline management

In configuration management, the application of technical and administrative direction to designate the documents and changes to those documents that formally identify and establish baselines at specific times during the lifecycle of a configuration item. [IEEE610] (see also application, identify, baseline, configuration management)

baseline security

The minimum security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity, and/or availability protection. [SP 800-16] (see also availability, control, security)

baselining

Monitoring resources to determine typical utilization patterns so that significant deviations can be detected. [800-61][SP 800-61] Obtaining data on the current process that provide the metrics against which to compare improvements and to use in benchmarking. [SRV] (see also process, resource, baseline)

basic component

A component that is identifiable at the lowest hierarchical level of a specification produced during design. [AJP][ITSEC] (see also component)

Basic Encoding Rules (BER)

(I) A standard for representing ASN.1 data types as strings of octets. [RFC2828] (see also standard, Abstract Syntax Notation One) (includes Distinguished Encoding Rules)

basic testing

A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. Also known as black box testing. [SP 800-53A]

bastion host

(I) A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall. (C) Filtering routers in a firewall typically restrict traffic from the outside network to reaching just one host, the bastion host, which usually is part of the firewall. Since only this one host can be directly attacked, only this one host needs to be very strongly protected, so security can be maintained more easily and less expensively. However, to allow legitimate internal and external users to access application resources through the firewall, higher layer protocols and services need to be relayed and forwarded by the bastion host. Some services (e.g. DNS and SMTP) have forwarding built in; other services (e.g. TELNET and FTP) require a proxy server on the bastion host. [RFC2828] A host system that is a strong point in the network's security perimeter. Bastion hosts should be configured to be particularly resistant to attack. In a host-based firewall, the bastion host is the platform on which the firewall software is run. Bastion hosts are also referred to as gateway hosts. [SRV] A special-purpose computer on a network specifically designed and configured to withstand attacks. [CNSSI-4009] A system that has been hardened to resist attack, and that is installed on a network in such a way that it is expected to potentially come under attack. Often are components of firewalls. [AFSEC] (see also access, access control, application, attack, computer, gateway, network, protocols, resource, router, software, system, users, automated information system, firewall)

batch mode

Grouping all files related to a specific job and transmitting them as a unit. Also referred to as deferred-time or off-line processing. [SRV] (see also file, process, automated information system)

batch process

A process that leads to the production of finite quantities of material by subjecting quantities of input materials to an ordered set of processing activities over a finite time using one or more pieces of equipment. [800-82] (see also subject, process)

batch processing

Data or transactions are accumulated over a period of time and then processed in a single run. [SRV] (see also automated information system, process)

bebugging

Planting errors in computer programs to ensure that all known errors are detected. It determines whether a set of test cases is adequate. [SRV] (see also error seeding, assurance, computer, program, test)

behavioral outcome

What an individual who has completed the specific training module is expected to be able to accomplish in terms of IT security-related job performance. [SP 800-16] (see also security)

Bell-LaPadula model

(N) A formal, mathematical, state-transition model of security policy for multilevel-secure computer systems. (C) The model separates computer system elements into a set of subjects and a set of objects. To determine whether or not a subject is authorized for a particular access mode on an object, the clearance of the subject is compared to the classification of the object. The model defines the notion of a 'secure state', in which the only permitted access modes of subjects to objects are in accordance with a specified security policy. It is proven that each state transition preserves security by moving from secure state to secure state, thereby proving that the system is secure. (C) In this model, a multilevel-secure system satisfies several rules, including the following:

'Confinement property' (also called '*-property', pronounced 'star property'): A subject has write access to an object only if classification of the object dominates the clearance of the subject.
'Simple security property': A subject has read access to an object only if the clearance of the subject dominates the classification of the object.
'Tranquility property': The classification of an object does not change while the object is being processed by the system.

[RFC2828] An information-flow security model couched in terms of subjects and objects and based on the concept that information shall not flow to an object of lesser or noncomparable classification. [SRV] (see Bell-LaPadula security model)

Bell-LaPadula security model

(1) A formal state-transition model of a computer security policy that describes a set of access control rules. In this formal model, the entities in a system are divided into abstract sets of subjects and objects. The notion of a secure state is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system is secure. A system state is defined to be 'secure' if the only permitted access modes of subjects to objects are in accordance with a specific security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared with the classification of the object, and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classifications scheme is expressed in terms of a lattice. (2) A formal state-transition model of a technical security policy for an AIS that presents: (a) access constraints, (b) allowed state transitions (called 'rules of operation'), and (c) a proof that the allowed state transitions guarantee satisfaction of the constraints. [AJP] A formal state transition model of a computer security policy that describes a set of access control rules. In this formal model, the entities in a system are divided into abstract sets of subjects and objects. The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving that the system is secure. A system state is defined to be 'secure' if the only permitted access modes of subjects to objects are in accordance with a specific security policy. to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice. [TCSEC] A formal state transition model of a computer security policy that describes a set of access control rules. In this formal model, the entities in a system are divided into abstract sets of subjects and objects. The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving that the system is secure. A system state is defined to be 'secure' if the only permitted access modes of subjects to objects are in accordance with a specific security policy. to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classifications scheme is expressed in terms of a lattice. For further information see Bell, D. Elliott and LaPadula, Leonard J., Secure Computer Systems: Unified Exposition and MULTICS Interpretation, MTR 2997, The MITRE Corporation, April 1974. (AD/A 020 445). [TNI] A formal state transition model of a computer security policy that describes a set of access control rules. In this formal model, the entities in a system are divided into abstract sets of subjects and objects. The notion of a secure state is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system is secure. A system state is defined to be 'secure' if the only permitted access modes of subjects to objects are in accordance with a specific security policy. to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object, and a determination is made as to whether the subject is authorized for the specific access mode. [NCSC/TG004] Any formal state-transition model of a technical security policy for an AIS that presents (a) Access Constraints (including initial-state constraints and variants or the simple security), (b) allowed state transitions (called 'rules of operation'), and (c) a proof that the allowed state transitions guarantee satisfaction of the constraints. [FCv1] Formal-state transition model of a computer security policy that describes a formal set of access controls based on information sensitivity and subject authorizations. [NSAINT] (see also access, access control, authorization, authorized, classification levels, classified, computer, computer security, confinement property, control, flow, information, operation, policy, process, system, formal security policy model, model, security model) (includes *-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject)

benchmark

(1) A test of the performance and capabilities of newly developed software using actual or simulated workloads. (2) A method to improve business processes. A measurement or standard that serves as a point of reference by which process performance is measured. User constructed tests that verify the performance of a proposed computer system by measuring its ability to execute a group of user programs representative of projected workload within certain predetermined user time requirements. [SRV] A standard against which measurements or comparisons can be made. [IEEE610] (see also business process, computer, evaluation, process, program, requirements, software, standard, system, test, users)

benchmarking

A structured approach for identifying the best practices from industry and government, and comparing and adapting them to the organization's operations. Such as approach is aimed at identifying more efficient and effective processes for achieving intended results and at suggesting ambitious goals for productivity, product/service quality, and process improvement. [SRV] (see also identify, operation, process, quality)

benign

Condition of cryptographic data that cannot be compromised by human access. [CNSSI] (see also access, access control, compromise, countermeasures, cryptographic, cryptography)

benign environment

A non-hostile location protected from external hostile elements by physical, personnel, and procedural security countermeasures. [CNSSI-4009] A nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures. [AFSEC][AJP][NCSC/TG004] Nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures. [CNSSI] (see also countermeasures, security)

best practices

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. Best practices can be applied to all functions within an organization. Business practices that have been shown to improve an organization's IT function, as well as other business functions. [SRV] (see also business process, function, identify, process, recommended practices, system, risk management)

beta i

Security certification testing performed in a lab environment or other facility, as appropriate. [DSS] (see also certification, security)

beta ii

Security Certification testing performed at designated operational installations until a stable baseline is achieved (configuration differences or other factors may necessitate multiple Beta II test sites). [DSS] (see also certification, security)

between-the-lines-entry

Access that an unauthorized user gets, typically by tapping the terminal that is inactive at the time, of a legitimate user. [AFSEC] Access, obtained through the use of active wiretapping by an unauthorized user, to a momentarily inactive terminal of a legitimate user assigned to a communications channel. [SRV] Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. [AJP][NCSC/TG004] (see also access, access control, authorized, communications, unauthorized access, users, attack) (includes piggyback)

beyond A1

(O) (1.) Formally, a level of security assurance that is beyond the highest level of criteria specified by the TCSEC. (2.) Informally, a level of trust so high that it cannot be provided or verified by currently available assurance methods, and particularly not by currently available formal methods. [RFC2828] A level of trust defined by the Trusted Computer System Evaluation Criteria (TCSEC) that is beyond the state-of-the-art technology available at the time the criteria were developed. It includes all the A1-level features plus additional ones not required at the A1 level. [NCSC/TG004] A level of trust defined by the U.S. DoD (Department of Defense) Trusted Computer System Evaluation Criteria (TCSEC) that is beyond the state-of-the-art technology available at the time the criteria were developed. It includes all the A1-level features plus additional ones not required at the A1 level. [AJP] (see also assurance, computer, criteria, evaluation, security, system, technology, trusted computer system)

bias

The existence of a factor that causes an estimate made on the basis of a sample to differ systematically from the population parameter being estimated. Bias may originate from poor sample design, deficiencies in carrying out the sampling process, or an inherent characteristic of the measuring or estimating technique used. [SRV] (see also process, system)

Biba Integrity model

A formal security model for the integrity of subjects and objects in a system. [NSAINT] (see also Biba model, object, subject, system, formal security policy model, integrity, model)

Biba model

An integrity model in which no subject may depend on a less trusted object, including another subject. [SRV] (see also Biba Integrity model, integrity, object, subject, trust, model)

big-endian

A method of storage of multi-byte numbers with the most significant bytes at the lowest memory addresses. [SC27] A method of storage of multi-byte numbers with the most significant bytes at the lowest memory addresses. [ISO/IEC 10118-1: 2000] [SC27] (see also automated information system)

bilateral trust

when business arrangements are based on formal and informal agreements that involve only two companies and that trust is limited to those companies or a subset of their employees. [misc] (see also business process, public-key infrastructure, trust)

bill payment

An e-banking application whereby customers direct the financial institution to transfer funds to the account of another person or business. Payment is typically made by ACH credit or by the institution (or bill payment servicer) sending a paper check on the customer's behalf. [FFIEC] (see also application, internet)

bill presentment

An e-banking service whereby a business submits an electronic bill or invoice directly to the customer's financial institution. The customer can view the bill/invoice online and, if desired, pay the bill through an electronic payment. [FFIEC] (see also internet)

billets

Determination that in order to meet need-to-know criteria, certain Special Access Programs may elect to limit access to a predetermined number of properly cleared employees. Security personnel do not count against the billet system. [DSS] (see also access, security)

bind

(I) To inseparably associate by applying some mechanism, such as when a CA uses a digital signature to bind together a subject and public key in a public-key certificate. [RFC2828] (see also certificate, digital signature, key, public-key, public-key infrastructure, signature, subject)

binding

A cryptographic operation that links two or more data elements such that the data elements cannot be modified or replaced without being detected. [800-130] An acknowledgement by a trusted third party that associates an entity's identity with its public key. This may take place through (1) a certification authority's generation of a public key certificate, (2) a security officer's verification of an entity's credentials and placement of the entity's public key and identifier in a secure database, or (3) an analogous method. [SP 800-21] An acknowledgment by a trusted third party that associates an entity's identity with its public key. This may take place through: (1) a certification authority's generation of a public key certificate, (2) a security officer's verification of an entity's credentials and placement of the entity's public key and identifier in a secure database, or (3) an analogous method. Denotes the association of a name (such as a variable declaration) with a class. [SRV] An affirmation by a Certificate Authority/Attribute Authority (or its acting Registration Authority) of the relationship between a named entity and its public key or biometric template. [GSA] Process of associating a specific communications terminal with a specific cryptographic key or associating two related elements of information. [CNSSI][CNSSI-4009] Process of associating two related elements of information. [SP 800-32] (see also association, authority, certificate, certification, communications, cryptographic, cryptography, entity, identity, information, key, officer, operation, process, public-key, registration, security, trust, verification)

binding of functionality

An aspect of the assessment of the effectiveness of a Target of Evaluation, namely, the ability of its security enforcing functions and mechanisms to work together in a way that is mutually supportive and provides an integrated and effective whole. [ITSEC] (see also assessment, security, target, backup, function, target of evaluation)

binding of security functionality

The ability of security enforcing functions and mechanisms to work together in a way that is mutually supportive and provides an integrated and effective whole. [AJP][JTC1/SC27] (see also backup, function, security)

biological warfare

Employment of biological agents to produce casualties in personnel or animals, or damage to plants or materiel; or defense against such employment. [DOD] (see also damage, warfare)

biometric authentication

(I) A method of generating authentication information for a person by digitizing measurements of a physical characteristic, such as a fingerprint, a hand shape, a retina pattern, a speech pattern (voiceprint), or handwriting. [RFC2828] (see also 3-factor authentication, information, authentication, biometrics) (includes thumbprint)

biometric information

The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g., patterns). [FIPS 201][GSA] (see also biometrics, information)

biometric measurement

Any unique biological feature of an individual; that is, something he/she has, such as a fingerprint, that can be used for personal authentication of an IT user's claim of identity [NASA] (see also authentication, entity, identity, users, biometrics)

biometric system

An automated system capable of the following:

Capturing a biometric sample from an end user
Extracting biometric data from that sample
Comparing the extracted biometric data with data contained in one or more references
Deciding how well they match
Indicating whether or not an identification or verification of identity has been achieved.

[GSA] An automated system capable of: 1) capturing a biometric sample from an end user; 2) extracting biometric data from that sample; 3) comparing the extracted biometric data with data contained in one or more references; 4) deciding how well they match; and 5) indicating whether or not an identification or verification of identity has been achieved. [FIPS 201] (see also entity, identification, identity, users, verification, biometrics, system)

biometric template

A digital record of an individual's biometric features. Typically, a 'livescan' of an individual's biometric attributes is translated through a specific algorithm into a digital record that can be stored in a database or on an integrated circuit chip. [GAO] (see also algorithm, biometrics)

biometrics

A measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics. [FIPS 201] A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an Applicant. Facial images, fingerprints, and iriscan samples are all examples of biometrics. [GSA] A physical or behavioral characteristic of a human being. [SP 800-32] Automated methods of authenticating or verifying an individual based on a physical or behavioral characteristic. [CNSSI][IATF] Automated recognition of individuals based on their behavioral and biological characteristics. In this document, biometrics may be used to unlock authentication tokens and prevent repudiation of registration. [800-63] Measurable physical characteristics or personal behavioral traits used to identify, or verify the claimed identity, of an individual. Facial images, fingerprints, and handwriting samples are all examples of biometrics. [CNSSI-4009] Measures of an individual's unique physical characteristics or the unique ways that an individual performs an activity. Physical biometrics include fingerprints, hand geometry, facial patterns, and iris and retinal scans. Behavioral biometrics include voice patterns, written signatures, and keyboard typing techniques. [GAO] The method of verifying a person's identify by analyzing a unique physical attribute of the individual (e.g., fingerprint, retinal scanning). [FFIEC] (see also authentication, entity, identify, identity, key, registration, signature, security) (includes biometric authentication, biometric information, biometric measurement, biometric system, biometric template, capture, comparisons, false acceptance rate, match, minutiae)

bit

(I) The smallest unit of information storage; a contraction of the term 'binary digit'; one of two symbols--'0' (zero) and '1' (one)
--that are used to represent binary numbers. [RFC2828] A binary digit having a value of 0 or 1. [FIPS 180-4] A binary digit: 0 or 1. [800-63] A contraction of the term Binary Digit. The smallest unit of information in a binary system of notation. [CNSSI-4009] Short for binary digit - 0 or 1. Keys are strings of bits. [AJP] (see also information, key, automated information system)

bit error rate

Ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system. [CNSSI][CNSSI-4009] (see also communications, system, telecommunications)

bit forwarding rate

The number of bits per second of allowed traffic a DUT/SUT can be observed to transmit to the correct destination interface(s) in response to a specified offered load. This definition differs substantially from section of RFC 1242 and section 3.6.1 of RFC 2285. Unlike both RFCs 1242 and 2285, this definition introduces the notion of different classes of traffic: allowed, illegal, and rejected. For benchmarking purposes, it is assumed that bit forwarding rate measurements include only allowed traffic. Unlike RFC 1242, there is no reference to lost or retransmitted data. Forwarding rate is assumed to be a goodput measurement, in that only data successfully forwarded to the destination interface is measured. Bit forwarding rate must be measured in relation to the offered load. Bit forwarding rate may be measured with differed load levels, traffic orientation, and traffic distribution. Unlike RFC 2285, this measurement counts bits per second rather than frames per second. Testers interested in frame (or frame-like) measurements should use units of transfer. [RFC2647] (see also allowed traffic, goodput, illegal traffic, interface, rejected traffic, response, test, unit of transfer)

BLACK

(I) Designation for information system equipment or facilities that handle (and for data that contains) only ciphertext (or, depending on the context, only unclassified information), and for such data itself. This term derives from U.S. Government COMSEC terminology. [RFC2828] Designation applied to encrypted information and the information systems, the associated areas, circuits, components, and equipment processing that information. See also RED. [CNSSI-4009] Designation applied to information systems, and to associated areas, circuits, components, and equipment, in which national security information is encrypted or is not processed. [CNSSI] Designation applied to wire lines, components, and equipment. [DSS] (see also RED/BLACK concept, cipher, classified, communications security, cryptography, information, process, security, system)

black-box testing

A method of verifying that software functions perform correctly without examining the internal program logic. [SRV] (see also analysis, function, functional test case design, functional testing, program, software, stress testing, security testing, test)

blacklist

A list of discrete entities, such as hosts or applications, that have been previously determined to be associated with malicious activity. [800-94][SP 800-94] A list of email senders who have previously sent span to a user. [SP 800-114] (see also application, malicious, threat, users)

blacklisting

The process of the system invalidating a user ID based on the user's inappropriate actions. A blacklisted user ID cannot be used to log on to the system, even with the correct authenticator. Blacklisting and lifting of a blacklisting are both security-relevant events. Blacklisting also applies to blocks placed against IP addresses to prevent inappropriate or unauthorized use of Internet resources. [CNSSI-4009] (see also security)

blended attack

A hostile action to spread malicious code via multiple methods. [CNSSI-4009] An instance of malware that uses multiple infection or transmission methods. [800-83] Malicious code that uses multiple methods to spread. [800-61] (see also code, malicious, malware, attack)

blinding

Generating network traffic that is likely to trigger many alerts in a short period of time, to conceal alerts triggered by a 'real' attack performed simultaneously. [800-94][SP 800-94] (see also attack)

block

A bit-string of length L₁, i.e. the length of the first input to the round-function. [SC27] A bit-string of length L₁, i.e. the length of the first input to the round-function. [ISO/IEC FDIS 9797-2 (09/2000), ISO/IEC CD 10118-3 (11/2001)] A string of bits of length L_f, which shall be an integer multiple of 16. [ISO/IEC 10118-4: 1998] A bit-string of length n. [ISO/IEC 9797-1: 1999] String of bits of defined length. [SC27] A bit-string of length n. [SC27] A string of bits of length L_f, which shall be an integer multiple of 16. [SC27] Sequence of binary bits that comprise the input, output, State, and Round Key. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes. [FIPS 197] String of bits of defined length. [SC27] (see also function)

block chaining

The encipherment of information such that each block of ciphertext is cryptographically dependent upon the preceding ciphertext block. [SC27] The encipherment of information such that each block of ciphertext is cryptographically dependent upon the preceding ciphertext block. [ISO 8372: 1987] The encipherment of information such that each block of ciphertext is cryptographically dependent upon the preceding ciphertext block. [SC27] (see also cipher block chaining, cipher, cryptographic, encipherment, information)

block cipher

(I) An encryption algorithm that breaks plaintext into fixed-size segments and uses the same key to transform each plaintext segment into a fixed-size segment of ciphertext. (C) For example, Blowfish, DEA, IDEA, RC2, and SKIPJACK. However, block cipher can be adapted to have a different external interface, such as that of a stream cipher, by using a mode of operation to 'package' the basic algorithm. [RFC2828] A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block. [SP 800-90] Symmetric encryption algorithm with the property that the encryption process operates on a block of plaintext, i.e. a string of bits of a specified length, to yield a ciphertext block. [SC27] (see also algorithm, encryption, interface, key, operation, process, property, cipher)

block cipher algorithm

A family of functions and their inverses that is parameterized by a cryptographic key; the function maps bit strings of a fixed length to bit strings of the same length. [SP 800-67]

block cipher key

A key that controls the operation of a block cipher. [SC27] (see also control, operation, cipher, key)

Blowfish

(N) A symmetric block cipher with variable-length key (32 to 448 bits) designed in 1993 by Bruce Schneier as an unpatented, license-free, royalty-free replacement for DES or IDEA. [RFC2828] (see also cipher, key, symmetric cryptography)

blue box devices

Created by crackers and phone hackers ('phreakers') to break into the telephone system to make calls that bypass billing procedures. [AFSEC] (see also system, threat)

blue team

1. The group responsible for defending an enterprise's use of information systems by maintaining its security posture against a group of mock attackers (i.e. the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e. the White Team). 2. The term Blue Team is also used for defining a group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture. The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness. Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer's cyber security readiness posture. Often times a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer's networks are as secure as possible before having the Red Team test the systems. [CNSSI-4009] A test team that performs security testing with the knowledge and consent of the organization's IT staff. [800-115] (see also attack, cyberspace, evaluation, risk, security, security testing, test, threat, vulnerability)

body of evidence

The set of data that documents the information system's adherence to the security controls applied. The BoE will include a Requirements Verification Traceability Matrix (RVTM) delineating where the selected security controls are met and evidence to that fact can be found. The BoE content required by an Authorizing Official will be adjusted according to the impact levels selected. [CNSSI-4009] (see also control, requirements, security)

bomb

A general synonym for crash, normally of software or operating system failures. [AFSEC][NSAINT] (see also failure, software, system, threat)

boot sector virus

A virus that infects the master boot record (MBR) of a hard drive or the boot sector of removable media, such as floppy diskettes. [800-83] A virus that plants itself in a system's boot sector and infects the master boot record. [800-61] (see also system, virus)

bot-network operators

Bot-network operators use a network, or bot-net, of compromised, remotely controlled systems to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available on underground markets (e.g., purchasing a denial-of-service attack or servers to relay spam or phishing attacks). [GAO] (see also attack, control, denial-of-service, system, network, threat)

bounce

An electronic mail message that is undeliverable and returns an error to the sender. [AFSEC] (see also email, message)

bound metadata

Metadata associated with a key and protected by the CKMS against unauthorized modification and disclosure. [800-130] (see also authorized, key, metadata)

boundary

Physical or logical perimeter of a system. [CNSSI-4009] Software, hardware, or physical barrier that limits access to a system or part of a system. [CNSSI] That area of an automated information system or network including users directly or indirectly connected and receiving data from the system without a reliable human review by an appropriately cleared authority. [DSS] (see also access, access control, cryptographic module, evaluation assurance level, external security controls, firewall, interface, remote access, security perimeter, software, system, users) (includes COMSEC boundary, accreditation boundary, boundary host, boundary value, boundary value analysis, boundary value coverage, boundary value testing, cryptographic boundary, enclave boundary, specialized boundary host, system boundary)

boundary host

A system that connects two networks and controls the flow of information passing between them [NASA] (see also access control, control, flow, information, system, boundary)

boundary protection

Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communication, through the use of boundary protection devices (e.g., proxies, gateways, routers, firewalls, guards, encrypted tunnels). [SP 800-53; CNSSI-4009] (see also control)

boundary protection device

A device with appropriate mechanisms that facilitates the adjudication of different security policies for interconnected systems. [CNSSI-4009] A device with appropriate mechanisms that: (i) facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system); and/or (ii) provides information system boundary protection. [SP 800-53] (see also control, security)

boundary value

A data value that corresponds to a minimum or maximum input, internal, or output value specified for a system or component. An input value or output value that is on the boundary between equivalence classes, or an incremental distance either side of the boundary. [OVT] (see also stress testing, system, boundary) (includes boundary value analysis, boundary value coverage, boundary value testing)

boundary value analysis

(NBS) A selection technique in which test data are chosen to lie along 'boundaries' of the input domain [or output range] classes, data structures, procedure parameters, etc. Choices often include maximum, minimum, and trivial values or parameters. This technique is often called stress testing. A test case design technique for a component in which test cases are designed which include representatives of boundary values. [OVT] (see also domain, security testing, test, analysis, boundary, boundary value)

boundary value coverage

The percentage of boundary values of the component's equivalence classes which have been exercised by a test case suite. [OVT] (see also test, boundary, boundary value)

boundary value testing

A testing technique using input values at, just below, and just above, the defined limits of an input domain; and with input values causing outputs to be at, just below, and just above, the defined limits of an output domain. [OVT] (see also domain, boundary, boundary value, security testing, test)

branch coverage

Metric of the number of branches executed under test; '100% branch coverage' means that every branch in a program has been executed at least once under some test (also link coverage). [OVT] (see also program, test)

brand

(I) A distinctive mark or name that identifies a product or business entity. (O) SET usage: The name of a payment card. Financial institutions and other companies have founded payment card brands, protect and advertise the brands, establish and enforce rules for use and acceptance of their payment cards, and provide networks to interconnect the financial institutions. These brands combine the roles of issuer and acquirer in interactions with cardholders and merchants. [RFC2828] (see also entity, network, role, Secure Electronic Transaction)

brand certification authority (BCA)

(O) SET usage: A CA owned by a payment card brand, such as MasterCard, Visa, or American Express. [RFC2828] (see also Secure Electronic Transaction, authority, certification, public-key infrastructure)

brand CRL identifier (BCI)

(O) SET usage: A digitally signed list, issued by a BCA, of the names of CAs for which CRLs need to be processed when verifying signatures in SET messages. [RFC2828] (see also digital signature, message, process, signature, Secure Electronic Transaction, public-key infrastructure)

breach

The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed. [AFSEC][NSAINT][OVT] (see also access control, control, information, penetration, security, system, threat)

break

(I) Cryptographic usage: To successfully perform cryptanalysis and thus succeed in decrypting data or performing some other cryptographic function, without initially having knowledge of the key that the function requires. (This term applies to encrypted data or, more generally, to a cryptographic algorithm or cryptographic system.)$ bridge (I) A computer that is a gateway between two networks (usually two LANs) at OSI layer 2. [RFC2828] (see also algorithm, analysis, computer, cryptographic, cryptography, encryption, function, gateway, key, network, system)

break-wire detector

An intrusion detection system sensor used with screens and grids, open wiring, and grooved stripping in various arrays and configurations necessary to detect surreptitious and forcible penetrations of movable openings, floors, walls, ceilings, and skylights. An alarm is activated when the wire is broken. [DSS] (see also intrusion)

brevity list

List containing words and phrases used to shorten messages. [CNSSI] (see also message)

bridge

A device that connects similar or dissimilar LANs together to form an extended LAN. [SRV] A device that connects two networks or network segments; similar to a router but protocol-independent [CIAO] (see also protocols, router)

British Standard 7799 (BS7799)

(N) Part 1 is a standard code of practice and provides guidance on how to secure an information system. Part 2 specifies the management framework, objectives, and control requirements for information security management systems. The certification scheme works like ISO 9000. It is in use in the UK, the Netherlands, Australia, and New Zealand and might be proposed as an ISO standard or adapted to be part of the Common Criteria. [RFC2828] (see also certification, code, control, criteria, information, information security, object, requirements, security, system, standard)

broadband network

A type of local area network on which transmissions travel as radio-frequency signals over separate inbound and outbound channels. Stations on a broadband network are connected by coaxial or fiber-optic cable. The cable itself can be made to carry data, voice, and video simultaneously over multiple transmission channels. This complex transmission is accomplished by the technique called frequency-division multiplexing, in which individual channels are separated by frequency and buffered from one another by guard bands of frequencies that are not used for transmission. A broadband network is capable of high-speed operation, but it is more expensive than a baseband network and can be difficult to install. Such a network is based on the same technology as is used by cable television. Broadband transmission is sometimes called wideband transmission. [SRV] (see also operation, technology, network)

broadcast

Transmission to all devices in a network without any acknowledgment by the receivers. [800-82]

brouters

Brouters are routers that can also bridge; they route one or more protocols and bridge all other network traffic. [SRV] (see also network, protocols, router)

browse access protection

A system software security feature that when invoked by a file owner, prevents read access to a specified file by any user other than the file owner and any users authorized by explicit action of the file owner. This feature can also be invoked as a global system parameter to provide read access protection automatically to all files by any user other than the file owner and to any users authorized by explicit action of the file owner. [NASA] (see also authorized, file, owner, security, software, system, users, access)

browser

(I) An client computer program that can retrieve and display information from servers on the World Wide Web. (C) For example, Netscape's Navigator and Communicator, and Microsoft's Explorer. [RFC2828] A client program used to interact on the WWW. [SRV] (see also computer, information, program, world wide web)

browsing

Act of searching through IS storage to locate or acquire information, without necessarily knowing the existence or format of information being sought. [CNSSI] Act of searching through information system storage or active content to locate or acquire information, without necessarily knowing the existence or format of information being sought. [CNSSI-4009] The act of searching through storage to locate or acquire information without necessarily knowing the existence or the format of the information being sought. [AJP][NCSC/TG004][SRV] (see also information, attack)

brute force

(I) A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one. (C) For example, for ciphertext where the analyst already knows the decryption algorithm, a brute force technique to finding the original plaintext is to decrypt the message with every possible key. [RFC2828] A primitive programming style (ignorance), one in which the programmer relies on the computer's processing power instead of using his or her own intelligence to simplify the problem, often ignoring problems of scale and applying naive methods suited to small problems directly to large ones. [AFSEC] (see brute force attack) (see also attack)

brute force attack

brute force password attack

A method of accessing an obstructed device through attempting multiple combinations of numeric and/or alphanumeric passwords. [SP 800-72] (see also access, attack)

buffer overflow

A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Adversaries exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system. [800-82] A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system. [SP 800-28; CNSSI-4009] This happens when more data is put into a buffer or holding area than the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access. [NSAINT] This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. [AFSEC] This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access. [OVT] a technique for crashing or gaining control of a computer by sending too much data to the buffer in a computer's memory. [FJC] (see also access, access control, attack, code, computer, control, information, interface, process, system, flow, threat)

buffer overflow attack

A method of overloading a predefined amount of space in a buffer, which can potentially overwrite and corrupt data in memory. [SP 800-72] (see also attack)

bug

A fault in a program which causes the program to perform in an unintended or unanticipated manner. [OVT] An unwanted and unintended property of a program or piece of hardware, especially one that causes it to malfunction. [NSAINT] An unwanted or unintended property of a program or piece of hardware that causes it to malfunction. [AFSEC] (see also anomaly, defect, error, exception, fault, function, program, property, threat)

bulk encryption

Simultaneous encryption of all channels of a multichannel telecommunications link. [CNSSI][CNSSI-4009] (see also communications, telecommunications, encryption)

bulletin board services (systems) (BBS)

(see also system)

burn bag

Informal name given to a container (usually a paper bag or some other waste receptacle) holding sensitive or classified documents that are to be destroyed by fire or pulping after a length of time. The most common use of burn bags is by Government institutions, destroying of materials deemed classified. [DSS] (see also classified)

burn-in

Tendency for an image that is shown on a display over a long period of time to become permanently fixed on the display. This is most often seen in emissive displays such as Cathode Ray Tube and Plasma because chemical change in the phosphors can occur when exposed repeatedly to the same electrical signals. [DSS]

business areas

'Business areas' separate government operations into high-level categories relating to the purpose of government, the mechanisms the government uses to achieve its purposes, the support functions necessary to conduct government operations, and resource management functions that support all areas of the government's business. 'Business areas' are subdivided into 'areas of operation' or 'lines of business.' The recommended information types provided in NIST SP 800-60 is established from the 'business areas' and 'lines of business' from OMB's Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.2 [800-60] (see also function, information, operation, resource, version)

business case

A structured proposal for business improvement that functions as a decision package for organizational decision makers. A business case includes an analysis of business process performance and associated needs or problems, proposed alternative solutions, assumptions, constraints, and risk-adjusted cost/benefit analysis. [SRV] (see also analysis, function, process, risk, business process)

business continuity

The ability of an organization to continue to function before, during, and after a disaster. [NIPP]

business continuity plan (BCP)

A comprehensive written plan to maintain or resume business in the event of a disruption. [FFIEC] The documentation of a predetermined set of instructions or procedures that describe how an organization's business functions will be sustained during and after a significant disruption. [CNSSI-4009] The documentation of a predetermined set of instructions or procedures that describe how an organization's mission/business functions will be sustained during and after a significant disruption. [SP 800-34] (see also risk, availability, business process)

business disruption and system failures

disruption of business or system failures. [2003-53c] (see also operational risk loss, system)

business impact analysis (BIA)

An analysis of an enterprise's requirements, processes, and interdependencies used to characterize information system contingency requirements and priorities in the event of a significant disruption. [CNSSI-4009] An analysis of an information system's requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption. [SP 800-34] The process of identifying the potential impact of uncontrolled, non-specific events on an institution's business processes. [FFIEC] (see also control, identify, process, requirements, analysis, availability, business process, risk analysis)

business process

Collection of related, structured activities or tasks that produce a specific service or product. [misc] (see also as-is process model, backup operations, benchmark, best practices, bilateral trust, change management, contingency plan, continuity of services and operations, core or key process, hardening, integrity, legacy systems, mission critical system, process management approach, recovery site, remediation, simulation modeling, to-be-process model, total quality management, workload, world class organizations, process) (includes activity-based costing, business case, business continuity plan, business impact analysis, business process improvement, business process reengineering, constructive cost model, cost reimbursement contract, cost-risk analysis, cost/benefit, cost/benefit analysis, rolling cost forecasting technique)

business process improvement (BPI)

A methodology used for making continuous, incremental improvements in existing business processes. [SRV] (see also business process, process, quality)

business process reengineering (BPR)

A systematic, disciplined improvement approach that critically examines, rethinks, and redesigns mission-delivery processes in order to achieve dramatic improvements in performance in areas important to customers and stakeholders. A methodology used for seeking radical changes to business processes. [SRV] (see also critical, quality, system, business process, process)

BUSTER

A computer program-part of the Computer Security Toolbox. Buster is an Microsoft-Disk Operating System (MS-DOS)-based program used for performing a binary search of a disk or diskette for any word or set of words found in a search definition file by performing a linear search on a disk or diskette, four sectors at a time. Buster uses the 'limits.txt' file as its documents for search word patterns. [DSS] (see also security)

bypass label processing (BLP)

(see also process)

byte

(I) A fundamental unit of computer storage; the smallest addressable unit in a computer's architecture. Usually holds one character of information and, today, usually means eight bits. (C) Larger than a 'bit', but smaller than a 'word'. Although 'byte' almost always means 'octet' today, bytes had other sizes (e.g. six bits, nine bits) in earlier computer architectures. [RFC2828] (see also computer, information, automated information system)

C2-attack

Prevent effective C2 of adversary forces by denying information to, influencing, degrading or destroying the adversary C2 system. [NSAINT] (see also C2-protect, adversary, information, system, attack)

C2-protect

Maintain effective command and control of own forces by turning to friendly advantage or negating adversary effort to deny information to, influence, degrade, or destroy the friendly C2 system. (Pending approval in JP 1-02) [NSAINT] (see also C2-attack, adversary, command and control, control, information, system, Orange book, security)

CA certificate

(I) 'A certificate for one CA issued by another CA.' (C) That is, a digital certificate whose holder is able to issue digital certificates. A v3 X.509 public-key certificate may have a 'basicConstraints' extension containing a 'cA' value that specifically 'indicates whether or not the public key may be used to verify certificate signatures.' [RFC2828] (see also X.509, digital signature, key, public-key, signature, certificate)

call back

(I) An authentication technique for terminals that remotely access computer via telephone lines. The host system disconnects the caller and then calls back on a telephone number that was previously authorized for that terminal. [RFC2828] A procedure established for positively identifying a terminal dialing into a computer system by disconnecting the calling terminal and reestablishing the connection by the computer system's dialing the telephone number of the calling terminal. Synonymous with dial-back. [SRV] A procedure for identifying a remote terminal. In a call back, the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to reestablish the connection. [AJP][NCSC/TG004] Procedure for identifying and authenticating a remote IS terminal, whereby the host system disconnects the terminal and reestablishes contact. Synonymous with dial back. [CNSSI] Procedure for identifying and authenticating a remote information system terminal, whereby the host system disconnects the terminal and reestablishes contact. [CNSSI-4009] (see also access, access control, authentication, authorized, computer, connection, identify, system, security)

call back security

Procedure for identifying a remote AIS terminal, whereby the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to re-establish the connection. [AFSEC] (see also authorized, connection, identify, system, security)

camouflage

Use of natural or artificial material on personnel, objects, or positions (for example, tactical) to confuse, mislead, or evade the enemy/adversary. [DSS] (see also adversary, case officer, object)

Canadian Trusted Computer Product Evaluation Criteria (CTCPEC)

Canadian secure products criteria. [AJP] (see also Common Criteria for Information Technology Security Evaluation, computer, criteria, trust)

candidate TCB subset

The identification of the hardware, firmware, and software that make up the proposed TCB subset, along with the identification of its subjects and objects; one of the conditions for evaluation by parts. [AJP][TDI] (see also evaluation, identification, software, trusted computing base) (includes object, subject)

canister

Type of protective package used to contain and dispense keying material in punched or printed tape form. [CNSSI][CNSSI-4009] (see also key)

capability

(I) A token, usually an unforgeable data value (sometimes called a 'ticket') that gives the bearer or holder the right to access a system resource. Possession of the token is accepted by a system as proof that the holder has been authorized to access the resource named or indicated by the token. (C) This concept can be implemented as a digital certificate. [RFC2828] A protected identifier that both identifies the object and specifies the access rights to be allowed to the accessor who possesses the capability. In a capability-based system, access to protected objects such as files is granted if the would-be accessor possesses a capability for the object. [AJP][NCSC/TG004] The ability of a suitably organized, trained, and equipped entity to access, penetrate, or alter government or privately owned information or communications systems and/or to disrupt, deny, or destroy all or part of a critical infrastructure. [CIAO] (see also access, access control, authorized, certificate, communications, critical, critical infrastructures, entity, file, information, public-key infrastructure, resource, risk, system, tokens) (includes object)

capacity

Positive integer indicating the number of bits available within the signature for the recoverable part of the message. [SC27] (see also message, signature)

CAPSTONE chip

(N) An integrated circuit (the Mykotronx, Inc. MYK-82) with a Type II cryptographic processor that implements SKIPJACK, KEA, DSA, SHA, and basic mathematical functions to support asymmetric cryptography, and includes the key escrow feature of the CLIPPER chip. [RFC2828] (see also Fortezza, cryptographic, cryptography, escrow, function, key, process, National Security Agency)

Capstone policies

Those policies that are developed by governing or coordinating institutions of Health Information Exchanges (HIEs). They provide overall requirements and guidance for protecting health information within those HIEs. Capstone Policies must address the requirements imposed by: (1) all laws, regulations, and guidelines at the federal, state, and local levels; (2) business needs; and (3) policies at the institutional and HIE levels. [NISTIR-7497] (see also requirements)

capture

The method of taking a biometric sample from an end user. [FIPS 201][GSA] (see also users, biometrics)

card backup

(see token backup) (see also backup)

card initialization

Refers to the process of preparing a card for use by performing the following tasks: searching for initialization files, locating definite values to use in place of variable values, and loading these values. [GSA] (see also file, process, tokens)

card personalization

Refers to the modification of a card such that it contains data specific to the cardholder. Methods of personalization may include encoding the magnetic stripe or bar code, loading data on the ICC, or printing photo or signature data on the card. [GSA] (see also code, signature, tokens)

cardholder

(I) An entity that has been issued a card. (O) SET usage: 'The holder of a valid payment card account and user of software supporting electronic commerce.' A cardholder is issued a payment card by an issuer. SET ensures that in the cardholder's interactions with merchants, the payment card account information remains confidential. [RFC2828] An individual possessing an issued PIV Card. [GSA] An individual possessing an issued Personal Identity Verification (PIV) card. [FIPS 201] (see also entity, identity, information, software, users, Secure Electronic Transaction)

cardholder certificate

(O) SET usage: A digital certificate that is issued to a cardholder upon approval of the cardholder's issuing financial institution and that is transmitted to merchants with purchase requests and encrypted payment instructions, carrying assurance that the account number has been validated by the issuing financial institution and cannot be altered by a third party. [RFC2828] (see also assurance, encryption, tokens, validate, Secure Electronic Transaction, certificate)

cardholder certification authority (CCA)

(O) SET usage: A CA responsible for issuing digital certificates to cardholders and operated on behalf of a payment card brand, an issuer, or another party according to brand rules. A CCA maintains relationships with card issuers to allow for the verification of cardholder accounts. A CCA does not issue a CRL but does distribute CRLs issued by root CAs, brand CAs, geopolitical CAs, and payment gateway CAs. [RFC2828] (see also certificate, gateway, tokens, verification, Secure Electronic Transaction, authority, certification, public-key infrastructure)

carve-out

Classified contract in which a Government activity retains specific oversight responsibilities authorized to administer the Special Access Program. [DSS] (see also access, authorized, classified)

cascading

Downward flow of information through a range of security levels greater than the accreditation range of a system network or component. [CNSSI] Downward flow of information through a range of security levels greater than the accreditation range of a system, network, or component. [CNSSI-4009] (see also accreditation, flow, information, network, security, system)

case officer

Professional employee of an intelligence organization responsible for providing direction for an agent operation. [DSS] (see also camouflage, deception, intelligence)

CASE tools

A class of software tools that provide plans, models, and designs. CASE tools enforce consistency across multiple diagrams and store information, built up by analysts and designers, in a central repository. Software tools that assist with software design, requirements traceability, code generation, testing and other software engineering activities. A software program that provides partial or total automation of a single function within the software lifecycle. [SRV] (see also code, function, information, model, program, requirements, security testing, software, test)

case-by-case basis

Principle that a disclosure authorization is restricted to individual events or occasions and that will prevent confusion with permanent and repetitive disclosure determinations. [DSS] (see also authorization)

CAST

(N) A design procedure for symmetric encryption algorithms, and a resulting family of algorithms, invented by C.A. (Carlisle Adams) and S.T. (Stafford Tavares). [RFC2828] (see also algorithm, encryption, symmetric cryptography)

category

(1) A grouping of objects to which a non-hierarchical restrictive label is applied (e.g. proprietary, compartmented information). Subjects must be privileged to access a category. (2) Restrictive label that has been applied to both classified and unclassified data, thereby increasing the requirement for protection of, and restricting the access to, the data. Note: Examples include sensitive compartmented information and proprietary information. Individuals are granted access to a special category of information only after being granted formal access authorization. [AJP] (I) A grouping of sensitive information items to which a non-hierarchical restrictive security label is applied to increase protection of the data. [RFC2828] A grouping of objects to which an non-hierarchical restrictive label is applied (e.g. proprietary, compartmented information). Subjects must be privileged to access a category. [TNI] A restrictive label that has been applied to classified or unclassified data as a means of increasing the protection of the data and further restricting access to the data. [NCSC/TG004] Restrictive label applied to classified or unclassified information to limit access. [CNSSI][CNSSI-4009] Restrictive label that has been applied to both classified and unclassified data, thereby increasing the requirement for protection of, and restricting the access to, the data. Note: Examples include sensitive compartmented information and proprietary information. Individuals are granted access to special category information only after being granted formal access authorization. [FCv1] (see also access, access control, authorization, classified, information, privileged, security, subject) (includes object)

cause and effect diagram

(see fishbone diagram)

caveat

Designator used with or without a security classification to further limit dissemination of restricted information, for example, For Official Use Only and Not Releasable to Foreign Nationals. [DSS] (see also foreign, security)

CCI assembly

Device embodying a cryptographic logic or other COMSEC design that NSA has approved as a Controlled Cryptographic Item (CCI). It performs the entire COMSEC function, but depends upon the host equipment to operate. [CNSSI] (see also communications security, control, cryptographic, cryptography, function)

CCI component

Part of a Controlled Cryptographic Item (CCI) that does not perform the entire COMSEC function but depends upon the host equipment, or assembly, to complete and operate the COMSEC function. [CNSSI] (see also communications security, control, cryptographic, cryptography, function)

CCI equipment

Telecommunications or information handling equipment that embodies a Controlled Cryptographic Item (CCI) component or CCI assembly and performs the entire COMSEC function without dependence on host equipment to operate. [CNSSI] (see also communications, communications security, control, cryptographic, cryptography, function, information, telecommunications)

CCITT

(N) Acronym for French translation of International Telephone and Telegraph Consultative Committee. Now renamed ITU-T. [RFC2828] (see also ITU-T)

cell

In cellular systems, the smallest geographic area defined for mobile communications systems. [SRV] (see also communications, system)

cellular telephone

A wireless telephone that communicates using radio wave antenna towers, each serving a particular 'cell' of a city or other geographical area. Areas where cellular phones do not work are referred to as 'dead zones.' [FFIEC]

cellular transmission

Data transmission via interchangeable wireless (radio) communications in a network of numerous small geographic cells. Most current technology is analog - represented as electrical levels, not bits. However, the trend is toward digital cellular data transmission. [AJP] (see also communications, network, technology)

center for information technology excellence

Will recognize public and private training facilities meeting federally defined standards in security training, to train and certify current Federal IT security personnel and maintain their skill levels throughout their careers. [CIAO] (see also IT security, security, standard, information, technology)

central adjudication facility

Single facility designated by the head of the Department of Defense Component used to evaluate personnel security investigations and other relevant information. [DSS] (see also security)

central office

SAF/AAZ is the Air Force Special Access Program Central Office that coordinates the management review, oversight, and control of Special Access Programs. [DSS] (see also access)

central office of record (COR)

Office of a federal department or agency that keeps records of accountable COMSEC material held by elements subject to its oversight. [CNSSI] (see also communications security, subject)

central processing unit (CPU)

central services node

The Key Management Infrastructure core node that provides central security management and data management services. [CNSSI-4009] (see also management, security)

Central United States Registry for North Atlantic Treaty Organization

The North Atlantic Treaty Organization controls its classified records through a registry system, in which individual documents are numbered and listed in inventories. The Central United States Registry is located in Arlington, Virginia, and oversees more than 125 subregistries in the United States and abroad. [DSS] (see also classified)

centralized authorization

A scheme in which a central, third-party authorization agent is consulted for access control. All access control rules are defined in the database of the central authorization agent. [misc] (see also access, control, access control)

centralized data processing

A concept by which an organization maintains all computing equipment at a single site (host), and the supporting field-office(s) have no effective data processing capabilities. [SRV] (see also automated information system, process)

centralized operations

The state of all IT operational tasks and ancillary functions being located and performed in one local area. The area may or may not be nearby the IT hardware operated (i.e. computer room(s) or laboratory(s)). IT operational tasks include but are not limited to the setup, operation (start, stop, configure, bypass/recover, etc.), and monitoring of console control units and peripherals. Ancillary functions include but are not limited to job and event scheduling and processing, job quality control, magnetic tape cleaning and certification, tape library operation, and coordination of tape retention and accountability tasks. [NASA] (see also certification, computer, control, function, process, quality, operation)

centrally-administered network

A network of systems that is the responsibility of a single group of administrators who are not distributed but work centrally to take care of the network. [RFC2504] (see also system, network)

certificate

(I) General English usage: A document that attests to the truth of something or the ownership of something. (C) Security usage: See: capability, digital certificate. (C) PKI usage: See: attribute certificate, public-key certificate. [RFC2828] A declaration by an independent authority operating in accordance with ISO Guide 58, Calibration and testing laboratory accreditation systems - General requirements for operation and recognition, confirming that an evaluation pass statement is valid. [SC27] A digital representation of information that (1) identifies the authority issuing the certificate; (2) names or identifies the person, process, or equipment using the certificate; (3) contains the user's public key; (4) identifies the certificate's operational period; and (5) is digitally signed by the certificate authority issuing it. A certificate is the means by which a user is linked (bound) to a public key. [GAO] A digital representation of information which at least 1) identifies the certification authority issuing it, 2) names or identifies its subscriber, 3) contains the subscriber's public key, 4) identifies its operational period, and 5) is digitally signed by the certification authority issuing it. [SP 800-32] A digitally signed data structure defined in the X.509 standard that binds the identity of a certificate holder (or subject) to a public key. [SRV] A digitally signed representation of information that 1) identifies the authority issuing it, 2) identifies the subscriber, 3) identifies its valid operational period (date issued / expiration date). In the information assurance (IA) community, certificate usually implies public key certificate and can have the following types: cross certificate - a certificate issued from a CA that signs the public key of another CA not within its trust hierarchy that establishes a trust relationship between the two CAs. encryption certificate - a certificate containing a public key that can encrypt or decrypt electronic messages, files, documents, or data transmissions, or establish or exchange a session key for these same purposes. Key management sometimes refers to the process of storing, protecting, and escrowing the private component of the key pair associated with the encryption certificate. identity certificate - a certificate that provides authentication of the identity claimed. Within the National Security Systems (NSS) PKI, identity certificates may be used only for authentication or may be used for both authentication and digital signatures. [CNSSI-4009] A set of data that uniquely identifies a key pair and an owner that is authorized to use the key pair. The certificate contains the owner's public key and possibly other information, and is digitally signed by a Certification Authority (i.e. a trusted party), thereby binding the public key to the owner. [FIPS 186] A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its cryptoperiod. [SP 800-21] An electronic identifier from a certificate authority which includes the CA signature made with its private key. The authenticity of the signature is validated by other users who trust the CA's public key. [misc] An entity's data rendered unforgeable with the private or secret key of a certification authority. [SC27] An entity's data rendered unforgeable with the private or secret key of a certification authority. [ISO/IEC WD 13888-1 (11/2001)] A declaration by an independent authority operating in accordance with ISO Guide 58, Calibration and testing laboratory accreditation systems - General requirements for operation and recognition, confirming that an evaluation pass statement is valid. [SC27] Certificates are data that is used to verify digital signatures. A certificate is only as trustworthy as the agency that issued it. A certificate is used to verify a particular signed item, such as an Email message or a web page. The digital signature, the item and the certificate are all processed by a mathematical program. It is possible to say, if the signature is valid, that 'According to the agency that issued the certificate, the signer was (some name)'. [RFC2504] Digitally signed document that binds a public key with an identity. The certificate contains, at a minimum, the identity of the issuing Certification Authority, the user identification information, and the user's public key. [CNSSI] Record holding security information about an AIS user and vouches to the truth and accuracy of the information it contains. [IATF] (see also ABA Guidelines, Abstract Syntax Notation One, Cryptographic Message Syntax, Distinguished Encoding Rules, Federal Public-key Infrastructure, IT security certification, MISSI user, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, RA domains, SET private extension, SET qualifier, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, X.500 Directory, X.509, X.509 authority revocation list, accreditation, applicant, archive, assurance, attribute authority, authenticate, authentication, authority, authority revocation list, bind, binding, capability, cardholder certification authority, certification, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, certification service, certify, common name, common security, compromised key list, credentials, critical, cross-certification, cryptoperiod, delta CRL, digital id, digital signature, directly trusted CA key, directory service, directory vs. Directory, distinguished name, distribution point, domain, end entity, enrollment service, entity, evaluation, extension, hierarchy management, identification, identity, information, invalidity date, issue, issuer, key, key lifetime, key management infrastructure, key material identifier, local authority, management, merchant certification authority, mesh PKI, message, operation, organizational registration authority, owner, party, path discovery, path validation, payment gateway certification authority, personal identity verification card, personality label, policy, policy approving authority, policy certification authority, policy creation authority, policy mapping, privilege management infrastructure, process, program, public-key, public-key infrastructure, registration, registration authority, registration service, relying party, repository, requirements, revocation, revocation date, root, root CA, secure hypertext transfer protocol, security, security event, security management infrastructure, security testing, signature, slot, sponsor, standard, strong authentication, subject, subordinate certification authority, system, test, ticket, token management, tokens, trust-file PKI, trusted key, tunneled password protocol, unforgeable, users, v1 CRL, v2 CRL, valid signature, validate, validate vs. verify, validated products list, validation, validity period, world wide web, Secure Electronic Transaction, multilevel information systems security initiative, pretty good privacy, privacy enhanced mail, web of trust) (includes CA certificate, Validation Certificate, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate, attribute certificate, authority certificate, cardholder certificate, certificate authority workstation, certificate chain, certificate chain validation, certificate creation, certificate directory, certificate domain, certificate domain parameters, certificate expiration, certificate holder, certificate management, certificate management services, certificate owner, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate revocation list, certificate revocation tree, certificate serial number, certificate status responder, certificate update, certificate user, certificate validation, conformant validation certificate, cross-certificate, digital certificate, encryption certificate, geopolitical certificate authority, indirect certificate revocation list, merchant certificate, mutual recognition of certificates, online certificate status protocol, organizational certificate, public-key certificate, root certificate, security certificate, self-signed certificate, signature certificate, software publisher certificate, trusted certificate, v1 certificate, v2 certificate, v3 certificate, valid certificate)

certificate authority

(D) ISDs SHOULD NOT use this term because it looks like sloppy use of 'certification authority', that is the term standardized by X.509. [RFC2828] The entity or organization that attests using a digital certificate that a particular electronic message comes from a specific individual or system. [FFIEC] (see certification authority)

certificate authority workstation (CAW)

(see also authority, certificate)

certificate chain

(D) ISDs SHOULD NOT use this term because it duplicates the meaning of a standardized term. [RFC2828] (see also certification, public-key infrastructure, standard, certificate)

certificate chain validation

(D) ISDs SHOULD NOT use this term because it duplicates the meaning of standardized terms and mixes concepts in a potentially misleading way. Instead, use 'certificate validation' or 'path validation', depending on what is meant. [RFC2828] (see also public-key infrastructure, standard, certificate, validation)

certificate creation

(I) The act or process by which a CA sets the values of a digital certificate's data fields and signs it. [RFC2828] (see also process, certificate, public-key infrastructure)

certificate directory

A directory containing a well defined (sub)set of public key certificates. This directory can contain certificates from different Certification Authorities. [SC27] (see also certification, key, public-key, certificate, public-key infrastructure)

certificate domain

Collection of entities using public key certificates created by a single Certification Authority (CA) or a collection of CAs operating under a single security policy. [SC27] (see also authority, certification, key, policy, public-key, security, certificate, domain)

certificate domain parameters

Cryptographic parameters specific to a certificate domain and which are known and agreed by all members of the certificate domain. [SC27] (see also cryptographic, cryptography, public-key infrastructure, certificate, domain)

certificate expiration

(I) The event that occurs when a certificate ceases to be valid because its assigned lifetime has been exceeded. [RFC2828] (see also public-key infrastructure, certificate)

certificate holder

(D) ISDs SHOULD NOT use this term as a synonym for the subject of digital certificate because the term is potentially ambiguous. For example, the term could also refer to a system entity, such as repository, that simply has possession of a copy of the certificate. [RFC2828] (see also entity, subject, system, certificate)

certificate management

(I) The functions that a CA may perform during the lifecycle of a digital certificate, including the following:

Acquire and verify data items to bind into the certificate.
Encode and sign the certificate.
Store the certificate in a directory or repository.
Renew, rekey, and update the certificate.
Revoke the certificate and issue a CRL.

[RFC2828] Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed. [CNSSI][CNSSI-4009] (see also code, destruction, function, key, process, rekey, update, certificate, management, public-key infrastructure)

certificate management authority

(CMA) A Certification Authority (CA) or a Registration Authority (RA). [SP 800-32] (see also certification, management)

certificate management services

All services needed for the maintenance of the lifecycle of certificates, including registration, certification, distribution, and revocation of certificates. [SC27] (see also certification, lifecycle, public-key infrastructure, registration, revocation, certificate)

certificate owner

(D) ISDs SHOULD NOT use this term as a synonym for the subject of digital certificate because the term is potentially ambiguous. For example, the term could also refer to a system entity, such as corporation, that has acquired a certificate to operate some other entity, such as a Web server. [RFC2828] (see also entity, subject, system, world wide web, certificate, owner)

certificate policy

(I) 'A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements.' (C) A certificate policy can help a certificate user decide whether a certificate should be trusted in a particular application. 'For example, a particular certificate policy might indicate applicability of a type of certificate for the authentication of electronic data interchange transactions for the trading goods within a given price range.' (C) A v3 X.509 public-key certificate may have a 'certificatePolicies' extension that lists certificate policies, recognized by the issuing CA, that apply to the certificate and govern its use. Each policy is denoted by an object identifier and may optionally have certificate policy qualifiers.(C) SET usage: Every SET certificate specifies at least one certificate policy, that of the SET root CA. SET uses certificate policy qualifiers to point to the actual policy statement and to add qualifying policies to the root policy. [RFC2828] A specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications. [CNSSI-4009; SP 800-32] (see also X.509, application, authentication, control, critical, key, management, object, public-key, requirements, security, trust, users, Secure Electronic Transaction, certificate, policy, public-key infrastructure)

certificate policy qualifier

(I) Information that pertains to a certificate policy and is included in a 'certificatePolicies' extension in a v3 X.509 public-key certificate. [RFC2828] (see also X.509, information, key, public-key, certificate, policy, public-key infrastructure)

certificate reactivation

(I) The act or process by which a digital certificate, which a CA has designated for revocation but not yet listed on a CRL, is returned to the valid state. [RFC2828] (see also process, revocation, certificate, public-key infrastructure)

certificate rekey

(I) The act or process by which an existing public-key certificate has its public key value changed by issuing a new certificate with different (usually new) public key. (C) For an X.509 public-key certificate, the essence of rekey is that the subject stays the same and a new public key is bound to that subject. Other changes are made, and the old certificate is revoked, only as required by the PKI and CPS in support of the rekey. If changes go beyond that, the process is a 'certificate update'. (O) MISSI usage: To rekey a MISSI X.509 public-key certificate means that the issuing authority creates a new certificate that is identical to the old one, except the new one has a new, different KEA key; or a new, different DSS key; or new, different KEA and DSS keys. The new certificate also has a different serial number and may have a different validity period. A new key creation date and maximum key lifetime period are assigned to each newly generated key. If a new KEA key is generated, that key is assigned new KMID. The old certificate remains valid until it expires, but may not be further renewed, rekeyed, or updated. [RFC2828] (see also X.509, authority, process, public-key, revoked state, subject, update, certificate, key, multilevel information systems security initiative, public-key infrastructure, rekey)

certificate renewal

(I) The act or process by which the validity of the data binding asserted by an existing public-key certificate is extended in time by issuing a new certificate. (C) For an X.509 public-key certificate, this term means that the validity period is extended (and, of course, a new serial number is assigned) but the binding of the public key to the subject and to other data items stays the same. The other data items are changed, and the old certificate is revoked, only as required by the PKI and CPS to support the renewal. If changes go beyond that, the process is a 'certificate rekey' or 'certificate update'. [RFC2828] (see also X.509, backup, key, process, public-key, rekey, revoked state, subject, update, certificate, public-key infrastructure, renewal)

certificate request

(D) ISDs SHOULD NOT use this term because it looks like imprecise use of a term standardized by PKCS #10 and used in PKIX. Instead, use the standard term, 'certification request'. [RFC2828] (see also certification, standard, certificate, public-key infrastructure)

certificate revocation

(I) The event that occurs when a CA declares that a previously valid digital certificate issued by that CA has become invalid; usually stated with a revocation date. (C) In X.509, a revocation is announced to potential certificate users by issuing a CRL that mentions the certificate. Revocation and listing on a CRL is only necessary before certificate expiration. [RFC2828] (see also X.509, users, certificate, public-key infrastructure)

certificate revocation list (CRL)

(I) A data structure that enumerates digital certificates that have been invalidated by their issuer prior to when they were scheduled to expire. (O) 'A signed list indicating a set of certificates that are no longer considered valid by the certificate issuer. After a certificate appears on a CRL, it is deleted from a subsequent CRL after the certificate's expiry. CRLs may be used to identify revoked public-key certificates or attribute certificates and may represent revocation of certificates issued to authorities or to users. The term CRL is also commonly used as a generic term applying to all the different types of revocation lists, including CRLs, ARLs, ACRLs, etc.' [RFC2828] A list of revoked but un-expired certificates issued by a CA. [SP 800-21] A list of revoked but unexpired certificates issued by a certification authority. [SRV] A list of revoked public key certificates created and digitally signed by a Certification Authority. [800-63][CNSSI-4009][SP 800-63; FIPS 201] A record of all revoked certificates produced by a common Issuer; a certificate is revoked when any data in it changes before it expires, e.g. when a user moves and changes addresses. [IATF] List of invalid certificates (as defined above) that have been revoked by the issuer. [CNSSI] list of nonvalid user certificates that must be checked as part of every authentication or encryption process. [misc] (see also accreditation, authentication, authority, encryption, evaluation, identify, key, process, public-key, revoked state, users, validate, certificate, certification authority, revocation)

certificate revocation tree

(I) A mechanism for distributing notice of certificate revocations; uses a tree of hash results that is signed by the tree's issuer. Offers an alternative to issuing a CRL, but is not supported in X.509. [RFC2828] (see also X.509, hash, certificate, revocation)

certificate serial number

(I) An integer value that (a) is associated with, and may be carried in, a digital certificate; (b) is assigned to the certificate by the certificate's issuer; and (c) is unique among all the certificates produced by that issuer. (O) 'An integer value, unique within the issuing CA, that is unambiguously associated with a certificate issued by that CA.' [RFC2828] (see also certificate)

certificate status authority

A trusted entity that provides online verification to a relying party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate. [SP 800-32; CNSSI-4009] (see also trust)

certificate status responder

(N) FPKI usage: A trusted online server that acts for a CA to provide authenticated certificate status information to certificate users. Offers an alternative to issuing a CRL, but is not supported in X.509. [RFC2828] (see also X.509, authentication, information, trust, users, certificate, public-key infrastructure)

certificate update

(I) The act or process by which non-key data items bound to an existing public-key certificate, especially authorizations granted to the subject, are changed by issuing a new certificate. (C) For an X.509 public-key certificate, the essence of this process is that fundamental changes are made in the data that is bound to the public key, such that it is necessary to revoke the old certificate. (Otherwise, the process is only a 'certificate rekey' or 'certificate renewal'.) [RFC2828] (see also X.509, authorization, key, process, public-key, rekey, renewal, subject, certificate, public-key infrastructure, update)

certificate user

(I) A system entity that depends on the validity of information (such as another entity's public key value) provided by a digital certificate. (O) 'An entity that needs to know, with certainty, the public key of another entity.' (C) The system entity may be a human being or an organization, or device or process under the control of a human or an organization. (D) ISDs SHOULD NOT use this term as a synonym for the 'subject' of a certificate. [RFC2828] (see also control, entity, information, key, process, public-key, subject, system, certificate, users)

certificate validation

(I) An act or process by which a certificate user establishes that the assertions made by a digital certificate can be trusted. (O) 'The process of ensuring that a certificate is valid including possibly the construction and processing of a certification path, and ensuring that all certificates in that path have not expired or been revoked.' (C) To validate a certificate, a certificate user checks that the certificate is properly formed and signed and currently in force:

Checks the signature: Employs the issuer's public key to verify the digital signature of the CA who issued the certificate in question. If the verifier obtains the issuer's public key from the issuer's own public-key certificate, that certificate should be validated, too. That validation may lead to yet another certificate to be validated, and so on. Thus, in general, certificate validation involves discovering and validating a certification path.
Checks the syntax and semantics: Parses the certificate's syntax and interprets its semantics, applying rules specified for and by its data fields, such as for critical extensions in an X.509 certificate.
Checks currency and revocation: Verifies that the certificate is currently in force by checking that the current date and time are within the validity period (if that is specified in the certificate) and that the certificate is not listed on a CRL or otherwise announced as invalid. (CRLs themselves require similar validation process.)

certificate-related information

Data, such as a subscriber's postal address that is not included in a certificate. May be used by a Certification Authority (CA) managing certificates. [CNSSI-4009] Information, such as a subscriber's postal address, that is not included in a certificate. May be used by a Certification Authority (CA) managing certificates. [SP 800-32] (see also certification)

certification

(1) Comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the approval/accreditation process, to establish the extent to which a particular design and implementation meet a set of specified security requirements. Note: There remain two other definitions in active common usage that differ according to circumstances. (2) The issue of a formal statement confirming the results of an evaluation, and that the evaluation criteria used were correctly applied. Synonym for IT security certification. [AJP] (I) Information system usage: Technical evaluation (usually made in support of an accreditation action) of an information system's security features and other safeguards to establish the extent to which the system's design and implementation meet specified security requirements. (I) Digital certificate usage: The act or process of vouching for the truth and accuracy of the binding between data items in a certificate. (I) Public key usage: The act or process of vouching for the ownership of a public key by issuing a public-key certificate that binds the key to the name of the entity that possesses the matching private key. In addition to binding a key to a name, a public-key certificate may bind those items to other restrictive or explanatory data items. (O) SET usage: 'The process of ascertaining that a set of requirements or criteria has been fulfilled and attesting to that fact to others, usually with some written instrument. A system that has been inspected and evaluated as fully compliant with the SET protocol by duly authorized parties and process would be said to have been certified compliant.' [RFC2828] A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [800-60][800-82][FIPS 200] Comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a set of specified security requirements. [FCv1] Comprehensive evaluation of the technical and nontechnical security safeguards of an IS to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. [CNSSI] Comprehensive evaluation of the technical and nontechnical security safeguards of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. See Security Control Assessment. [CNSSI-4009] Procedure by which a third party gives written assurance that a deliverable (product, system or service) conforms to specified requirements. [SC27] Statement to an accrediting authority of the extent to which an automated information system or network meets its security criteria. This statement is made as part of and in support of the accreditation process. [DSS] The administrative act of approving a computer system for use in a particular application. [SRV] The comprehensive evaluation of the technical and non-technical security controls of an IT system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. [800-37] The comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, that establishes the extent to which a particular design and implementation meet a specified set of security requirements. [NCSC/TG004][OVT] The issue of a formal statement confirming the results of an evaluation, and that the evaluation criteria used were correctly applied. [ITSEC] The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness. [FIPS 201][GSA] The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular system's design and implementation meet a set of specified security requirements. [TCSEC][TNI] (see also British Standard 7799, For Official Use Only Certified TEMPEST Technical Authority, IT security, Internet Policy Registration Authority, MISSI user, PIV registrar, RA domains, SET qualifier, SSO PIN, X.509 public-key certificate, applicant, application, approved security container, assessment, assurance, audit/review, authority, authority certificate, authorized, backup, beta i, beta ii, binding, centralized operations, certificate, certificate chain, certificate directory, certificate domain, certificate management authority, certificate management services, certificate request, certificate validation, certificate-related information, certified TEMPEST technical authority, certifier, clearance, component extensibility, computer, computer security, control, criteria, cross-certificate, digital certificate, entity, extension, external security controls, geopolitical certificate authority, hierarchical PKI, hierarchy management, hierarchy of trust, information, information assurance, key, key management, line supervision, management, mission assurance category, operation, owner, path discovery, path validation, penetration test, policy approving authority, policy creation authority, policy management authority, pre-authorization, privacy enhanced mail, process, protocols, public-key, public-key certificate, public-key information, public-key infrastructure, root, root certificate, security event, security program manager, security testing, system, test, top CA, trust, trust anchor, trust chain, trust hierarchy, trust-file PKI, trusted agent, trusted certificate, trusted key, users, validate vs. verify, Secure Electronic Transaction, multilevel information systems security initiative) (includes IT security certification, accreditation, automated information system, brand certification authority, cardholder certification authority, certification agent or certifier, certification analyst, certification authority, certification authority digital signature, certification authority facility, certification authority workstation, certification body, certification hierarchy, certification package, certification path, certification phase, certification policy, certification practice statement, certification request, certification service, clearance certification, decertification, digital certification, entry-level certification, evaluation, facilities certification, merchant certification authority, mid-level certification, payment gateway certification authority, policy certification authority, pre-certification phase, principal certification authority, requirements, root certification authority, security certification level, site certification, subordinate certification authority, superior certification authority, top-level certification, type certification)

certification agent or certifier

The individual (and supporting team) responsible for making an independent technical and non-technical evaluation of a system based on the security requirements and security controls documented in the security plan. The certifier assesses the vulnerabilities in the system, determines if the security controls are correctly implemented and effective, and identifies the level of residual risk. [800-37] (see also control, evaluation, requirements, risk, security, system, vulnerability, certification)

certification analyst

The independent technical liaison for all stakeholders involved in the C&A process responsible for objectively and independently evaluating a system as part of the risk management process. Based on the security requirements documented in the security plan, performs a technical and non-technical review of potential vulnerabilities in the system and determines if the security controls (management, operational, and technical) are correctly implemented and effective. [CNSSI-4009] (see also control, management, requirements, risk, security, certification)

certification and accreditation (C&A)

Certification is the comprehensive evaluation of the technical and nontechnical security features of an IS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a set of specified requirements. Accreditation is the formal declaration by a DAA that an IS approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. [IATF] (see also process, accreditation, evaluation, requirements, risk)

certification authority (CA)

(I) An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate. (O) 'An authority trusted by one or more users to create and assign certificates. Optionally, the certification authority may create the user's keys.' (C) Certificate users depend on the validity of information provided by a certificate. Thus, a CA should be someone that certificate users trust, and usually holds an official position created and granted power by a government, a corporation, or some other organization. A CA is responsible for managing the lifecycle of certificates and, depending on the type of certificate and the CPS that applies, may be responsible for the lifecycle of key pairs associated with the certificates. [RFC2828] (C&A) Official responsible for performing the comprehensive evaluation of the security features of an information system and determining the degree to which it meets its security requirements. (PKI) Trusted entity authorized to create, sign, and issue public key certificates. By digitally signing each certificate issued, the user's identity is certified, and the association of the certified identity with a public key is validated. [CNSSI] 1. For Certification and Accreditation (C&A) (C&A Assessment): Official responsible for performing the comprehensive evaluation of the security features of an information system and determining the degree to which it meets its security requirements 2. For Public Key Infrastructure (PKI): A trusted third party that issues digital certificates and verifies the identity of the holder of the digital certificate. [CNSSI-4009] A centre trusted to create and assign public key certificates. Optionally, the certification authority may create and assign keys to the entities. [SC27] A trusted agent that issues digital certificates to principals. Certification authorities may themselves have a certificate that is issued to them by other certification authorities. The highest certification authority is called the root CA. [IATF][misc] A trusted entity that issues and revokes public key certificates. [800-63][FIPS 201] A trusted entity that issues certificates to end entities and other CAs. CAs issue CRLs periodically, and post certificates and CRLs to a repository. [SRV] The entity in a public key infrastructure (PKI) that is responsible for issuing certificates and exacting compliance to a PKI policy. [SP 800-21; FIPS 186] (see also PIV issuer, X.509, association, authorized, backup, entity, evaluation, identity, identity credential issuer, information, key, message, public-key, requirements, security, standard, system, test, users, validate, authority, certification, public-key infrastructure, trust) (includes certificate revocation list, credentials, cross-certification, non-repudiation, root CA)

certification authority digital signature (CADS)

relying party uses certificate manufactured by a certification authority to obtain the public key for digital signature authentication [misc] (see also authentication, certificate, key, public-key, authority, certification, public-key infrastructure, signature)

certification authority facility

The collection of equipment, personnel, procedures and structures that are used by a Certification Authority to perform certificate issuance and revocation. [SP 800-32] (see also certification)

certification authority workstation (CAW)

(I) A computer system that enables a CA to issue digital certificates and supports other certificate management functions as required. [RFC2828] Commercial-off-the-shelf (COTS) workstation with a trusted operating system and special purpose application software that is used to issue certificates. [CNSSI] (see also application, certificate, computer, function, software, system, trust, authority, certification, public-key infrastructure)

certification body

An independent and impartial national organization that performs certification. [AJP][ITSEC] (see also certification)

certification hierarchy

(I) A tree-structured (loop-free) topology of relationships among CAs and the entities to whom the CAs issue public-key certificates. (C) In this structure, one CA is the top CA, the highest level of the hierarchy. The top CA may issue public-key certificates to one or more additional CAs that form the second highest level. Each of these CAs may issue certificates to more CAs at the third highest level, and so on. The CAs at the second-lowest of the hierarchy issue certificates only to non-CA entities, called 'end entities' that form the lowest level. Thus, all certification paths begin at the top CA and descend through zero or more levels of other CAs. All certificate users base path validations on the top CA's public key. (O) MISSI usage: A MISSI certification hierarchy has three or four levels of CAs:

A CA at the highest level, the top CA, is a 'policy approving authority'.
A CA at the second-highest level is a 'policy creation authority'.
A CA at the third-highest level is a local authority called a 'certification authority'.
A CA at the fourth-highest (optional) level is a 'subordinate certification authority'. (O) PEM usage: A PEM certification hierarchy has three levels of CAs:
The highest level is the 'Internet Policy Registration Authority'.
A CA at the second-highest level is a 'policy certification authority'.
A CA at the third-highest level is a 'certification authority'. (O) SET usage: A SET certification hierarchy has three or four levels of CAs:
The highest level is a 'SET root CA'.
A CA at the second-highest level is a 'brand certification authority'.
A CA at the third-highest (optional) level is a 'geopolitical certification authority'.
A CA at the fourth-highest level is a 'cardholder CA', a 'merchant CA', or a 'payment gateway CA'.

certification package

Product of the certification effort documenting the detailed results of the certification activities. [CNSSI][CNSSI-4009] Product of the certification effort documenting the detailed results of the certification activities. The certification package includes the security plan, developmental and/or operational ST&E re ports, risk assessment report, and certifier's statement. [800-37] (see also assessment, operation, risk, security, certification)

certification path

(I) An ordered sequence of public-key certificates (or a sequence of public-key certificates followed by one attribute certificate) that enables a certificate user to verify the signature on the last certificate in the path, and thus enables the user to obtain certified public key (or certified attributes) of the entity that is the subject of that last certificate. (O) 'An ordered sequence of certificates of objects in the [X.500 Directory Information Tree] which, together with the public key of the initial object in the path, can be processed to obtain that of the final object in the path.' [X509, R2527] (C) The path is the 'list of certificates needed to allow a particular user to obtain the public key of another.' The list is 'linked' in the sense that the digital signature of each certificate (except the first) is verified by the public key contained in the preceding certificate; i.e. the private key used to sign a certificate and the public key contained in the preceding certificate form a key pair owned by the entity that signed. (C) In the X.509 quotation in the previous 'C' paragraph, the word 'particular' points out that a certification path that can be validated by one certificate user might not be able to be validated by another. That is because either the first certificate should be a trusted certificate (it might be a root certificate) or the signature on the first certificate should be verified by a trusted key (it might be a root key), but such trust is defined relative to each user, not absolutely for all users. [RFC2828] An ordered sequence of certificates, leading from a certificate whose public key is known by a client, to a certificate whose public key is to be validated by the client. [SRV] (see also X.509, certificate, digital signature, entity, information, key, object, process, public-key, signature, subject, trust, users, validate, certification, public-key infrastructure)

certification phase

The certification phase is the second phase of the certification and accreditation process. Its purpose is to demonstrate through independent assessments using selected verification techniques and verification procedures that the security controls for the IT system have been implemented correctly and are effective in their application. [800-37] (see also accreditation, application, assessment, control, process, security, system, verification, certification)

certification policy

(D) ISDs SHOULD NOT use this term. Instead, use either 'certificate policy' or 'certification practice statement', depending on what is meant. [RFC2828] (see also certificate, public-key infrastructure, certification, policy)

certification practice statement (CPS)

(I) 'A statement of the practices which a certification authority employs in issuing certificates.' [ABA96, R2527] (C) A CPS is a published security policy that can help a certificate user to decide whether a certificate issued by a particular CA can be trusted enough to use in a particular application. A CPS may be (a) a declaration by a CA of the details of the computer system and practices it employs in its certificate management operations, (b) part of a contract between the CA and an entity to whom a certificate is issued, (c) a statute or regulation applicable to the CA, or (d) a combination of these types involving multiple documents. (C) A CPS is usually more detailed and procedurally oriented than certificate policy. A CPS applies to a particular CA or CA community, while a certificate policy applies across CAs or communities. A CA with a single CPS may support multiple certificate policies, which may be used for different application purposes or by different user communities. Multiple CAs, each with different CPS, may support the same certificate policy. [RFC2828] (CPS) A statement of the practices that a Certification Authority employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance with specific requirements (i.e. requirements specified in this Certificate Policy, or requirements specified in a contract for services). [SP 800-32; CNSSI-4009] (see also access, application, authority, certificate, computer, entity, operation, policy, requirements, security, system, trust, users, certification, public-key infrastructure)

certification request

(I) A algorithm-independent transaction format, defined by PCKS #10 and used in PKIX, that contains a DN, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification, and sent to a CA, which transforms the request to an X.509 public-key certificate or another type of certificate. [RFC2828] (see also X.509, algorithm, certificate, entity, key, public-key, certification, public-key infrastructure)

certification service

The service of creating and assigning certificates performed by a CA and described in ISO/IEC 9594-8: 1995. [SC27] (see also certificate, certification, public-key infrastructure)

certification test and evaluation (CT&E)

(CT&E) Software and hardware security tests conducted during development of an information system. [CNSSI-4009] Software and hardware security tests conducted during development of an IS. [CNSSI] (see also development, security, software, evaluation, test)

certificaton authority (CA)

(see also authority, public-key infrastructure)

certified information systems security professional (CISSP)

(see also computer security, information, system)

certified TEMPEST technical authority (CTTA)

An experienced, technically qualified U.S. Government employee who has met established certification requirements in accordance with CNSS (NSTISSC)-approved criteria and has been appointed by a U.S. Government Department or Agency to fulfill CTTA responsibilities. [CNSSI] U.S. Government employee who has met established certification requirements in accordance with the Committee on the National Security Systems approved criteria and was appointed by a U.S. Government department or agency to fulfill Certified Transient Electromagnetic Pulse Emanation Standard, or TEMPEST, Technical Authority responsibilities. [DSS] (see also certification, criteria, requirements, TEMPEST, authority)

certifier

Individual responsible for making a technical judgment of the system's compliance with stated requirements, identifying and assessing the risks associated with operating the system, coordinating the certification activities, and consolidating the final certification and accreditation packages. [CNSSI][CNSSI-4009] (see also accreditation, certification, identify, requirements, risk, system)

certify

(I) Issue a digital certificate and thus vouch for the truth, accuracy, and binding between data items in the certificate, such as the identity of the certificate's subject and the ownership of a public key. (C) To 'certify a public key' means to issue a public-key certificate that vouches for the binding between the certificate's subject and the key. (I) The act by which a CA employs measures to verify the truth, accuracy, and binding between data items in a digital certificate. (C) A description of the measures used for verification should be included in the CA's CPS. [RFC2828] (see also backup, certificate, entity, identity, key, owner, public-key, public-key infrastructure, subject, verification)

CGI scripts

Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server (besides the underlying host security). [NSAINT] (see also security, common gateway interface, software, threat, world wide web)

chain letter

An electronic e-mail that either explicitly or implicitly encourages the user to forward the note to multiple recipients with no discernible end to the chain or no specific benefit to the government for doing so [NASA] (see also users, threat)

chain of custody

A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer. [SP 800-72; CNSSI-4009]

chain of evidence

A process and record that shows who obtained the evidence; where and when the evidence was obtained; who secured the evidence; and who had control or possession of the evidence. The 'sequencing' of the chain of evidence follows this order: collection and identification; analysis; storage; preservation; presentation in court; return to owner. [CNSSI-4009] (see also control)

challenge

A data item chosen at random and sent by the verifier to the claimant, that is used by the claimant, in conjunction with secret information held by the claimant, to generate a response that is sent to the verifier. [SC27] (see also information, random, response, challenge/response)

challenge and reply authentication

Prearranged procedure in which a subject requests authentication of another and the latter establishes validity with a correct reply. [CNSSI] (see also subject, authentication)

Challenge Handshake Authentication Protocol (CHAP)

(I) A peer entity authentication method for PPP, using a randomly-generated challenge and requiring a matching response that depends on a cryptographic hash of the challenge and a secret key. [RFC2828] (see also cryptographic, cryptography, entity, hash, key, random, response, authentication, challenge/response, protocols, security protocol)

Challenge-Response Authentication Mechanism (CRAM)

(I) IMAP4 usage: A mechanism, intended for use with IMAP4 AUTHENTICATE, by which an IMAP4 client uses a keyed hash to authenticate itself to an IMAP4 server. (C) The server includes a unique timestamp in its ready response to the client. The client replies with the client's name and the hash result of applying MD5 to a string formed from concatenating the timestamp with a shared secret that is known only to the client and the server. [RFC2828] (see also hash, key, shared secret, authentication, challenge/response, response)

challenge-response protocol

An authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a secret (often by hashing the challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a response that is sent to the verifier. The verifier can independently verify the response generated by the claimant (such as by re-computing the hash of the challenge and the shared secret and comparing to the response, or performing a public key operation on the response) and establish that the claimant possesses and controls the secret. [SP 800-63] An authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a secret (such as by hashing the challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a response that is sent to the verifier. The verifier can independently verify the response generated by the claimant (such as by re-computing the hash of the challenge and the shared secret and comparing to the response, or performing a public key operation on the response) and establish that the claimant possesses and controls the secret. [800-63] (see also attack, authentication, control, cryptographic, hash, key, operation, public-key, random, protocols, response)

challenge/response

(I) An authentication process that verifies an identity by requiring correct authentication information to be provided in response to a challenge. in a system, the authentication information is usually a value that is required to be computed in response to an unpredictable challenge value. [RFC2828] A type of authentication in which a user responds correctly (usually by performing some calculation based on the time and/or the user's secret key) to a challenge (usually a numeric, unpredictable one). [AFSEC] An authentication procedure that requires calculating a correct response to an unpredictable challenge. [SRV] An authentication technique whereby a server sends an unpredictable challenge to the user, who computes a response using some form of authentication token. [IATF][misc] (see also 3-factor authentication, Extensible Authentication Protocol, IMAP4 AUTHENTICATE, POP3 AUTH, authentication, entity, identity, information, key, process, system, tokens, users, response) (includes Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, challenge)

change control and lifecycle management

Procedures and controls that prevent unauthorized programs or modifications to an existing program from being implemented. [CIAO] (see also authorized, program, control, software development)

change management

Activities involved in (1) defining and instilling new values, attitudes, norms, and behaviors within an organization that support new ways of doing work and overcome resistance to change; (2) building consensus among customers and stakeholders on specific changes designed to better meet their needs; and (3) planning, testing, and implementing all aspects of the transition from one organizational structure or business process to another. [SRV] (see also business process, process, security testing, test)

channel

(I) An information transfer path within a system. [RFC2828] An information transfer path within a system. May also refer to the mechanism by which the path is effected. [AJP][TCSEC] (see also information, system) (includes communication channel, covert channel, covert storage channel, covert timing channel, exploitable channel, internal communication channel, overt channel, security-compliant channel, trusted channel)

channel capacity

Maximum possible error-free rate, measured in bits per second, at which information can be sent along a communications path. [AJP][FCv1] (see also bandwidth, communications, information)

channel scanning

Changing the channel being monitored by a wireless intrusion detection and prevention system. [800-94] (see also intrusion, intrusion detection, system)

check character

Added character which may be used to verify the accuracy of a string by a mathematical relationship to that string. [SC27] (see also error detection code) (includes check character system)

check character system

Set of rules for generating check characters and checking strings incorporating check characters. [SC27] (see also check character, system)

check digits

A digit in an account number that is calculated from the other digits in the account number and is used to check the account number's correctness/validity. [FFIEC]

check word

Cipher text generated by cryptographic logic to detect failures in cryptography. [CNSSI][CNSSI-4009] (see also cipher, cryptographic, cryptography) check_password

check_password

A hacking program used for cracking VMS passwords. [NSAINT] (see also passwords, program, attack)

checksum

(I) A value that (a) is computed by a function that is dependent on the contents of a data object and (b) is stored or transmitted together with the object, for the purpose of detecting changes in the data. (C) To gain confidence that a data object has not been changed, an entity that later uses the data can compute a checksum and compare it with the checksum that was stored or transmitted with the object. (C) Computer systems and networks employ checksums (and other mechanisms) to detect accidental changes in data. However, active wiretapping that changes data could also change an accompanying checksum to match the changed data. Thus, some checksum functions by themselves are not good countermeasures for active attacks. To protect against active attacks, the checksum function needs to be well-chosen, and the checksum result needs to be cryptographically protected. [RFC2828] A computed value that's dependent upon the contents of a packet; the value is sent with the packet when transmitted, and the receiving system computes a new 'checksum' and compares the two values to determine whether or not the data was received correctly. [misc] A value that accompanies data transferred from one place to another and helps to ensure that the data was transferred correctly [NASA] Digits or bits summed according to arbitrary rules and used to verify the integrity of data. [SRV] Value computed on data to detect error or manipulation during transmission. [CNSSI] Value computed on data to detect error or manipulation. [CNSSI][CNSSI-4009][IATF] Value computed, via some parity or hashing algorithm, on information requiring protection against error or manipulation. [IATF] (see also algorithm, attack, computer, confidence, countermeasures, cryptographic, cryptography, entity, function, hash, information, network, object, system, integrity)

chemical warfare

All aspects of military operations involving the employment of lethal and incapacitating munitions/agents and the warning and protective measures associated with such offensive operations. Since riot control agents and herbicides are not considered to be chemical warfare agents, those two items will be referred to separately or under the broader term 'chemical', which will be used to include all types of chemical munitions/agents collectively. [DOD] (see also control, warfare)

Chernobyl packet

A network packet that induces a broadcast storm and network meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination Ether and IP address set as the respective broadcast addresses for the subnetworks being gated between. [AFSEC] Also called Kamikaze Packet. A network packet that induces a broadcast storm and network meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination Ethernet and IP address set as the respective broadcast addresses for the subnetworks being gated between. [NSAINT] (see also gateway, network, threat)

chief information agency officer

official responsible for: (i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; (ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and (iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency. [800-60] (see also operation, process, resource, technology, information, officer)

chief information officer (CIO)

Agency official responsible for: 1) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; 2) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and 3) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency. [FIPS 200; Public Law 104-106, Sec. 5125(b) Agency official responsible for: 1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information systems are acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; 2) developing, maintaining, and facilitating the implementation of a sound and integrated information system architecture for the agency; and 3) promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency. Note: Organizations subordinate to federal agencies may use the term Chief Information Officer to denote individuals filling positions with similar security responsibilities to agency-level Chief Information Officers. SOURCE: CNSSI-4009; SP 800-53] Agency official that provides advice and other assistance to the head of the agency and other senior management personnel to ensure that information technology is acquired and information resources are managed in a manner that implements the policies and procedures of the Congress and the priorities established by the head of the agency. Section 5125(a) of the Information Technology Management Reform Act of 1996 (ITMRA) establishes the position of Chief Information Officer (CIO) by amending Section 33506 of the Paperwork Reduction Act of 1995, 44 U.S.C. Chapter 35. [CIAO] (see also management, resource, technology, information, officer)

chosen-ciphertext attack

(I) A cryptanalysis technique in which the analyst tries to determine the key from knowledge of plaintext that corresponds to ciphertext selected (i.e. dictated) by the analyst. [RFC2828] (see also analysis, key, attack, cipher)

chosen-plaintext attack

(I) A cryptanalysis technique in which the analyst tries to determine the key from knowledge of ciphertext that corresponds to plaintext selected (i.e. dictated) by the analyst. [RFC2828] (see also analysis, cipher, cryptography, key, attack)

cipher

(I) A cryptographic algorithm for encryption and decryption. [RFC2828] Alternative term for encryption algorithm. [SC27] Any cryptographic system in which arbitrary symbols or groups of symbols, represent units of plain text, or in which units of plain text are rearranged, or both. [CNSSI][CNSSI-4009] (see also BLACK, Blowfish, Data Authentication Algorithm, El Gamal algorithm, RED/BLACK separation, Rivest-Shamir-Adleman algorithm, Skipjack, algorithm, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, brute force attack, check word, chosen-plaintext attack, ciphony, cleartext, code, controlled access area, cryptanalysis, cryptographic, cryptographic algorithm, cryptographic key, cryptographic synchronization, cryptographic system, cryptography, cut-and-paste attack, data encryption algorithm, data encryption key, decrypt, decryption, encode, encryption algorithm, feedback buffer, initialization value, initialization vector, initializing value, intelligent threat, key, key generator, key stream, known-plaintext attack, message authentication code vs. Message Authentication Code, mode of operation, one-time pad, one-way encryption, out-of-band, private key, public-key, public-key certificate, public-key cryptography, secret-key cryptography, security strength, semantic security, superencryption, system, traffic analysis, traffic encryption key, triple DES, encryption) (includes Rivest Cipher 2, Rivest Cipher 4, asymmetric cipher, asymmetric encipherment system, block cipher, block cipher key, chosen-ciphertext attack, cipher block chaining, cipher feedback, cipher suite, cipher text auto-key, ciphertext, ciphertext-only attack, decipher, decipherment, encipher, encipherment, encipherment algorithm, encrypt, encrypted key, n-bit block cipher, private decipherment key, private decipherment transformation, public encipherment key, public encipherment transformation, stream cipher, symmetric encipherment algorithm)

cipher block chaining (CBC)

(I) An block cipher mode that enhances electronic codebook mode by chaining together blocks of ciphertext it produces. (C) This mode operates by combining (exclusive OR-ing) the algorithm's ciphertext output block with the next plaintext block to form the next input block for the algorithm. [RFC2828] (see also block chaining, algorithm, code, cipher)

cipher feedback (CFB)

(I) An block cipher mode that enhances electronic code book mode by chaining together the blocks of ciphertext it produces and operating on plaintext segments of variable length less than or equal to the block length. (C) This mode operates by using the previously generated ciphertext segment as the algorithm's input (i.e. by 'feeding back' the ciphertext) to generate an output block, and then combining (exclusive OR-ing) that output block with the next plaintext segment (block length or less) to form the next ciphertext segment. [RFC2828] (see also algorithm, code, cipher, cryptography)

cipher suite

Negotiated algorithm identifiers. Cipher suites are identified in human-readable form using a pneumonic code. [SP 800-52] (see also algorithm, code, cipher)

cipher text auto-key (CTAK)

Cryptographic logic that uses previous cipher text to generate a key stream. [CNSSI][CNSSI-4009] (see also cryptographic, cipher, key)

ciphertext

(I) Data that has been transformed by encryption so that its semantic information content (i.e. its meaning) is no longer intelligible or directly available. (O) 'Data produced through the use of encipherment. The semantic content of the resulting data is not available.' [RFC2828] Ciphertext/Cipher Text - Data in its encrypted form. [SP 800-21; CNSSI-4009] Data in its enciphered form. [SP 800-56B] Data output from the Cipher or input to the Inverse Cipher. [FIPS 197] Data which has been transformed to hide its information content. [SC27] Enciphered information. [CNSSI][SC27] The encrypted form of a plaintext message of data. [SRV] The result of transforming plaintext with an encryption algorithm. Also known as cryptotext. It is encrypted (enciphered) data. [SRV] (see also algorithm, encipherment, encryption, information, message, cipher)

ciphertext key

(see encrypted key) (see also key)

ciphertext-only attack

(I) A cryptanalysis technique in which the analyst tries to determine the key solely from knowledge of intercepted ciphertext (although the analyst may also know other clues, such as the cryptographic algorithm, the language in which the plaintext was written, the subject matter of the plaintext, and some probable plaintext words.) [RFC2828] (see also algorithm, analysis, cryptographic, key, subject, attack, cipher)

ciphony

Process of enciphering audio information, resulting in encrypted speech. [CNSSI][CNSSI-4009] (see also cipher, information, process)

circuit control officer (CCO)

(see also control)

circuit level gateway

One form of a firewall. Validates TCP and UDP sessions before opening a connection. Creates a handshake, and once that takes place passes everything through until the session is ended. [NSAINT] (see also circuit proxy, connection, firewall, validate, gateway)

circuit proxy

A proxy service that statically defines which traffic will be forwarded. The key difference between application and circuit proxies is that the latter are static and thus will always set up a connection if the DUT/SUT's rule set allows it. For example, if a firewall's rule set permits ftp connections, a circuit proxy will always forward traffic on TCP port 20 (ftp-data) even if no control connection was first established on TCP port 21 (ftp-control). [RFC2647] (see also circuit level gateway, application, connection, control, key, firewall, proxy)

circuit switching

A method of opening communications lines, as through the telephone system, creating a physical link between the initiating and receiving parties. In circuit switching, the connection is made at a switching center, which physically connects the two parties and maintains an open line between them for as long as needed. Circuit switching is typically used in modem communications on the dial-up telephone network, and it is also used on a smaller scale in privately maintained communications networks. [SRV] (see also communications, connection, network, system)

civil liberties

Those individual rights and freedoms protected by the Constitution, the Bill of Rights, and federal law and regulations. [CIAO]

CKMS

A set of components that is designed to protect, manage, and distribute cryptographic keys and bound metadata. [800-130] (see also cryptographic, key, metadata)

CKMS component

Any mechanism (including hardware, software, or firmware), policy and procedures that are used to implement a CKMS. [800-130] (see also policy, software)

CKMS profile

A document that provides an implementation independent specification of CKMS security requirements for use by a community of interest (e.g., U.S. Government; banking, aerospace etc.). [800-130] (see also requirements, security, file, profile)

claimant

A party whose identity is to be verified using an authentication protocol. [800-63][SP 800-63; FIPS 201] An entity (user, device or process) whose assertion is to be verified using an authentication protocol. [CNSSI-4009] An entity that is or represents a principal for the purposes of authentication. A claimant includes the functions necessary for engaging in authentication exchanges on behalf of a principal. [SC27] An entity which is or represents a principal for the purposes of authentication, together with the functions involved in an authentication exchange on behalf of that entity. A claimant acting on behalf of a principal must include the functions necessary for engaging in an authentication exchange. (e.g., a smartcard [claimant] can act on behalf of a human user [principal]) [FIPS 196] (see also authentication, entity, function, identity, man-in-the-middle attack, protocols)

clandestine operation

Operation sponsored or conducted by Government departments or agencies in such a way that ensure secrecy or concealment. An operation sponsored or conducted in such a way as to insure the secrecy or concealment of the person or organization doing the sponsoring/conducting. [DSS] (see also covert operation, overt operation)

Clark Wilson integrity model

An approach to providing data integrity for common commercial activities, including software engineering concepts of abstract data types, separation of privilege, allocation of least privilege, and nondiscretionary access control. [SRV] (see also access, access control, control, software, integrity, model)

class 2, 3, 4, or 5

(O) U.S. Department of Defense usage: Levels of PKI assurance based on risk and value of information to be protected:

Class 2: For handling low-value information (unclassified, not mission-critical, or low monetary value) or protection of system-high information in low- to medium-risk environment.
Class 3: For handling medium-value information in low- to medium-risk environment. Typically requires identification of a system entity as a legal person, rather than merely a member of an organization.
Class 4: For handling medium- to high-value information in any environment. Typically requires identification of an entity as legal person, rather than merely a member of an organization, and a cryptographic hardware token for protection of keying material.
Class 5: For handling high-value information in a high-risk environment.

class

A generic description of an object type, consisting of instance variables and method definitions. A set of objects that share a common structure and a common behavior. Class definitions are templates from which individual objects can be created. [SRV] A grouping of families that share a common focus. [CC2][CC21][SC27] (see also object)

class hierarchy

Classes can be organized naturally into structures (tree or network) called class hierarchies. In a hierarchy, a class may have zero or more superclasses above it. A class may have zero or more classes below, referred to as its subclasses. [SRV] (see also network)

class object

Class object is a class definition. Class definitions are objects that are instances of a generic class, or metaclass. [SRV] (see also object)

classification

A classification is the separation or ordering of objects (or specimens) into classes [WEBOL 1998]. Classifications that are created non-empirically are called a priori classifications [...; Simpson 1961; WEBOL 1998]. Classifications that are created empirically by looking at the data are called a posteriori classifications [...; Simpson 1961; WEBOL 1998]. [OVT] Act or process by which information is determined to be classified information, classified National Security information (or 'Classified Information'). It is also information that has been determined pursuant to Executive Order 12958, as amended, or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form. [DSS] (see also authorized, classified, object, security)

classification guidance

Instruction or source that prescribes classification of specific information. [DSS]

classification guide

Documentary form of classification guidance issued by an original classification authority that identifies the elements of information regarding a specific subject that must be classified and establishes the level and duration of classification for each such element. [DSS] (see also classified, subject)

classification levels

(I) (1.) A grouping of classified information to which a hierarchical, restrictive security label is applied to increase protection of the data. (2.) The level of protection that is required to be applied to that information. [RFC2828] Information may be classified at one of the following three levels: TOP SECRET, which is applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe; SECRET, which is applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe: and CONFIDENTIAL, which is applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe. [DSS] (see also Bell-LaPadula security model, Internet Protocol Security Option, authorized, classified information, clearance level, compartment, confinement property, controlled security mode, damage, dedicated security mode, dominated by, dominates, downgrade, information, lattice model, mode of operation, modes of operation, multilevel security, multilevel security mode, non-discretionary security, object, regrade, risk index, sanitize, security label, security level, security situation, sensitivity label, system-high security mode, users, classified) (includes TOP SECRET, confidential, default classification, secret, sensitive, sensitive but unclassified, trust level)

classification markings and implementation working group

Forum of Intelligence Community and non-Intelligence Community members responsible for coordinating changes to the Authorized Classification and Control Markings Register and associated implementation manual. [DSS] (see also authorized, intelligence)

classified

(I) Refers to information (stored or conveyed, in any form) that is formally required by a security policy to be given data confidentiality service and to be marked with a security label (which in some cases might be implicit) to indicate its protected status. (C) The term is mainly used in government, especially in the military, although the concept underlying the term also applies outside government. In the U.S. Department of Defense, for example, it means information that has been determined pursuant to Executive Order 12958 ('Classified National Security Information', April 1995) or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form. [RFC2828] (see also BLACK, Bell-LaPadula security model, COMSEC demilitarization, CRYPTO, Central United States Registry for North Atlantic Treaty Organization, DD 254 - Final, DD 254 - Original, Defense Central Security Index, Defense Information Systems Network, Escrowed Encryption Standard, FIPS PUB 140-1, Federal Public-key Infrastructure, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, National Institute of Standards and Technology, National Security Agency, RED, RED/BLACK concept, Secure Telephone Unit III, Skipjack, Trusted Computer System Evaluation Criteria, Type 1 key, Type 2 key, Type I cryptography, Type II cryptography, access, access approval, access control, access eligibility determination, access national agency check and inquiries, accesses, accreditation, acknowledged special access program, acoustic security, activity security manager, adjudication, advanced encryption standard, adverse information, agency, aggregation, applicant, associated markings, authorized, authorized adjudicative agency, authorized classification and control markings register, authorized investigative agency, authorized person, automated information system media control system, automated security monitoring, burn bag, carve-out, category, class 2, 3, 4, or 5, classification, classification guide, classifier, clearance, clearance certification, cleared escort, clearing, closed area, code word, cognizant security agency, compartment, compartmentalization, compromise, confidentiality, confinement property, contamination, controlled cryptographic item, controlled security mode, courier, custodian, damage assessment, data aggregation, data encryption standard, declassification, declassification authority, dedicated mode, dedicated security mode, derivative classification, designated disclosure authority, dominated by, dominates, downgrade, downgrading, equity, escort, exception, facilities accreditation, facilities certification, facility security clearance, false positive, for official use only, foreign disclosure, foreign disclosure point of contact, foreign ownership, control, or influence, foreign relations of the united states, foreign travel briefing, foreign visit, formal access approval, formerly restricted data, government-to-government transfer, guard, handcarrier, handle via special access control channels only, high assurance guard, inadvertent disclosure incident, incident of security concern, industrial security, information, information category, information security oversight office, inspectable space, interim approval to operate, internal vulnerability, invalidation, key-escrow system, lattice model, law enforcement sensitive, mandatory access control, mandatory declassification review, mission critical, mode of operation, modes of operation, multilevel security, multilevel security mode, multiuser mode of operation, national security information, national security system, national security-related information, naval nuclear propulsion information, need for access, need-to-know, nicknames, non-disclosure agreement, non-discretionary security, non-discussion area, one-time access, open storage, operations security, operations security survey, originating agency determination required, pass/fail, periods processing, personnel security, personnel security - issue information, personnel security clearance, personnel security determination, personnel security interview, personnel security investigation, personnel security program, policy, program channels or program security channels, program protection plan, program sensitive information, protected distribution systems, protected information, public law 100-235, purge, radio frequency jamming, reference material, regrade, reinstatement, release, restricted area, restricted data, revocation, revocation of facility security clearance, risk index, safeguarding and safeguarding measures, safeguarding statement, sanitize, sanitizing, secret, secret key, secure data device, secure operating system, security assurance, security classification guides, security clearance, security compromise, security domain, security incident, security infraction, security label, security level, security policy automation network, security situation, security violation, senior agency official, sensitive compartmented information, sensitive information, sensitivity label, single scope background investigation - periodic reinvestigation, source document, special access program facility, spillage, sponsoring agency, stand-alone automated information system, standard practice procedures, stratified random sample, subcontract, suspicious contact, system-high security mode, systematic declassification review, tear line, technical data, temporary help/job shopper, transmission, transportation plan, trusted computer system, trusted foundry, type 1 products, type 2 product, type 3 key, type 3 product, unacknowledged special access program, unauthorized disclosure, unauthorized person, unfavorable personnel security determination, upgrade, working papers, security) (includes classification levels, classified contract, classified information, classified information procedures act, classified information spillage, classified military information, classified national security information, classified visit, controlled unclassified information, default classification, deliberate compromise of classified information, endorsed for unclassified cryptographic information, endorsed for unclassified cryptographic item, north atlantic treaty organization classified information, sensitive but unclassified, sensitive but unclassified information, unclassified, unclassified controlled nuclear information, unclassified internet protocol router network, unclassified sensitive)

classified contract

Any contract requiring or that will require access to classified information, by a contractor or his or her employees. (A contract may be a classified contract although the contract document is not classified.) The requirements for a classified contract also are applicable to all phases of pre-contract activity, including solicitations (bids, quotations, and proposals), precontract negotiations, post-contract activity, or other Government Contracting Agency programs or projects, which require access to classified information by a contractor. [DSS] (see also access, requirements, classified)

classified data

(see classified information)

classified information

Information determined to be top secret, secret, or confidential in the interests of national security by an appropriate Federal official acting under the provisions of Executive Order 12958 [NASA] Information that has been determined pursuant to E.O. 13292 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form. [800-60] Information that has been determined pursuant to Executive Order (E.O.) 13292 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form. [SP 800-60; E.O. 13292] Information that has been determined pursuant to Executive Order 12958 or any predecessor Order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status. [CNSSI] Information that has been determined: (i) pursuant to Executive Order 12958 as amended by Executive Order 13292, or any predecessor Order, to be classified national security information; or (ii) pursuant to the Atomic Energy Act of 1954, as amended, to be Restricted Data (RD). [SP 800-53] See Classified National Security Information. [CNSSI-4009] (see also authorized, classification levels, classified information procedures act, classified information spillage, access control, classified, information) (includes classified military information, classified national security information)

classified information procedures act

Law providing a mechanism for the courts to determine the classified information that a defense counsel may access. [DSS] (see also access, classified information, classified)

classified information spillage

Security incident that occurs whenever classified data is spilled either onto an unclassified IS or to an IS with a lower level of classification. [CNSSI] Security incident that occurs whenever classified data is spilled either onto an unclassified information system or to an information system with a lower level of classification. [CNSSI-4009] (see also classified information, incident, security incident, classified, information, threat)

classified military information

Information originated by or for the Department of Defense or its Agencies or is under their jurisdiction or control and that requires protection in the interests of national security. It is designated TOP SECRET, SECRET, or CONFIDENTIAL. Classified Military Information may be conveyed by way of oral, visual, or material form. [DSS] (see also classified, classified information)

classified national security information

Also known as 'classified information,' it is official information or material requiring protection in the interest of national security and that is classified for such purpose by appropriate classifying authority in accordance with the provisions of Executive Order 12958. [DSS] (see also classified, classified information)

classified visit

Visit during which a visitor will require, or is expected to require, access to classified information. [DSS] (see also access, classified)

classifier

Any person who makes a classification determination and applies a classification category to information or material. The determination may be an original classification action or it may be a derivative classification action. Contractors make derivative classification determinations based on classified source material, a security classification guide, or a Contract Security Classification Specification. [DSS] (see also classified, security)

clean system

(I) A computer system in which the operating system and application system software and files have just been freshly installed from trusted software distribution media. (C) A clean system is not necessarily in a secure state. [RFC2828] A computer which has been freshly installed with its operating system and software obtained from trusted software distribution media. As more software and configuration are added to a computer, it becomes increasingly difficult to determine if the computer is 'clean' or has been compromised by viruses, trojan horse or misconfiguration which reduces the security of the computer system. [RFC2504] (see also application, compromise, computer, file, risk, security, software, trust, virus, system)

clear

To use software or hardware products to overwrite storage space on the media with nonsensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations. See comments on Clear/Purge Convergence. [SP 800-88] (see also software)

clearance

Formal certification of authorization to have access to classified information other than that protected in a special access program (including SCI). Clearances are of three types: confidential, secret, and top secret. A top secret clearance permits access to top secret, secret, and confidential material; a secret clearance, to secret and confidential material; and a confidential clearance, to confidential material. [CNSSI-4009] Formal security determination by an authorized adjudicative office that an individual is authorized access, on a need-to-know basis, to a specific level of collateral classified information (TOP SECRET, SECRET, CONFIDENTIAL). [CNSSI] The official determination of a person's trustworthiness, based on a records review and past behavior. [800-37] The process of transmitting, reconciling, and in some cases, confirming payment orders or financial instrument transfer instructions prior to settlement. [FFIEC] (see also access, authorization, authorized, certification, classified, security, trust)

clearance certification

Official notification that an individual holds a specific level of security clearance and/or access approval, authorizing the recipient of the certification access to classified information or materials at that level. [DSS] (see also access, classified, security, certification)

clearance level

(I) The security level of information to which a security clearance authorizes a person to have access. [RFC2828] (see also access, access control, classification levels, information, security, security clearance)

cleared commercial carrier

Carrier authorized by law, regulatory body, or regulation, to transport SECRET and CONFIDENTIAL material and has been granted a SECRET facility clearance in accordance with the National Industrial Security Program. [DSS] (see also authorized, security)

cleared employees

Contractor employees granted Personnel Security Clearances as well as employees being processed for Personnel Security Clearances. [DSS] (see also security)

cleared escort

Appropriately cleared U.S. citizen, at least 18 years of age, who performs access control/escort duties on limited and minor construction, repair, or maintenance projects in Sensitive Compartmented Information Facilities or other classified areas not requiring a Construction Surveillance Technician. [DSS] (see also United States citizen, access, classified)

clearing

Removal of data from an IS, its storage devices, and other peripheral devices with storage capacity, in such a way that the data may not be reconstructed using common system capabilities (i.e. keyboard strokes); however, the data may be reconstructed using laboratory methods. Cleared media may be reused at the same classification level or at a higher level. Overwriting is one method of clearing. [CNSSI] Removal of data from an information system, its storage devices, and other peripheral devices with storage capacity, in such a way that the data may not be reconstructed using common system capabilities (i.e. through the keyboard); however, the data may be reconstructed using laboratory methods. [CNSSI-4009] Removal of information from the media to facilitate continued use and to prevent the Automated Information System from recovering previously stored data. However, the data may be recovered using laboratory techniques. Overwriting and degaussing are acceptable methods of clearing media. [DSS] (see also classified, key, system)

cleartext

(I) Data in which the semantic information content (i.e. the meaning) is intelligible or is directly available. (O) 'Intelligible data, the semantic content of that is available.' (D) ISDs SHOULD NOT use this term as a synonym for 'plaintext', the input to an encryption operation, because the plaintext input to encryption may itself be ciphertext that was output from another operation. [RFC2828] Alternative term for plaintext. [SC27] Information that is not encrypted. [800-82][SP 800-82] Intelligible data, the semantic content of that is available. [AJP][FCv1] (see also encryption, cipher, cryptography, information, operation, process)

client (application)

A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server. [SP 800-32]

client

(I) A system entity that requests and uses a service provided by another system entity, called a 'server'. (C) Usually, the requesting entity is a computer process, and it makes the request on behalf of a human user. In some cases, the server may itself be a client of some other server. [RFC2828] Depending on the point of view, a client might be a computer system which an end-user uses to access services hosted on another computer system called a server. 'Client' may also refer to a program or a part of a system that is used by an end-user to access services provided by another program (for example, a web browser is a client that accesses pages provided by a Web Server). [RFC2504] Individual or process acting on behalf of an individual who makes requests of a guard or dedicated server. The client's requests to the guard or dedicated server can involve data transfer to, from, or through the guard or dedicated server. [CNSSI][CNSSI-4009] (see also access, access control, computer, entity, process, program, system, users)

client server

The client/server model states that a client (user), whether a person or a computer program, may access authorized services from a server (host) connected anywhere on the distributed computer system. The services provided include database access, data transport, data processing, printing, graphics, electronic mail, word processing, or any other service available on the system. These services may be provided by a remote mainframe using long haul communications or within the user's workstation in real-time or delayed (batch) transaction mode. Such an open access model is required to permit true horizontal and vertical integration. [SRV] (see also access, access control, authorized, communications, computer, model, process, program, system, users, automated information system)

clients, products, and business practices

an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product. [2003-53c] (see also requirements, operational risk loss)

Clinger-Cohen Act of 1996

Also known as Information Technology Management Reform Act. A statute that substantially revised the way that IT resources are managed and procured, including a requirement that each agency design and implement a process for maximizing the value and assessing and managing the risks of IT investments. [SP 800-64] (see also management, risk)

Clipper chip

(N) The Mykotronx, Inc. MYK-82, an integrated microcircuit with a cryptographic processor that implements the SKIPJACK encryption algorithm and supports key escrow. (C) The key escrow scheme for a chip involves a SKIPJACK key common to all chips that protects the unique serial number of the chip, and a second SKIPJACK key unique to the chip that protects all data encrypted by the chip. The second key is escrowed as split key components held by NIST and the U.S. Treasury Department. [RFC2828] A tamper-resistant VLSI chip designed by NSA for encrypting voice communications. It conforms to the Escrow Encryption Standard (EES) and implements the Skipjack encryption algorithm. [NSAINT] (see also algorithm, communications, cryptographic, cryptography, encryption, escrow, key, process, standard, tamper, National Institute of Standards and Technology, National Security Agency) (includes Law Enforcement Access Field)

closed area

Area meeting the requirements of Department of Defense Standard 5220.22-M for safeguarding classified material that because of its size, nature, or operational necessity cannot be adequately protected by the normal safeguards or stored during nonworking hours in approved containers. [DSS] (see also classified, requirements)

closed security environment

(O) U.S. Department of Defense usage: A system environment that meets both of the following conditions: (a) Application developers (including maintainers) have sufficient clearances and authorizations to provide an acceptable presumption that they have not introduced malicious logic. (b) Configuration control provides sufficient assurance that system applications and the equipment they run on are protected against the introduction of malicious logic prior to and during the operation of applications. [RFC2828] An environment in which both of the following conditions hold true: (1) Application developers (including maintainers) have sufficient clearances and authorizations to provide an acceptable presumption that they have not introduced malicious logic and (2) configuration control provides sufficient assurance that applications and the equipment are protected against the introduction of malicious logic prior to and during the operation of system applications. [AJP][NCSC/TG004] Environment providing sufficient assurance that applications and equipment are protected against the introduction of malicious logic during an IS lifecycle. Closed security is based upon a system's developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control. [CNSSI] Environment providing sufficient assurance that applications and equipment are protected against the introduction of malicious logic during an information system lifecycle. Closed security is based upon a system's developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control. [CNSSI-4009] (see also application, assurance, authorization, control, malicious, operation, system, security, software development)

closed storage

Storage of Special Access Program material in properly secured General Services Administration-approved security containers within an accredited Special Access Program Facility. [DSS] Storage of classified information within an accredited facility, in General Services Administration-approved secure containers, while the facility is unoccupied by authorized personnel. [CNSSI-4009] (see also access, security)

closed user group

A closed user group permits users belonging to a group to communicate with each other, but precludes communications with other users who are not members of the group. [AJP][TNI] (see also communications, users)

cloud computing

A model for enabling on-demand network access to a shared pool of configurable IT capabilities/ resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. It allows users to access technology-based services from the network cloud without knowledge of, expertise with, or control over the technology infrastructure that supports them. This cloud model is composed of five essential characteristics (on-demand self- service, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service); three service delivery models (Cloud Software as a Service [SaaS], Cloud Platform as a Service [PaaS], and Cloud Infrastructure as a Service [IaaS]); and four models for enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid cloud). Note: Both the user's data and essential security services may reside in and be managed within the network cloud. [CNSSI-4009] (see also access, control, management, security, software, users)

cluster controller

A device that manages the input and output of several devices [NASA] (see also control)

cluster sample

A simple random sample in which each sampling unit is a collection of elements. [SRV] (see also random)

co-utilization

Two or more organizations sharing the same Special Access Program Facility. [DSS] (see also access)

coalition

Arrangement between one or more nations for common action; multi-national action outside the bounds of established alliances, usually for single occasions or longer cooperation in a narrow sector of common interest; or a forced composed of military elements of nations that have formed a temporary alliance for some specific purpose. [DSS]

coaxial cable

A cable that consists of two conductors, a center wire inside a cylindrical shield that is grounded. The shield is typically made of braided wire and is insulated from the center wire. The shield minimizes electrical and radio-frequency interference; signals in a coaxial cable do not affect nearby components, and potential interference from these components does not affect the signal carried on the [SRV]

code

(I) noun: A system of symbols used to represent information, which might originally have some other representation. (D) ISDs SHOULD NOT use this term as synonym for the following: (a) 'cipher', 'hash', or other words that mean 'a cryptographic algorithm'; (b) 'ciphertext'; or (c) 'encrypt', 'hash', or other words that refer to applying a cryptographic algorithm. (D) ISDs SHOULD NOT this word as an abbreviation for the following terms: country code, cyclic redundancy code, Data Authentication Code, error detection code, Message Authentication Code, object code, or source code. To avoid misunderstanding, use the fully qualified term, at least at the point of first usage. [RFC2828] (COMSEC) System of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length. [CNSSI] In computer programming, a set of symbols used to represent characters and format commands and instructions in a program. Source code refers to the set of commands and instructions making up a program. [CIAO] System of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length. [CNSSI-4009] (see also British Standard 7799, CASE tools, Distinguished Encoding Rules, El Gamal algorithm, Generic Security Service Application Program Interface, Integrated CASE tools, POSIX, Type II cryptography, algorithm, antivirus tools, application generator, application program interface, authentication, authentication token, blended attack, buffer overflow, card personalization, certificate management, cipher, cipher block chaining, cipher feedback, cipher suite, coding, communications security, compiled viruses, compiler, completeness, computer, crack, cryptographic, cryptographic application programming interface, cryptographic key, cryptography, cyclic redundancy check, data driven attack, dc servo drive, decrypt, domain name, dynamic analysis, encrypt, encryption, exploit, fault injection, fork bomb, gateway, hash, hash token, identification authentication, imprint, information, instrumentation, interface, interpreted virus, keyed hash algorithm, keying material, killer packets, logic bombs, maintenance hook, malicious program, malware, message, national security system, network sniffing, null, object, out-of-band, output transformation, passive security testing, patch, payload, penetration test, penetration testing, personal identification number, polymorphism, portability, positive control material, primary account number, program, protocols, reduction-function, reverse engineering, revoked state, scalability, secure hash standard, security perimeter, sensitive information, shim, simple network management protocol, spyware, state delta verification system, syllabary, symmetric key, synchronous flood, system, technical vulnerability information, test case generator, test cycle, time bomb, trapdoor, trojan horse, trust, unit, untrusted process, variant, verification, virus, worm) (includes American Standard Code for Information Interchange, accounting legend code, authentication code, bar code, code amber, code book, code coverage, code division multiple access, code green, code group, code red, code vocabulary, coded switch system, country code, data authentication code, data authentication code vs. Data Authentication Code, decode, electronic codebook, encode, error detection code, executable code, hash code, hashed message authentication code, malicious code, manipulation detection code, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message integrity code, microcode, mobile code, object code, one-part code, operations code, source code, source code generator, two-part code)

code amber

Significantly debilitate the ability of the Agency to fulfill its mission, critical national security or national economic security functions or provide continuity of government services. [CIAO] (see also critical, function, security, code, critical infrastructures, threat)

code book

Document containing plain text and code equivalents in a systematic arrangement, or a technique of machine encryption using a word substitution technique. [CNSSI][CNSSI-4009] (see also encryption, system, code)

code coverage

An analysis method that determines which parts of the software have been executed (covered) by the test case suite and which parts have not been executed and therefore may require additional attention. [OVT] (see also analysis, software, test, code)

code division multiple access (CDMA)

A digital cellular phone spread spectrum technology that assigns a code to all speech bits, sends a scrambled transmission of the encoded speech over the air and reassembles the speech to its original format. [IATF] (see also cryptography, technology, access, code, security)

code green

No appreciable impact on Agency missions. [CIAO] (see also code, critical infrastructures)

code group

Group of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence. [CNSSI][CNSSI-4009] (see also system, code)

code red

Prevent the Agency from fulfilling its mission, critical national security or national economic security functions or from providing continuity of core government services. From the perspective of an attacker, this would constitute a 'Kill.' [CIAO] (see also attack, critical, function, security, code, critical infrastructures, threat)

code vocabulary

Set of plain text words, numerals, phrases, or sentences for which code equivalents are assigned in a code system. [CNSSI][CNSSI-4009] (see also system, code)

code word

A code word is a single word assigned a classified meaning by appropriate authority to ensure proper security concerning intentions and to safeguard information pertaining to actual, real-world military plans or operations classified as CONFIDENTIAL or higher. [DSS] (see also classified, security)

coded switch system (CSS)

(see also code, system)

coding

Creating the software used by the computer from program flowcharts or pseudocode. [SRV] (see also code, computer, flow, program, software)

coefficient of variation

The ratio produced by dividing the standard deviation by the mean value. It provides an indication of the consistency of the data. [SRV] (see also standard)

coercive force

Negative or reverse magnetic force applied for the purpose of reducing magnetic flux density. [DSS]

coercivity

Property of magnetic material, measured in Oersteds, used a measure of the amount of coercive force required to reduce the magnetic induction to zero from its remnant state. Generally used as a measure of the difficulty with which magnetic Information System storage devices can be degaussed. [DSS]

cognizant security agency

Security cognizance remains with each Federal department or agency unless lawfully delegated. The term Cognizant Security Agency denotes the Department of Defense, Department of Energy, Nuclear Regulatory Commission, and Central Intelligence Agency. The Secretary of Defense, the Secretary of Energy, the Director of the Central Intelligence Agency and the Chairman, Nuclear Regulatory Commission may delegate any aspect of security administration regarding classified activities and contracts under their purview within the Cognizant Security Agency or to another Cognizant Security Agency. Responsibility for security administration may be further delegated by a Cognizant Security Agency to one or more Cognizant Security Offices. It is the obligation of each Cognizant Security Agency to inform industry of the applicable Cognizant Security Offices. [DSS] (see also classified, intelligence, security)

cognizant security office

Organizational entity delegated by the Head of a Cognizant Security Agency to administer industrial security on behalf of the Cognizant Security Agency. [DSS] (see also security)

cohabitant

A person living in a spouse-like relationship with the individual who requires Sensitive Compartmented Information. [DSS]

cold site

A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site. [SP 800-34] An alternate site with necessary electrical and communications connections and computer equipment, but no running system, maintained by an organization to facilitate prompt resumption of service after a disaster. [CIAO] Backup site that can be up and operational in a relatively short time span, such as a day or two. Provision of services, such as telephone lines and power, is taken care of, and the basic office furniture might be in place, but there is unlikely to be any computer equipment, even though the building might well have a network infrastructure and a room ready to act as a server room. In most cases, cold sites provide the physical location and basic services. [CNSSI-4009] (see also communications, computer, connection, hot site, system, disaster recovery)

cold start

Procedure for initially keying cryptographic equipment. [CNSSI][CNSSI-4009] (see also cryptography, key, users)

collaborative computing

Applications and technology (e.g. , whiteboarding, group conferencing) that allow two or more individuals to share information real time in an inter- or intra-enterprise environment. [CNSSI] (see also application, information, technology)

collateral information

Collateral information is National Security Information created in parallel with Special Access Information under the provisions of Executive Order 12356 (et. al.) but that is not subject to the added formal security protection required for Special Access Information. [DSS] (see also access, security, security clearance, subject)

collision

Two or more distinct inputs produce the same output. Also see Hash Function. [SP 800-57 Part 1]

collision-resistant hash function

A hash function satisfying the following property:

it is computationally infeasible to find any two distinct inputs which map to the same output.

NOTE - Computational feasibility depends on the specific security requirements and environment. [SC27] (see also property, requirements, function, hash)

color change

(I) In a system that is being operated in periods processing mode, the act of purging all information from one processing period and then changing over to the next processing period. [RFC2828] (see also information, process, system)

command and control (C2)

The exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission. Command and control functions are performed through an arrangement of personnel, equipment, communications, facilities, and procedures employed by a commander in planning, directing, coordinating, and controlling forces and operations in the accomplishment of the mission. [800-60] (see also C2-protect, Defense Information Infrastructure, authority, communications, function, operation, control) (includes command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, global command and control system, nuclear command and control document)

command and control warfare (C2W)

Integrated use of operations security, military deception, psychological operations, electronic warfare, and physical destruction. Command and control warfare is mutually supported by intelligence to deny information to influence, degrade, or destroy adversary command and control capabilities. This process is accomplished while protecting friendly command and control capabilities against such actions. Command and control warfare applies across the operational continuum and all levels of conflict. [DSS] The integrated use of operations security, military deception, psychological operations, electronic warfare, and physical destruction, mutually supported by intelligence, to deny information to, influence, degrade, or destroy adversary command and control capabilities, while protecting friendly command and control capabilities against such actions. Command and control warfare is an application of information operations in military operations and is a subset of information warfare. C2W is both offensive and defensive. [NSAINT] (see also adversary, application, information, intelligence, operation, security, command and control, control, warfare)

command authority

Individual responsible for the appointment of user representatives for a department, agency, or organization and their key ordering privileges. [CNSSI][CNSSI-4009][DSS] (see also key, users, authority)

command, control, and communications (C3)

command, control, communications and computers (C4)

command, control, communications and intelligence (C3I)

Commercial COMSEC Endorsement Program (CCEP)

(see also communications security, program)

Commercial COMSEC Evaluation Program

Relationship between NSA and industry in which NSA provides the COMSEC expertise (i.e. standards, algorithms, evaluations, and guidance) and industry provides design, development, and production capabilities to produce a type 1 or type 2 product. Products developed under the CCEP may include modules, subsystems, equipment, systems, and ancillary devices. [CNSSI] (see also algorithm, module, standard, system, communications security, evaluation, program)

commercial off-the-shelf software

Software that a vendor has developed, tested, placed on the market, and advertised as a salable product [NASA] (see also COTS software, test, software)

commercial software

Software available through lease or purchase in the commercial market from an organization representing itself to have ownership of marketing rights in the software. [SRV] (see also owner, software)

commercial-off-the-shelf (COTS)

A product that has been designed and built to serve a large market by implementing popular components and providing popular services. [800-130] Commercial-off-the-shelf or simply off-the-shelf is a term for software or hardware, generally technology or computer products, that are ready made and available for sale, lease, or license to the general public. The products are often used as alternatives to in-house developments or one-off Government-funded developments. The use of commercial-off-the-shelf is being mandated across many government and business programs, as it may offer significant savings in procurement and maintenance. However, since commercial-off-the-shelf software specifications are written by external sources, government agencies are sometimes wary of these products because they fear that future changes to the product will not be under their control. [DSS] (includes COTS software)

Committee of sponsoring organizations (of the Treadway Commission) (COSO)

commodity service

An information system service (e.g., telecommunications service) provided by a commercial service provider typically to a large and diverse set of consumers. The organization acquiring and/or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not in a position to require that the provider implement specific security controls. [SP 800-53] (see also control, management, security)

common access card

Standard identification/smart card issued by the Department of Defense that has an embedded integrated chip storing public key infrastructure (PKI) certificates. [CNSSI-4009] (see also access)

common carrier

In a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services. Note: In the United States, such companies are usually subject to regulation by federal and state regulatory commissions. [SP 800-53]

common control

A security control that is inherited by one or more organizational information systems. See Security Control Inheritance. [SP 800-53; SP 800-53A; SP 800-37; CNSSI-4009] (see also security, control)

common control provider

An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e. security controls inherited by information systems). [SP 800-37; SP 800-53A] (see also development, security, control)

common criteria

Governing document that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems. [CNSSI-4009] Provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems. (International Standard ISO/IEC 5408, Common Criteria for Information Technology Security Evaluation [ITSEC]) [CNSSI] The Common Criteria for Information Technology Security Evaluation [CC98] is a catalog of security functional and assurance requirements and has a central role in the National Information Assurance Program. [IATF] (see also Common Criteria for Information Technology Security, assurance, computer security, evaluation, function, information, information assurance, program, requirements, role, security, standard, system, technology, criteria)

Common Criteria for Information Technology Security (CC)

(N) 'The Common Criteria' is a standard for evaluating information technology products and systems, such as operating systems, computer networks, distributed systems, and applications. It states requirements for security functions and for assurance measures. (C) Canada, France, Germany, the Netherlands, the United Kingdom, and the United States (NIST and NSA) began developing this standard in 1993, based on the European ITSEC, the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), and the U.S. 'Federal Criteria for Information Technology Security' (FC) and its precursor, the TCSEC. Work was done in cooperation with ISO/IEC Joint Technical Committee 1 (Information Technology), Subcommittee 27 (Security Techniques), Working Group 3 (Security Criteria). Version 2.1 of the Criteria is equivalent to ISO's International Standard 15408. The U.S. Government intends that this standard eventually will supersede both the TCSEC and FIPS PUB 140-1. (C) The standard addresses data confidentiality, data integrity, and availability and may apply to other aspects of security. It focuses on threats to information arising from human activities, malicious or otherwise, but may apply to non-human threats. It applies to security measures implemented in hardware, firmware, or software. It does not apply to (a) administrative security not related directly to technical security, (b) technical physical aspects of security such as electromagnetic emanation control, (c) evaluation methodology or administrative and legal framework under which the criteria may be applied, (d) procedures for use of evaluation results, or (e) assessment of inherent qualities of cryptographic algorithms. [RFC2828] Evolving international security evaluation criteria being developed by the US, Canada, the UK, Germany, and France. [AJP] (see also common criteria, National Security Agency, algorithm, application, assessment, assurance, availability, computer, computer network, confidentiality, control, cryptographic, cryptography, emanation, emanations security, evaluation, function, integrity, malicious, network, operation, requirements, software, standard, system, threat, trust, version, National Institute of Standards and Technology, computer security, criteria, information, security, technology) (includes Common Criteria for Information Technology Security Evaluation, national information assurance partnership)

Common Criteria for Information Technology Security Evaluation (CCITSE)

The Common Criteria for Information Technology Security Evaluation is a joint effort between North America and certain European countries to develop a single set of international criteria for use as the basis for evaluation of IT security properties. The requirements can also be used, in conjunction with a risk assessment, for the selection of appropriate IT security measures. [misc] (see also IT security, assessment, requirements, risk, Common Criteria for Information Technology Security, computer security, criteria, evaluation, information, technology) (includes Canadian Trusted Computer Product Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria, assurance component, common criteria version 1.0, common criteria version 2.0, component dependencies, component extensibility, component hierarchy, component operations, evaluation assurance level, functional component, protection profile, security target, trusted gateway)

Common Criteria Testing Laboratory (CCTL)

Within the context of the NIAP Common Criteria Evaluation and Validation Scheme, an IT security evaluation facility, accredited by the U.S. National Voluntary Laboratory Accreditation Program (NVLAP) and approved by the NIAP Oversight Body to conduct CC-based evaluations. [NIAP] (see also IT security, accreditation, computer security, evaluation, program, validation, criteria, national information assurance partnership, security testing, test) (includes Monitoring of Evaluations, Scope of Accreditation, Validation Certificate, approved technologies list, approved test methods list, deliverables list, designated laboratories list, designating authority, designation policy, evaluation technical report, evaluation work plan, observation reports)

Common Criteria Testing Program (CCTP)

NIAP program described in the NIAP Common Criteria Evaluation and Validation Scheme [NIAP] (see also evaluation, validation, criteria, national information assurance partnership, program, security testing, test)

common criteria version 1.0 (CC1)

Common Criteria Editorial Board, Common Criteria for Information Technology Security Evaluation, Version 1.0, 96/01/31. [CC1] (see also computer security, information, technology, Common Criteria for Information Technology Security Evaluation, criteria, version)

common criteria version 2.0 (CC2)

Common Criteria for Information Technology Security Evaluation, Version 2.0, May, 1998. [CC2] (see also computer security, information, technology, Common Criteria for Information Technology Security Evaluation, criteria, version)

common data security

A set of layered security services that address communications and data security architecture (CDSA) problems in the emerging PC business space. The CDSA consists of three basic layers: A set of system security services, The Common Security Services Manager (CSSM), and Add-in Security Modules (CSPs, TPs, CLs, DLs). [Intel] (see also communications, module, system, common data security architecture)

common data security architecture (CDSA)

Intel's multi-API security framework for encryption and authentication. [Intel] (see also authentication, encryption, security) (includes common data security, common security, common security services manager, cryptographic service, cryptographic service providers)

Common Evaluation Methodology (CEM)

common fill device (CFD)

One of a family of devices developed to read-in, transfer, or store key. [CNSSI][CNSSI-4009] (see also key)

common gateway interface (CGI)

CGI is the method that Web servers use to allow interaction between servers and programs. [NSAINT] The CGI programs are insecure programs that allow the web server to execute an external program when particular uniform resource locators (URLs) are accessed. [SRV] (see also access, access control, program, resource, gateway, interface, world wide web) (includes CGI scripts)

common interswitch rekeying key (CIRK)

(see also key, rekey)

Common IP Security Option (CIPSO)

(see also security)

common misuse scoring system

(CMSS) A set of measures of the severity of software feature misuse vulnerabilities. A software feature is a functional capability provided by software. A software feature misuse vulnerability is a vulnerability in which the feature also provides an avenue to compromise the security of a system. [NISTIR 7864] (see also security, software, vulnerability)

common name

(I) A alphanumeric string that (a) may be a part of the X.500 DN of a Directory object ('commonName' attribute), (b) is a (possibly ambiguous) name by which the object is commonly known in some limited scope (such as an organization), and (c) conforms to the naming conventions of the country or culture with which it is associated. X.509 public-key certificate.) (C) For example, 'Dr. E. F. Moore', 'The United Nations', or '12-th Floor Laser Printer'. [RFC2828] (see also X.509, certificate, key, object, public-key, public-key infrastructure)

common platform enumeration

(CPE) A SCAP specification that provides a standard naming convention for operating systems, hardware, and applications for the purpose of providing consistent, easily parsed names that can be shared by multiple parties and solutions to refer to the same specific platform type. [SP 800-128]

common security

The central layer of the Common Data Security Architecture (CDSA) Services Manager defines six key service components: Cryptographic Services Manager, Trust Policy Services Manager, Certificate Library Services Manager, Data Storage Library Services Manager, Integrity Services Manager, and Security Context Manager. The CSSM binds together all the security services required by PC applications. In particular, it facilitates linking digital certificates to cryptographic actions and trust protocols. [Intel] (see also application, certificate, cryptographic, integrity, key, policy, protocols, public-key infrastructure, trust, common data security architecture)

common security services manager (CSSM)

common vulnerabilities and exposures

A simplified dictionary/nomenclature being developed through collaborative effort of the cyber community in order to provide common names for publicly known vulnerabilities (design flaws) and exposures (risky services). [CIAO] (see also cyberspace, risk, exposures, vulnerability)

communication and data security architecture (CDSA)

(see common data security architecture) (see also security)

communication channel

The physical media and devices that provide the means for transmitting information from one component of a network to (one or more) other components. [AJP][TNI] (see also information, network, channel, communications) (includes internal communication channel)

communication equipment room (CER)

(see also communications)

communication link

The physical means of connecting one location to another for the purpose of transmitting and/or receiving data. [AJP][TNI] (see also communications)

communications

communications cover

Concealing or altering of characteristic communications patterns to hide information that could be of value to an adversary. [CNSSI][CNSSI-4009] (see also adversary, information, communications)

communications deception

Deliberate transmission, retransmission, or alteration of communications to mislead an adversary's interpretation of the communications. [CNSSI][CNSSI-4009] (see also adversary, assurance, communications, security)

communications electronics operating instruction (CEOI)

(see also communications)

communications intelligence

Technical and intelligence information derived from the intercept of foreign communications by other than the intended recipients of those communications. [DSS] (see also foreign, intelligence)

communications profile

Analytic model of communications associated with an organization or activity. The model is prepared from a systematic examination of communications content and patterns, the functions they reflect, and the communications security measures applied. [CNSSI][CNSSI-4009][DSS] (see also communications security, function, security, system, communications, file, profile)

communications protocol

A set of rules or standards designed to enable computers to connect with one another and to exchange information with as little error as possible. [SRV] (see also computer, information, standard, communications, protocols)

communications security (COMSEC)

(I) Measures that implement and assure security services in a communication system, particularly those that provide data confidentiality and data integrity and that authenticate communicating entities. (C) Usually understood to include cryptographic algorithms and key management methods and processes, devices that implement them, and the lifecycle management of keying material and devices. [RFC2828] (COMSEC) A component of Information Assurance that deals with measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes crypto security, transmission security, emissions security, and physical security of COMSEC material. [CNSSI-4009] Measures and controls taken to deny unauthorized individuals information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material. [CNSSI] Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. [IATF] Measures taken to deny unauthorized persons information derived from telecommunications of an entity concerning national or organizational security, and to ensure the authenticity of such telecommunications. Communications security includes crypto-security, transmission security, emission security, and physical security of communications security material and information. [AJP] Measures taken to deny unauthorized persons information derived from telecommunications of the U.S. Government concerning national security, and to ensure the authenticity of such telecommunications. Communications security includes crypto-security, transmission security, emission security, and physical security of communications security material and information. [NCSC/TG004] Protection resulting from all measures designed to deny unauthorized persons valuable information, which experts in electronics or telecommunications might be able to find. Some measures lead unauthorized persons to an incorrect interpretation of the information. [DSS] (see also BLACK, CCI assembly, CCI component, CCI equipment, CRYPTO, FIPS PUB 140-1, Federal Public-key Infrastructure, RED, RED/BLACK separation, Secure Data Exchange, TSEC nomenclature, access control lists, accountability, accounting legend code, accounting number, alert, algorithm, approval/accreditation, assurance, audit trail, authentication, authorized, central office of record, code, communications profile, computer emergency response team, confidentiality, control, cryptographic, cryptography, data transfer device, design controlled spare parts, direct shipment, drop accountability, electronic attack, electronic key management system, electronically generated key, element, encryption algorithm, entity, fill device, fixed COMSEC facility, frequency hopping, incident, information, information security, integrity, key, key distribution center, key management, limited maintenance, local management device/key processor, long title, mandatory modification, network sponsor, optional modification, procedural security, process, protective packaging, repair action, security architecture, security incident, security net control station, short title, supersession, system, systems security steering group, telecommunications, test key, time-compliance date, transmission security, trusted path, two-person integrity, updating, user representative, Automated Information System security, security) (includes COMSEC Material Control System, COMSEC Parent Switch, COMSEC Resources Program, COMSEC Subordinate Switch, COMSEC Utility Program, COMSEC account, COMSEC account audit, COMSEC aid, COMSEC boundary, COMSEC chip set, COMSEC control program, COMSEC custodian, COMSEC end-item, COMSEC equipment, COMSEC facility, COMSEC incident, COMSEC insecurity, COMSEC manager, COMSEC material, COMSEC modification, COMSEC module, COMSEC monitoring, COMSEC profile, COMSEC survey, COMSEC system data, COMSEC training, Commercial COMSEC Endorsement Program, Commercial COMSEC Evaluation Program, National COMSEC Advisory Memorandum, National COMSEC Information Memorandum, National COMSEC Instruction, advanced self-protection jammer, alternate COMSEC custodian, anti-jam, anti-jamming, communications security element, crypto-security, emissions security, internet protocol security, meaconing, intrusion, jamming, and interference, network security, network security architecture, network security architecture and design, network security officer, subcommittee on telecommunications security, telecommunications security)

communications security element (CSE)

communications security monitoring

Act of listening to, copying, or recording transmissions of one's own official telecommunications to analyze the degree of security. [CNSSI][CNSSI-4009][DSS] (see also security)

community of interest

A collaborative group of users who exchange information in pursuit of their shared goals, interests, missions, or business processes, and who therefore must have a shared vocabulary for the information they exchange. The group exchanges information within and between systems to include security domains. [CNSSI-4009] Restricted network of users, each having an Information System with an accredited security parameter identical to the others and having the need to communicate securely with other members of the network. [DSS] (see also security, users)

community risk

Probability that a particular vulnerability will be exploited within an interacting population and adversely impact some members of that population. [CNSSI][CNSSI-4009][DSS] (see also vulnerability, risk)

community string

(I) A community name in the form of an octet string that serves as cleartext password in SNMP version 1. [RFC2828] (see also passwords, version)

company

Generic and comprehensive term that may include sole proprietorships, individuals, partnerships, corporations, societies, associations, and organizations usually established and operating to carry out a commercial, industrial or other legitimate business, enterprise, or undertaking. [DSS]

comparisons

The process of comparing a biometric with a previously stored reference. [FIPS 201] The process of comparing a biometric with a previously stored reference. See also 'Identification' and 'Identity Verification'. [GSA] (see also entity, identification, identity, process, verification, biometrics)

compartment

(1) A designation applied to a type of sensitive information, indicating the special handling procedures to be used for the information and the general class of people who may have access to the information. It can refer to the designation of information belonging to one or more categories. (2) A class of information in the U.S. Government that has need-to-know access controls beyond those normally provided for access to Confidential, Secret, or Top Secret information. [AJP] (I) A grouping of sensitive information items that require special access controls beyond those normally provided for the basic classification level of the information. (C) The term is usually understood to include the special handling procedures to be used for the information. [RFC2828] A class of information that has need-to-know access controls beyond those normally provided for access to Confidential, Secret or Top Secret information. [NCSC/TG004] A designation applied to a type of sensitive information, indicating the special handling procedures to be used for the information and the general class of people who may have access to the information. It can refer to the designation of information belonging to one or more categories. [TNI] (see also access, access control, classification levels, classified, control, information)

compartment key (CK)

(see also key)

compartmentalization

A nonhierarchical grouping of sensitive information used to control access to data more finely than with hierarchical security classification alone. [CNSSI][CNSSI-4009] (see also access, access control, classified, control, information, security)

compartmentation

Formal system for restricting access to selected activities or information. The establishment and management of an organization so that information about personnel, internal organization, or activities of one component is made available to any other component only to the extent required for performance of assigned duties. [DSS] (see also access)

compartmented intelligence

National intelligence placed in a Director of National Intelligence-approved control system to ensure handling by specifically identified access approved individuals. [DSS] (see also access, intelligence)

compartmented mode

Mode of operation wherein each user with direct or indirect access to a system, its peripherals, remote terminals, or remote hosts has all of the following: (1) valid security clearance for the most restricted information processed in the system; (2) formal access approval and signed nondisclosure agreements for that information which a user is to have access; and (3) valid need-to-know for information which a user is to have access. [CNSSI-4009] Mode of operation wherein each user with direct or indirect access to a system, its peripherals, remote terminals, or remote hosts has all of the following: (a) valid security clearance for the most restricted information processed in the system; (b) formal access approval and signed nondisclosure agreements for that information which a user is to have access; and (c) valid need-to-know for information which a user is to have access. [CNSSI] (see also access, access control, information, operation, process, security, system, users)

compelling need

Requirement for immediate access to special program information to prevent failure of the mission or operation or other cogent reasons. [DSS] (see also access)

compensating security controls

A management, operational, and/or technical control (i.e. safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system. NIST SP 800-53: A management, operational, and technical control (i.e. safeguard or countermeasure) employed by an organization in lieu of the recommended control in the baselines described in NIST Special Publication 800-53 or in CNSS Instruction 1253, that provide equivalent or comparable protection for an information system. [CNSSI-4009] The management, operational, and technical controls (i.e. safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253, that provide equivalent or comparable protection for an information system. [SP 800-53A; SP 800-53] The management, operational, and technical controls (i.e. safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST Special Publication 800-53, that provide equivalent or comparable protection for an information system. [800-53][SP 800-37] (see also countermeasures, information, management, operation, system, control, security)

competition

Activity of two or more entities taken in consideration of each other to achieve differing objectives. The commercial analogue of military combat. [CIAO] (see also object)

compiled viruses

A virus that has had its source code converted by a compiler program into a format that can be directly executed by an operating system. [800-83] (see also code, program, system, virus)

compiler

A computer program that translates large sections of source code into object code the computer can understand. [SRV] (see also code, computer, object, program, source code, software development)

completeness

The degree to which all of the software's required functions and design constraints are present and fully developed in the software requirements, software design, and code. [SRV] (see also code, function, requirements, software)

compliance-based

A structured, top-down approach to IT security wherein each system must meet the same standards set program-wide. [NASA] (see also IT security, program, security, standard, system)

component

(1) A device or set of devices consisting of hardware, along with its firmware and/or software, that performs a specific function on a computer communications network. A component is a part of the larger system and may itself consist of other components. Examples include modems, telecommunications controllers, message switches, technical control devices, host computers, gateways, communications subnets, and so on. (2) An identifiable and self-contained portion of a Target of Evaluation that is subjected to security evaluation. (3) An organization that is part of a larger organization, e.g. a U.S. Defense Component. (4) A requirement that is part of a larger set of requirements that may be called a package. e.g. protection profiles are assembled from components. Groups of components can be assembled into predefined packages. [AJP] A device or set of devices, consisting of hardware, along with its firmware, and/or software that performs a specific function on a computer communications network. A component is a part of the larger system, and may itself consist of other components. Examples include modems, telecommunications controllers, message switches, technical control devices, host computers, gateways, communications subnets, etc. [TNI] An IT assembly, or part thereof, that is essential to the operation of some larger IT assembly and is an immediate subdivision of the IT assembly to which it belongs, (e.g., a trusted guard, biometrics device, or firewall would be a component of a computer system.). [800-37] An element of a large system, such as an identity card, PIV Issuer, PIV Registrar, card reader, or identity verification support, within the PIV system. [GSA] An identifiable and self-contained portion of a TOE that is subjected to security evaluation. [JTC1/SC27] An identifiable and self-contained portion of a Target of Evaluation. [ITSEC] An object of testing. An integrated assembly of one or more units and/or associated data objects or one or more components and/or associated data objects. By this (recursive) definition, a component can be anything from a unit to a system. [OVT] The smallest selectable set of elements that may be included in a PP, an ST, or a package. [CC2][CC21][SC27] (see also communications, computer, control, entity, file, function, gateway, identity, message, network, object, operation, profile, security, security testing, software, subject, system, target, telecommunications, test, trust, verification, component dependencies, component extensibility, component hierarchy, component operations, component reference monitor, construction of TOE requirements, target of evaluation) (includes assurance component, basic component, development assurance component, evaluation assurance component, functional component, functional unit, network component)

component dependencies

Dependencies may exist between components. Dependencies arise when a component is not self-sufficient and relies upon the presence of another component. Dependencies may exist between functional components, between assurance components and between functional and assurance components. [CC1] (see also assurance, function, Common Criteria for Information Technology Security Evaluation) (includes component)

component extensibility

The addition to an ST of functional or assurance requirement not defined in the common criteria (CC). Note that the use of such extensions requires the prior approval of a certification body, and may be a barrier to the mutual recognition of evaluation results. [CC1] (see also assurance, certification, criteria, function, Common Criteria for Information Technology Security Evaluation) (includes component, security target)

component hierarchy

The hierarchy of functional and assurance requirements, provided by the Common Criteria is: Class => Family => Component => Element. [CC1] (see also assurance, criteria, function, requirements, Common Criteria for Information Technology Security Evaluation) (includes component)

component operations

Common criteria (CC) components may be used exactly as defined in the common criteria, or they may be tailored through the use of permitted operations to meet a specific security policy or counter a specific threat. Each component identifies and defines any permitted operations, the circumstances under which it may be applied and the results of the application. Permitted operations are: assignment; selection and refinement. [CC1] (see also application, criteria, policy, Common Criteria for Information Technology Security Evaluation, operation) (includes component, security policy, threat)

component reference monitor

An access-control concept that refers to an abstract machine that mediates all access to objects within a component by subjects within the component. [AJP][TNI] (see also access, control, access control) (includes component, object, subject)

comprehensive testing

A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing. [SP 800-53A]

compromise

A violation (or suspected violation) of a security policy, in which an unauthorized disclosure of, or loss of control over, sensitive information may have occurred. [GSA] A violation of the security policy of a system such that unauthorized disclosure of sensitive information may have occurred. [NCSC/TG004] A violation of the security policy of a system such that unauthorized disclosure of sensitive information may have occurred. The unauthorized disclosure, modification, substitution, or use of sensitive data (including plaintext cryptographic keys and other critical security parameters). [SRV] A violation of the security system such that an unauthorized disclosure of sensitive information may have occurred. [AJP][TNI] An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred [NSAINT] An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred. A violation of the security policy of a system such that unauthorized disclosure of sensitive information may have occurred. [OVT] Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. [CNSSI-4009][GSA][IATF][SP 800-32] The unauthorized disclosure, modification, substitution or use of sensitive data (e.g., keys, key metadata, and other security-related information) and loss of, or unauthorized intrusion into, an entity containing sensitive data and the conversion of a trusted entity to an adversary. [800-130] The unauthorized disclosure, modification, substitution or use of sensitive data (including plaintext cryptographic keys and other critical security parameters). [FIPS140] The unauthorized disclosure, modification, substitution, or use of sensitive data (including plaintext cryptographic keys and other CSPs). [FIPS 140-2] Type of incident where information is disclosed to unauthorized individuals or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. [CNSSI] Unauthorized disclosure of classified information. [DSS] (see also DNS spoofing, TEMPEST, TEMPEST shielded, TEMPEST test, acknowledged special access program, acquisition systems protection, adversary, application server attack, attack, authorized, benign, classified, clean system, computer, control, control zone, core secrets, cost-risk analysis, counterintelligence assessment, critical, critical program information, critical security parameters, cryptographic, cryptography, emanations security, emissions security, entity, environmental failure protection, environmental failure testing, file integrity checking, flaw hypothesis methodology, forward secrecy, information, insider, intrusion, invalidity date, key, key lifecycle state, leapfrog attack, line supervision, malware, metadata, multilevel device, object, ohnosecond, payment gateway certification authority, policy, privacy, protective technologies, public-key forward secrecy, revocation, revocation date, risk analysis, robustness, rootkit, security, security audit, security environment threat list, security event, security incident, security infraction, security management infrastructure, security violation, suppression measure, suspicious contact, system, tri-homed, trust, trusted recovery, unacknowledged special access program, version, vulnerability, vulnerability assessment, warehouse attack, incident) (includes areas of potential compromise, compromised key list, compromised state, compromising emanation performance requirement, compromising emanations, data compromise, deliberate compromise of classified information, destroyed compromised state, security compromise)

compromised key list (CKL)

(O) MISSI usage: A list that identifies keys for which unauthorized disclosure or alteration may have occurred. (C) A CKL is issued by an CA, like a CRL is issued. But a CKL lists only KMIDs, not subjects that hold the keys, and not certificates in which the keys are bound. [RFC2828] A list with the Key Material Identifier (KMID) of every user with compromised key material; key material is compromised when a card and its personal identification number (PIN) are uncontrolled or the user has become a threat to the security of the computer system. [IATF] (see also authorized, certificate, computer, control, identification, subject, system, users, compromise, key, multilevel information systems security initiative, public-key infrastructure, threat)

compromised state

A key lifecycle state in which a key is designated as compromised and not used to apply cryptographic protection to data. Under certain circumstances, the key may be used to process already protected data. [800-130] (see also cryptographic, key, lifecycle, process, compromise, key lifecycle state)

compromising emanation performance requirement (CEPR)

(see also compromise, emanations security, risk)

compromising emanations

Unintentional data-related or intelligence-bearing signals that, if intercepted and analyzed, disclose the information transmission received, handled, or otherwise processed by any information processing equipment. [AJP][NCSC/TG004] Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems equipment. [CNSSI] Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems equipment. See TEMPEST. [CNSSI-4009] Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems. This is also known as Transient Electromagnetic Pulse Emanation Standard, or TEMPEST. [DSS] (see also information, intelligence, process, system, TEMPEST, compromise, emanations security, threat)

computer

A machine that can be programmed in code to execute a set of instructions (program). In an IS, the term 'computer' usually refers to the components inside the case: the motherboard, memory chips, and internal storage disk(s). [CIAO] (see also Abrams, Jojodia, Podell essays, Abstract Syntax Notation One, American National Standards Institute, Automated Information System security, Bell-LaPadula security model, COMSEC control program, Common Criteria for Information Technology Security, Cryptographic Application Program Interface, Defense Information Infrastructure, Estelle, FIPS PUB 140-1, Federal Information Processing Standards, Forum of Incident Response and Security Teams, IP address, IT resources, IT security incident, Integrated services digital network, Internet worm, Open Systems Interconnection Reference model, Orange book, PC card, PCMCIA, PHF, POSIX, Red book, SOCKS, TEMPEST, Terminal Access Controller Access Control System, Trusted Systems Interoperability Group, Yellow book, abort, access control center, access control lists, access port, accessibility, accountability, accreditation, accreditation range, active wiretapping, add-on security, administrative account, algorithm, antivirus software, application, application server attack, application system, approval/accreditation, assurance, attack, attackers, audit software, audit trail, auditing tool, authentication, authentication code, authorization, automated clearing house, automated data processing system, automated information system, automated key distribution, automated logon sequences, availability, backdoor, backup operations, backup procedures, bandwidth, bastion host, bebugging, benchmark, beyond A1, break, browser, brute force attack, buffer overflow, byte, call back, centralized operations, certification, certification authority workstation, certification practice statement, checksum, clean system, client, client server, code, coding, cold site, communications protocol, compiler, component, compromise, compromised key list, confidentiality, configuration control, configuration item, configuration management, console logon, console logs, continuity of services and operations, cracker, cracking, crash, criteria, cyberspace, cyberspace operations, data, data encryption standard, data integrity, data management, data processing, database management system, debug, default account, demilitarized zone, denial-of-service, descriptive top-level specification, dial back, dial-up, dial-up line, dial-up security, digital certificate, digital signature, discrete event simulation, distributed data, distributed database, distributed denial-of-service, distributed processing, domain name service server, dongle, download, dump, dumpster diving, e-mail server, electronic commerce, electronic data interchange, email, emergency response, emergency shutdown controls, end system, end-to-end encryption, end-user, endorsed tools list, error seeding, evaluated products list, executable code, exploitable channel, extensible markup language, extranet, fault, field, file, file infector virus, file security, file transfer, file transfer protocol, firewall, firmware, flaw hypothesis methodology, flooding, formal language, formal proof, formal security policy model, formal specification, formal top-level specification, format, framework, front-end processor, front-end security filter, full disk encryption, functional testing, gateway, gateway server, general controls, general-purpose system, gopher, graphical-user interface, guard, hackers, handshaking procedures, hardening, hardware, help desk, host, host-based firewall, hypertext, identification authentication, imaging system, impersonation, incident, individual accountability, information flow, information security, information system, information technology, information technology system, insider, integrity, interactive mode, interface, internet, internet protocol, internet vs. Internet, interoperability, interoperability standards/protocols, intranet, intrusion, intrusion detection, intrusion detection and prevention, intrusion detection systems, intrusion detection tools, intrusion prevention, key center, key logger, kiosk, language of temporal ordering specification, leakage, legacy systems, link, list-oriented, local-area network, logic bombs, loop, malicious applets, malicious intruder, malicious logic, malware, memory, message authentication code vs. Message Authentication Code, message integrity code, meta-language, microcode, middleware, mirroring, mockingbird, modem, multiuser mode of operation, national information infrastructure, network, network component, network device, network front-end, network services, node, object, on-demand scanning, on-line system, operating system, optical scanner, output, overt channel, packet sniffer, packet switching, passive threat, password cracking, peer-to-peer communication, penetration test, penetration testing, peripheral equipment, persistent cookie, personal digital assistant, personal firewall, personal identity verification, phishing, phracker, piggyback entry, port, portability, pretty good privacy, privilege, privileged access, privileged instructions, privileged process, procedural security, process controller, program, proprietary information, protocol suite, protocols, prototyping, proxy server, public law 100-235, push technology, read-only memory, real-time processing, real-time system, reciprocal agreement, recovery site, reliability, remote access, remote access software, remote terminal emulation, remote terminal unit, requirements, requirements traceability matrix, resource starvation, response time, restart, reusability, reverse engineering, risk, rootkit, router, run, safeguarding statement, scan, screen scraping, script, script bunny, secure configuration management, security architecture, security audit, security evaluation, security event, security incident, security kernel, security label, security policy model, security service, security test and evaluation, security-relevant event, segregation of duties, sensitive information, server, session key, shrink-wrapped software, simple mail transfer protocol, simulation modeling, single sign-on, smartcards, sniffer, social engineering, soft TEMPEST, software, software development methodologies, software product, source code, source data entry, source program, spoofing, spyware detection and removal utility, stand-alone, shared system, stand-alone, single-user system, state variable, stovepipe systems, supervisory control, supervisory control and data acquisition, support software, suspicious event, system, system development lifecycle, system files, system integrity, system lifecycle, system parameter, system security officer, system software, systems software, technical policy, technical vulnerability, telecommuting, teleprocessing, telnet, testability, thrashing, threat, ticket-oriented, tiger team, time bomb, timing attacks, tokens, traceroute, tracking cookie, transaction, transmission control protocol, trapdoor, trojan horse, trust level, trusted computing base, trusted network interpretation, trusted path, trusted platform module chip, trustworthy system, tunnel, type time, unit, upload, user data protocol, user id, user interface, users, utility programs, value-added network, vaulting, vendor, virtual private network, virus, virus-detection tool, vulnerability, war dialer, war driving, web server, website hosting, white-box testing, wireless gateway server, workstation, worm) (includes Canadian Trusted Computer Product Evaluation Criteria, Computer Incident Advisory Capability, Computer Security Objects Register, DoD Trusted Computer System Evaluation Criteria, National Computer Security Center, National Computer Security Center glossary, Trusted Computer System Evaluation Criteria, command, control, communications and computers, computer abuse, computer architecture, computer cryptography, computer emergency response team, computer emergency response teams' coordination center, computer forensics, computer fraud, computer incident assessment capability, computer intrusion, computer network, computer network attack, computer network defense, computer network exploitation, computer network operations, computer operations, audit, and security technology, computer oracle and password system, computer related controls, computer related crime, computer security, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computer-aided software engineering, computer-assisted audit technique, embedded computer, energy-efficient computer equipment, joint task force-computer network defense, laptop computer, national computer security assessment program, organization computer security representative, personal computer, personal computer memory card international association, trusted computer system)

computer abuse

Intentional or reckless misuse, alteration, disruption, or destruction of information processing resources. [CNSSI][CNSSI-4009] The misuse, alteration, disruption, or destruction of data processing resources. The key aspect is that it is intentional and improper. [AJP][NCSC/TG004] The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation. [AFSEC][NSAINT] (see also authorized, availability, confidentiality, damage, denial-of-service, fraud, information, integrity, key, malicious, process, resource, theft, automated information system, computer, threat)

computer architecture

The set of layers and protocols (including formats and standards that different hardware and software must comply with to achieve stated objectives) which define a computer system. Computer architecture features can be available to application programs and system programmers in several modes, including a protected mode. e.g. the system-level features of computer architecture may include: (1) memory management, (2) protection, (3) multitasking, (4) input/output, (5) exceptions and multiprocessing, (6) initialization, (7) coprocessing and multiprocessing, (8) debugging, and (9) cache management. [AJP] (see also application, process, program, protocols, software, standard, system, computer, security architecture) (includes object)

computer cryptography

The use of a cryptographic algorithm in a computer, microprocessor, or microcomputer to perform encryption or decryption to protect information or to authenticate users, sources, or information. [AJP][NCSC/TG004] Use of a cryptographic algorithm program by a computer to authenticate or encrypt/decrypt information. [CNSSI][CNSSI-4009] (see also algorithm, authentication, encryption, information, process, program, users, computer, cryptography)

computer emergency response team (CERT)

(I) An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security. (C) For example, the CERT Coordination Center at Carnegie-Mellon University (sometimes called 'the' CERT) and the Computer Incident Advisory Capability. [RFC2828] A federally funded research and development center at Carnegie Mellon University. They focus on Internet security vulnerabilities, provide incident response services to sites that have been the victims of attack, publish security alerts, research security and survivability in wide-area-networked computing, and develop site security information. They can be found at www.cert.org. [IATF] An organization chartered by an information system owner to coordinate and/or accomplish necessary actions in response to computer emergency incidents that threaten the availability or integrity of its information systems. (DoDD 5160.54) [CIAO] Formed by ARPA in 1988 to take proactive steps to alert people to computer security issues. [misc] (see also Computer Incident Advisory Capability, advisory, attack, availability, communications security, computer security, computer security incident response team, incident, information, integrity, internet, network, owner, system, threat, vulnerability, computer, response, security) (includes Forum of Incident Response and Security Teams, computer emergency response teams' coordination center)

computer emergency response teams' coordination center

An element of the Networked Systems Survivability Program of the Software Engineering Institute at Carnegie Mellon University. It keeps track of attacks on the Internet and issues advisories. [CIAO] (see also attack, internet, program, software, system, computer, computer emergency response team, response)

computer forensics

The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data. [800-61][CNSSI-4009] (see also integrity, computer)

computer fraud

Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value. [AFSEC][NSAINT] Computer-related crimes involving deliberate misrepresentation, alteration, or disclosure of data to obtain something of value (usually for monetary gain). A computer system must have been involved in the perpetration or cover-up of the act or series of acts. A computer system might have been involved through improper manipulation of input data, output or results, applications programs, data files, computer operations, communications, or computer hardware, systems software, or firmware. [AJP][NCSC/TG004] Misrepresentation, alteration, or disclosure of data in order to obtain something of value (usually for monetary gain). A computer system must have been involved in the perpetration or coverup of the act or series of acts. A computer system might have been involved through improper manipulation of input data; output or results; applications programs; data files; computer operations; communications; or computer hardware, systems software, or firmware. [SRV] (see also application, communications, file, operation, program, software, system, computer, fraud)

Computer Incident Advisory Capability (CIAC)

(N) A computer emergency response team in the U.S. Department of Energy. [RFC2828] (see also computer emergency response team, response, advisory, computer, incident)

computer incident assessment capability (CIAC)

(see also assessment, computer, incident)

computer incident response team

(CIRT) Group of individuals usually consisting of Security Analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents. Also called a Computer Security Incident Response Team (CSIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability, or Cyber Incident Response Team). [CNSSI-4009] (see also cyberspace, security)

computer intrusion

An incident of unauthorized access to data or an Automated Information System (AIS). [IATF] (see also access, access control, authorized, information, system, unauthorized access, attack, computer, incident, intrusion)

computer network

(I) A collection of host computers together with the subnetwork or internetwork through which they can exchange data. (C) This definition is intended to cover systems of all sizes and types, ranging from the complex Internet to a simple system composed of a personal computer dialing in as a remote terminal of another computer. [RFC2828] A set of computers that are connected and able to exchange data. [CIAO] Constituent element of an enclave responsible for connecting computing environments by providing shorthaul data transport capabilities such as local or campus area networks, or long-haul data transport capabilities such as operational, metropolitan, or wide area and backbone networks. [DSS] (see also Common Criteria for Information Technology Security, Estelle, authentication, automated key distribution, bandwidth, computer oracle and password system, cyberspace operations, distributed dataprocessing, extranet, firewall, gateway, hackers, host, internet, internet vs. Internet, intranet, language of temporal ordering specification, mirroring, packet switching, protocol suite, remote access, security policy automation network, sniffer, system, transmission control protocol, tunnel, value-added network, vaulting, virtual private network, war driving, wide-area network, wireless gateway server, computer, network) (includes computer network attack, computer network defense, computer network exploitation, computer network operations, joint task force-computer network defense)

computer network attack (CNA)

Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. [CNSSI-4009][DOD] Operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also information, operation, attack, computer, computer network, network)

computer network defense (CND)

Actions taken to defend against unauthorized activity within computer networks. CND includes monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities. [CNSSI-4009] Actions taken to protect, monitor, analyze, detect, and respond to unauthorized activity within the Department of Defense information systems and computer networks. [DOD] (see also authorized, information, system, computer, computer network, network)

computer network exploitation

(CNE) Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary information systems or networks. [CNSSI-4009] Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks. [DOD] (see also information, intelligence, system, target, computer, computer network, network)

computer network operations

(CNO) Comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations. [CNSSI-4009] Comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations. [DOD] (see also attack, computer, computer network, network)

computer operations, audit, and security technology (COAST)

is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. Its research is focused on real-world needs and limitations, with a special focus on security for legacy computing systems. [NSAINT] (see also computer security, function, system, audit, computer, operation, technology)

computer oracle and password system (COPS)

A computer network monitoring system for Unix machines. Software tool for checking security on shell scripts and C programs. Checks for security weaknesses and provides warnings. [NSAINT] (see also computer network, network, passwords, program, software, computer, security software, system)

computer related controls

A comprehensive name to include both general controls and application controls. These controls help ensure the confidentiality, integrity, and availability of data. [SRV] (see also application, availability, confidentiality, integrity, security controls, computer, control)

computer related crime

Any illegal act for which knowledge of computer technology is involved for its investigation, perpetration, or prosecution. [AFSEC] (see also illegal, technology, computer, threat)

computer security (COMPUSEC)

computer security emergency response team (CERT)

(see also computer, computer security, response)

computer security incident

Any intrusion or attempted intrusion into a computer system. Incidents can include probes of multiple computer systems. [AFSEC] Any intrusion or attempted intrusion into an automated information system (AIS). Incidents can include probes of multiple computer systems. [NSAINT] See incident. [CNSSI] (see also information, intrusion, system, computer, computer security, incident, security incident)

computer security incident response capability (CSIRC)

computer security incident response team (CIRT) (CSIRT)

(I) An organization 'that coordinates and supports the response to security incidents that involve sites within a defined constituency.' (C) To be considered a CSIRT, an organization must do as follows:

Provide a (secure) channel for receiving reports about suspected security incidents.
Provide assistance to members of its constituency in handling the incidents.
Disseminate incident-related information to its constituency and other involved parties.

[RFC2828] A capability set up for the purpose of assisting in responding to computer security-related incidents; also called a Computer Incident Response Team (CIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability). [800-61] (see also computer emergency response team, information, computer, computer security, incident, response, security incident)

computer security intrusion

Any event of unauthorized access or penetration to a computer system. [AFSEC] Any event of unauthorized access or penetration to an automated information system (AIS). [NSAINT] (see also access, access control, authorized, information, penetration, system, unauthorized access, computer, computer security, intrusion)

computer security object

(I) The definition or representation of a resource, tool, or mechanism used to maintain a condition of security in computerized environments. Includes many elements referred to in standards that are either selected or defined by separate user communities. [RFC2828] A resource, tool, or mechanism used to maintain a condition of security in a computerized environment. These objects are defined in terms of attributes they possess, operations they perform or are performed on them, and their relationship with other objects. [FIPS 188; CNSSI-4009] (see also security software, computer, computer security, object)

Computer Security Objects Register (CSOR)

(N) A service operated by NIST is establishing a catalog for computer security objects to provide stable object definitions identified by unique names. The use of this register will enable the unambiguous specification of security parameters and algorithms to be used in secure data exchanges. (C) The CSOR follows registration guidelines established by the international standards community and ANSI. Those guidelines establish minimum responsibilities for registration authorities and assign the top branches of an international registration hierarchy. Under that international registration hierarchy the CSOR is responsible for the allocation of unique identifiers under the branch {joint-iso-ccitt(2) country(16) us(840) gov(101) csor(3)}. [RFC2828] (see also algorithm, registration, standard, National Institute of Standards and Technology, computer, computer security, object)

computer security subsystem

A device designed to provide limited computer security features in a larger system environment. [AJP][NCSC/TG004] Hardware/software designed to provide computer security features in a larger system environment. [CNSSI][CNSSI-4009] (see also software, computer, computer security, system)

computer security technical vulnerability reporting program (CSTVRP)

A program that focuses on technical vulnerabilities in commercially available hardware, firmware, and software products acquired by DoD. CSTVRP provides for the reporting, cataloging, and discreet dissemination of technical vulnerability and corrective measure information to DoD components on a need-to-know basis. [NCSC/TG004] A program that focuses on technical vulnerabilities in commercially available hardware, firmware, and software products acquired by the Federal Government. CSTVRP provides for the reporting, cataloging, and discreet dissemination of technical vulnerability and corrective measure information to Defense Components on a need-to-know basis. [AJP] (see also information, login, software, computer, computer security, program, vulnerability)

computer security toolbox

Set of tools (for example, Buster, Fush) or Secure Copy) designed specifically to assist Information Assurance Officer, and System Administrators in performing their duties. The functions within the Toolbox can erase appended data within files; eliminate appended data in free or unallocated space; search for specific words or sets of words for verifying classification; and locating unapproved share programs. It also includes a program that allows you to clear laser toner cartridges and drums. [DSS] (see also assurance, security)

computer-aided software engineering (CASE)

The creation of software using well-defined design techniques and development methodology, supported by computer-based automation tools. [SRV] (see also computer, software)

computer-assisted audit technique (CAAT)

A collection of computer programs, such as generalized audit software, test-data generators, sampling programs, utility software aids, or customized audit programs. [SRV] (see also program, software, test, audit, computer)

computerized telephone system

Also referred to as a hybrid key system, business communication system, or office communications system. [DSS]

computing environment

Workstation or server (host) and its operating system, peripherals, and applications. [CNSSI][DSS] (see also application, system)

computing security methods

Computing security methods are security safeguards implemented within the IS, using the networking, hardware, software, and firmware of the IS. This includes the following: (1) the hardware, firmware, and software that implements security functionality and (2) the design, implementation, and verification techniques used to ensure that system assurance requirements are satisfied. [SRV] Computing security methods are security safeguards implemented within the IT, using the networking, hardware, software, and firmware of the IT. This includes (1) the hardware, firmware, and software that implements security functionality and (2) the design, implementation, and verification techniques used to ensure that system assurance requirements are satisfied. [800-33] (see also assurance, function, network, requirements, software, system, verification, computer security)

COMSEC

Communications Security. [CNSSI-4009] (see also security)

COMSEC account

Administrative entity, identified by an account number, used to maintain accountability, custody, and control of COMSEC material. [CNSSI][CNSSI-4009] (see also control, entity, communications security)

COMSEC account audit

Examination of the holdings, records, and procedures of a COMSEC account ensuring all accountable COMSEC material is properly handled and safeguarded. [CNSSI][CNSSI-4009] (see also audit, communications security)

COMSEC aid

COMSEC material that assists in securing telecommunications and is required in the production, operation, or maintenance of COMSEC systems and their components. COMSEC keying material, callsign/frequency systems, and supporting documentation, such as operating and maintenance manuals, are examples of COMSEC aids. [CNSSI][CNSSI-4009] (see also communications, key, operation, system, telecommunications, communications security)

COMSEC assembly

Group of parts, elements, subassemblies, or circuits that are removable items of COMSEC equipment. [CNSSI][CNSSI-4009]

COMSEC boundary

Definable perimeter encompassing all hardware, firmware, and software components performing critical COMSEC functions, such as key generation, handling, and storage. [CNSSI][CNSSI-4009] (see also critical, function, key, software, boundary, communications security)

COMSEC chip set

Collection of NSA-approved microchips. [CNSSI][CNSSI-4009] (see also communications security)

COMSEC control program

Computer instructions or routines controlling or affecting the externally performed functions of key generation, key distribution, message encryption/decryption, or authentication. [CNSSI][CNSSI-4009] (see also authentication, computer, encryption, function, key, message, communications security, control, program)

COMSEC custodian

Individual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. [CNSSI][CNSSI-4009] (see also authority, communications security)

COMSEC demilitarization

Process of preparing COMSEC equipment for disposal by extracting all CCI, classified, or CRYPTO marked components for their secure destruction, as well as defacing and disposing of the remaining equipment hulk. [CNSSI] Process of preparing COMSEC equipment for disposal by extracting all CCI, classified, or cryptographic (CRYPTO) marked components for their secure destruction, as well as defacing and disposing of the remaining equipment hulk. [CNSSI-4009] (see also classified, process)

COMSEC element

Removable item of COMSEC equipment, assembly, or subassembly; normally consisting of a single piece or group of replaceable parts. [CNSSI][CNSSI-4009]

COMSEC end-item

Equipment or combination of components ready for use in a COMSEC application. [CNSSI][CNSSI-4009] (see also application, communications security)

COMSEC equipment

Equipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process. COMSEC equipment includes cryptographic equipment, crypto-ancillary equipment, cryptographic production equipment, and authentication equipment. [CNSSI][CNSSI-4009] (see also authentication, authorized, communications, cryptography, information, process, telecommunications, version, communications security)

COMSEC facility

Authorized and approved space used for generating, storing, repairing, or using COMSEC material. [CNSSI][CNSSI-4009] (see also authorized, communications security)

COMSEC incident

Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission of national security information or information governed by 10 U.S.C. Section 2315. [CNSSI-4009] See incident. [CNSSI] (see also communications security, incident)

COMSEC insecurity

COMSEC incident that has been investigated, evaluated, and determined to jeopardize the security of COMSEC material or the secure transmission of information. [CNSSI][CNSSI-4009] (see also incident, information, communications security)

COMSEC manager

Individual who manages the COMSEC resources of an organization. [CNSSI][CNSSI-4009] (see also resource, communications security)

COMSEC material

Item designed to secure or authenticate telecommunications. COMSEC material includes, but is not limited to key, equipment, devices, documents, firmware, or software that embodies or describes cryptographic logic and other items that perform COMSEC functions. [CNSSI][CNSSI-4009] (see also communications, control systems, cryptographic, cryptography, function, key, software, telecommunications, communications security)

COMSEC Material Control System (CMCS)

Logistics and accounting system through which COMSEC material marked 'CRYPTO' is distributed, controlled, and safeguarded. Included are the COMSEC central offices of record, cryptologistic depots, and COMSEC accounts. COMSEC material other than key may be handled through the CMCS. [CNSSI] (see also key, communications security, control, control systems, system)

COMSEC modification

See Information Systems Security Equipment Modification. [CNSSI-4009] See information systems security equipment modification. [CNSSI] (see also information, system, communications security, information systems security equipment modification)

COMSEC module

Removable component that performs COMSEC functions in a telecommunications equipment or system. [CNSSI][CNSSI-4009] (see also communications, function, system, telecommunications, communications security, module)

COMSEC monitoring

Act of listening to, copying, or recording transmissions of one's own official telecommunications to analyze the degree of security. [CNSSI][CNSSI-4009][DSS] (see also communications, telecommunications, communications security)

COMSEC Parent Switch (CPS)

(see also communications security)

COMSEC profile

Statement of COMSEC measures and materials used to protect a given operation, system, or organization. [CNSSI][CNSSI-4009] (see also operation, system, communications security, file, profile)

COMSEC Resources Program (CRP)

(see also communications security, program, resource)

COMSEC Subordinate Switch (CSS)

(see also communications security)

COMSEC survey

Organized collection of COMSEC and communications information relative to a given operation, system, or organization. [CNSSI][CNSSI-4009] (see also communications, information, operation, system, communications security)

COMSEC system data

Information required by a COMSEC equipment or system to enable it to properly handle and control key. [CNSSI][CNSSI-4009] (see also control, information, key, communications security, system)

COMSEC training

Teaching of skills relating to COMSEC accounting, use of COMSEC aids, or installation, use, maintenance, and repair of COMSEC equipment. [CNSSI][CNSSI-4009] (see also communications security)

COMSEC Utility Program (CUP)

(see also communications security, program)

concealment

Act of remaining hidden. [DSS]

concealment system

A method of achieving confidentiality in which sensitive information is hidden by embedding it in irrelevant data. [AJP][NCSC/TG004] (see also confidentiality, information, security, system)

concept of operations (CONOP)

Describes how the system would be used to accomplish objectives. [IATF] Document detailing the method, act, process, or effect of using an IS. [CNSSI] Document detailing the method, act, process, or effect of using an IT system. [CIAO] See Security Concept of Operations. [CNSSI-4009] Verbal or graphic statement, broadly outlining a commander's assumptions about or purpose of an operation or series of operations. The concept of operations frequently is embodied in campaign plans and operation plans; in the latter case, particularly when the plans cover a series of connected operations to be carried out simultaneously or in succession. The concept is designed to give an overall picture of the operation. It is included primarily for additional clarity of purpose. It is also referred to as commander's concept. [DSS] (see also internet, object, process, system, operation, security)

concurrency control

A controlling mechanism that prevents multiple users from executing inconsistent actions on the database. [SRV] (see also users, control)

concurrent connections

The aggregate number of simultaneous connections between hosts across the DUT/SUT, or between hosts and the DUT/SUT. The number of concurrent connections a firewall can support is just as important a metric for some users as maximum bit forwarding rate. While 'connection' describes only a state and not necessarily the transfer of data, concurrency assumes that all existing connections are in fact capable of transferring data. If a data cannot be sent over a connection, that connection should not be counted toward the number of concurrent connections. Further, this definition assumes that the ability (or lack thereof) to transfer data on a given connection is solely the responsibility of the DUT/SUT. For example, a TCP connection that a DUT/SUT has left in a FIN_WAIT_2 state clearly should not be counted. But another connection that has temporarily stopped transferring data because some external device has restricted the flow of data is not necessarily defunct. The tester should take measures to isolate changes in connection state to those effected by the DUT/SUT. [RFC2647] (see also flow, test, users, connection)

confidence

A belief that a deliverable will perform in the way expected or claimed (i.e. properly, trustworthy, enforce security policy, reliably, effectively). [SC27] (see also IT Security Evaluation Criteria, IT Security Evaluation Methodology, Monitoring of Evaluations, assurance level, assurance profile, audit, authentication, authenticity, checksum, confidentiality, data confidentiality, data integrity, defense, defense-in-depth, infrastructure assurance, interval estimate, national information assurance partnership, policy, profile assurance, quality assurance, reference monitor, reliability, robustness, sampling error, software quality assurance, source integrity, state delta verification system, trusted channel, trusted computing system, trusted path, assurance, trust) (includes confidence coefficient, confidence interval, confidence level, confidence limits, public confidence)

confidence coefficient

A measure (usually expressed as a percentage) of the degree of assurance that the estimate obtained from a sample differs from the population parameter being estimated by less than the measure of precision (sampling error). [SRV] (see also confidence)

confidence interval

An estimate of a population parameter that consists of a range of values bounded by statistics called upper and lower confidence limits. [SRV] (see also confidence)

confidence level

A number, stated as a percentage, that expresses the degree of certainty associated with an interval estimate of a population parameter. It is the probability that an estimate based on a random sample falls within a specified range. [SRV] (see also random, confidence)

confidence limits

Two statistics that form the upper and lower bounds of a confidence interval. [SRV] (see also confidence)

confidential

Designation applied to information or material the unauthorized disclosure of which could reasonably be expected to cause damage to the national security. [DSS] (see also authorized, damage, security, classification levels)

confidential source

Individual or organization that has provided, or that may reasonably be expected to provide, information to the United States on matters pertaining to the national security with the expectation that the information or relationship, or both, are to be held in confidence. [DSS] (see also security)

confidentiality

(1) The assurance that information is not disclosed to inappropriate entities or processes. (2) The property that information is not made available or disclosed to unauthorized entities. (3) The prevention of the unauthorized disclosure of information. (4) The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations. [AJP] 1) Assurance that information is not disclosed to unauthorized persons, processes, or devices. 2) The protection of sensitive information from unauthorized disclosure and sensitive facilities from physical, technical or electronic penetration or exploitation. [CIAO] A concept that applies to data that must be held in confidence and that describes the status and degree of protection that must be provided for such data about individuals as well as organizations. [SRV] A security service that prevents unauthorized disclosure of information residing on a computer, transiting a local network, or flowing over a public Internet. [IATF] Assurance that information in an IT system is not disclosed to unauthorized persons, processes or devices. [800-37] Assurance that information is not disclosed to inappropriate entities or processes. [FCv1] Assurance that information is not disclosed to unauthorized entities or processes. [DSS][GSA] Assurance that information is not disclosed to unauthorized individuals, processes, or devices. [CNSSI] Assuring information will be kept secret, with access limited to appropriate persons. [NSAINT] Assuring information will be kept secret, with access limited to appropriate persons. The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations. [OVT] Ensuring that data is disclosed only to authorized subjects. [SRV] For the purposes of this guide, prevention of the disclosure of information by ensuring that only authorized devices can view the contents of WiMAX communications. [800-127] Holding sensitive data in confidence such that distribution is limited to those individuals or organizations with an established need-to-know [NASA] Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. [800-60][800-82][SP 800-53; SP 800-53A; SP 800-18; SP 800-27; SP 800-] The assurance that information is not disclosed to unauthorized entities or computer processes. [GAO] The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations. [NCSC/TG004] The prevention of the unauthorized disclosure of information. [ITSEC][NIAP] The principle that keeps information from being disclosed to anyone not authorized to access it. Synonymous with secrecy. [AFSEC] The property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information. [CNSSI-4009] The property that information is not made available or disclosed to unauthorized entities. [JTC1/SC27] The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. [SC27][TNI] The property that sensitive information is not disclosed to unauthorized individuals, entities or processes. [FIPS140] The security objective that generates the requirement for protection from intentional or accidental attempts to perform unauthorized data reads. Confidentiality covers data in storage, during processing, and in transit. [800-30][800-33] (see also Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, NULL encryption algorithm, Secure Electronic Transaction, access, access control, assurance, asymmetric cryptography, authentication header, authorized, classified, communications security, computer, computer abuse, computer related controls, computer security, concealment system, confidence, data privacy, data security, defense-in-depth, defense-wide information assurance program, digital envelope, encapsulating security payload, encryption algorithm, entry-level certification, flow, hybrid encryption, information, information assurance, information security, internet, internet protocol security, intrusion, key recovery, levels of concern, line managers, mid-level certification, network, object, passive, penetration, post-accreditation phase, privacy enhanced mail, privacy programs, privacy protection, process, property, public-key infrastructure, requirements for procedures and standards, secure shell, secure socket layer, security controls, security event, security objectives, security policy, simple network management protocol, subject, symmetric cryptography, system, top-level certification, transmission security, users, vulnerability, wrap, privacy, security goals) (includes cryptographic algorithm for confidentiality, data confidentiality, data confidentiality service, traffic flow confidentiality)

configuration

In configuration management, the functional and physical characteristics of hardware or software as set forth in technical documentation or achieved in a product. [IEEE610] Selection of one of the sets of possible combinations of features of a system or Target of Evaluation. [AJP][FCv1] The relative or functional arrangement of components in a system. [SRV] The selection of one of the sets of possible combinations of features of a Target of Evaluation. [ITSEC] (see also function, software, system, target, configuration management, target of evaluation)

configuration control

(1) A system of controls imposed on changing controlled objects produced during the development, production, and maintenance processes for a Target of Evaluation. (2) Management of changes made to a system's hardware, firmware, software, and documentation throughout the development and operational life of the computer system. (3) The process of controlling modifications to the system's hardware, firmware, software, and documentation that provides sufficient assurance that the system is protected against the introduction of improper modification before, during, and after system implementation. [AJP] (I) The process of regulating changes to hardware, firmware, software, and documentation throughout the development and operational life of a system. (C) Configuration control helps protect against unauthorized or malicious alteration of a system and thus provides assurance of system integrity. [RFC2828] A system of controls imposed on changing controlled objects produced during the development, production, and maintenance processes for a Target of Evaluation. [ITSEC] An element of configuration management, consisting of the evaluation, coordination, approval or disapproval, and implementation of changes to configuration items after formal establishment of their configuration identification. [IEEE610] Management of changes made to a system's hardware, firmware, software, and documentation throughout the development and operational life of the computer system. [TNI] Process for controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modification before, during, and after system implementation. [800-82] Process of controlling modifications to hardware, firmware, software, and documentation to ensure the IS is protected against improper modification before, during, and after system implementation. [CIAO][CNSSI] Process of controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modification before, during, and after system implementation. [DSS] Process of controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modification prior to, during, and after system implementation. [CNSSI-4009; SP 800-37; SP 800-53] The management process of controlling the specific elements comprising IT and controlling changes to those elements; the process that ensures that only authorized and approved changes of or to those elements are made. Configuration control includes but is not limited to hardware, firmware, and software elements. [NASA] The process of controlling modifications to the system's hardware, firmware, software, and documentation that provides sufficient assurance that the system is protected against the introduction of improper modification before, during, and after system implementation. Compare to configuration management. [NCSC/TG004][SRV] (see also authorized, computer, establishment, identification, information, integrity, malicious, operation, process, software, system, target, configuration management, control, target of evaluation) (includes object)

configuration control board

(CCB) A group of qualified people with responsibility for the process of regulating and approving changes to hardware, firmware, software, and documentation throughout the development and operational lifecycle of an information system. [CNSSI-4009] (see also development, software, control)

configuration identification

An element of configuration management, consisting of selecting the configuration items for a system and recording their functional and physical characteristics in technical documentation. [IEEE610] (see also function, system, configuration management, identification)

configuration item

An aggregation of hardware or computer programs or any of its discrete portions which satisfies an end use function. [SRV] An aggregation of hardware, software, or both, that is designated for configuration management and treated as a single entity in the configuration management process. [IEEE610] (see also computer, entity, function, process, program, software, configuration management)

configuration management (CM)

A discipline applying technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a configuration item, control changes to those characteristics, record and report change processing and implementation status, and verify compliance with specified requirements. [IEEE610] A family of security controls in the management class dealing with the control of changes made to hardware, software, firm ware, documentation, test, test fixtures, and test documentation throughout the lifecycle of an IT system. [800-37] A procedure for applying technical and administrative direction and surveillance to: (1) identify and document the functional and physical characteristics of an item or system, (2) control any changes to such characteristics, and (3) record and report the change, process, and implementation status. The process of controlling the software and documentation so they remain consistent as they are developed or changed. The configuration management process must be carefully tailored to the capacity, size, scope, phase of the lifecycle, maturity, and complexity of the computer system involved. [SRV] Management of security features and assurances through control of changes made to hardware, firmware, software, documentation, test, test fixtures, and test documentation throughout the lifecycle of an IT system. [CIAO][IATF] Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test fixtures, and test documentation of an information system, throughout the development and operational life of the system. [DSS] Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the lifecycle of an IS. [CNSSI] The management of security features and assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the development and operational life of the computer system. [AJP][NCSC/TG004] The management of security features and assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the development and operational life of the computer system. Compare to configuration control. [SRV] (see also computer, control, function, identify, operation, process, requirements, software, system, test, assurance, risk management, software development) (includes baseline management, configuration, configuration control, configuration identification, configuration item, secure configuration management)

confinement

The prevention of the leaking of sensitive data from a program. [AJP][NCSC/TG004] (see also program, risk) (includes confinement channel, confinement property)

confinement channel

See Covert Channel. [CNSSI-4009] See covert channel. [CNSSI] (see also covert, covert channel, covert timing channel, confinement)

confinement property

A subject has write access to an object only if classification of the object dominates the clearance of the subject. [RFC2828] (see also *-property, Bell-LaPadula security model, access, access control, classification levels, classified, object, subject, confinement)

conformance

Satisfying the requirements of a specification or standard, often verified by a testing. [800-130] (see also requirements, standard, test)

conformance testing

A process established by NIST within its responsibilities of developing, promulgating, and supporting FIPS for testing specific characteristics of components, products, and services, as well as people and organizations for compliance with a FIPS. [GSA] (see also process, security testing, test)

conformant validation certificate

A validation certificate issued by or under the authority of a Party in accordance with the terms of an agreement on the mutual recognition of certificates in the field of IT security. [NIAP] (see also IT security, authority, computer security, security, certificate, validation)

congruence

Property of a set of integers which differ from each other by a multiple of the modulus. Congruence is indicated by the symbol º. For example, 39 º 6 (mod 11) indicates that 39 and 6 are congruent with respect to the modulus 11, i.e. 39 - 6 = 33, that is a multiple of 11. [SC27] (see also property)

connection

A liaison, in the sense of a network interrelationship, between two hosts for a period of time. The liaison is established (by an initiating host) for the purpose of information transfer (with the associated host). The period of time is the time required to carry out the intent of the liaison (e.g. transfer of a file, a chatter session, or delivery of mail). In many cases, a connection (in the sense of this glossary) will coincide with a host-host connection (in a special technical sense) that is established via TCP (Transmission Control Protocol) or an equivalent protocol. However, a connection (liaison) can also exist when only a protocol such as IP (Internet Protocol) is in use. (IP has no concept of a connection that persists for a period of time.) Hence, the notion of connection can be independent of the particular protocols in use during a liaison of two hosts. [AJP] A liaison, in the sense of a network interrelationship, between two hosts for a period of time. The liaison is established (by an initiating host) for the purpose of information transfer (with the associated host); the period of time is the time required to carry out the intent of the liaison (e.g. transfer of a file, a chatter session, delivery of mail). In many cases, a connection (in the sense of this glossary) will coincide with a host-host connection (in a special technical sense) established via TCP or equivalent protocol. However a connection (liaison) can also exist when only a protocol such as IP is in use (IP has no concept of a connection that persists for a period of time). Hence, the notion of connection as used here is independent of the particular protocols in use during a liaison of two hosts. [TNI] A state in which two hosts, or a host and the DUT/SUT, agree to exchange data using a known protocol. A connection is an abstraction describing an agreement between two nodes: One agrees to send data and the other agrees to receive it. [RFC2647] (see also Identification Protocol, Internet Security Association and Key Management Protocol, Internet worm, OSI architecture, SOCKS, SYN flood, Security Protocol 3, Security Protocol 4, Simple Authentication and Security Layer, Terminal Access Controller Access Control System, USENET, application level gateway, application proxy, application-level firewall, asynchronous transfer mode, authentication header, automated logon sequences, banner grabbing, call back, call back security, circuit level gateway, circuit proxy, circuit switching, cold site, connectivity, control, cookies, data origin authentication service, data source, derogatory information, dial back, encapsulating security payload, external system exposure, file, firewall machine, foreign liaison officer, global information infrastructure, handcarrier, information, interface, internet, internet protocol security, internetwork private line interface, local-area network, long-haul telecommunications, malicious code screening, memorandum of understanding, national information infrastructure, network, network address translation, network configuration, network tap, on ramp, personal firewall, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, port, port scanner, port scanning, protective security service, protocols, proxy, proxy server, remote access, remote maintenance, router, rules of behavior, scan, secure shell, secure socket layer, security association, security certificate, security controls, security domain, security parameters index, session key, signaling, stateful packet filtering, stealth probe, stovepipe systems, system security authorization agreement, tinkerbell program, transmission control protocol, trusted identification forwarding, tunneling, unit of transfer, users, war dialing, wireless technology, wiretapping, worm, firewall) (includes Open Systems Interconnection Reference model, concurrent connections, connection approval, connection establishment, connection establishment time, connection maintenance, connection overhead, connection teardown, connection teardown time, connectionless data integrity service, interconnection security agreements, network connection, open system interconnection, open system interconnection model, open systems interconnection, platform it interconnection, system interconnection)

connection approval

Formal authorization to interconnect information systems. [DSS] (see also authorization, connection)

connection establishment

The data exchanged between hosts, or between a host and the DUT/SUT, to initiate a connection. Connection-oriented protocols like TCP have a proscribed handshaking procedure when launching a connection. When benchmarking firewall performance, it is import to identify this handshaking procedure so that it is not included in measurements of bit forwarding rate or UOTs per second. Testers may also be interested in measurements of connection establishment time through or with a given DUT/SUT. [RFC2647] (see also identify, protocols, security association, test, connection, establishment)

connection establishment time

The length of time needed for two hosts, or a host and the DUT/SUT, to agree to set up a connection using a known protocol. Each connection-oriented protocol has its own defined mechanisms for setting up a connection. For purposes of benchmarking firewall performance, this shall be the interval between receipt of the first bit of the first octet of the packet carrying a connection establishment request on a DUT/SUT interface until transmission of the last bit of the last octet of the last packet of the connection setup traffic headed in the opposite direction. This definition applies only to connection-oriented protocols such as TCP. For connectionless protocols such as UDP, the notion of connection establishment time is not meaningful. [RFC2647] (see also interface, protocols, connection, establishment)

connection maintenance

The data exchanged between hosts, or between a host and the DUT/SUT, to ensure a connection is kept alive. Some implementations of TCP and other connection-oriented protocols use 'keep-alive' data to maintain a connection during periods where no user data is exchanged. When benchmarking firewall performance, it is useful to identify connection maintenance traffic as distinct from UOTs per second. Given that maintenance traffic may be characterized by short bursts at periodical intervals, it may not be possible to describe a steady-state forwarding rate for maintenance traffic. One possible approach is to identify the quantity of maintenance traffic, in bytes or bits, over a given interval, and divide through to derive a measurement of maintenance traffic forwarding rate. [RFC2647] (see also identify, protocols, users, connection)

connection overhead

The degradation in bit forwarding rate, if any, observed as a result of the addition of one connection between two hosts through the DUT/SUT, or the addition of one connection from a host to the DUT/SUT. The memory cost of connection establishment and maintenance is highly implementation-specific. This metric is intended to describe that cost in a method visible outside the firewall. It may also be desirable to invert this metric to show the performance improvement as a result of tearing down one connection. [RFC2647] (see also establishment, connection)

connection teardown

The data exchanged between hosts, or between a host and the DUT/SUT, to close a connection. Connection-oriented protocols like TCP follow a stated procedure when ending a connection. When benchmarking firewall performance, it is important to identify the teardown procedure so that it is not included in measurements of bit forwarding rate or UOTs per second. Testers may also be interested in measurements of connection teardown time through or with a given DUT/SUT. [RFC2647] (see also identify, protocols, test, connection)

connection teardown time

The length of time needed for two hosts, or a host and the DUT/SUT, to agree to tear down a connection using a known protocol. Each connection-oriented protocol has its own defined mechanisms for dropping a connection. For purposes of benchmarking firewall performance, this shall be the interval between receipt of the first bit of the first octet of the packet carrying a connection teardown request on a DUT/SUT interface until transmission of the last bit of the last octet of the last packet of the connection teardown traffic headed in the opposite direction. This definition applies only to connection-oriented protocols such as TCP. For connectionless protocols such as UDP, the notion of connection teardown time is not meaningful. [RFC2647] (see also interface, protocols, connection)

connectionless data integrity service

(I) A security service that provides data integrity service for an individual IP datagram, by detecting modification of the datagram, without regard to the ordering of the datagram in a stream of datagrams. (C) A connection-oriented data integrity service would be able to detect lost or reordered datagrams within a stream of datagrams. [RFC2828] (see also security, connection, integrity)

connectivity

The property of the TOE which allows interaction with IT entities external to the TOE. This includes exchange of data by wire or by wireless means, over any distance in any environment or configuration. [CC2][CC21][SC27] Word that indicates the connection of two systems regardless of the method used physical connection. [DSS] (see also connection, property, target of evaluation)

consequence

The effect of an event, incident, or occurrence. For the purposes of the NIPP, consequences are divided into four main categories: public health and safety, economic, psychological, and governance impacts. [NIPP]

consequence management

Includes measures to protect public health and safety, restore essential government services, and provide emergency relief to governments, businesses, and individuals affected by the consequences of terrorism. The laws of the United States assign primary authority to the States to respond to the consequences of terrorism; the Federal Government provides assistance as required. [CIAO] (see also risk management)

consignee

Person, firm, or Government activity named as receiver of a shipment; one to whom a shipment is consigned. [DSS]

consignor

Person, firm, or Government activity by which articles are shipped. The consignor is usually the shipper. [DSS] (see also shipper)

consistency

The degree of uniformity, standardization, and freedom from contradiction among the documents or parts of system or component. [IEEE610] (see also standard, system, database management system)

console

A program that provides user and administrator interfaces to an intrusion detection and prevention system. [800-94] (see also interface, intrusion, intrusion detection, program, system, users)

console logon

Accessing IT from the computer operator's system control console. Console logons are generally granted privileged user status. [NASA] (see also access, computer, control, privileged, system, users, logon)

console logs

Important system events that are recorded and printed at the system control console Handwritten journals of important events kept by the computer operator [NASA] (see also computer, control, system, audit trail)

constant surveillance service (CSS)

Transportation protective service provided by a commercial carrier qualified by Surface Deployment and Distribution Command to transport CONFIDENTIAL shipments. The service requires constant surveillance of the shipment at all times by a qualified carrier representative; however, a Facility Security Clearance is not required for the carrier. The carrier providing the service must maintain a signature and tally record for the shipment. [DSS] (see also security)

construction

The process of creating a Target of Evaluation. [AJP][ITSEC] (see also process, target, target of evaluation)

construction of TOE requirements

An intermediate combination of components is a package. The package permits the expression of a set of requirements which meet an identifiable subset of security objectives. A package is intended to be reusable and to define requirements which are known to be useful and effective in meeting the identified objectives. A package may be used in the construction of larger packages, PPs, and STs. [CC1] (see also object, security, requirements, target of evaluation) (includes component, security target)

construction surveillance technician

Citizen of the United States, who is at least 18 years of age, cleared at the TOP SECRET level, experience in construction and trained in accordance with the Construction Surveillance Technician Field Guidebook to ensure the security integrity of a site. [DSS] (see also security)

constructive cost model (COCOMO)

(see also business process)

consumers

Individuals or groups responsible for specifying requirements for IT product security (e.g. policy makers and regulatory officials, system architects, integrators, acquisition managers, product purchasers, and end-users). [AJP][FCv1] (see also policy, requirements, security, system, users)

contact interface

A chip card that allows interface through a contact. A contact is an electrical connecting surface on an ICC and/or interfacing device that permits a flow of energy current, thereby transmission of data. [GSA] (see also flow, interface)

contactless interface

An ICC that enables energy to flow between the card and the interfacing device without the use of contact. Instead, induction of high-frequency transmission techniques is used through a radio frequency (RF) interface. [GSA] (see also flow, interface)

contactless smart card

A smart card that can exchange information with a card reader without coming in physical contact with the reader. Contactless smart cards use 13.56 megahertz radio frequency transmissions to exchange information with card readers. [GAO] (see also information, smartcards)

container

The file used by a virtual disk encryption technology to encompass and protect other files. [SP 800-111] (see also encryption, file, technology)

contamination

The intermixing of data at different sensitivity and need-to-know levels. The lower level data is said to be contaminated by the higher level data; thus, the contaminating (higher level) data may not receive the required level of protection. [AJP][NCSC/TG004] Type of incident involving the introduction of data of one security classification or security category into data of a lower security classification or different security category. [CNSSI][CNSSI-4009] (see also classified, fetch protection, file protection, incident, risk)

content filtering

The process of monitoring communications such as email and Web pages, analyzing them for suspicious content, and preventing the delivery of suspicious content to users. [SP 800-114] (see also communications, process, users)

context-dependent access control

Access control in which access is determined by the specific circumstances under which the data is being accessed. [AJP][TDI] (see also access, control)

continental united states

U.S. territory, including adjacent territorial waters, located within the North American continent between Canada and Mexico. [DSS]

contingency key

Key held for use under specific operational conditions or in support of specific contingency plans. [CNSSI] Key held for use under specific operational conditions or in support of specific contingency plans. See Reserve Keying Material. [CNSSI-4009] (see also operation, key)

contingency plan

(I) A plan for emergency response, backup operations, and post-disaster recovery in a system as part of a security program to ensure availability of critical system resources and facilitate continuity of operations in a crisis. [RFC2828] A plan for emergency response, backup operations, and post-disaster recovery maintained by an activity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation. [AFSEC][AJP][NCSC/TG004] A plan for emergency response, backup operations, and post-disaster recovery; created, maintained, and tested as part of the IT security planning process that will ensure availability of critical resources and facilitate continued processing in an emergency situation [NASA] A plan for responding to the loss or failure of a system. The plan describes the necessary steps to take in order to ensure the continuity of core business processes. It includes emergency response, backup operations, and post-disaster recovery. Synonymous with disaster plan and emergency plan. [SRV] Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the Continuity of Operations Plan (COOP) or Disaster Recovery Plan for major disruptions. [CNSSI-4009] Plan maintained for emergency response, backup operations, and post-disaster recovery for an IS, to ensure availability of critical resources and facilitate the continuity of operations in an emergency. [CIAO] Plan maintained for emergency response, backup operations, and post-disaster recovery for an information system, to ensure availability of critical resources and facilitate the continuity of operations in an emergency situation. [DSS] (see also IT security, backup, business process, critical, failure, management, operation, process, program, recovery, resource, response, risk, security, system, test, contingency planning) (includes back up vs. backup, backup generations, backup operations, backup plan, disaster plan, disaster recovery, disaster recovery plan, emergency plan, recovery procedures, redundancy)

contingency planning

A family of security controls in the operations class dealing with emergency response, backup operations, and post-disaster recovery for an IT system, to ensure the availability of critical resources and to facilitate the continuity of operations in an emergency situation. [800-37] (see also backup, control, critical, operation, recovery, resource, response, system, availability) (includes contingency plan)

continuity of operations

The steps taken by the line manager to assure that reasonable data processing support can be provided should events occur that prevent normal operations [NASA] (see also process, availability, operation)

continuity of operations plan

(COOP) A predetermined set of instructions or procedures that describe how an organization's mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations. [SP 800-34] Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The COOP is the third plan needed by the enterprise risk managers and is used when the enterprise must recover (often at an alternate site) for a specified period of time. Defines the activities of individual departments and agencies and their sub-components to ensure that their essential functions are performed. This includes plans and procedures that delineate essential functions; specifies succession to office and the emergency delegation of authority; provide for the safekeeping of vital records and databases; identify alternate operating facilities; provide for interoperable communications, and validate the capability through tests, training, and exercises. See also Disaster Recovery Plan and Contingency Plan. [CNSSI-4009] Plan for continuing an organization's (usually a headquarters element) essential functions at an alternate site and performing those functions for the duration of an event with little or no loss of continuity before returning to normal operations. [CNSSI] (see also damage, function, management, risk, operation)

continuity of services and operations

Controls to ensure that, when unexpected events occur, departmental / agency MEI services and operations, including computer operations, continue without interruption or are promptly resumed and critical and sensitive data are protected through adequate contingency and business recovery plans and exercises. [CIAO] (see also business process, computer, control, critical, minimum essential infrastructure, recovery, operation, risk management)

continuous monitoring

Maintaining ongoing awareness to support organizational risk decisions. [SP 800-137] The process implemented to maintain a current security status for one or more information systems or for the entire suite of information systems on which the operational mission of the enterprise depends. The process includes: 1) The development of a strategy to regularly evaluate selected IA controls/metrics, 2) Recording and evaluating IA relevant events and the effectiveness of the enterprise in dealing with those events, 3) Recording changes to IA controls, or changes that affect IA risks, and 4) Publishing the current security status to enable information-sharing decisions involving the enterprise. [CNSSI-4009] (see also control, development, risk, security)

continuous operation

This condition exists when a Special Access Program Facility is staffed 24 hours a day. [DSS] (see also access)

continuous process

A process that operates on the basis of continuous flow, as opposed to batch, intermittent, or sequenced operations. [800-82] (see also flow, operation, process)

continuous process improvement

An ongoing effort to incrementally improve how products and services are provided and internal operations are conduced. [SRV] (see also operation, process, quality)

continuous sensitive compartmented information facility operation

Staffing a Sensitive Compartmented Information Facility that is staffed and operated 24 hours a day. [DSS]

continuous signature service (CSS)

(see also signature)

contract

An agreement between two or more legally competent parties, in the proper form, on a legal subject matter or purpose, for a legal consideration. [SRV] (see also subject)

contracting officer

Government official, who in accordance with departmental or agency procedures, designated as a contracting officer with the authority to enter into and administer contracts, and make determination and finding with respect thereto, or any part of such authority. The term also includes the designated representative of the contracting officer acting within the limits of his or her authority. [DSS]

contracting officer representative (COR)

contractor

Industrial, educational, commercial, or other entity granted a Facility Security Clearance by a Cognizant Security Agency. [DSS] (see also security)

contractor special security officer (CSSO)

Individual appointed in writing by a Cognizant Security Authority who is responsible for all aspects of Sensitive Compartmented Information security at a U.S. Government contractor facility. [DSS] (see also information security, security)

contractor/command program manager

Contractor-designated individual who has overall responsibility for all aspects of a program. [DSS]

contractor/command program security officer

Individual appointed by the contractor who performs the security duties and functions for Special Access Programs. [DSS] (see also access, security)

control

Authority of the agency that originates information, or its successor in function, to regulate access to the information. [DSS] In the context of information technology security, the term 'control' is normally considered to be synonymous with 'safeguard'. [SC27] (see also Automated Information System security, Bell-LaPadula security model, British Standard 7799, C2-protect, CCI assembly, CCI component, CCI equipment, COMSEC account, COMSEC system data, Clark Wilson integrity model, Common Criteria for Information Technology Security, Defense Information Infrastructure, IA product, IT security database, IT security policy, Identification Protocol, International Traffic in Arms Regulations, KMI operating account, MAC algorithm key, PIV issuer, POSIX, RED signal, SSO PIN, TCB subset, TEMPEST, Trusted Computer System Evaluation Criteria, U.S. person, Wassenaar Arrangement, abend, acceptable level of risk, acceptable risk, acceptance procedure, access, access control lists, access mediation, access with limited privileges, accountability, accounting legend code, accounting number, accreditation, accreditation disapproval, accreditation range, acquisition, acquisition strategy, active wiretapping, adequate security, agency, alarm surveillance, allocation, anonymous login, application, application generator, application proxy, approval/accreditation, assessment objective, assurance, attack, audit, audit/review, authentication, authentication protocol, authority, authorization, authorization (to operate), authorize processing, automated information system, automated security monitoring, availability service, backdoor, baseline, baseline configuration, baseline security, block cipher key, body of evidence, bot-network operators, boundary host, boundary protection, boundary protection device, breach, buffer overflow, business impact analysis, centralized authorization, centralized operations, certificate policy, certificate user, certification, certification agent or certifier, certification analyst, certification phase, chain of evidence, challenge-response protocol, chemical warfare, circuit proxy, closed security environment, cloud computing, commodity service, communications, communications security, compartment, compartmentalization, component, component reference monitor, compromise, compromised key list, computer security, configuration management, connection, console logon, console logs, contingency planning, continuity of services and operations, continuous monitoring, cookies, cost/benefit estimate, countermeasures, covert channel, credentials, critical elements, cross domain solution, cryptographic key, cryptographic system review, cryptographic token, cryptosystem review, cyberattack, cyberspace, cycle time, data historian, data management, database management system, decrypt, dedicated mode, dedicated security mode, default file protection, defense-in-depth, developer security, device distribution profile, digital watermarking, distributed database, distributed dataprocessing, disturbance, documentation, domain, domain name system, due care, electronic warfare, electronic warfare support, embedded cryptographic system, embedded system, enclave, encryption, encryption algorithm, entity-wide security, examine, exploitation, extensible, external network, fieldbus, filtering router, firewall, flaw hypothesis methodology, formal security policy model, formulary, full accreditation, general support system, granularity, handler, hardware and system software maintenance, hash token, high assurance guard, hijack attack, host to front-end protocol, human-machine interface, identification and authentication, incident response capability, independent assessment, independent validation authority, information, information assurance product, information category, information management, information owner, information security, information security program plan, information security testing, information sharing environment, information steward, information system, information systems security equipment modification, information technology, inspectable space, intellectual property, intelligent electronic device, interconnection security agreements, interface testing, interference, interim accreditation action plan, internal network, internet, internet protocol, internet protocol security, interview, isolation, kerberos, key, key management, key management infrastructure, key stream, key-escrow system, labeled security protections, lattice model, levels of concern, light tower, line conditioning, line conduction, local-area network, logical access, logical completeness measure, login, malicious logic, manipulated variable, media library, media protection, misappropriation, modes of operation, multi-releasable, national security information, national security system, naval coastal warfare, network, network administrator, network analyzer, network component, network connection, network management, network reference monitor, network security, non-repudiation, noncomputing security methods, object, official information, open security environment, operating system, operations security, optional modification, packet, packet filter, packet filtering, packet switching, pagejacking, password protected, penetration study, perimeter-based security, permissions, personnel security, photo eye, physical and environmental protection, physical security, physically isolated network, point-to-point tunneling protocol, policy, pre-certification phase, pressure regulator, privacy, privileged command, privileged instructions, privileged user, probe, procedural security, proof of possession protocol, protected distribution systems, protected network, protection philosophy, protection-critical portions of the TCB, protocol data unit, protocols, proximity, proxy server, public-key certificate, public-key infrastructure, random number generator, reference monitor, reference monitor concept, remote access, repair action, replay attacks, residual risk, restricted area, risk assessment, risk management, risk mitigation, risk reduction analysis, rule-based security policy, ruleset, safeguarding statement, safety, salt, sandboxed environment, sandboxing, scoping guidance, secure configuration management, secure operating system, secure subsystem, security, security attribute, security audit, security awareness, training, and education, security breach, security certification level, security kernel, security label, security management, security management infrastructure, security perimeter, security plan, security program plan, security safeguards, security service, security test & evaluation, security violation, security-relevant event, segregation of duties, sensitive compartmented information, sensitive information, sensitivity label, servo valve, session hijack attack, set point, short title, signaling, simple network management protocol, software library, software-based fault isolation, special access program, split knowledge, spoofing, stateful packet filtering, superuser, surrogate access, system, system administrator, system and data integrity, system development and acquisition, system interconnection, system of records, system security plan, system software, systems software, tailoring, tamper, technical security policy, technological attack, technology, terminal hijacking, test, thermostat, threat shifting, ticket, token authenticator, token management, tokens, topical areas, trace packet, transmission security, trapdoor, under sea warfare, unprotected network, user PIN, user data protocol, users, usurpation, verification, verification techniques, verifier, virtual private network, vulnerability, vulnerability assessment, wireless device) (includes COMSEC Material Control System, COMSEC control program, IT security controls, Office of Foreign Assets Control, TSF scope of control, Terminal Access Controller Access Control System, U.S.-controlled facility, U.S.-controlled space, access control, access control center, access control mechanisms, access control officer, access control service, application controls, areas of control, attribute-based access control, automatic key distribution/rekeying control unit, baseline controls, change control and lifecycle management, circuit control officer, cluster controller, command and control, command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, common control, common control provider, compensating security controls, computer related controls, concurrency control, configuration control, configuration control board, context-dependent access control, control algorithm, control center, control class, control family, control identification list, control information, control loop, control network, control objectives, control objectives for information and related technology, control server, control systems, control zone, controlled access area, controlled access protection, controlled area, controlled cryptographic item, controlled interface, controlled security mode, controlled sharing, controlled space, controlled variable, controller, controlling authority, criteria of control, cryptonet control station, data control language, data flow control, design controlled spare parts, discretionary access control, distributed control system, domain controller, dual control, emergency shutdown controls, entry control, environmentally controlled area, external security controls, failure control, firewall control proxy, foreign owned, controlled or influenced, general controls, global command and control system, hybrid security control, identity based access control, industrial control system, information flow control, information systems audit and control association, information systems audit and control foundation, interface control document, interface control unit, internal control questionnaire, internal security controls, internet control message protocol, key control, logical access control, machine controller, management control processes, management controls, management security controls, mandatory access control, master control switch, media access control address, modification/configuration control board, motion control network, net control station, network access control, non-discretionary access control, nuclear command and control document, operational controls, partition rule base access control, physical access control, physical controls, point of control and observation, policy-based access control, positive control material, procedural controls, process controller, programmable logic controller, quality assurance/control, quality control, questions on controls, redundant control server, risk-adaptable access control, role-based access control, routing control, security control assessment, security control assessor, security control baseline, security control effectiveness, security control enhancements, security control inheritance, security controls, security net control station, single loop controller, statistical process control, supervisory control, supervisory control and data acquisition, system-specific security control, tailored security control baseline, technical controls, technical security controls, transfers outside TSF control, transmission control protocol, transmission control protocol/internet protocol, two-person control, zone of control)

control algorithm

A mathematical representation of the control action to be performed. [800-82] (see also algorithm, control)

control center

An equipment structure or group of structures from which a process is measured, controlled, and/or monitored. [800-82] (see also process, control)

control class

A grouping of security controls, organized by control families, that all fall under the same broad category. For example, there are three general classes of security controls, (i.e. management, operational, and technical) in NIST Special Publications 800-18, 800-37, and 800-53. [800-37] (see also operation, security, control)

control family

A grouping of security controls that fall under the same more specific category, which are often interrelated and interdependent, and which should be considered as a group. [800-37] (see also security, control)

control identification list

A list of all of the security controls that should be added to the security plan and implemented based on the criticality/sensitivity needs identified by the agency. [800-37] (see also critical, security, control, identification)

control information

Information that is entered into a cryptographic module for the purposes of directing the operation of the module. [FIPS 140-2] information that is entered into a cryptographic module for the purposes of directing the operation of the module. [FIPS140] (see also cryptographic, module, operation, control, cryptographic module, information)

control loop

A combination of field devices and control functions arranged so that a control variable is compared to a set point and returns to the process in the form of a manipulated variable. [800-82] (see also function, process, control)

control network

Those networks of an enterprise typically connected to equipment that controls physical processes and that is time or safety critical. The control network can be subdivided into zones, and there can be multiple separate control networks within one enterprise and site. [800-82] (see also critical, process, control, network)

control objectives

A statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity. [CIAO] Required result of protecting information within an IT product and its immediate environment. [AJP][FCv1] (see also information, control, object, risk management)

control objectives for information and related technology (COBIT)

(see also control, information, object, technology)

control server

A server that hosts the supervisory control system, typically a commercially available application for DCS or SCADA system. [800-82] (see also application, control systems, system, control)

control systems

A system in which deliberate guidance or manipulation is used to achieve a prescribed value for a variable. Control systems include SCADA, DCS, PLCs and other types of industrial measurement and control systems. [800-82] Computer-based systems used within many infrastructure and industries to monitor and control sensitive processes and physical functions. These systems typically collect measurement and operational data from the field, process and display the information, and relay control commands to local or remote equipment or human-machine interfaces (operators). Examples of types of control systems include SCADA systems, Process Control Systems, and Distributed Control Systems. [NIPP] (see also COMSEC material, acceptance procedure, accounting legend code, control server, controlled variable, cookies, login, machine controller, national security information, physical access control, programmable logic controller, salt, sensitive compartmented information, control, system) (includes COMSEC Material Control System, Terminal Access Controller Access Control System, distributed control system, global command and control system, supervisory control and data acquisition)

control zone

The space, expressed in feet of radius, surrounding equipment processing sensitive information, that is under sufficient physical and technical control to preclude an unauthorized entry or compromise. [AJP][NCSC/TG004] (see also authorized, compromise, information, process, control, security)

controlled access area

An area where access is physically limited to authorized personnel. Access may be controlled by guards, cipher locks, electronic badge readers, and so forth. [NASA] Complete building or facility area under direct physical control that can include one or more limited exclusion areas; controlled BLACK equipment areas, or in any combination. [DSS] Physical area (e.g., building, room, etc.) to which only authorized personnel are granted unrestricted access. All other personnel are either escorted by authorized personnel or are under continuous surveillance. [CNSSI][CNSSI-4009] (see also authorized, cipher, entry control, access, control)

controlled access program coordination office

The Director of National Intelligence's focal point for issues dealing with the Controlled Access Program Oversight Committee and the Senior Review Group. [DSS] (see also intelligence, access)

controlled access program oversight committee

Forum supporting the Director of National Intelligence in the management of controlled access programs. This includes creation and continuation of controlled access programs including Sensitive Compartmented Information compartments and other Director of National Intelligence special access programs. It includes monitoring of these programs through performance audits and evaluations as necessary. [DSS] (see also audit, evaluation, intelligence, access)

controlled access programs

Director of National Intelligence-approved programs that protect national intelligence. They include: Sensitive Compartmented Information Compartments that protect national intelligence concerning or derived from intelligence sources, methods, or analytical processes Special Access Programs Pertaining to intelligence activities (including special activities, but excluding military, operational, strategic and tactical programs) and intelligence sources and methods Restricted Collateral Information Other than Sensitive Compartmented Information and Special Access Programs that imposes controls governing access to national intelligence or control procedures beyond those normally provided for access to CONFIDENTIAL, SECRET, or TOP SECRET information, and for which funding is specifically identified [DSS] (see also intelligence, security clearance, access)

controlled access protection

Minimum set of security functionality that enforces access control on individual users and makes them accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation. [CNSSI][CNSSI-4009] The ability of IT to control by electronic means the circumstances under which users have access to its resources [NASA] (see also assurance, audit, evaluation, function, resource, security, trust, users, access, control)

controlled area

Any area or space for which the organization has confidence that the physical and procedural protections provided are sufficient to meet the requirements established for protecting the information and/or information system. [SP 800-53] (see also requirements, control)

controlled area/compound

Area to which entry is subject to restrictions or control for security reasons. [DSS] (see also security, subject)

controlled building

Building to which entry is subject to restrictions or control for security reasons. [DSS] (see also security, subject)

controlled cryptographic item (CCI)

(CCI) Secure telecommunications or information system, or associated cryptographic component, that is unclassified and handled through the COMSEC Material Control System (CMCS), an equivalent material control system, or a combination of the two that provides accountability and visibility. Such items are marked .Controlled Cryptographic Item,. or, where space is limited, 'CCI'. [CNSSI-4009] Secure telecommunications device, or information handling equipment ancillary device, or associated cryptographic component, that is unclassified but controlled. Equipment and components so designed bear the designator 'Controlled Cryptographic Item. [DSS] Secure telecommunications or information handling equipment, or associated cryptographic component, that is unclassified but governed by a special set of control requirements. Such items are marked 'CONTROLLED CRYPTOGRAPHIC ITEM' or, where space is limited, 'CCI.' [CNSSI] (see also classified, communications, information, requirements, telecommunications, control, cryptographic)

controlled information

Information and indicators deliberately conveyed or denied to foreign targets to evoke invalid official estimates that result in foreign official actions advantageous to U.S. interests and objectives. [DSS] (see also foreign, object, target)

controlled interface

A boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems. [CNSSI-4009; SP 800-37] Mechanism that facilitates adjudication of interconnected system security policies (for example, controlling the flow of information into or out of an interconnected system). [DSS] Mechanism that facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system). [CNSSI] (see also flow, information, security, system, control, interface)

controlled security mode

(D) ISDs SHOULD NOT use this term. It was defined in an earlier version of the U.S. Department of Defense policy that regulates system accreditation, but was subsumed by 'partitioned security mode' in the current version. (C) The term refers to a mode of operation of an information system, wherein at least some users with access to the system have neither a security clearance nor a need-to-know for all classified material contained in the system. However, separation and control of users and classified material on the basis, respectively, of clearance and classification level are not essentially under operating system control like they are in 'multilevel security mode'. (C) Controlled mode was intended to encourage ingenuity in meeting the security requirements of Defense policy in ways less restrictive than 'dedicated security mode' and 'system high security mode', but at a level of risk lower than that generally associated with the true 'multilevel security mode'. This was to be accomplished by implementation of explicit augmenting measures to reduce or remove a substantial measure of system software vulnerability together with specific limitation of the security clearance levels of users permitted concurrent access to the system. [RFC2828] (see also access, access control, accreditation, classification levels, classified, information, operation, policy, requirements, risk, software, system, users, version, vulnerability, control, multilevel security)

controlled sharing

The condition that exists when access control is applied to all users and components of a system. [AJP][NCSC/TG004] (see also access, system, access control, control)

controlled space

Three-dimensional space surrounding IS equipment, within which unauthorized individuals are denied unrestricted access and are either escorted by authorized individuals or are under continuous physical or electronic surveillance. [CNSSI] Three-dimensional space surrounding information system equipment, within which unauthorized individuals are denied unrestricted access and are either escorted by authorized individuals or are under continuous physical or electronic surveillance. [CNSSI-4009] (see also access, access control, authorized, control)

controlled unclassified information

Categorical designation that refers to unclassified information that does not meeting the standards for National Security Classification under Reference (e), but is pertinent to the national interests of the United States or to the important interests of entities outside the Federal Government and under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. The designation Controlled Unclassified Information replaces the term 'Sensitive But Unclassified.' [DSS] (see also authorized, classified)

controlled variable

The variable that the control system attempts to keep at the set point value. The set point may be constant or variable. [800-82] (see also control systems, system, control)

controller

A device or program that operates automatically to regulate a controlled variable. [800-82] (see also program, control)

controlling authority

Official responsible for directing the operation of a cryptonet and for managing the operational use and control of keying material assigned to the cryptonet. [CNSSI][CNSSI-4009] (see also cryptography, key, operation, authority, control)

conversion

Changing data and/or existing software into another format. [SRV] (see also software, version)

cookies

(I) access control usage: A synonym for 'capability' or 'ticket' in an access control system. (I) IPsec usage: Data exchanged by ISAKMP to prevent certain denial-of-service attacks during the establishment of a security association. (I) HTTP usage: Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. (C) An HTTP server, when sending data to a client, may send along cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections. A cookie may include a description of the range of URLs for which the state is valid. Future requests made by the client in that range will also send the current value of the cookie to the server. Cookies can be used to generate profiles of web usage habits, and thus may infringe on personal privacy. [RFC2828] A message given by a Web server to a Web browser, stored by the Web browser, and returned to the Web server when requested. [FFIEC] A piece of state information supplied by a Web server to a browser, in a response for a requested resource, for the browser to store temporarily and return to the server on any subsequent visits or requests. [SP 800-28] A small data file that holds information regarding the use of a particular Web site. [800-83] Cookies register information about a visit to a web site for future use by the server. A server may receive information of cookies of other sites as well which create concern in terms of breach of privacy. [RFC2504] Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. [CNSSI-4009] (see also access, application, association, attack, connection, control, control systems, denial-of-service, establishment, file, information, internet, internet protocol security, internet security protocol, message, privacy, profile, system, world wide web, access control)

cooperative key generation (CKG)

Electronically exchanging functions of locally generated, random components, from which both terminals of a secure circuit construct traffic encryption key or key encryption key for use on that circuit. [CNSSI] Electronically exchanging functions of locally generated, random components, from which both terminals of a secure circuit construct traffic encryption key or key encryption key for use on that circuit. See Per-Call Key. [CNSSI-4009] (see also encryption, function, random, key)

cooperative program personnel

Foreign government personnel, assigned to a program office hosted by a Department of Defense Component in accordance with the terms of a Cooperative Program International Agreement who report to and take direction from a Department of Defense-appointed program manager (or program manager equivalent) for the purpose of carrying out the cooperative project or program. Foreign government representatives described in such agreements as liaison officers or observers are not considered Cooperative Program Personnel but are treated as Foreign Liaison Officers. [DSS] (see also foreign)

cooperative remote rekeying

Synonymous with manual remote rekeying. [CNSSI][CNSSI-4009] (see also key, rekey)

coordinated universal time

(N) UTC is derived from International Atomic Time (TAI) by adding number of leap seconds. The International Bureau of Weights and Measures computes TAI once each month by averaging data from many laboratories. [RFC2828] (see also GeneralizedTime, UTCTime)

core or key process

- Business processes that are vital to the organization's success and survival. [SRV] (see also business process, key, process)

core secrets

Any item, process, strategy, or element of information, the compromise of which would result in unrecoverable failure. [DSS] (see also compromise)

corporate family

Corporation, its subsidiaries, divisions, and branch offices. [DSS]

corporate security policy

The set of laws, rules, and practices that regulate how assets including sensitive information are managed, protected, and distributed within a user organization. [AJP][ITSEC] (see also information, users, policy, security policy)

corporation

Legal entity governed by a set of by-laws and owned by its stockholders. [DSS]

correctness

(1) A property of a representation of a Target of Evaluation such that it accurately reflects the stated security target for that system or product. Correctness consists of determining if the description and implementation are consistent. There are levels of correctness that depend on the evidence requirements and the intensity of verification and analysis. (2) In security evaluation, the preservation of relevant properties between successive levels of representations. Examples of representations could be top-level functional specification, detailed design specification, and actual implementation. This is an aspect of assurance. (3) Correctness in the draft Federal Criteria equates to assurance in the European Information Technology Security Evaluation Criteria. Development and evaluation assurance constitute correctness criteria. Effectiveness is addressed in vetting of protection profiles. (4) The extent to which a program satisfies its specifications. [AJP] A property of a representation of a Target of Evaluation such that it accurately reflects the stated security target for that system or product. [ITSEC] In security evaluation, the preservation of relevant properties between successive levels of representations. Examples of representations could be: top-level functional specification, detailed design specification, actual implementation. An aspect of assurance. [JTC1/SC27] The degree to which software or its components is free from faults and/or meets specified requirements and/or user needs. [SRV] The extent to which a program satisfies its specifications. [TNI] (see also analysis, computer security, criteria, evidence, fault, file, function, information, profile, program, property, requirements, security target, software, system, target, technology, users, verification, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, integrity) (includes correctness integrity, correctness proof)

correctness integrity

(I) Accuracy and consistency of the information that data values represent, rather than of the data itself. Closely related to issues of accountability and error handling. [RFC2828] (see also information, correctness, integrity)

correctness proof

(I) A mathematical proof of consistency between a specification for system security and the implementation of that specification. [RFC2828] A mathematical proof of consistency between a specification and its implementation. [CNSSI][CNSSI-4009] (see also system, correctness, security)

corroborate

To strengthen, confirm, or make certain the substance of a statement through use of an independent, but not necessarily authoritative source. For example, the date and place of birth recorded in an official personnel file that could be used to corroborate the date and place of birth claimed on a Standard Form 86. [DSS] (see also validate)

corruption

A threat action that undesirably alters system operation by adversely modifying system functions or data. [RFC2828] (see also function, operation, system, threat consequence)

cost reimbursement contract

A contract that provides for payment of allowable incurred costs to the extent prescribed in the contract. [SRV] (see also business process)

cost-risk analysis

The assessment of the costs of providing data protection for a system versus the cost of losing or compromising the data. [AJP][NCSC/TG004][OVT] (see also assessment, compromise, cost/benefit analysis, system, analysis, business process, risk analysis)

cost/benefit

A criterion for comparing programs and alternatives when benefits can be valued in dollars. Also referred to as the benefit-cost ratio, that is a function of equivalent benefits and equivalent costs. [SRV] (see also cost/benefit analysis, cost/benefit estimate, function, program, analysis, business process)

cost/benefit analysis

A technique to compare the various costs associated with an investment with the benefits that it proposes to return. Both tangible and intangible factors should be addressed and accounted for. [SRV] Part of the management decision-making process in which the costs and benefits of each countermeasure alternative are compared and the most appropriate alternative is selected. Costs include the price paid for tangible materials and the ongoing operational costs associated with implementing the countermeasures. Benefits are expressed in terms of the amount of risk reduction based on the overall effectiveness of the countermeasure with respect to the assessed vulnerabilities. [GAO] (see also cost-risk analysis, cost/benefit, countermeasures, operation, process, risk, risk management, vulnerability, analysis, business process)

cost/benefit estimate

The process of comparing estimated cost to estimated benefit to determine economic feasibility. If the estimated benefit of the control is greater than its estimated cost, the control is considered to be cost effective and economically feasible. [NASA] (see also control, cost/benefit, process, analysis)

COTS software

Commercial off-the-shelf - Software acquired by government contract through a commercial vendor. This software is a standard product, not developed by a vendor for a particular government project. [NSAINT][OVT] (see also commercial off-the-shelf software, mass-market software, standard, commercial-off-the-shelf, software)

counter

A bit array of length n bits that is used in the Counter Mode; its value when considered as the binary representation of an integer increases by one (modulo 2ⁿ) after each block of plaintext is processed. [SC27] (see also process)

counterintelligence

Information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities. [800-60] Phase of intelligence covering activity designed to neutralize the effectiveness of adversary intelligence collection activities. Those activities concerned with identifying and counteracting the security threat posed by hostile intelligence services, organizations, or by individuals engaged in espionage, sabotage, subversion, or terrorism. [DSS] (see also adversary, countermeasures, foreign, information, security, threat, intelligence)

counterintelligence assessment

A Department of Defense Component's comprehensive analysis or study of a relevant Counterintelligence topic, event, situation, issue, or development. Counterintelligence assessments require exhaustive amounts of research, and the production timeline can range from days to months. When conducted in support of a Research, Development, and Acquisition program with Critical Program Information, the assessment describes the threat a foreign entity (such as person, representative, corporation, government, military, or commercial) represents to the Critical Program Information/system assessed. The assessment is multidisciplinary, as it includes an analysis of the diverse foreign collection modalities available, the relative effectiveness of each, and capability of the foreign entity to collect information about research efforts, the technology, and/or system under development. The assessment may include the impact to the Department of Defense if the technology is compromised and be complimentary to, integrated with, or independent of the Technology Targeting Risk Assessment provided by the Defense Intelligence Community. [DSS] (see also analysis, compromise, critical, foreign, risk, target, threat, assessment, intelligence)

countermeasures

(I) An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. (C) In an Internet protocol, a countermeasure may take the form of protocol feature, an element function, or a usage constraint. [RFC2828] A specific technique, product or procedure that is implemented to subvert or remedy the effects of an attack or attack scenario. [IATF] Action, device, procedure, technique, or other measure that reduces the vulnerability of an IS. [CNSSI] Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security. [AFSEC][NSAINT] Actions, devices, procedures, or techniques that meet or oppose (i.e. counters) a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. [CNSSI-4009] Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards. [SP 800-53; SP 800-37; FIPS 200] Any action taken or physical equipment used principally to reduce or eliminate one or more vulnerabilities. The cost of a countermeasure is usually expressed in monetary terms but may include nonmonetary costs such as reduced operational effectiveness, unfavorable working conditions, adverse publicity and political consequences. [GAO] Any action, device, procedure, technique, or other measure that reduces the vulnerability of a system, such as an AIS. [AJP][FCv1] Any action, device, procedure, technique, or other measure that reduces the vulnerability of a threat to a system. [NCSC/TG004][SRV] Employing devices and/or techniques that has as its objective the impairment of the operational effectiveness of an adversary's activity. Countermeasures may include anything that effectively negates an adversary's ability to exploit vulnerabilities. [DSS] (see also acceptable level of risk, adversary, alarm, analysis, anomaly detection, antivirus software, antivirus tools, asset, attack, benign, benign environment, checksum, compensating security controls, control, cost/benefit analysis, counterintelligence, firewall, function, information, information systems security engineering, internet, intrusion detection, intrusion prevention, key, layered solution, level of protection, management controls, object, operation, operational controls, operations security, operations security process, physical security, protective distribution system, protocols, residual risk, risk analysis, risk assessment, robustness, security audit, security controls, security safeguards, security software, security testing, system, system security authorization agreement, technical controls, technology, threat analysis, threat assessment, virus definitions, vulnerability, vulnerability assessment, work factor, risk management, threat) (includes electronic counter-countermeasures, electronic countermeasures, non-technical countermeasure, security countermeasures, technical countermeasures, technical surveillance countermeasures, technical surveillance countermeasures inspection, technical surveillance countermeasures surveys and evaluations)

country code

(I) An identifier that is defined for a nation by ISO. (C) For each nation, ISO Standard 3166 defines a unique two-character alphabetic code, a unique three-character alphabetic code, and a three-digit code. Among many uses of these codes, the two-character codes are used as top-level domain names. [RFC2828] (see also domain, standard, code)

courier

Cleared employee whose principal duty is to transmit classified material to its destination. The classified material remains in the personal possession of the courier except for authorized overnight storage. [DSS] (see also authorized, classified)

cover

Protective action taken to mask or conceal an operation or activity from an adversary. [DSS] (see also adversary)

cover-coding

A technique to reduce the risks of eavesdropping by obscuring the information that is transmitted. [SP 800-98] (see also information, risk)

coverage

An attribute associated with an assessment method that addresses the scope or breadth of the assessment objects included in the assessment (e.g., types of objects to be assessed and the number of objects to be assessed by type). The values for the coverage attribute, hierarchically from less coverage to more coverage, are basic, focused, and comprehensive. [SP 800-53A] Any metric of completeness with respect to a test selection criterion. Without qualification, usually means branch or statement coverage. [OVT] (see also test)

covert

unintended, concealed, secret and/or unauthorized [misc] (see also RED team, bandwidth, confinement channel, espionage, exploitable channel, flooding, leakage, malware, overt channel, rootkit, sniffer) (includes covert channel, covert channel analysis, covert operation, covert storage channel, covert testing, covert timing channel)

covert channel

(1) A communication channel that allows a process to transfer information in a manner that violates the systems security policy. A covert channel typically communicates by exploiting a mechanism not intended to be used for communication. (2) The use of a mechanism not intended for communication to transfer information in a way that violates security. (3) Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an AIS security policy. [AJP] (I) A intra-system channel that permits two cooperating entities, without exceeding their access authorizations, to transfer information in a way that violates the systems security policy. (O) 'A communications channel that allows two cooperating processes to transfer information in a manner that violates the systems security policy.' (C) The cooperating entities can be either two insiders or an insider and an outsider. Of course, an outsider has no access authorization at all. A covert channel is a system feature that the system architects neither designed nor intended for information transfer:

'Timing channel': A system feature that enable one system entity to signal information to another process by modulating its own use of a system resource in such a way as to affect system response time observed by the second entity.
'Storage channel': A system feature that enables one system entity to signal information to another entity by directly or indirectly writing a storage location that is later directly or indirectly read by the second entity.

[RFC2828] A communication channel that allows a process to transfer information in a manner that violates the systems security policy. [TCSEC] A communications channel that allows a process to transfer information in a manner that violates the systems security policy. A covert channel typically communicates by exploiting a mechanism not intended to be used for communication. [TNI] A communications channel that allows two cooperating processes to transfer information in a manner that violates a security policy, but without violating the access control. [SRV] A communications channel that allows two cooperating processes to transfer information in a manner that violates the systems security policy. [AFSEC][NCSC/TG004] An unauthorized communication path that manipulates a communications medium in an unexpected, unconventional, or unforeseen way in order to transmit information without detection by anyone other than the entities operating the covert channel. [CNSSI-4009] Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy. [IATF] The use of a mechanism not intended for communication to transfer information in a way which violates security. [ITSEC] Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an AIS security policy. [CNSSI][FCv1] (see also overt channel, security-compliant channel, access, access control, authorization, authorized, communications, computer security, confinement channel, control, entity, exploit, information, insider, policy, process, resource, response, security, system, channel, covert, exploitable channel) (includes covert storage channel, covert timing channel)

covert channel analysis

Determination of the extent to which the security policy model and subsequent lower-level program descriptions may allow unauthorized access to information. [CNSSI][CNSSI-4009] (see also access, access control, authorized, information, policy, program, security, unauthorized access, analysis, covert)

covert operation

Operation that is so planned and executed as to conceal the identity of, or permit plausible denial by, the sponsor. A covert operation differs from a clandestine operation in that emphasis is placed on concealment of the identity of the sponsor rather than on concealment of the operation. Synonymous with law enforcement's undercover operation. [DSS] (see also clandestine operation, identity, covert)

covert storage channel

A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g. sectors on a disk) that is shared by two subjects at different security levels. [AJP][FCv1][NCSC/TG004][TCSEC][TNI] Covert channel involving the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. [CNSSI][CNSSI-4009] (see also process, resource, security, channel, covert, covert channel) (includes subject)

covert testing

Testing performed using covert methods and without the knowledge of the organization's IT staff, but with the full knowledge and permission of upper management. [SP 800-115] (see also management, covert, test)

covert timing channel

(1) A covert channel by which a process signals information to another process by modulating its own use of system resources (e.g. CPU time) in such a way that this manipulation affects the real response time observed by the second process. (2) A communications channel that allows two cooperating processes to transfer information in a manner that violates the systems security policy. [AJP] A covert channel in which one process signals information to another process by modulating its own use of system resources (e.g. CPU time) in such a way that this manipulation affects the real response time observed by the second process. [FCv1][NCSC/TG004][TCSEC][TNI] Covert channel in which one process signals information to another process by modulating its own use of system resources (e.g., central processing unit time) in such a way that this manipulation affects the real response time observed by the second process. [CNSSI][CNSSI-4009] (see also communications, confinement channel, information, policy, process, resource, response, security, system, channel, covert, covert channel)

CPU time

The amount of time that a job or transaction uses a central processing unit (CPU) to complete processing. [SRV] (see also process, automated information system)

crack

A popular hacking tool used to crack passwords. System administrators also use Crack to assess weak passwords by novice users in order to better secure his/her system. [AFSEC] A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of the AIS. [NSAINT] (see also code, cryptography, passwords, security, system, users, threat) (includes crack root, cracker, cracking)

crack root

To defeat the security system of a UNIX machine and gain root system privileges thereby. [AFSEC] (see also security, system, crack)

cracker

(I) Someone who tries to break the security of, and gain access to, someone else's system without being invited to do so. [RFC2828] A cracker is an individual who attempts to access computer systems without authorization. These individuals are often malicious, as opposed to hackers, and have many means at their disposal for breaking into a system. [RFC1983] One who breaks security on a system. A person who engages in computer and telecommunications intrusion. [AFSEC] One who breaks security on an AIS. [NSAINT] This term is used to describe attackers, intruders or other bad guys that do not play by the rules and try to circumvent security mechanisms and/or attack individuals and organisations. [RFC2504] a hacker-for-hire who breaks into computer systems to steal information. denial of service the result of hammering a web site's equipment with too many requests for information, effectively clogging the system and slowing performance or even crashing the site. [FJC] (see also access, access control, attack, authorization, communications, computer, information, intrusion, malicious, security, system, telecommunications, crack, hackers)

cracking

The act of breaking into a computer system. [AFSEC][NSAINT] (see also computer, system, crack)

crash

A sudden, usually drastic failure of a computer system. [AFSEC][NSAINT] The sudden and complete failure of a computer system or component. [OVT] (see also computer, failure, system, threat)

credential service provider

(CSP) A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use. [SP 800-63] (see also trust)

credentials

(I) Data that is transferred or presented to establish either a claimed identity or the authorizations of a system entity. (O) 'Data that is transferred to establish the claimed identity of an entity.' [RFC2828] A credential is the information one entity presents to another to authenticate the other's identity. [IATF] A credential is what one principal presents to another to authenticate itself. For mutual authentication, both parties exchange credentials. Credentials are issued by an authentication agent or a certification authority. Depending on the model for authentication, credentials may only be valid for a session, or they may have longer validity periods. Digital certificates are credentials that typically last for a year or two. Tickets are credentials that are only good for a session, which typically does not last more than several hours. [misc] An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. [SP 800-63] An object such as a smart card that identifies an individual as an official representative of a government agency. [GAO] An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person. [800-63] Certificate or document attesting to the truth of certain stated facts. [800-103] Evidence attesting to one's right to credit or authority. [FIPS 201] Evidence attesting to one's right to credit or authority; in this standard, it is the PIV Card and data elements associated with an individual that authoritatively binds an identity (and, optionally, additional attributes) to that individual. [GSA] Evidence or testimonials that support a claim of identity or assertion of an attribute and usually are intended to be used more than once. [CNSSI-4009] Information, passed from one entity to another, used to establish the sending entity's access rights. [CNSSI] (see also access, access control, authentication, authority, authorization, certificate, control, entity, evidence, identity, information, model, object, security testing, standard, system, test, certification authority) (includes digital certificate, identity credential, identity credential issuer, ticket)

credentials service provider

A trusted entity that issues or registers subscriber tokens and issues electronic credentials to subscribers. The CSP may encompass Registration Authorities and verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use. [800-63] (see also entity, registration, trust)

credit check

Information provided by credit bureaus or other reporting services to the credit history of the subject of a personnel security investigation. [DSS] (see also security, subject)

criminal

criminal activity

Conduct that is or may be a violation of a Federal or State criminal law, the Uniform Code of Military Justice, common law, and criminal laws of foreign countries that might embarrass or otherwise be of concern to the Department of Defense. Selective judgment should be exercised in determining what matters are to be reported based on such factors as the nature of the criminal act, the clearance level of the individual concerned, and an individual's relative position in the company. [DSS] (see also foreign, criminal)

criminal groups

Criminal groups seek to attack systems for monetary gain. Specifically, organized criminal groups use spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized criminal organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent. [GAO] (see also attack, entity, fraud, identity, system, theft, criminal, threat)

crisis management

Includes measures to identify, acquire, and plan the use of resources needed to anticipate, prevent, and/or resolve a threat or act of terrorism. The laws of the United States assign primary authority to the Federal Government to prevent and respond to acts of terrorism; State and local governments provide assistance as required. Crisis management is predominantly a law enforcement response. Based on the situation, a Federal crisis management response may be supported by technical operations, and by Federal consequence management, which may operate concurrently. [CIAO] (see also risk management)

criteria

criteria of control (CoCo)

(see also control, criteria)

critical

(I) 'Critical' system resource: A condition of a service or other system resource such that denial of access to (i.e. lack of availability of) that resource would jeopardize a system user's ability to perform a primary function or would result in other serious consequences. (N) 'Critical' extension: Each extension of an X.509 certificate (or CRL) is marked as being either critical or non-critical. If an extension is critical and a certificate user (or CRL user) does not recognize the extension type or does not implement its semantics, then the user is required to treat the certificate (or CRL) as invalid. If an extension is non-critical, user that does not recognize or implement that extension type is permitted to ignore the extension and process the rest of the certificate (or CRL). [RFC2828] (see also COMSEC boundary, Defense Security Service, Suite A, X.509, acceptable level of risk, access, access control, accesses, accreditation disapproval, advanced persistent threats, adversary, adversary collection methodology, alert, anti-tamper, attack, audit, authentication, automated security monitoring, availability, banking and finance, business process reengineering, capability, certificate, certificate policy, certificate validation, class 2, 3, 4, or 5, code amber, code red, compromise, contingency plan, contingency planning, continuity of services and operations, control identification list, control network, counterintelligence assessment, data owner, denial-of-service, destruction, disaster recovery plan, electrical power systems, emergency services, essential secrecy, firewall, function, gas and oil production, storage and transportation, hackers, hot site, incapacitation, information and communications, information security, infrastructure assurance, infrastructure protection, intent, interim accreditation action plan, legacy systems, letter of compelling need, levels of concern, line managers, mandatory access control, national computer security assessment program, national information infrastructure, national security system, natural disaster, network security, non-repudiation service, operations security, operations security indicator, operations security process, partnership, physical protection, physical security, process, protected information, public confidence, public-key infrastructure, reconstitution, remediation, resource, risk analysis, risk assessment, scenario, sector coordinator, sector liaison, security environment threat list, security label, security policy, security strength, semantics, sensitive activities, sensitive position, significant change, single loop controller, single scope background investigation - periodic reinvestigation, special access program, spoofing, system, system retention/backup, terrorists, threat, transportation, users, vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit, water supply system, world class organizations, risk) (includes Protected Critical Infrastructure Information (PCII), critical and sensitive information list, critical asset, critical design review, critical elements, critical financial markets, critical information, critical infrastructure information, critical infrastructures, critical mechanism, critical nuclear weapon design information, critical path method, critical program information, critical security parameters, critical system, critical system files, criticality, criticality assessment, criticality level, criticality/sensitivity, mission critical, mission critical system, protection-critical portions of the TCB, safety-critical software, security-critical mechanisms, technology critical)

critical and sensitive information list

Those areas, activities, functions, or other matters a facility/organization considers most important to keep from adversaries. [DSS] (see also critical, sensitive information)

critical asset

An asset that supports national security, national economic security, and/or crucial public health and safety activities. [CIAO] (see also security, vulnerability, critical)

critical design review

Formal review conducted on each configuration item when design is complete. A review determines that the design satisfies requirements, establishes detailed compatibility, assesses risk, and reviews preliminary product specifications. [DSS] (see also requirements, critical)

critical elements

Important security-related focus areas for the system with each critical element addressed by one or more security controls. [800-37] (see also control, security, system, critical)

critical financial markets

Financial markets whose operations are critical to the U.S. economy, including markets for fed funds, foreign exchange, commercial paper, and government, corporate, and mortgage-backed securities. [FFIEC] (see also foreign, operation, critical)

critical information

Specific facts about friendly (for example, the United States) intentions, capabilities, or activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for accomplishment of friendly objectives. [DSS] (see also object, critical)

critical infrastructure information

Information that is not customarily in the public domain and is related to the security of critical infrastructure or protected systems. CII consists of records and information concerning any of the following: . Actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computerbased attack or other similar conduct (including the misuse of or unauthorized access to all types of communications and data transmission systems) that violates Federal, State, or local law; harms the interstate commerce of the United States; or threatens public health or safety. . The ability of any critical infrastructure or protected system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation thereto, risk management planning, or risk audit. . Any planned or past operational problem or solution regarding critical infrastructure or protected systems, including repair, recovery, insurance, or continuity, to the extent that it is related to such interference, compromise, or incapacitation. [NIPP] (see also critical)

critical infrastructures

'Physical or cyber-based system essential to the minimum operations of the economy and government.' (PDD-63 definition) [CIAO] Certain national infrastructures so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. These critical infrastructures include telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services (including medical, police, fire, and rescue), and continuity of Government. [DSS] System and assets, whether physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. [Critical Infrastructures Protection Act of 2001, 42 U.S.C. 5195c(e)] [CNSSI][CNSSI-4009] Systems and assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction. [NIPP] Those systems and assets, both physical and cyber, so vital to the Nation that their incapacity or destruction would have a debilitating impact on national security, national economic security, and/or national public health and safety. [CIAO] (see also capability, cyberspace, destruction, government services, incapacitation, infrastructure assurance, natural disaster, operation, partnership, risk assessment, sector coordinator, sector liaison, system, critical, risk management) (includes banking and finance, code amber, code green, code red, electrical power systems, emergency services, gas and oil production, storage and transportation, information and communications, infrastructure protection, transportation, utility, water supply system)

critical mechanism

A mechanism within a Target of Evaluation whose failure would create a security weakness. [AJP][ITSEC] (see also failure, security, target, critical, target of evaluation)

critical nuclear weapon design information

TOP SECRET RESTRICTED DATA or SECRET RESTRICTED DATA revealing the theory of operation or design of the components of a thermo-nuclear or implosion-type fission bomb, warhead, demolition munitions or test device. Specifically excluded is information concerning arming, fusing, and firing systems; limited life components; and total contained quantities of fissionable and high explosive materials by type. Among these excluded items are the components that Department of Defense personnel set, maintain, operate, test, or replace. [DSS] (see also critical)

critical path method (CPM)

(see also critical)

critical program information

Information about the program, technologies, and/or systems that if compromised would degrade combat effectiveness or shorten the expected combat-effective life of the system. Access to this information could allow someone to kill, counter, or clone the acquisition system before or near scheduled deployment or force a major design change to maintain the same level of effectiveness. [DSS] (see also access, compromise, critical)

critical security parameters (CSP)

Security-related information (e.g. cryptographic keys, authentication data such as passwords and PINs) appearing in plaintext or otherwise unprotected form and whose disclosure or modification can compromise the security of a cryptographic module or the security of the information protected by the module. [SRV] Security-related information (e.g., secret and private cryptographic keys, and authentication data such as passwords and Personal Identification Numbers [PINs]) whose disclosure or modification can compromise the security of a cryptographic module. [FIPS 140-2; CNSSI-4009] security-related information (e.g. cryptographic keys, authentication data such as passwords and PINs) appearing in plaintext or otherwise unprotected form and whose disclosure or modification can compromise the security of a cryptographic module or the security of the information protected by the module. [FIPS140] (see also authentication, compromise, cryptographic, cryptography, information, key, module, passwords, critical, security policy)

critical system

An IT system that requires special attention to security because of the risk and magnitude of harm that would result from the loss, misuse, or unauthorized access to or modification of information in the system. Loss of a critical system would have a major, and in some cases catastrophic, impact on the Agency's mission. [NASA] (see also access, access control, authorized, information, security, critical, system) (includes critical system files)

critical system files

Files that are integral to the operating system, system security mechanisms, or key system services whose corruption would damage the integrity of the operating system and could damage the integrity of application software and data. [NASA] (see also application, damage, integrity, key, security, software, critical, critical system, file, system)

criticality

A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function. [SP 800-60] Refers to the incorrect behavior of a system. The more serious the expected direct and indirect effects of incorrect behavior, the higher the criticality level. [800-60] (see also function, information, system, threat, critical)

criticality assessment

Identifies and evaluates an entity's assets or operations on the basis of a variety of factors, including the importance of an asset or function and the significance of a system in terms of national security, economic activity, and public safety. A criticality assessment provides the basis for determining which assets require greater or special protection relative to finite resources. [GAO] (see also entity, function, operation, resource, risk assessment, security, system, assessment, critical)

criticality level

Refers to the (consequences of) incorrect behavior of a system. The more serious the expected direct and indirect effects of incorrect behavior, the higher the criticality level. [CNSSI-4009] (see also critical)

criticality/sensitivity

A measure of the importance and nature of the information processed, stored, and transmitted by the IT system to the organization's mission and day-to-day operations. [800-37] (see also information, operation, process, system, critical)

cross domain solution

A form of controlled interface that provides the ability to manually and/or automatically access and/or transfer information between different security domains. [CNSSI-4009; SP 800-37] Information assurance solution that provides the ability to access or transfer information between two or more security domains. [CNSSI] (see also access, assurance, control, information, security, domain)

cross site scripting

A vulnerability that allows attackers to inject malicious code into an otherwise benign website. These scripts acquire the permissions of scripts generated by the target website and can therefore compromise the confidentiality and integrity of data transfers between the website and client. Websites are vulnerable if they display user supplied data from requests or forms without sanitizing the data so that it is not executable. [SP 800-63] (see also attack, target, vulnerability)

cross-certificate

A certificate used to establish a trust relationship between two Certification Authorities. [SP 800-32; CNSSI-4009] (see also certification, cross-certification, trust, certificate)

cross-certification

(I) The act or process by which two CAs each certify a public key of the other, issuing a public-key certificate to that other CA. (C) Cross-certification enables users to validate each other's certificate when the users are certified under different certification hierarchies. [RFC2828] when two CA's issue certificates to each other after establishing a trust relationship. [misc] (see also certificate, cross-certificate, key, process, public-key, users, validate, certification authority)

cross-domain capabilities

The set of functions that enable the transfer of information between security domains in accordance with the policies of the security domains involved. [CNSSI-4009] (see also security)

cross-talk

An unwanted transfer of energy from one communications channel to another channel. [SRV] (see also communications)

cryptanalysis

(I) The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. (O) 'The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext.' (C) The 'O' definition states the traditional goal of cryptanalysis--convert the ciphertext to plaintext (which usually is cleartext) without knowing the key--but that definition applies only to encryption systems. Today, the term is used with reference to all kinds of cryptographic algorithms and key management, and the 'I' definition reflects that. In all cases, however, a cryptanalyst tries to uncover or reproduce someone else's sensitive data, such as cleartext, a key, or an algorithm. The basic cryptanalytic attacks on encryption systems are ciphertext-only, known-plaintext, chosen-plaintext, and chosen-ciphertext; and these generalize to the other kinds of cryptography. [RFC2828] 1) Operations performed in defeating cryptographic protection without an initial knowledge of the key employed in providing the protection. 2) The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself. [SP 800-57 Part 1; CNSSI-4009] Definition 1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext. Definition 2) Operations performed in converting encrypted messages to plain text without initial knowledge of the cryptographic algorithm and/or key employed in the encryption. [NSAINT] Operations performed in converting encrypted messages to plain text without initial knowledge of the cryptographic algorithm and/or key employed in the encryption. [CNSSI][DSS] The steps and operations performed in converting encrypted messages into plaintext without initial knowledge of the key employed in the encryption algorithm. [SRV] Transforming encrypted data into plaintext without having prior knowledge of encryption parameters or processes. [RFC2828] (see also algorithm, attack, cipher, cryptographic, cryptography, encryption, key, key management, message, operation, process, security, system, analysis, threat consequence)

CRYPTO

(D) Except as part of certain long-established terms listed in this Glossary, ISDs SHOULD NOT use this abbreviated term because it may be misunderstood. Instead, use 'cryptography' or 'cryptographic'. [RFC2828] Marking or designator identifying COMSEC keying material used to secure or authenticate telecommunications carrying classified or sensitive U.S. Government or U.S. Government-derived information. [CNSSI] (see also classified, communications, communications security, cryptographic, cryptography, identify, information, key, telecommunications)

crypto officer

An operator or process (subject), acting on behalf of the operator, performing cryptographic initialization or management functions. [FIPS 140-2] (see also management)

crypto-alarm

Circuit or device that detects failures or aberrations in the logic or operation of cryptographic equipment. Crypto-alarm may inhibit transmission or may provide a visible and/or audible alarm. [CNSSI][CNSSI-4009] (see also operation, cryptography)

crypto-ancillary equipment

Equipment designed specifically to facilitate efficient or reliable operation of cryptographic equipment, without performing cryptographic functions itself. [CNSSI] (see also cryptographic, function, operation, cryptography)

crypto-ignition key (CIK)

Device or electronic key used to unlock the secure mode of cryptographic equipment. [CNSSI][DSS][IATF] (see also key)

crypto-ignition plug (CIP)

(see also cryptography)

crypto-security

Component of COMSEC resulting from the provision of technically sound cryptosystems and their proper use. [CNSSI] Component of communications security resulting from providing and properly using technically sound cryptosystems. [DSS] The security or protection resulting from the proper use of technically sound cryptosystems. [AJP][NCSC/TG004][SRV] (see also cryptographic system, system, communications security)

cryptographic

Pertaining to, or concerned with, cryptography. [CNSSI][CNSSI-4009] (see also CAPSTONE chip, CCI assembly, CCI component, CCI equipment, CKMS, COMSEC material, CRYPTO, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Distributed Authentication Security Service, FIPS PUB 140-1, FIPS approved security method, Fortezza, International Traffic in Arms Regulations, MD2, MD4, MD5, PC card, PKCS #11, RED/BLACK separation, RSA algorithm, Rivest-Shamir-Adleman algorithm, S/Key, The Exponential Encryption System, Type 1 key, Type 2 key, Type 4 key, Type 4 product, Type I cryptography, Type II cryptography, Type III cryptography, active state, advanced encryption standard, algorithm, algorithm transition, archive, asymmetric encipherment system, asymmetric signature system, attribute certificate, authentication code, authentication protocol, authorized vendor program, automated key distribution, benign, binding, block chaining, break, certificate domain parameters, challenge-response protocol, check word, checksum, cipher, cipher text auto-key, ciphertext-only attack, class 2, 3, 4, or 5, code, common security, communications security, compromise, compromised state, control information, critical security parameters, cryptanalysis, crypto-ancillary equipment, cryptographic equipment, cryptonet, cryptoperiod, cryptosynchronization, cyclic redundancy check, data authentication code, data encryption key, data encryption standard, data items' representation, data key, deactivated state, decipher, decrypt, digital key, digital signature, digital signature algorithm, domain of interpretation, effective key length, electronic key entry, embedded cryptography, encipher, encipherment, encrypt, encrypted key, encryption, encryption algorithm, encryption certificate, end-to-end encryption, end-to-end security, environmental failure protection, environmental failure testing, escrow, garbled, generation, hardware, hash, hash function, hash value, hashed message authentication code, initialization value, initialization vector, initialize, input data, integrity check, interface, internetwork private line interface, key, key distribution, key entry, key generation, key generator, key length, key lifecycle state, key loader, key management, key management infrastructure, key management/exchange, key output, key owner, key recovery, key space, key updating, key-auto-key, key-encrypting key, key-escrow, keyed hash, keying material, known-plaintext attack, manual cryptosystem, manual key distribution, manual key entry, message authentication code, message authentication code algorithm, message digest, message digest algorithm 5, metadata, mode of operation, non-repudiation, one-time passwords, one-way encryption, one-way function, operations manager, operator, output data, parameters, personal identity verification, personal identity verification card, personal security environment, personalization service, physical protection, plaintext key, port, pretty good privacy, private key, protected channel, public-key, public-key forward secrecy, public-key infrastructure, public-key system, random, recover, rekey, retrieval, revoked state, salt, scheme, secret key, secret-key cryptography, secure hash algorithm, secure hash standard, secure hypertext transfer protocol, security event, security strength, session key, shared secret, signature certificate, signature system, simple network management protocol, split key, split knowledge, status information, strong authentication, symmetric encryption algorithm, symmetric key, tamper, time-stamp token, tokens, transport, trapdoor, trusted path, trusted platform module chip, tunneled password protocol, type 1 products, type 2 product, type 3 key, type 3 product, unforgeable, updating, validate, validate vs. verify, verification key, work factor, zeroize, cryptography) (includes Cryptographic Application Program Interface, Cryptographic Message Syntax, asymmetric cryptographic algorithm, asymmetric cryptographic technique, controlled cryptographic item, cryptographic algorithm, cryptographic algorithm for confidentiality, cryptographic application programming interface, cryptographic boundary, cryptographic card, cryptographic check function, cryptographic check value, cryptographic component, cryptographic device services, cryptographic equipment room, cryptographic functions, cryptographic hash function, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptographic key component, cryptographic key management system, cryptographic logic, cryptographic module, cryptographic module security policy, cryptographic officer, cryptographic randomization, cryptographic service, cryptographic service providers, cryptographic strength, cryptographic synchronization, cryptographic system, cryptographic token, embedded cryptographic system, endorsed cryptographic products list, endorsed for unclassified cryptographic information, endorsed for unclassified cryptographic item, rapid automatic cryptographic equipment, symmetric cryptographic technique)

cryptographic alarm

cryptographic algorithm

(I) An algorithm that employs the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms. [RFC2828] A cryptographic algorithm that uses a single key (i.e. a secret key) for both encryption and decryption. [CNSSI-4009] A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output. [SP 800-21; CNSSI-4009] A well-defined procedure or sequence of rules or steps used to produce a key stream or ciphertext from plaintext and vice versa. [AJP][NCSC/TG004] Well-defined procedure or sequence of rules or steps, or a series of mathematical equations used to describe cryptographic processes such as encryption/decryption, key generation, authentication, signatures, etc. [CNSSI] (see also authentication, cipher, digital signature, encryption, hash, key, process, signature, algorithm, cryptographic)

cryptographic algorithm for confidentiality

A cryptographic algorithm for confidentiality is defined as an algorithm which transforms data in order to hide or reveal its information content and which uses at least one secret parameter. This definition includes both symmetric algorithms (e.g. DES and FEAL) and asymmetric algorithms (e.g. RSA and Rabin). In the case of a symmetric algorithm the data is hidden and revealed using a secret parameter. In the case of an asymmetric algorithm the data is hidden using a public parameter and revealed using a secret parameter. [SC27] (see also information, algorithm, confidentiality, cryptographic)

Cryptographic Application Program Interface

An interface standard that provides a means for isolating a computer platform from the details of the implementation of cryptographic functions. [IATF] (see also computer, function, standard, application, cryptographic, encryption, interface, program, security)

cryptographic application programming interface (CAPI)

(I) The source code formats and procedures through which an application program accesses cryptographic services, which are defined abstractly compared to their actual implementation. [RFC2828] The Cryptographic Application Programming Interface for Microsoft. [MSC] (see also access, access control, code, application, cryptographic, interface, program, software)

cryptographic binding

Associating two or more related elements of information using cryptographic techniques. [CNSSI-4009]

cryptographic boundary

An explicitly defined continuous perimeter that establishes the physical bounds of a cryptographic module and contains all the hardware, software, and/or firmware components of a cryptographic module. [FIPS 140-2] An explicitly defined perimeter that establishes the boundary of all components of a cryptographic module. [800-130] an explicitly defined contiguous perimeter that establishes the physical bounds of a cryptographic module. [FIPS140] (see also module, software, boundary, cryptographic, cryptographic module) (includes physical protection)

cryptographic card

(I) A cryptographic token in the form of a smart card or a PC card. [RFC2828] (see also cryptographic, tokens)

cryptographic check function

A cryptographic transformation which takes as input a secret key and an arbitrary string, and which gives a cryptographic check value as output. The computation of a correct check value without knowledge of the secret key shall be infeasible. [SC27] (see also key, cryptographic, function)

cryptographic check value

Information that is derived by performing a cryptographic transformation on the data unit. [SC27] Information that is derived by performing a cryptographic transformation on the data unit. NOTE - The cryptographic check value is the output of the cryptographic check function. [SC27] Information that is derived by performing a cryptographic transformation on the data unit. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-3: 1999] Information that is derived by performing a cryptographic transformation on the data unit. NOTE - The cryptographic check value is the output of the cryptographic check function. [SC27] (see also function, information, cryptographic)

cryptographic component

(I) A generic term for any system component that involves cryptography. [RFC2828] Hardware or firmware embodiment of the cryptographic logic. A cryptographic component may be a modular assembly, a printed wiring assembly, a microcircuit, or a combination of these items. [CNSSI][CNSSI-4009] (see also hash, system, cryptographic)

cryptographic device services (CDS)

(see also cryptographic)

cryptographic equipment

Equipment that embodies a cryptographic logic. [CNSSI][CNSSI-4009] Equipment used to render plain information unintelligible and restore encrypted information to an intelligible form. [DSS] (see also cryptographic, cryptography)

cryptographic equipment room (CER)

cryptographic functions

A set of procedures that provide basic cryptographic functionality using various algorithms for key generation, random number generation, encryption, decryption, and message digesting. [IATF] A set of procedures that provide basic cryptographic functionality. The functionality includes using various algorithms for key generation, random number generation, encryption, decryption, and message digesting. [misc] (see also algorithm, message, random, cryptographic, encryption, function, key)

cryptographic hash function

A (mathematical) function that maps values from a large domain into a smaller range. The function satisfies the following properties: (1) it is computationally infeasible to find any input that maps to any prespecified output (one-way) and (2) it is computationally infeasible to find any two distinct inputs that map to the same output (collision free). [SRV] A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties: 1) (One-way) It is computationally infeasible to find any input which maps to any pre-specified output, and 2) (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output. [SP 800-21] A process that computes a value (referred to as a hashword) from a particular data unit in a manner that, when a hashword is protected, manipulation of the data is detectable. [NSAINT] (see also domain, hash function, process, cryptographic, function, hash)

cryptographic ignition key (CIK)

(I) A physical (usually electronic) token used to store, transport, and protect cryptographic keys. (Sometimes abbreviated as 'crypto ignition key'.) (C) A typical use is to divide a split key between a CIK and a cryptographic module, so that it is necessary to combine the two to regenerate a key-encrypting key and thus activate the module and other keys it contains. [RFC2828] Device or electronic key used to unlock the secure mode of crypto- equipment. [CNSSI-4009] (see also encryption, module, tokens, cryptographic, key)

cryptographic initialization

Function used to set the state of a cryptographic logic prior to key generation, encryption, or other operating mode. [CNSSI][CNSSI-4009] (see also encryption, function, key, cryptographic)

cryptographic key

(I) Usually shortened to just 'key'. An input parameter that varies the transformation performed by a cryptographic algorithm. (O) 'A sequence of symbols that controls the operations of encipherment and decipherment.' (C) If a key value needs to be kept secret, the sequence of symbols (usually bits) that comprise it should be random, or at least pseudo-random, because that makes the key hard for an adversary to guess. [RFC2828] A binary string used as a secret parameter by a cryptographic algorithm. [SP 800-108] A parameter used in conjunction with a cryptographic algorithm that determines . the transformation of plaintext data into ciphertext data, . the transformation of ciphertext data into plaintext data, . a digital signature computed from data, . the verification of a digital signature computed from data, . an authentication code computed from data, or . an exchange agreement of a shared secret. [FIPS 140-2] A parameter used in conjunction with a cryptographic algorithm that determines the specific operation of that algorithm. [FIPS 201; FIPS 198] A parameter used in conjunction with a cryptographic algorithm that determines: (1) the transformation of plaintext data into ciphertext data, (2) the transformation of ciphertext data into plaintext data, (3) a digital signature computed from data, (4) the verification of a digital signature computed from data, or (5) a data authentication code computed from data. The cryptographic key is an input to an encryption device that results in cryptotext. A parameter used by a cryptographic process that makes the process completely defined and usable only by those having that key. [SRV] A parameter used in conjunction with a cryptographic algorithm that determines: the transformation of plaintext data into ciphertext data, the transformation of ciphertext data into plaintext data, a digital signature computed from data, the verification of a digital signature computed from data, or a data authentication code (DAC) computed from data. [FIPS140] A string of bits, integers, or characters that constitute a parameter to a cryptographic algorithm. Some keys must be kept secret from unauthorized parties while other keys may be made public. [800-130] A value used to control cryptographic operations, such as decryption, encryption, signature generation or signature verification. For the purposes of this document, key requirements shall coincide the minimum requirements stated in table 2 of NIST SP [800-57] part 1. [800-63] A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. [SP 800-63] The key used in an encryption algorithm to encrypt and decrypt data. [NASA] (see also adversary, algorithm, authentication, authorized, cipher, code, control, encipherment, encryption, operation, process, random, requirements, signature, verification, cryptographic, key)

cryptographic key component

A parameter that is combined via a bit-wise exclusive-OR operation with one or more other identically sized key component(s) to form a plaintext cryptographic key. [FIPS140] (see also operation, cryptographic, key)

cryptographic key management system

A system for the management (e.g., generation, distribution, storage, backup, recovery, use, revocation, and destruction) of cryptographic keys and their bound metadata. [800-130] (see also backup, metadata, revocation, cryptographic, key management, system)

cryptographic logic

The embodiment of one (or more) cryptographic algorithm(s) along with alarms, checks, and other processes essential to effective and secure performance of the cryptographic process(es). [CNSSI][CNSSI-4009] (see also algorithm, process, cryptographic)

cryptographic material

(slang CRYPTO) COMSEC material used to secure or authenticate information. [CNSSI-4009]

Cryptographic Message Syntax

(I) A encapsulation syntax for digital signatures, hashes, and encryption of arbitrary messages. (C) CMS was derived from PKCS #7. CMS values are specified with ASN.1 and use BER encoding. The syntax permits multiple encapsulation with nesting, permits arbitrary attributes to be signed along with message content, and supports a variety of architectures for digital certificate-based key management. [RFC2828] (see also certificate, digital signature, encryption, hash, key, key management, public-key infrastructure, signature, cryptographic, message)

cryptographic module

(I) A set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the module's cryptographic boundary, that is an explicitly defined contiguous perimeter that establishes the physical bounds of the module. [RFC2828] A set of hardware, software and/or firmware that implements security functions (e.g. cryptographic algorithms and key establishment) and encompasses the cryptographic boundary. [800-130] The set of hardware, software, and/or firmware that implements Approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary. [FIPS 140-2] The set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module. [FIPS140][SP 800-32; FIPS 196][SRV] (see also algorithm, boundary, establishment, function, key, process, security, software, cryptographic, module) (includes control information, cryptographic boundary, cryptographic module security policy, data path, firmware, hardware, input data, microcode, operator, output data)

cryptographic module security policy

A precise specification of the security rules under which a cryptographic module must operate, including the security rules derived from the requirements of this standard and the additional security rules imposed by the manufacturer. [FIPS140] (see also requirements, standard, cryptographic, cryptographic module, module, policy, security policy)

cryptographic net

Stations holding a common key. [CNSSI][CNSSI-4009]

cryptographic officer

An individual authorized to perform cryptographic initialization and management functions on the cryptographic components of a CKMS. [800-130] (see also authorized, function, cryptographic, officer)

cryptographic period

Time span during which each key setting remains in effect. [CNSSI][CNSSI-4009]

cryptographic product

A cryptographic key (public, private, or shared) or public key certificate, used for encryption, decryption, digital signature, or signature verification; and other items, such as compromised key lists (CKL) and certificate revocation lists (CRL), obtained by trusted means from the same source which validate the authenticity of keys or certificates. Protected software which generates or regenerates keys or certificates may also be considered a cryptographic product. [CNSSI-4009] (see also software, trust)

cryptographic randomization

Function that randomly determines the transmit state of a cryptographic logic. [CNSSI][CNSSI-4009] (see also function, cryptographic, random)

cryptographic security

Component of COMSEC resulting from the provision of technically sound cryptographic systems and their proper use. [CNSSI-4009] (see also security)

cryptographic service

Modules that provide secure key storage and cryptographic functions. The Providers (CSPs) modules may be software only or hardware with software drivers. The cryptographic functions provided may include: Bulk encryption and decryption, Digital signing, Cryptographic hash, Random number generation, and Key exchange. [Intel] (see also encryption, function, hash, key, module, random, software, common data security architecture, cryptographic)

cryptographic service providers (CSP)

cryptographic strength

A measure of the expected number of operations required to defeat a cryptographic mechanism. [SP 800-63] (see also operation, cryptographic)

cryptographic synchronization

Process by which a receiving decrypting cryptographic logic attains the same internal state as the transmitting encrypting logic. [CNSSI][CNSSI-4009] The co-ordination of the encipherment and decipherment processes. [SC27] (see also cipher, encipherment, process, cryptographic)

cryptographic system

(I) A set of cryptographic algorithms together with the key management processes that support use of the algorithms in some application context. (C) This 'I' definition covers a wider range of algorithms than the following 'O' definition: (O) 'A collection of transformations from plaintext into ciphertext and vice versa [which would exclude digital signature, cryptographic hash, and key agreement algorithms], the particular transformation(s) to be used being selected by keys. The transformations are normally defined by a mathematical algorithm.' [RFC2828] Associated information assurance items interacting to provide a single means of encryption or decryption. [CNSSI-4009] (see also algorithm, application, assurance, asymmetric cryptographic technique, authentication system, cipher, crypto-security, cryptographic equipment room, digital signature, encryption, encryption strength, hash, key, key management, key stream, message indicator, one-time pad, one-time tape, private key, process, public-key, signature, system indicator, traffic-flow security, cryptographic, system) (includes cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, elliptic curve cryptosystem, embedded cryptographic system, manual cryptosystem, off-line cryptosystem, on-line cryptosystem, one-time cryptosystem)

cryptographic system analysis

Process of establishing the exploitability of a cryptographic system, normally by reviewing transmitted traffic protected or secured by the system under study. [CNSSI-4009]

cryptographic system evaluation

Process of determining vulnerabilities of a cryptographic system and recommending countermeasures. [CNSSI-4009] (see also evaluation)

cryptographic system review

Examination of a cryptographic system by the controlling authority ensuring its adequacy of design and content, continued need, and proper distribution. [CNSSI-4009] (see also control)

cryptographic system survey

Management technique in which actual holders of a cryptographic system express opinions on the system's suitability and provide usage information for technical evaluations. [CNSSI-4009] (see also evaluation, management)

cryptographic token

(I) A portable, user-controlled, physical device used to store cryptographic information and possibly perform cryptographic functions. (C) A smart token may implement some set of cryptographic algorithms and may implement related algorithms and key management functions, such as a random number generator. A smart cryptographic token may contain a cryptographic module or may not be explicitly designed that way. [RFC2828] A portable, user-controlled physical device (e.g., smart card or PCMCIA card) used to store cryptographic information and possibly also perform cryptographic functions. [CNSSI-4009] A token where the secret is a cryptographic key. [800-63][SP 800-63] (see also algorithm, control, function, information, key, key management, module, random, users, cryptographic, tokens)

cryptography

(1) The principles, means, and methods for rendering information unintelligible, and for restoring encrypted information to intelligible form. (2) The transformation of ordinary text, or 'plaintext,' into coded form by encryption and the transformation of coded text into plaintext by decryption. Cryptography can be used to support digital signature, key management or exchange, and communications privacy. [AJP] (I) The mathematical science that deals with transforming data to render its meaning unintelligible (i.e. to hide its semantic content), prevent its undetected alteration, or prevent its unauthorized use. If the transformation is reversible, cryptography also deals with restoring encrypted data to intelligible form. (O) 'The discipline which embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorized use. . . . Cryptography determines the methods used in encipherment and decipherment.' [RFC2828] Art or science concerning the principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form. [CNSSI][CNSSI-4009][DSS] Historically meant 'secret writing' and used primarily for protecting secret military information; now is the science of transforming information: to a form that protects the information from unauthorized disclosure, modification, or replacement and supports authentication of the identity of the source of the information. [800-130] Is categorized as either secret key or public key. Secret key cryptography is based on the use of a single cryptographic key shared between two parties. The same key is used to encrypt and decrypt data. This key is kept secret by the two parties. Public key cryptography is a form of cryptography which makes use of two keys: a public key and a private key. The two keys are related but have the property that, given the public key, it is computationally infeasible to derive the private key [FIPS 140-1]. In a public key cryptosystem, each party has its own public/private key pair. The public key can be known by anyone; the private key is kept secret. [FIPS 191] Science of encrypting plain data and information into a form intelligible only to authorized persons who are able to decrypt it. [CIAO] The art of science concerning the principles, means, and methods for rendering plain text unintelligible and for converting encrypted messages into intelligible form. [NSAINT] The discipline that embodies principles, means, and methods for providing information security, including confidentiality, data integrity, non-repudiation, and authenticity. [SP 800-21] The discipline that embodies principles, means, and methods for the transformation of data to hide its information content, prevent its undetected modification, prevent its unauthorized use or a combination thereof. Cryptography deals with the transformation of ordinary text (plaintext) into coded form (ciphertext) by encryption and transformation of ciphertext into plaintext by decryption. [SRV] The discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification. [SP 800-59] The principles, means, and methods for rendering information unintelligible, and for restoring encrypted information to intelligible form. [NCSC/TG004] (see also BLACK, CAPSTONE chip, CCI assembly, CCI component, CCI equipment, COMSEC equipment, COMSEC material, CRYPTO, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Diffie-Hellman, Digital Signature Standard, Distributed Authentication Security Service, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, FIPS PUB 140-1, FIREFLY, Generic Security Service Application Program Interface, IEEE P1363, International Traffic in Arms Regulations, Internet Security Association and Key Management Protocol, MD2, MD4, MD5, MIME Object Security Services, PC card, RED/BLACK separation, The Exponential Encryption System, access control center, algorithm, attribute certificate, authentication, authentication code, authentication system, authorized, authorized vendor, benign, binding, break, brute force attack, certificate domain parameters, check word, checksum, chosen-plaintext attack, cipher, cleartext, code, code division multiple access, cold start, communications, communications security, compromise, controlling authority, crack, critical security parameters, cryptanalysis, cryptology, cut-and-paste attack, cyclic redundancy check, data driven attack, data items' representation, digital signature, domain of interpretation, emissions security, encipherment, encryption, end entity, end-to-end security, entity, environmental failure protection, environmental failure testing, extraction resistance, feedback buffer, fill device, hash, hash function, hashed message authentication code, hybrid encryption, identity, information, initialize, integrity check, intelligent threat, interface, kerberos, key, key agreement, key center, key distribution center, key management, key pair, key translation center, known-plaintext attack, message, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message indicator, modulus, national security system, non-repudiation, one-time pad, one-time passwords, one-time tape, one-way function, operations manager, out-of-band, permuter, personal security environment, personalization service, port, pretty good privacy, primary account number, privacy, private key, public-key, public-key forward secrecy, public-key infrastructure, quadrant, random, rekey, scavenging, seal, secure hash standard, secure socket layer, security, security event, semantic security, shared secret, signature, simple network management protocol, status information, steganography, strong authentication, system indicator, ticket, time-stamp token, token storage key, traffic analysis, traffic padding, traffic-flow security, trapdoor, trusted path, two-person control, unforgeable, updating, user partnership program, validate vs. verify, work factor, wrap, zeroize) (includes FIPS-Validated Cryptography, NSA-approved cryptography, National Cryptologic School, Type I cryptography, Type II cryptography, Type III cryptography, asymmetric cryptography, cipher feedback, computer cryptography, crypto-alarm, crypto-ancillary equipment, crypto-ignition plug, cryptographic, cryptographic equipment, cryptonet control station, cryptosynchronization, elliptic curve cryptography, embedded cryptography, encipherment algorithm, encrypt, manual cryptosystem, minimalist cryptography, private-key cryptography, public-key cryptography, public-key cryptography standards, secret-key cryptography, symmetric cryptography, synchronous crypto-operation)

cryptologic

Of or pertaining to cryptology. [800-60]

cryptologic information system

Information System that directly or indirectly supports the cryptologic effort, to include support functions, such as administrative and logistics, regardless of manning, location, classification, or original funding citation. This includes strategic, tactical, and support Information System: terrestrial, airborne, afloat, in-garrison, and space-borne Information Systems; an information system dedicated to information handling; and informationhandling portions of an information system that perform other functions. [DSS]

cryptology

(I) The science which includes both cryptography and cryptanalysis, and sometimes is said to include steganography. [RFC2828] Branch of knowledge that treats the principles of cryptography and cryptoanalytics; and the activities involved in producing signals intelligence and maintaining communications security. [DSS] Field encompassing both cryptography and cryptanalysis. [CNSSI] The mathematical science that deals with cryptanalysis and cryptography. [CNSSI-4009] The science that deals with hidden, disguised, or encrypted communications. It includes communications security and communications intelligence. [800-60][SP 800-60] The science which deals with hidden, disguised, or encrypted communications. [NSAINT] (see also analysis, communications, cryptography, intelligence, security)

cryptonet

(I) A group of system entities that share a secret cryptographic key for a symmetric algorithm. [RFC2828] Stations holding a common key. [CNSSI][CNSSI-4009] (see also algorithm, cryptographic, key, system)

cryptonet control station (CNCS)

(see also control, cryptography)

cryptonet key (CNK)

(see also key)

cryptoperiod

(I) The time span during which a particular key is authorized to be used in a cryptographic system. (C) A cryptoperiod is usually stated in terms of calendar or clock time, but sometimes is stated in terms of the maximum amount of data permitted to be processed by a cryptographic algorithm using the key. Specifying a cryptoperiod involves a tradeoff between the cost of rekeying and the risk of successful cryptanalysis. (C) Although we deprecate its prefix, this term is long-established in COMPUSEC usage. In the context of certificates and public keys, 'key lifetime' and 'validity period' are often used instead. [RFC2828] The time span during which a specific key is authorized for use or in which the keys for a given system may remain in effect. [SRV] Time span during which each key setting remains in effect. [CNSSI][CNSSI-4009] (see also algorithm, analysis, authorized, certificate, cryptographic, key, process, public-key, public-key infrastructure, rekey, risk, system)

cryptosynchronization

Process by which a receiving decrypting cryptographic logic attains the same internal state as the transmitting encrypting logic. [CNSSI][CNSSI-4009] (see also cryptographic, process, cryptography)

cryptosystem

(D) ISDs SHOULD NOT use this term as an abbreviation for cryptographic system. [RFC2828] Associated INFOSEC items interacting to provide a single means of encryption or decryption. [CNSSI] (see cryptographic system)

cryptosystem analysis

Process of establishing the exploitability of a cryptosystem, normally by reviewing transmitted traffic protected or secured by the system under study. [CNSSI] (see also process, analysis, cryptographic system, system)

cryptosystem evaluation

Process of determining vulnerabilities of a cryptosystem. [CNSSI] (see also process, vulnerability, cryptographic system, evaluation, system)

cryptosystem review

Examination of a cryptosystem by the controlling authority ensuring its adequacy of design and content, continued need, and proper distribution. [CNSSI] (see also authority, control, cryptographic system, system)

cryptosystem survey

Management technique in which actual holders of a cryptosystem express opinions on the system's suitability and provide usage information for technical evaluations. [CNSSI] (see also evaluation, information, cryptographic system, system)

cultural assumptions

Beliefs about the internal workings and external environment of an organization which, having worked well in the past, have gradually come to be taken for granted, and which provide the basis for group consensus about common events and circumstances. Cultural assumptions function as the unifying themes of organizational culture. [SRV] (see also function)

custodian

Individual who possesses, or is otherwise charged with, the responsibility for safeguarding classified information. [DSS] (see also classified)

customer

Groups or individuals who have a business relationship with the organization; those who receive and use or are directly affected by the products and services of the organization. Customers include direct recipients of products and services, internal customers who produce services and products for final recipients, and other organizations and entities that interact with an organization to produce services and products. [SRV] (see users)

customer/contractor-supplied software

Software developed or customized by either in-house or contractor- supplied services, including universities [NASA] (see also software)

cut-and-paste attack

(I) An active attack on the data integrity of ciphertext, effected by replacing sections of ciphertext with other ciphertext, such that the result appears to decrypt correctly but actually decrypts to plaintext that is forged to the satisfaction of the attacker. [RFC2828] (see also cipher, cryptography, integrity, attack)

cyber

(see cyberspace)

cyber crime

(see cybercrime)

cyber espionage

(see also cyberspace, espionage)

cyber incident

Actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein. [CNSSI-4009] (see also cyberspace, incident)

cyber infrastructure

Includes electronic information and communications systems and services and the information contained in these systems and services. Information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems (e.g., supervisory control and data acquisition SCADA); networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure. [NISTIR 7628] (see also cyberspace)

cyber security

(see cybersecurity)

cyber space

(see cyberspace)

cyber system

Any combination of facilities, equipment, personnel, procedures, and communications integrated to provides cyber services. Examples include business systems, control systems, and access control systems. [NIPP] (see also cyberspace)

cyberattack

Exploitation of the software vulnerabilities of information technology-based control components. [CIAO] (see also control, information, software, technology, vulnerability, attack, cyberspace)

cybercrime

Criminal activity conducted using computers and the Internet, often financially motivated. Cybercrime includes identity theft, fraud, and internet scams, among other activities. Cybercrime is distinguished from other forms of malicious cyber activity, which have political, military, or espionage motivations. [misc] (see also espionage, cyberspace)

cybersecurity

The ability to protect or defend the use of cyberspace from cyber attacks. [CNSSI-4009] The prevention of damage to, unauthorized use of, or exploitation of, and, if needed, the restoration of electronic information and communications systems and the information contained therein to ensure confidentiality, integrity, and availability. Includes protection and restoration, when needed, of information networks and wireline, wireless, satellite, public safety answering points, and 911 communications systems and control systems. [NIPP] (see also application, assurance, attack, communications, information, risk, risk management, system, telecommunications, users, cyberspace, security)

cyberspace

A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. [CNSSI-4009] A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. [DOD] Describes the world of connected computers and the society that surrounds them. Commonly known as the Internet. [CIAO][NSAINT] (see also US-CERT, advanced persistent threats, blue team, common vulnerabilities and exposures, communications, computer, computer incident response team, control, critical infrastructures, entity-wide security, incident response plan, information, nations, process, risk, system, technology, telecommunications, zero-day exploit, internet) (includes cyber espionage, cyber incident, cyber infrastructure, cyber system, cyberattack, cybercrime, cybersecurity, cyberspace operations)

cyberspace operations

The employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid. [DOD] (see also computer, computer network, information, object, cyberspace)

cycle time

The time that elapses from the beginning to the end of a process. [SRV] The time, usually expressed in seconds, for a controller to complete one control loop where sensor signals are read into memory, control algorithms are executed, and corresponding control signals are transmitted to actuators that create changes the process resulting in new sensor signals. [800-82] (see also algorithm, control, process)

cyclic redundancy check (CRC)

(I) Sometimes called 'cyclic redundancy code'. A type of checksum algorithm that is not a cryptographic hash but is used to implement data integrity service where accidental changes to data are expected. [RFC2828] Error checking mechanism that checks data integrity by computing a polynomial algorithm based checksum. [CNSSI] Use of an algorithm for generating error detection bits in a data link protocol. The receiving station performs the same calculation as the transmitting station. If the results differ, then one or more bits are in error. [SRV] (see also algorithm, code, cryptographic, cryptography, hash, integrity, protocols)

cyclical redundancy check

(CRC) A method to ensure data has not been altered after being sent through a communication channel. [SP 800-72] Error checking mechanism that verifies data integrity by computing a polynomial algorithm based checksum. [CNSSI-4009]

daemon

A process that runs automatically on behalf of the system [NASA] (see also process, system)

damage

Loss of friendly effectiveness as the result of an adversary action. Synonymous with harm. [DSS] (see also TOP SECRET, adversary, application data backup/recovery, back up vs. backup, biological warfare, classification levels, computer abuse, confidential, continuity of operations plan, critical system files, directed-energy warfare, disaster recovery plan, disruption, emergency action plan, emergency response, environmentally controlled area, hackers, high impact, impact, infrastructure assurance, insider, joint task force-computer network defense, least privilege, logic bombs, low impact, malicious code, moderate impact, physical security, recover, safety, secret, sensitive information, system safety, technical vulnerability, terrorists, threat, threat assessment, token backup, toluene) (includes damage assessment, damage to physical assets, damage to the national security)

damage assessment

Analysis of the impact on national security of a disclosure of classified information to an unauthorized person. [DSS] (see also analysis, authorized, classified, security, assessment, damage)

damage to physical assets

the loss or damage to physical assets from natural disaster or other events. [2003-53c] (see also damage, operational risk loss)

damage to the national security

Harm to the national defense or foreign relations of the United States from unauthorized disclosure of information, including the sensitivity, value, and utility of that information. [DSS] (see also authorized, foreign, damage, security)

dangling threat

Set of properties about the external environment for which there is no corresponding vulnerability and therefore no implied risk. [ANSI] (see also vulnerability, threat)

dangling vulnerability

Set of properties about the internal environment for which there is no corresponding threat and therefore no implied risk. [ANSI] (see also risk, vulnerability)

dark-side hacker

A criminal or malicious hacker. [AFSEC][NSAINT] (see also criminal, malicious, threat)

data

(I) Information in a specific physical representation, usually a sequence of symbols that have meaning; especially a representation of information that can be processed or produced by a computer. [RFC2828] A subset of information in an electronic format that allows it to be retrieved or transmitted. [CNSSI-4009] All data (electronic and hard copy) and information required to support the core process. This includes numbers, characters, images or other method of recording, in a form which can be assessed by a human or (especially) input into a computer, stored and processed there, or transmitted on some digital/communication's channel. [CIAO] Basic facts about a transaction that can be processed and communicated. [SRV] Information with a specific physical representation. [AJP][TCSEC] Information, regardless of its physical form or characteristics, that includes written documents, automated information systems storage media, maps charts, paintings, drawings, films photos, engravings, sketches, working notes, and sound, voice, magnetic, or electronic recordings in any form. [DSS] (see also computer, information, process, automated information system)

data administration (DA)

(see also automated information system)

data aggregation

Compilation of individual data systems and data that could result in the totality of the information being classified, or classified at a higher level, or of beneficial use to an adversary. [CNSSI-4009] Compilation of unclassified individual data systems and data elements that could result in the totality of the information being classified or of beneficial use to an adversary. [CNSSI] (see also adversary, classified, information, system, automated information system)

data architecture

The compilation of data, including who creates and uses it-and how-presents a stable basis for the processes and information used by the organization to accomplish its mission. [SRV] (see also information, process, automated information system)

data asset

1. Any entity that is comprised of data. For example, a database is a data asset that is comprised of data records. A data asset may be a system or application output file, database, document, or Web page. A data asset also includes a service that may be provided to access data from an application. For example, a service that returns individual records from a database would be a data asset. Similarly, a Web site that returns data in response to specific queries (e.g., www'weather'com) would be a data asset. 2. An information-based resource. [CNSSI-4009] (see also access)

Data Authentication Algorithm

(N) A keyed hash function equivalent to DES cipher block chaining with IV = 0. (D) ISDs SHOULD NOT use the uncapitalized form of this term as a synonym for other kinds of checksums. [RFC2828] (see also cipher, function, hash, key, algorithm, authentication)

data authentication code (DAC)

A cryptographic checksum, based on DES (see FIPS PUB 113); also known as a Message Authentication Code (MAC) in ANSI standards. [FIPS140] Applying the data authentication algorithm to data generates a data authentication code. The code is a mathematical function of both the data and a cryptographic key. When the integrity of the data is to be verified, the code is generated on the current data and compared with the previously generated code. If the two values are equal, the integrity (i.e. authenticity) of the data is verified. A data authentication code is also known as a message authentication code in ANSI standards. [SRV] (see also message authentication code, algorithm, cryptographic, function, hash function, key, message, standard, National Institute of Standards and Technology, authentication, code, integrity)

data authentication code vs. Data Authentication Code

(N) Capitalized: 'The Data Authentication Code' refers to a U.S. Government standard for a checksum that is computed by the Data Authentication Algorithm. (Also known as the ANSI standard Message Authentication Code.) (D) Not capitalized: ISDs SHOULD NOT use 'data authentication code' as a synonym for another kind of checksum, because this term mixes concepts in a potentially misleading way. Instead, use 'checksum', 'error detection code', 'hash', 'keyed hash', 'Message Authentication Code', or 'protected checksum', depending on what is meant. [RFC2828] (see also algorithm, hash, key, message, message authentication code, standard, authentication, code)

data communications

Information exchanged between end-systems in machine-readable form. [SRV] (see also information, system, communications)

data compromise

(I) A security incident in which information is exposed to potential unauthorized access, such that unauthorized disclosure, alteration, or use of the information may have occurred. [RFC2828] (see also access, access control, authorized, information, security, security incident, unauthorized access, compromise, incident)

data confidentiality

(I) 'The property that information is not made available or disclosed to unauthorized individuals, entities, or processes [i.e. to any unauthorized system entity].' . (D) ISDs SHOULD NOT use this term as a synonym for 'privacy', that is a different concept. [RFC2828] The state that exists when data is held in confidence and is protected from unauthorized disclosure. [AJP][TNI] (see also authorized, confidence, entity, information, process, property, system, confidentiality, data privacy)

data confidentiality service

(I) A security service that protects data against unauthorized disclosure. (D) ISDs SHOULD NOT use this term as a synonym for 'privacy', that is a different concept. [RFC2828] (see also authorized, security, confidentiality)

data contamination

A deliberate or accidental process or act that results in a change in the integrity of the original data. [SRV] (see also integrity, process, automated information system)

data control language (DCL)

data custodian

An individual designated by the data owner to be responsible for making judgments and decisions on behalf of the organization with regard to the data information category designation, its use and protection, and its sharing [NASA] (see also information, owner)

data definition language (DDL)

(see also automated information system)

data dictionary (DD)

In a database management program, an on-screen listing of all the database files, indices, views, and other files relevant to a database application. [SRV] (see also application, file, program, automated information system)

data diddling

An attack in which the attacker changes the data while en route from source to destination. [misc] (see also attack)

data driven attack

A form of attack that is encoded in innocuous seeming data that is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall. [NSAINT] A form of attack that is encoded in innocuous seeming data that is executed by a users or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall. [AFSEC] (see also code, cryptography, process, software, system, users, attack)

data element

A basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Examples of data elements include gender, race, and geographic location. [SP 800-47; CNSSI-4009]

data encryption algorithm (DEA)

(N) A symmetric block cipher, defined as part of the U.S. Government's Data Encryption Standard. DEA uses a 64-bit key, of which 56 bits are independently chosen and 8 are parity bits, and maps a 64-bit block into another 64-bit block. (C) This algorithm is usually referred to as 'DES'. The algorithm has also been adopted in standards outside the Government (e.g.,). [RFC2828] The DEA cryptographic engine that is used by the Triple Data Encryption Algorithm (TDEA). [SP 800-67] (see also cipher, key, standard, algorithm, encryption, symmetric cryptography)

data encryption key (DEK)

(I) A cryptographic key that is used to encipher application data. [RFC2828] A cryptographic key used for encrypting and decrypting data. [SRV] used for the encryption of message text and for the computation of message integrity checks (signatures). [misc] (see also application, cipher, cryptographic, integrity, message, signature, encryption, key) (includes data key)

data encryption security association type indicator

An indicator defining the type of data encryption SA (primary, static, or dynamic). [800-127] (see also security)

data encryption standard (DES)

(1) A cryptographic algorithm for the protection of unclassified data, published in U.S. Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the U.S. National Institute of Standards and Technology (NIST), is intended for public and government use. (2) A NIST Federal Information Processing Standard and commonly used secret key cryptographic algorithm for encrypting and decrypting data and performing other functions. e.g. DES can be used to check message integrity. DES specifies a key length of 56 bits. [AJP] (N) A U.S. Government standard that specifies the Data Encryption Algorithm and states policy for using the algorithm to protect unclassified, sensitive data. [RFC2828] A 56-bit, private key, symmetric cryptographic algorithm for the protection of unclassified computer data issued as Federal Information Processing Standard Publication. [IATF] A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the U.S. National Institute of Standards and Technology, is intended for public and government use. [NCSC/TG004] A cryptographic algorithm for the protection of unclassified data. The DES, which was approved by the National Institute of Standards and Technology (NIST) in the U.S., is intended for public and government use. [SRV] Cryptographic algorithm designed for the protection of unclassified data and published by the National Institute of Standards and Technology (NIST) in Federal Information Processing Standard (FIPS) Publication 46. (FIPS 46-3 withdrawn 19 May 2005) See Triple DES. [CNSSI-4009] Cryptographic algorithm, designed for the protection of unclassified data and published by the National Institute of Standards and Technology (NIST) in Federal Information Processing Standard (FIPS) Publication 46. (FIPS 46-3 withdrawn 19 May 2005) [CNSSI] Definition 1) (DES) An unclassified crypto algorithm adopted by the National Bureau of Standards for public use. Definition 2) A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use. [NSAINT] The encryption algorithm specified in the Federal Information Processing Standards (FIPS) 46-1. [NASA] (see also algorithm, classified, computer, cryptographic, function, information, integrity, message, policy, process, technology, Federal Information Processing Standards, National Institute of Standards and Technology, encryption, key, standard, symmetric algorithm) (includes initialization vector)

data flow control

Synonymous with information flow control. [CNSSI][CNSSI-4009] (see also information, control, flow)

data flow diagram (DFD)

(see also automated information system, flow)

data historian

A centralized database supporting data analysis using statistical process control techniques. [800-82] (see also analysis, control, process)

data input

A data item which depends on the entire message and forms a part of the input to the signature function. [SC27] A data item which depends on the entire message and forms a part of the input to the signature function. NOTE - Signature generation function is the signature process that is determined by signature key and the domain parameter. [SC27] A data item which depends on the entire message and forms a part of the input to the signature function. [ISO/IEC 9796-3: 2000] A data item which depends on the entire message and forms a part of the input to the signature function. NOTE - Signature generation function is the signature process that is determined by signature key and the domain parameter. [SC27] (see also domain, function, key, message, process, signature, automated information system)

data integrity

(1) The property that data has not been altered or destroyed in an unauthorized manner. (2) The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. [AJP] (1) The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. (2) The property that data has not been exposed to accidental or malicious alteration or destruction. [TNI] (I) The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. (O) 'The property that information has not been modified or destroyed in an unauthorized manner.' (C) Deals with constancy of and confidence in data values, not with the information that the values represent or the trustworthiness of the source of the values. [RFC2828] A condition existing when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. [CIAO] Condition existing when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. [800-37][CNSSI] It is the concept of being able to ensure that data or voice transmissions can be maintained in an unimpaired condition and are not subjected to unauthorized modification whether that modification is intentional or inadvertent. [SRV] State that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. The property that data has not been exposed to accidental or malicious alteration or destruction. [DSS] The property that data has not been altered by an unauthorized entity. [800-63] The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and in transit. [800-33] The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit. [SP 800-27] The property that data has not been altered or destroyed in an unauthorized manner. [JTC1/SC27][SC27] The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. [CNSSI-4009] The property that data meet an a priori expectation of quality. [NCSC/TG004] The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. [TCSEC] (see also authorized, computer, confidence, destruction, entity, information, malicious, process, property, quality, subject, trust, data security, integrity)

data integrity service

(I) A security service that protects against unauthorized changes to data, including both intentional change or destruction and accidental change or loss, by ensuring that changes to data are detectable. (C) A data integrity service can only detect a change and report it to an appropriate system entity; changes cannot be prevented unless the system is perfect (error-free) and no malicious user has access. However, a system that offers data integrity service might also attempt to correct and recover from changes. (C) Relationship between data integrity service and authentication services: Although data integrity service is defined separately from data origin authentication service and peer entity authentication service, it is closely related to them. Authentication services depend, by definition, on companion data integrity services. Data origin authentication service provides verification that the identity of the original source of a received data unit is as claimed; there can be no such verification if the data unit has been altered. Peer entity authentication service provides verification that the identity of peer entity in a current association is as claimed; there can be no such verification if the claimed identity has been altered. [RFC2828] (see also access, access control, association, authentication, authorized, entity, identity, malicious, security, system, users, verification, integrity)

data items' representation

A data item or some representation thereof such as a cryptographic hash value. [SC27] (see also cryptographic, cryptography, hash)

data key

A cryptographic key that is used to cryptographically process data (e.g. encrypt, decrypt, sign, authenticate). [FIPS140][SRV] (see also authentication, cryptographic, process, data encryption key, key, key recovery)

data loss

The exposure of proprietary, sensitive, or classified information through either data theft or data leakage. [SP 800-137]

data management

Providing or controlling access to data stored in a computer and to the use of input or output devices. [SRV] (see also access, access control, computer, control, automated information system)

data manipulation language (DML)

(see also automated information system)

data origin authentication

(I) 'The corroboration that the source of data received is as claimed.' [RFC2828] Corroborating the source of data is as claimed. [CNSSI] The corroboration that the source of data received is as claimed. [SRV] The process of verifying that the source of the data is as claimed and that the data has not been modified. [CNSSI-4009] The verification that the source of data received is as claimed. [800-33] (see also verification, authentication)

data origin authentication service

(I) A security service that verifies the identity of a system entity that is claimed to be the original source of received data. (C) This service is provided to any system entity that receives or holds the data. Unlike peer entity authentication service, this service is independent of any association between the originator and the recipient, and the data in question may have originated at anytime in the past. (C) A digital signature mechanism can be used to provide this service, because someone who does not know the private key cannot forge the correct signature. However, by using the signer's public key, anyone can verify the origin of correctly signed data. (C) This service is usually bundled with connectionless data integrity service. data integrity service. [RFC2828] (see also association, connection, digital signature, entity, identity, integrity, key, public-key, signature, system, authentication)

data owner

The individual responsible for making judgments and decisions on behalf of the organization with regard to the data sensitivity/criticality level designation, its use and protection, and its sharing [NASA] (see also critical, owner)

data path

The physical or logical route over which data passes; a physical data path may be shared by multiple logical data paths. [FIPS140] (see also cryptographic module)

data privacy

(D) ISDs SHOULD NOT use this term because it mix concepts in a potentially misleading way. Instead, use either 'data confidentiality' or 'privacy', depending on what is meant. [RFC2828] The reasonable assurance that data cannot be viewed by anyone other than its intended recipient. [misc] (see also assurance, confidentiality, data security, privacy) (includes data confidentiality)

data processing

A sequence of steps to record, classify, and summarize data using a computer program. [SRV] (see also computer, program, automated information system, process)

data reengineering

A system-level process that purifies data definitions and values. This process establishes meaningful, non-redundant data definitions and valid, consistent data values. [SRV] (see also process, system, automated information system)

data security

(I) The protection of data from disclosure, alteration, destruction, or loss that either is accidental or is intentional but unauthorized. (C) Both data confidentiality service and data integrity service are needed to achieve data security. [RFC2828] Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. [CNSSI][CNSSI-4009] The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. [AJP][NCSC/TG004][SRV] (see also authorized, confidentiality, integrity, security) (includes data integrity, data privacy)

data source

A host capable of generating traffic to the DUT/SUT. One data source may emulate multiple users or hosts. In addition, one data source may offer traffic to multiple network interfaces on the DUT/SUT. The term 'data source' is deliberately independent of any number of users. It is useful to think of data sources simply as traffic generators, without any correlation to any given number of users. [RFC2647] (see also connection, firewall, interface, network) (includes users)

data storage

A means for storing information from which data is submitted for delivery, or into which data is put by the delivery authority. [SC27] (see also authority, information, automated information system)

data string

A string of bits that is the input to a hash function. [SC27] String of bits that is the input to a hash function. [SC27] String of bits that is the input to a hash function. [ISO/IEC FDIS 9797-2 (09/2000)] A string of bits that is the input to a hash function. [SC27] (see also function, hash)

data structure

The logical relationships among data units and the description of attributes or features of a piece of data (e.g. type, length). [SRV] (see also automated information system)

data synchronization

The comparison and reconciliation of interdependent data files at the same time so that they contain the same information. [FFIEC] (see also automated information system, file, information)

data transfer device (DTD)

Fill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key, designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems. [CNSSI][CNSSI-4009] (see also communications security, key, program, system)

data validation

Ensuring that data are correct by detecting errors and omissions. [SRV] (see also automated information system, validation)

database

A repository of information that usually holds plantwide information including process data, recipes, personnel data, and financial data. [800-82] (see also information, process)

database administration (DBA)

(see also automated information system)

database management system (DBMS)

A computer system whose main function is to facilitate the sharing of a common set of data among many different users. It may or may not maintain semantic relationships among the data items. [AJP][TDI] Computer software used to create, store, retrieve, change, manipulate, sort, format, and print information in a database. Also, software that controls the organization, storage, retrieval, security and integrity of data in a database. [SRV] (see also Directory Access Protocol, computer, control, function, information, integrity, retrieval, security, software, users, system) (includes consistency, metadata, transaction, view, view definition)

database server

A repository for event information recorded by sensors, agents, or management servers. [800-94] (see also information)

datagram

(I) 'A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination.' [RFC2828] A self-contained, independent entity of data that can be routed from a source to its destination. [misc] In packet switching, a self-contained packet, independent of other packets, that carries information sufficient for routing from the originating data terminal equipment to the destination data terminal equipment, without relying on earlier exchanges between the equipment and the network. Unlike virtual call service, there are no call establishment or clearing procedures, and the network does not generally provide protection against loss, duplication, or misdelivery. [SRV] (see also entity, establishment, information, network)

dc servo drive

A type of drive that works specifically with servo motors. It transmits commands to the motor and receives feedback from the servo motor resolver or encoder. [800-82] (see also code)

DD 254 - Final

Contract Security Classification Specification issued by a Government Contracting Activity or a Prime Contractor that provides classification guidance and security requirements to contractors who wish to retain classified information beyond the terms of the contract as authorized by the National Industrial Security Program Operating Manual. [DSS] (see also authorized, classified, requirements, security)

DD 254 - Original

Contract Security Classification Specification issued by a Government Contracting Activity or a prime contractor to provide original classification guidance and security requirements on a classified contract. Original DD 254s are issued during the solicitation phase of a contract to provide classification guidance and security requirements to prospective contractors as they formulate their bids. Once the contract is awarded, another original DD 254 is issued to the contractor who s being awarded the contract. [DSS] (see also classified, requirements, security)

deactivated state

The key lifecycle state in which a key is not to be used to apply cryptographic protection to data. Under certain circumstances, the key may be used to process already protected data. [800-130] (see also active state, cryptographic, key, lifecycle, process, key lifecycle state)

dead bolt

Lock bolt with no spring action and activated by a key or turn knob and cannot be moved by end pressure. [DSS]

deadlock

A situation wherein two or more processes are unable to proceed because each is waiting for another to do something. [AFSEC] (see also deadly embrace, process, threat)

deadlocking panic hardware

Panic hardware with a deadlocking latch with a device when in the closed position resists the latch from being retracted. [DSS]

deadly embrace

Same as DEADLOCK, though usually used only when exactly two processes are involved. [AFSEC] (see also deadlock, process, threat)

debilitated

A condition of defense or economic security characterized by ineffectualness. [CIAO] (see also risk)

debriefing

Process of informing a person his need-to-know for access is terminated. [DSS] (see also access)

debug

To detect, locate, and correct errors and faults in computer software. [SRV] (see also computer, fault, software)

debugger

One who engages in the intuitive art of correctly determining the cause (e.g., bug) of a set of symptoms. [OVT]

debugging

(see also automated information system)

deception

A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. [RFC2828] Those measures designed to mislead the enemy/adversary by manipulation, distortion, or falsification of evidence to induce a reaction from that adversary that is prejudicial to the adversary's interests. [DSS] an adversary's telecommunications signals. [CNSSI] (see also adversary, authorized, case officer, communications, denial, entity, evidence, telecommunications, threat consequence)

decertification

Revocation of the certification of an IS item or equipment for cause. [CNSSI] Revocation of the certification of an information system item or equipment for cause. [CNSSI-4009] (see also revocation, certification)

decibel

Unit of sound measurement. [DSS]

decipher

(D) ISDs SHOULD NOT use this term as a synonym for 'decrypt', except in special circumstances. [RFC2828] Convert enciphered text to plain text by means of a cryptographic system. [CNSSI][CNSSI-4009] To convert, by use of the appropriate key, enciphered text into its equivalent plain text. [SRV] (see also cryptographic, key, system, cipher)

decipherment

(D) ISDs SHOULD NOT use this term as a synonym for 'decryption', except in special circumstances. [RFC2828] Alternative term for decryption. [SC27] The reversal of a corresponding encipherment. [SC27] The reversal of a corresponding encipherment. [ISO/IEC 9797-1: 1999, ISO/IEC 9798-1: 1997, ISO/IEC 11770-1: 1996, ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)] Alternative term for decryption. [SC27] (see also encipherment, cipher)

decision support systems (DSS)

(see also system)

declassification

Authorized change in the status of information from classified information to unclassified information. Also an administrative step that the owner of the media takes when the classification is lowered to UNCLASSIFIED. The media must be properly sanitized before it can be downgraded to UNCLASSIFIED. [DSS] (see also authorized, classified)

declassification authority

Information may be declassified and downgraded by the Secretary of Defense, the Secretaries of the Military Departments, those officials who have been delegated Original Classification Authority, and officials who have been delegated declassification authority. The authority to declassify information extends only to information for which the specific official has classification, program, or functional responsibility. [DSS] (see also classified)

declassification guide

Guide that provides classification and declassification instructions specifically for information 25 years old or older and of permanent historical value. A declassification guide is also the most commonly used method for obtaining Interagency Security Classification Appeals Panel approval of 25-year exemptions from the automatic declassification provisions of Executive Order 12958, as amended. [DSS] (see also security)

declassification of AIS storage media

An administrative decision or procedure to remove or reduce the security classification of the subject media. [AJP][NCSC/TG004] (see also security) (includes automated information system, subject)

decode

(I) Convert encoded data back to its original form of representation. (D) ISDs SHOULD NOT use this term as a synonym for 'decrypt', because that would mix concepts in a potentially misleading way. [RFC2828] Convert encoded text to plain text by means of a code. [CNSSI][CNSSI-4009] (see also code)

decomposition

Breaking down a process into subprocesses and activities. [SRV] Requirement in a protection profile that spans several components. Note: The decomposition of a specific requirement becomes necessary when that requirement must be assigned to multiple components of the generic product requirements during the interpretation process. [AJP][FCv1] (see also file, process, profile, protection profile)

decrypt

(I) Cryptographically restore ciphertext to the plaintext form it had before encryption. [RFC2828] Generic term encompassing decode and decipher. [CNSSI][CNSSI-4009] To convert encrypted text, ciphertext, into its equivalent plaintext through the use of a cryptographic algorithm. The term decrypt covers the meanings of decipher and decode. [SRV] To render encrypted information intelligible by effecting a series of transformations using variable elements controlled by the application of a key to the given representation of the information. [NASA] (see also algorithm, application, cipher, code, control, cryptographic, encryption, information, key)

decryption

Conversion of ciphertext to plaintext through the use of a cryptographic algorithm. [FIPS 185] Reversal of a corresponding encipherment. [SC27] The process of changing ciphertext into plaintext using a cryptographic algorithm and key. [SP 800-21] The process of changing ciphertext into plaintext. [SRV] The process of transforming ciphertext into plaintext. [SP 800-67] (see also encryption, cipher, encipherment, process)

dedicated loop encryption device (DLED)

(see also encryption)

dedicated mode

IS security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: a. valid security clearance for all information within the system; b. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs); and c. valid need-to-know for all information contained within the IS. When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time. [CNSSI] Information systems security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: 1. valid security clearance for all information within the system, 2. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs), and 3. valid need- to-know for all information contained within the information system. When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time. [CNSSI-4009] (see also access, access control, classified, computer security, control, information, operation, process, program, security, system, users)

dedicated security mode

(I) A mode of operation of an information system, wherein all users have the clearance or authorization, and the need-to-know, for all data handled by the system. In this mode, the system may handle either a single classification level or category of information or a range of levels and categories. (C) This mode is defined formally in U.S. Department of Defense policy regarding system accreditation, but the term is also used outside the Defense Department and outside the Government. [RFC2828] The mode of operation in which the system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specific period of time. [TNI] (see also accreditation, authorization, classification levels, classified, control, information, operation, policy, process, system, system-high security mode, users, modes of operation, security)

default account

(I) A system login account (usually accessed with a user name and password) that has been predefined in a manufactured system to permit initial access when the system is first put into service. (C) Sometimes, the default user name and password are the same in each copy of the computer system. In any case, when the system is put into service, the default password should immediately be changed or the default account should be disabled. [RFC2828] (see also access, access control, computer, login, passwords, system, users)

default classification

A temporary classification reflecting the highest classification being processed in a system. The default classification is included in the caution statement affixed to the object. [AJP][NCSC/TG004] Classification reflecting the highest classification being processed in an information system. Default classification is included in the caution statement affixed to an object. [CNSSI-4009] Temporary classification reflecting the highest classification being processed in an IS. Default classification is included in the caution statement affixed to an object. [CNSSI] (see also process, system, classification levels, classified) (includes object)

default file protection

The access controls that an IT system places on a file when the data owner does not take other explicit action [NASA] (see also access, control, owner, system, access control, file)

defect

Any state of unfitness for use, or nonconformance to specifications. [SRV] Nonconformance to requirements. [OVT] (see also bug, failure, fault, requirements, risk)

defense

The confidence that Americans' lives and personal safety, both at home and abroad, are protected and the United States' sovereignty, political freedom, and independence, with its values, institutions, and territory intact are maintained. [CIAO] (see also confidence, threat)

defense articles

Any weapons, weapon systems, munitions, aircraft, boats, or other implements of war; any property, installations, commodities, materials, equipment, supplies, or goods used for furnishing military assistance or making military sales; any machinery, facility, tool, material, supply, or other item necessary for the manufacture, production, processing, repair, servicing, storage, construction, transportation, operation, or use of any other Defense article; and any component or part of any articles listed above. [DSS]

Defense Central Index of Investigations

The Defense Central Index of Investigations is an automated Department of Defense repository that identifies investigations conducted by Department of Defense investigative agencies and personnel security determinations made by Department of Defense adjudicative authorities. [DSS] (see also security)

Defense Central Security Index

Automated subsystem of the Defense Central Index of Investigations designed to record issuance, denial, or revocation of security clearances, access to classified information, or assignment to a sensitive position by Department of Defense Components for military, civilian, and contractor personnel. The Defense Central Security Index serves as the central Department of Defense repository of security-related actions to assist Department of Defense security officials in making sound clearance and access determinations. The Defense Central Security Index provides accurate and reliable statistical data for senior Department of Defense officials, congressional committees, the Government Accountability Office, and other authorized Federal requesters. [DSS] (see also access, authorized, classified, security)

defense communications system (DCS)

(see also communications, system)

defense courier service (DCS)

Defense Industrial Security Clearance Office

Section of the Defense Security Service responsible for granting security clearances to Department of Defense contractors. [DSS] (see also security)

Defense Information Infrastructure (DII)

Encompasses information transfer and processing resources, including information and data storage, manipulation, retrieval, and display. More specifically, the Defense Information Infrastructure is the shared or interconnected system of computers, communications, data, applications, security, people, training, and other support structure serving the Department of Defense's ocal and worldwide information needs. The Defense Information Infrastructure: Connects Department of Defense mission support, command and control, and intelligence computers and users through voice, data, imagery, video, and multimedia services, and Provides information processing and value-added services to subscribers over the Defense Information Systems Network. Unique user data, information, and user applications are not considered part of the Defense Information Infrastructure. [DSS] The shared or interconnected system of computers, communications, data applications, security, people, training and other support structures serving DoD local, national, and worldwide information needs. DII connects DoD mission support, command and control, and intelligence computers through voice, telecommunications, imagery, video, and multimedia services. It provides information processing and services to the subscribers over the Defense Information Systems Network and includes command and control, tactical, intelligence, and commercial communications systems used to transmit DoD information. (Pending approval in JP 1-02) [NSAINT] (see also application, command and control, communications, computer, control, intelligence, network, process, security, system, telecommunications, users, information)

Defense Information System Network (DISN)

(see also information, network, system)

Defense Information Systems Network

As a subelement of the Defense Information Infrastructure, the Defense Information Systems Network is the Department of Defense's consolidated worldwide enterprise level telecommunications infrastructure that provides the end-to-end information transfer network for supporting military operations. It is transparent to its users, facilitates the management of information resources, and is responsive to national security and defense needs under all conditions in the most efficient manner. The Defense Information Systems Network is an information transfer network with valueadded services for supporting national Defense C31 decision support requirements and Classified Military Information functional business areas. As an information transfer utility, the Defense Information Systems Network provides dedicated point-to-point, switched voice and data, imagery, and video teleconferencing communications services. [DSS] (see also classified, requirements, security, users, network)

Defense Information Systems Network Designated Approving Authority

One of four Designated Approving Authorities responsible for operating the Defense Information Systems Network at an acceptable level of risk. The four Defense Information Systems Network Designated Approving Authorities are the Directors of the Defense Information Systems Agency, the Defense Intelligence Agency, the National Security Agency, and the Director of the Joint Staff (delegated to the Joint Staff Director for Command, Control, Communications, and Computer Systems, or J-6). [DSS] (see also intelligence, risk, security, network)

defense message system (DMS)

(see also message, system)

Defense Office of Hearings and Appeals

Office responsible for making denial/revocation decisions for Department of Defense contractors. [DSS]

Defense Personnel Exchange Program

Program under which military and civilian personnel of the Department of Defense and military and civilian personnel of the defense ministries and/or military services of foreign governments, in accordance with the terms of an international agreement, occupy positions with and perform functions for a host organization to promote greater understanding, standardization, and interoperability. [DSS] (see also foreign)

Defense Security Service

Oversees protection of national security assets in the hands of industry and provide integrated security services by providing Department of Defense integrated security services to include, but are not limited to Industrial Security with Counterintelligence Integration (National Industrial Security Program, Critical Infrastructure Protection Program, and Research and Technology Protection Program), Security education, training, and awareness (Education and Awareness and the Defense Security Service Academy), and Collaborative Adjudication Services. [DSS] (see also critical, intelligence, security)

Defense Security Service Personnel Investigations Center

Section in the Defense Security Service responsible for controlling Personnel Security Investigations and requests for Personnel Security Investigations, and providing files and completed Personnel Security Investigations to requesters. [DSS] (see also security)

Defense Services

Furnishing assistance (including training) to foreign persons, whether in the United States or abroad in design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing, or use of Defense articles; the furnishing to foreign persons of any technical data, whether in the United States or abroad; or military training of foreign units and forces, regular and irregular, including formal or informal instruction of foreign persons in the United States or abroad or by correspondence courses, technical, educational, or information publications and media of all kinds, training aid, orientation, training exercise, and military advice. [DSS] (see also foreign)

defense switched network (DSN)

(see also network)

Defense Travel Briefing

Formal advisories that alert travelers to the potential for harassment, exploitation, provocation, capture, entrapment, terrorism, or criminal activity. These briefings include recommended courses of action to mitigate adverse security and personal consequences and suggest passive and active measures to avoid becoming a target or inadvertent victim. [DSS] (see also criminal, security, target)

Defense Treaty Inspection Readiness Program

Security education and awareness program pertaining to arms control. [DSS] (see also security)

defense-in-breadth

A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or sub-component lifecycle (system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement). [CNSSI-4009] (see also development, risk)

defense-in-depth

A two-fold approach to securing an IT system: (1) layering security controls within a given IT asset and among assets, and (2) ensuring appropriate robustness of the solution as determined by the relative strength of the security controls and the confidence that the controls are implemented correctly, are effective in their application, and will perform as intended. This combination produces layers of technical and non-technical controls that ensures the confidentiality, integrity, and availability of the information and IT system resources. [800-37] Department of Defense approach for establishing an adequate Information Assurance posture in a shared-risk environment that allows for shared mitigation through the integration of people, technology, and operations; the layering of Information Assurance solutions within and among information technology assets; and, the selection of Information Assurance solutions based on their relative level of robustness. [DSS] IA strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of networks. Synonymous with security-in-depth. [CNSSI] Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization. [CNSSI-4009; SP 800-53] The security approach whereby layers of protection are needed to establish an adequate security posture for a system; strategy is based on concept that attacks must penetrate multiple protections that have been placed throughout the system to be successful. [IATF] (see also application, assurance, attack, availability, confidence, confidentiality, control, information, integrity, operation, resource, risk, system, technology, security)

defense-wide information assurance program (DIAP)

This Department of Defense (DoD) program provides for the planning, coordination, integration, and oversight of the DoD information assurance resources to assure the availability, integrity, authentication, confidentiality, and non-repudiation of the DoD's mission essential and mission support information. [IATF] (see also authentication, availability, confidentiality, integrity, non-repudiation, resource, information, information assurance, program)

Defensive Information Operations

A process that integrates and coordinates policies and procedures, operations, personnel, and technology to protect information and defend information systems. Defensive information operations are conducted through information assurance, physical security, operations security, counter-deception, counter-psychological operations, counter-intelligence, electronic protect, and special information operations. Defensive information operations ensure timely, accurate, and relevant information access while denying adversaries the opportunity to exploit friendly information and information systems for their own purposes. (Pending approval in JP 1-02) [NSAINT] (see also access, access control, assurance, exploit, information assurance, intelligence, process, security, system, technology, information, operation)

degauss

(1) To apply a variable, alternating current (AC) field for the purpose of demagnetizing magnetic recording media, usually tapes. The process involves increasing the AC field gradually from zero to some maximum value and back to zero, which leaves a very low residue of magnetic induction on the media. (2) Loosely, to erase. [SRV] (N) Apply a magnetic field to permanently remove, erase, or clear data from a magnetic storage medium, such as a tape or disk. Reduce magnetic flux density to zero by applying a reversing magnetic field. [RFC2828] Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing. [CNSSI][CNSSI-4009] The application of an alternating current (ac) field to demagnetize magnetic storage media. The process involves increasing the ac field gradually from zero to some maximum value and back to zero, which leaves a very low residue of magnetic induction on the media. Loosely, to erase magnetic media [NASA] To reduce magnetic flux density to zero by applying a reverse magnetizing field. [AJP][NCSC/TG004] [a] To reduce the magnetization to zero by applying a reverse (coercive) magnetizing force, commonly referred to as demagnetizing. (b) To reduce the correlation between previous and present data to a point that there is no known technique for recovery of the previous data. [DSS] (see also application, process, erasure) (includes degaussing)

degausser

(N) An electrical device that can degauss magnetic storage media. [RFC2828] An electrical device that can generate a magnetic field for the purpose of degaussing magnetic storage media. [AJP] An electrical device that can generate a magnetic field for the purpose of degaussing magnetic storage media. Degausser Products List (DPL) A list of commercially produced degaussers that meet National Security Agency specifications. This list is included in the NSA Information Systems Security Products and Services Catalogue, and is available through the Government Printing Office. [NCSC/TG004] Electrical device or handheld permanent magnet assembly that generates a coercive magnetic force for degaussing magnetic storage media or other magnetic material. [DSS] (see also computer security, information, system, National Security Agency, degausser products list)

degausser products list (DPL)

A list of commercially produced degaussers that meet U.S. National Security Agency (NSA) specifications. This list is included in NSA's 'Information Systems Security Products and Services Catalogue,' available through the U.S. Government Printing Office. [AJP] (see also computer security, information, system, Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership) (includes degausser)

degaussing

Demagnetizing. Procedure using an approved device to reduce the magnetization of a magnetic storage media to zero by applying a reverse (coercive) magnetizing force rendering any previously stored data unreadable and unintelligible. [DSS] Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing. [CNSSI][CNSSI-4009] (see also degauss)

degrees of freedom

A random sample of size n is said to have n-1 degrees of freedom for estimating the population variance, in the sense that there are n-1 independent deviations from the sample mean on which to base such an estimate. [SRV] (see also random)

delegated accrediting authority (DAA)

(see also authority)

delegated development program

INFOSEC program in which the Director, NSA, delegates, on a case-by-case basis, the development and/or production of an entire telecommunications product, including the INFOSEC portion, to a lead department or agency. [CNSSI][CNSSI-4009] (see also communications, telecommunications, development, program)

delegation

The ability to empower a principal to act on behalf of another principal. [misc] (see also authorization)

delegation of disclosure authority letter

Letter issued by the appropriate Designated Disclosure Authority (normally Navy International Program Office to a designated Department of Navy official defining classification levels, categories, scope, foreign countries, and limitations of information that may be authorized by the designated Department of Navy official for disclosures to a foreign recipient. Under no circumstances may the contents of Delegation of Authority Letter be disclosed or acknowledged to foreign representatives. Delegations of Authority Letters are general or subject-specific. [DSS] (see also authorized, foreign, subject)

delete access

The ability to erase or remove data or programs [CIAO] (see also program, access)

deleted file

A file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence. Deleting files does not always necessarily eliminate the possibility of recovering all or part of the original data. [SP 800-72]

deliberate compromise of classified information

Any intentional act done with the object of conveying classified information to any person not officially authorized to receive it. [DSS] (see also authorized, object, classified, compromise)

deliberate exposure

Intentional release of sensitive data to an unauthorized entity. [RFC2828] (see also authorized, entity, threat consequence)

deliverable

The object of an assurance assessment. An object may be a Protection Profile (PP) or Security Target (ST) as defined by ISO 15408 or a product, system, service, process, or environmental factor (i.e. personnel, organisation). NOTE - ISO 9000:2000 holds that a service is a type of product and 'product and/or service' when used in the ISO 9000 family of standards. [SC27] (see also assessment, assurance, file, object, process, profile, security, security target, standard, system, target)

deliverables list

A document produced by a CCTL containing the definition of the documents comprising the security target, all representations of the TOE, and developer support required to conduct an IT security evaluation in accordance with the laboratory's evaluation work plan. [NIAP] (see also IT security, computer security, security, security target, target, Common Criteria Testing Laboratory, national information assurance partnership, target of evaluation)

delivery

The process whereby a copy of the Target of Evaluation is transferred from the developer to a customer. [AJP][ITSEC] (see also process, target, target of evaluation)

delivery authority

An authority trusted by the sender to deliver the data from the sender to the receiver, and to provide the sender with evidence on the submission and transport of data upon request. [SC27] (see also evidence, trust, authority)

delta CRL

(I) A partial CRL that only contains entries for X.509 certificates that have been revoked since the issuance of a prior, base CRL. This method can be used to partition CRLs that become too large and unwieldy. [RFC2828] (see also X.509, certificate, revoked state, public-key infrastructure)

demand assigned multiple access (DAMA)

(see also access)

demilitarized zone (DMZ)

A computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. [FFIEC] A host or network segment inserted as a 'neutral zone' between an organization's private network and the Internet. [SP 800-45] A network segment or segments located between protected and unprotected networks. As an extra security measure, networks may be designed such that protected and unprotected segments are never directly connected. Instead, firewalls (and possibly public resources such as HTTP or FTP servers) reside on a so-called DMZ network. DMZ networks are sometimes called perimeter networks. [RFC2647] An interface on a routing firewall that is similar to the interfaces found on the firewall's protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied. [SP 800-41] Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network's IA policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks. A DMZ is also called a 'screened subnet.' [CNSSI] Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network's Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal network from outside attacks. A Demilitarized Zone is also called a 'screened subnet.' [DSS] Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network's Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks. [CNSSI-4009] (see also access, access control, assurance, attack, computer, information, internet, policy, resource, ruleset, security, trust, firewall) (includes protected network, unprotected network)

demon dialer

A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack. [NSAINT] A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS, or malign when used as a prank for denial of service attack. This includes any action that causes unauthorized destruction, modification, or delay of service. Delay or partial denial is more often called degradation of service. Synonymous with interdiction. [AFSEC] (see also access, access control, authorized, denial-of-service, malicious, program, attack)

denial

[a] Act of disowning or disavowing. (b) Refusal to grant something. [DSS] (see also deception, denial-of-service)

denial time

The average length of time that an affected asset is denied to the organization. [AFSEC] (see also risk)

denial-of-service (DoS)

(1) The prevention of authorized access to system assets or services or the delaying of time-critical operations. (2) Any action or series of actions that prevents any part of a system from functioning in accordance with its intended purpose. This includes any action that causes unauthorized destruction, modification, or delay of service. [AJP] (I) The prevention of authorized access to a system resource or the delaying of system operations and functions. [RFC2828] 1) A form of attack that reduces the availability of a resource. 2) Result of any action or series of actions that prevent any part of an IS from providing data or other services to authorized users. [CIAO] A method of attack from a single source that denies system access to legitimate users by overwhelming the target computer with messages and blocking legitimate traffic. It can prevent a system from being able to exchange data with other systems or use the Internet. [GAO] Action(s) which prevent any part of an AIS from functioning in accordance with its intended purpose. [AFSEC][NSAINT] Action(s) which prevent any part of an AIS from functioning in accordance with its intended purpose. Any action or series of actions that prevent any part of a system from functioning in accordance with its intended purpose. This includes any action that causes unauthorized destruction, modification, or delay of service. Synonymous with interdiction. Intentional degradation or blocking of computer or network resources. (I) The prevention of authorized access to a system resource or the delaying of system operations and functions. [OVT] An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources. [800-61] An attack where an attacker floods the server with bogus requests, or tampers with legitimate requests. Though the attacker does not benefit, service is denied to legitimate users. This is one of the most difficult attacks to thwart. [misc] An attack where service is denied to legitimate users. [IATF] Any action or series of actions that prevent any part of a system from functioning in accordance with its intended purpose. This includes any action that causes unauthorized destruction, modification, or delay of service. [NCSC/TG004] Any action or series of actions that prevent any part of a system from functioning in accordance with its intended purpose. This includes any action that causes unauthorized destruction, modification, or delay of service. Synonymous with interdiction. [SRV] Any action or series of actions that prevents any part of an IS from functioning. [CNSSI] The prevention of authorized access to a system resource or the delaying of system operations and functions. [800-82] The prevention of authorized access to resources or the delaying of time-critical operations. [800-30][800-33] The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.) [CNSSI-4009] The prevention of authorized access to system assets or services, or the delaying of time critical operations. [TNI] When action result in the inability to communicate and/ or the inability of an Automated Information System or any essential part to perform its designated mission, either by loss or degradation of a signal or operational capability. [DSS] (see also Automated Information System security, ICMP flood, SYN flood, access, access control, application, authorized, availability, availability service, bot-network operators, computer, computer abuse, cookies, critical, demon dialer, denial, function, information systems security, internet, letterbomb, logic bombs, message, operation, ping of death, resource, smurf, spam, system, tamper, users, attack, exploit, incident) (includes distributed denial-of-service)

deny by default

A configuration for a firewall or router that denies all incoming and outgoing traffic that is not expressly permitted, such as unnecessary services that could be used to spread malware. [800-83] (see also malware, router, security)

Department of Defense Components

Includes the Office of the Secretary of Defense; Military Departments; Joint Chiefs of Staff; Directors of Defense Agencies, and Unified and Specified Commands. [DSS]

Department of Defense Information System

Set of information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of information. Includes Automated Information System applications, enclaves, outsourced Information Technology-based processes, and platform Information Technology interconnections. [DSS]

Department of Defense National Agency Check Plus Written Inquiries

A personnel security investigation conducted by the Defense Investigative Service for access to SECRET information consisting of a National Agency Check, credit bureau check, and written inquires to current and former employers, covering a 5-year scope. [DSS] (see also access, security)

department/agency/organization code

Six-digit identification number assigned by the Secure Telephone Unit/Secure Telephone Equipment Central Facility to organizational descriptions. The Department/ Agency/Organization Code must be used by units when lacing an order for Secure Telephone Unit /Secure Telephone Equipment keying material. [DSS]

dependency

A relationship between requirements such that the requirement that is depended upon must normally be satisfied for the other requirements to be able to meet their objectives. [CC2][CC21][SC27] Condition in which the correctness of one TCB subset is contingent (depends for its correctness) on the correctness of another TCB subset. Note: A TCB subset A depends for its correctness on TCB subset B if and only if the (engineering) arguments of the correct implementation of A with respect to its specification assume, wholly or in part, that the specification of B has been implemented correctly. [AJP][FCv1] The one-directional reliance of an asset, system, network, or collection thereof, within or across sectors, on input, interaction, or other requirement from other sources in order to function properly. [NIPP] (see also object, requirements, trusted computing base)

depends

A TCB subset A depends (for its correctness) on TCB subset B if and only if the (engineering) arguments of the correct implementation of A with respect to its specification assume, wholly or in part, that the specification of B has been implemented correctly. [TDI] (see also trusted computing base)

depot maintenance

(see also full maintenance)

depth

An attribute associated with an assessment method that addresses the rigor and level of detail associated with the application of the method. The values for the depth attribute, hierarchically from less depth to more depth, are basic, focused, and comprehensive. [SP 800-53A]

derf

The act of exploiting a terminal which someone else has absent mindedly left logged on. [AFSEC][NSAINT] (see also exploit, terminal hijacking, threat)

derivative classification

Incorporating, paraphrasing, restating, or generating in new form information that is already classified, and marking the newly developed material consistent with the classification markings that applies to the source information. Derivative classification includes classification of information based on classification guidance. The duplication or reproduction of existing classified information is not derivative classification. [DSS] (see also classified)

derogatory information

Information that could adversely reflect on a person's character, trustworthiness, loyalty, or reliability, for example, a history of drug abuse or criminal activity. Information that is unrelated to character (such as foreign connections) while of adjudicative significance is not derogatory information. Generally, derogatory information is characterized as follows: Minor Derogatory Information: Information that by itself is not of sufficient importance or magnitude to justify an unfavorable administrative action in a personnel security determination. Significant Derogatory Information: Information that could in itself justifies an unfavorable administrative action, or prompt an adjudicator to Seek additional investigation or clarification. [DSS] (see also connection, criminal, foreign, security, trust)

descriptive top-level specification (DTLS)

A top-level specification that is written in a natural language (e.g. English), an informal design notation, or a combination of the two. [AJP][NCSC/TG004][TCSEC][TNI] Top-level specification written in a natural language (e.g., English), an informal design notation, or a combination of the two. Descriptive top-level specification, required for a class B2 and B3 (as defined in the Orange Book, Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD) information system, completely and accurately describes a trusted computing base. [CNSSI] (see also computer, criteria, evaluation, information, system, trust, top-level specification)

design controlled spare parts (DCSP)

(see also communications security, control)

designated

Assessed by the NIAP Oversight Body as technically competent in the specific field of IT security evaluation and formally authorized to carry out evaluations within the context of the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also IT security, authorized, computer security, criteria, evaluation, security, validation)

designated accrediting authority (DAA)

(see also risk, authority)

designated approval authority

(DAA) Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with authorizing official, designated accrediting authority, and delegated accrediting authority. [CNSSI-4009] Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with authorizing official, designated accrediting authority, and delegated accrediting authority. [CNSSI] (see also risk, system, authority)

designated approving authority (DAA)

(1) Official with the authority to formally assume responsibility for operating an IT product, an AIS, or network at an acceptable level of risk. (2) The official who has the authority to decide on accepting the security safeguards prescribed for an AIS or that official who may be responsible for issuing an accreditation statement that records the decision to accept those safeguards. [AJP] Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with designated accrediting authority and delegated accrediting authority. [800-37][DSS] The DAA determines the level of acceptable risk for a system and authorizes the operation of an information system by issuing an accreditation statement once an acceptable level of risk has been obtained. [IATF] The official who has the authority to decide on accepting the security safeguards prescribed for an AIS or that official who may be responsible for issuing an accreditation statement that records the decision to accept those safeguards. [NCSC/TG004] The official with the authority to formally assume responsibility for operating an IT product, an AIS, or network at an acceptable level of risk. [FCv1] (see also information, network, operation, system, accreditation, authority, risk) (includes automated information system)

designated approving authority representative

Official delegated by the Designated Approving Authority as responsible for ensuring conformance to prescribed security requirements for components of sites under its purview. [DSS] (see also requirements, security)

designated disclosure authority

Official at a Department of Navy organization (for example, command, agency, staff element) who has been granted a general delegation of disclosure authority by the Navy International Programs Office and is responsible for controlling disclosures of Classified Military Information and Controlled Unclassified Information at that organization. Normally, the designated official is nominated by the head of the organization and is approved by Navy International Programs Office following issuance of the general delegation of disclosure authority to the Department of Navy organization. [DSS] (see also classified)

designated intelligence disclosure official

Heads of Intelligence Community organizations or those U.S. Government officials who have been designated by the Director of National Intelligence, in writing, as having the authority to approve or deny disclosure or release of uncaveated intelligence information to foreign governments in accordance with applicable disclosure policies and procedures. [DSS] (see also foreign, intelligence)

designated laboratories list

The list of designated CCTLs authorized by the NIAP Oversight Body to conduct IT security evaluations within the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also IT security, authorized, computer security, criteria, evaluation, security, validation, Common Criteria Testing Laboratory, national information assurance partnership)

designating authority

The body with the power to designate, monitor, suspend, or withdraw CCTLs as specified under the terms of the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also criteria, evaluation, validation, Common Criteria Testing Laboratory, authority)

designation policy

A part of the essential documentation of the NIAP Common Criteria Evaluation and Validation Scheme, setting out the procedures for making an application to be designated as a CCTL and placed on the NIAP designated laboratories list and for the processing of such applications and of the training and security requirements which an applicant must fulfill in order to qualify. [NIAP] (see also application, criteria, evaluation, process, requirements, security, validation, Common Criteria Testing Laboratory, policy)

designer

The person or organization having the ability and responsibility and authority for specifying the components of a new system and how the components will be structured, coordinated, and operated. [800-130] (see also authority, system)

destroyed

(see destruction)

destroyed compromised state

A key lifecycle state or that zeroizes a key so that it cannot be recovered and it cannot be used and marks it as compromised, or that marks a destroyed key as compromised. For record purposed, the identifier and other selected metadata of a key may be retained. [800-130] (see also key, lifecycle, metadata, compromise, destruction, key lifecycle state)

destroyed state

A key lifecycle state that zeroizes a key so that it cannot be recovered and it cannot be used. For record purposed, the identifier and other selected metadata of a key may be retained. [800-130] (see also key, lifecycle, metadata, destruction, key lifecycle state)

destroying

Process of physically damaging the media so it is not usable, and that there is no known method of retrieving the data. [DSS] (see destruction)

destruction

A condition when the ability of a critical infrastructure to provide its customers an expected upon level of products and services is negated. Typically a permanent condition. An infrastructure is considered destroyed when its level of performance is zero. [CIAO] (see also Rivest-Shamir-Adleman algorithm, certificate management, critical, critical infrastructures, data integrity, erasure, garbled, integrity, key lifecycle state, key management, one-time pad, recover, risk) (includes destroyed compromised state, destroyed state)

detailed design

A phase of the development process wherein the top-level definition and design of a Target of Evaluation are refined and expanded to a level of detail that can be used as a basis for implementation. [AJP][ITSEC] (see also process, target, software development, target of evaluation)

detectable actions

Physical actions or anything heard, observed, imaged, or detected by human senses, or by active and/or passive technical sensors, including emissions that can be intercepted. [DSS]

determination authority

Designee of a senior official of the Intelligence Community responsible for decisions rendered with respect to Sensitive Compartmented Information access eligibility or ineligibility. [DSS] (see also access, intelligence)

deterministic

Independent of a randomizer, not randomized. [SC27] (see also random)

deterrence

creating perception about the difficulty and/or likely unfavorable consequences of taking some act; negative motivation [misc] (see also accountability, fear, uncertainty, or doubt)

developer

The organization or individual that develops the IT system. [800-37] The person or organization that manufactures a Target of Evaluation. [AJP][ITSEC] (see also system, target, target of evaluation)

developer security

The physical, procedural, and personnel security controls imposed by a developer on his development environment. [AJP][ITSEC] (see also control, security)

development

development assurance

(1) Establishes specific requirements to document appropriate aspects of the development process, the development environment, and operational support of the product. Development assurance specifies the manner in which products should be developed and/or details the amount and kind of evidence to be produced and retained during development. (2) Sources of IT product assurance ranging from how a product was designed and implemented to how it is tested, operated, and maintained. [AJP] Establishes specific requirements to document appropriate aspects of the development process, the development environment, and operational support of the product. Development assurance specifies the manner in which products should be developed and/or details the amount and kind of evidence to be produced and retained during development. [JTC1/SC27] Sources of IT product assurance ranging from how a product was designed and implemented to how it is tested, operated and maintained. [FCv1] (see also evidence, operation, process, requirements, test, assurance, development process) (includes software development methodologies)

development assurance component

Fundamental building block, specifying how an IT product is developed, from which development assurance requirements are assembled. [AJP][FCv1] (see also requirements, assurance, component)

development assurance package

Grouping of development assurance components assembled to ease specification and common understanding of how an IT product is developed. [AJP][FCv1] (see also assurance)

development assurance requirements

Requirements in a protection profile that address how each conforming IT product is developed, including the production of appropriate supporting developmental process evidence and how that product will be maintained. [AJP][FCv1] (see also evidence, file, process, profile, assurance, requirements)

development environment

The organizational measures, procedures, and standards used while constructing a Target of Evaluation. [AJP][ITSEC] (see also standard, target, development process, target of evaluation)

development process

The set of phases and tasks whereby a Target of Evaluation is constructed, translating requirements into actual hardware and software. [AJP][ITSEC] (see also requirements, software, target, process, software development, target of evaluation) (includes development assurance, development environment, hierarchical decomposition, informal specification, security specifications, top-level specification, validation, verification)

deviation

The difference between the particular number and the average of the set of numbers under consideration. [SRV] (see also personnel security exceptions)

device distribution profile

An approval-based Access Control List (ACL) for a specific product that 1) names the user devices in a specific key management infrastructure (KMI) Operating Account (KOA) to which PRSNs distribute the product, and 2) states conditions of distribution for each device. [CNSSI-4009] (see also access, control, management)

device registration manager

The management role that is responsible for performing activities related to registering users that are devices. [CNSSI-4009] (see also management, users)

diagnostics

Information concerning known failure modes and their characteristics. Such information can be used in troubleshooting and failure analysis to help pinpoint the cause of a failure and help define suitable corrective measures. [800-82] (see also analysis, information)

dial back

A procedure established for positively identifying a terminal dialing into a computer system by disconnecting the calling terminal and reestablishing the connection by the computer system's dialing the telephone number of the calling terminal. Synonymous with call-back. [SRV] Synonymous with call back. [CNSSI][CNSSI-4009] (see also computer, connection, identify, system)

dial-up

The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer. [AFSEC][AJP][NCSC/TG004][SRV] (see also communications, computer) (includes dial-up line, dial-up security)

dial-up capability

A host system that allows the user to connect to it by using a modem and standard telephone equipment [NASA] (see also remote logon, standard, system, users)

dial-up line

A communications circuit established by dialing a destination over a commercial telephone system, used to communicate with a computer (or the Internet) over a modem. [AFSEC] (see also communications, computer, internet, system, dial-up)

dial-up security

diameter

A successor AAA protocol to RADIUS that supports enhanced security and communication methods. [800-127] (see also security)

dictionary attack

(I) An attack that uses a brute-force technique of successively trying all the words in some large, exhaustive list. (C) For example, an attack on an authentication service by trying all possible passwords; or an attack on encryption by encrypting some known plaintext phrase with all possible keys so that the key for any given encrypted message containing that phrase may be obtained by lookup. [RFC2828] A form of attack in which an attacker uses a large set of likely combinations to guess a secret. e.g. an attacker may choose one million commonly used passwords and try them all until the password is determined. [misc] An attempt to gain access to an IS by guessing a user's password, using software that systematically enters words in a dictionary as passwords until a match is found. [CIAO] Discovery of authenticators by encrypting likely authenticators, and comparing the actual encrypted authenticator with the newly encrypted possible authenticators. [FFIEC] (see also access, access control, authentication, encryption, key, message, password cracker, passwords, software, system, users, attack)

differential power analysis

(DPA) An analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm. [FIPS 140-2]

Diffie-Hellman

(N) A key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman [DH76, R2631]. (C) Diffie-Hellman does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography. (C) The difficulty of breaking Diffie-Hellman is considered to be equal to the difficulty of computing discrete logarithms modulo a large prime. The algorithm is described in and. In brief, Alice and Bob together pick large integers that satisfy certain mathematical conditions, and then use the integers to each separately compute a public-private key pair. They send each other their public key. Each person uses their own private key and the other person's public key to compute a key, k, that, because of the mathematics of the algorithm, is the same for each of them. Passive wiretapping cannot learn the shared k, because k is not transmitted, and neither are the private keys needed to compute k. However, without additional mechanisms to authenticate each party to the other, a protocol based on the algorithm may be vulnerable to a man-in-the-middle attack. [RFC2828] A public key algorithm in which two parties, who need not have any prior knowledge of each other, can deduce a secret key that is only known to them and secret from everyone else. Diffie-Hellman is often used to protect the privacy of a communication between two anonymous parties. [misc] (see also algorithm, attack, authentication, cryptography, encryption, establishment, key, key management, operation, privacy, protocols, public-key, asymmetric algorithm)

diffie-hellman group

Value that specifies the encryption generator type and key length to be used for generating shared secrets. [800-77] (see also encryption, key)

digest

(see message digest)

digital certificate

(I) A certificate document in the form of a digital data object (a data object used by a computer) to that is appended a computed digital signature value that depends on the data object. (D) ISDs SHOULD NOT use this term to refer to a signed CRL or CKL. Although the recommended definition can be interpreted to include those items, the security community does not use the term with those meanings. [RFC2828] A structure for binding a principal's identity to its public key. A certification authority (CA) issues and digitally signs a digital certificate. [IATF][misc] The electronic equivalent of an ID card that authenticates the originator of a digital signature. [FFIEC] (see also authority, backup, certification, computer, digital signature, entity, identity, object, public-key, security, signature, certificate, credentials, key)

digital certification

(D) ISDs SHOULD NOT use this term as a synonym for 'certification', unless the context is not sufficient to distinguish between digital certification and another kind of certification, in which case it would be better to use 'public-key certification' or another phrase that indicates what is being certified. [RFC2828] (see also key, public-key, certification)

digital document

(I) An electronic data object that represents information originally written in a non-electronic, non-magnetic medium (usually ink on paper) or is an analogue of a document of that type. [RFC2828] (see also automated information system, information, object)

digital envelope

(I) A digital envelope for a recipient is a combination of (a) encrypted content data (of any kind) and (b) the content encryption key in an encrypted form that has been prepared for the use of the recipient. (C) In ISDs, this term should be defined at the point of first use because, although the term is defined in PKCS #7 and used in S/MIME, it is not yet widely established. (C) Digital enveloping is not simply a synonym for implementing data confidentiality with encryption; digital enveloping is a hybrid encryption scheme to 'seal' a message or other data, by encrypting the data and sending both it and a protected form of the key to the intended recipient, so that no one other than the intended recipient can 'open' the message. In PCKS #7, it means first encrypting the data using a symmetric encryption algorithm and a secret key, and then encrypting the secret key using an asymmetric encryption algorithm and the public key of the intended recipient. In S/MIME, additional methods are defined for conveying the content encryption key. [RFC2828] (see also algorithm, confidentiality, encryption, key, message, public-key)

digital evidence

Electronic information stored or transferred in digital form. [SP 800-72]

digital forensics

The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. [SP 800-86] (see also analysis, application, identification, information, integrity)

digital id

(D) ISDs SHOULD NOT use this term as a synonym for 'digital certificate' because (a) it is the service mark of a commercial firm, (b) it unnecessarily duplicates the meaning of other, well established terms, and (c) a certificate is not always used as authentication information. In some contexts, however, it may be useful to explain that the key conveyed in a public-key certificate can be used to verify an identity and, therefore, that the certificate can be thought of as digital identification information. [RFC2828] (see also authentication, certificate, entity, identification, identity, information, key, public-key, public-key infrastructure)

digital key

(C) The adjective 'digital' need not be used with 'key' or 'cryptographic key', unless the context is insufficient to distinguish the digital key from another kind of key, such as a metal key for a door lock. [RFC2828] (see also cryptographic, key)

digital notary

(I) Analogous to a notary public. Provides a trusted date-and-time stamp for a document, so that someone can later prove that the document existed at a point in time. May also verify the signature(s) on a signed document before applying the stamp. [RFC2828] (see also digital signature, signature, trust)

digital signature

(I) A value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity. (I) 'Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient.' (C) Typically, the data object is first input to a hash function, and then the hash result is cryptographically transformed using a private key of the signer. The final resulting value is called the digital signature of the data object. The signature value is a protected checksum, because the properties of a cryptographic hash ensure that if the data object is changed, the digital signature will no longer match it. The digital signature is unforgeable because one cannot be certain of correctly creating or changing the signature without knowing the private key of the supposed signer. (C) Some digital signature schemes use a asymmetric encryption algorithm to transform the hash result. Thus, when Alice needs to sign a message to send to Bob, she can use her private key to encrypt the hash result. Bob receives both the message and the digital signature. Bob can use Alice's public key to decrypt the signature, and then compare the plaintext result to the hash result that he computes by hashing the message himself. If the values are equal, Bob accepts the message because he is certain that it is from Alice and has arrived unchanged. If the values are not equal, Bob rejects the message because either the message or the signature was altered in transit. (C) Other digital signature schemes transform the hash result with an algorithm that cannot be directly used to encrypt data. Such a scheme creates a signature value from the hash and provides a way to verify the signature value, but does not provide a way to recover the hash result from the signature value. In some countries, such a scheme may improve exportability and avoid other legal constraints on usage. [RFC2828] A cryptographic method, provided by public key cryptography, used by a message's recipient and any third party to verify the identity of the message's sender. It can also be used to verify the authenticity of the message. A sender creates a digital signature or a message by transforming the message with his or her private key. A recipient, using the sender's public key, verifies the digital signature by applying a corresponding transformation to the message and the signature. [AJP] A cryptographic transformation of a data unit that allows a recipient of the data unit to prove the origin and integrity of the data unit and protect the sender and the recipient of the data unit against forgery by third parties, and the sender against forgery by the recipient. NOTE - Digital signatures may be used by end entities for the purposes of authentication, of data integrity, and of non-repudiation of creation of data. The usage for non repudiation of creation of data is the most important one for legally binding digital signatures. [SC27] A data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the origin and integrity of the data unit and protect the sender and the recipient of the data unit against forgery by third parties, and the sender against forgery by the recipient. [SC27] A data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the origin and integrity of the data unit and protect the sender and the recipient of the data unit against forgery by third parties, and the sender against forgery by the recipient. [ISO/IEC 11770-3: 1999] Data appended to, or a cryptographic transformation of, a data unit that allows the recipient of the data unit to prove the origin and integrity of the data unit and protect against forgery, e.g. by the recipient. [ISO/IEC FDIS 15946-3 (02/2001)] A cryptographic transformation of a data unit that allows a recipient of the data unit to prove the origin and integrity of the data unit and protect the sender and the recipient of the data unit against forgery by third parties, and the sender against forgery by the recipient. NOTE - Digital signatures may be used by end entities for the purposes of authentication, of data integrity, and of non-repudiation of creation of data. The usage for non-repudiation of creation of data is the most important one for legally binding digital signatures. [SC27] A digital signature is created by a mathematical computer program. It is not a hand-written signature nor a computer-produced picture of one. The signature is like a wax seal that requires a special stamp to produce it, and is attached to an Email message or file. The origin of the message or file may then be verified by the digital signature (using special tools). The act of retrieving files from a server on the network. [RFC2504] A method for verifying that a message originated from a principal and that it has not changed en route. Digital signatures are typically generated by encrypting a digest of the message with the private key of the signing party. [IATF][misc] A non-forgeable transformation of data that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data. [FIPS140] A nonforgeable transformation of data that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data. [FIPS 196] An asymmetric key operation where the private key is used to digitally sign an electronic document and the public key is used to verify the signature. Digital signatures provide authentication and integrity protection. [800-63] An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation. [SP 800-63] An authentication tool that verifies the origin of a message and the identity of the sender and receiver [NASA] Cryptographic process used to assure data object originator authenticity, data integrity, and time stamping for prevention of replay. [CNSSI-4009] Cryptographic process used to assure message originator authenticity, integrity, and nonrepudiation. Synonymous with electronic signature. [CNSSI] Cryptographic process used to assure the authenticity and non-repudiation of a message originator and/or the integrity of a message. [CIAO] Data appended to, or a cryptographic transformation of, a data unit that allows the recipient of the data unit to prove the origin and integrity of the data unit and protect against forgery, e.g. by the recipient. [SC27] The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism for verifying origin authentication, data integrity, and signatory non-repudiation. [FIPS 186-3] The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, data integrity, and signatory non-repudiation. [SP 800-89] The result of a cryptographic transformation of data that, when properly implemented, provides the services of origin authentication, data integrity, and signer non-repudiation. A nonforgeable transformation of data that allows the proof of the source (wi [SRV] The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation. [FIPS 140-2] The result of a transformation of a message by means of a cryptographic system using digital keys such that a relying party can determine (1) whether the transformation was created using the private key that corresponds to the public key in the signer's digital certificate and (2) whether the message has been altered since the transformation was made. Digital signatures may also be attached to other electronic information and programs so that the integrity of the information and programs may be verified at a later time. [GAO] (see also ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman algorithm, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, algorithm, archive, asymmetric cryptography, attribute certificate, authentic signature, authenticate, authentication, backup, bind, brand CRL identifier, certificate, certificate validation, certification path, computer, cryptographic, cryptographic algorithm, cryptographic system, cryptography, data origin authentication service, digital certificate, digital notary, digitized signature, dual signature, electronic signature, elliptic curve cryptography, encryption, encryption certificate, end entity, entity, file, function, hash, identity, information, integrity, invalidity date, key pair, merchant certificate, message, network, no prior relationship, non-repudiation, object, operation, personality label, pre-signature, pretty good privacy, private signature key, process, program, public-key, public-key certificate, revocation date, seal, security mechanism, sign, signature certificate, signature equation, signature function, signature key, signature process, signature system, signer, symmetric cryptography, system, triple DES, unforgeable, valid signature, validate vs. verify, verification, key, public-key infrastructure, signature) (includes Digital Signature Standard, digital signature algorithm)

digital signature algorithm (DSA)

(N) An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. The signature is computed using rules and parameters such that the identity of the signer and the integrity of the signed data can be verified. [RFC2828] Asymmetric algorithms used for digitally signing data. [SP 800-49] Procedure that appends data to, or performs a cryptographic transformation of, a data unit. The appended data or cryptographic transformation allows reception of the data unit and protects against forgery, e.g., by the recipient. [CNSSI] This algorithm uses a private key to sign a message and a public key to verify the signature. It is a standard proposed by the U.S. Government. [misc] (see also cryptographic, entity, hash, identity, integrity, key, message, public-key, secure hash algorithm, standard, Digital Signature Standard, algorithm, digital signature, signature)

Digital Signature Standard (DSS)

(N) The U.S. Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography. [RFC2828] A U.S. Federal Information Processing Standard proposed by NIST (National Institute of Standards and Technology) to support digital signature. [AJP] (see also algorithm, cryptography, information, process, technology, Federal Information Processing Standards, National Institute of Standards and Technology, digital signature, signature, standard) (includes Elliptic Curve Digital Signature Algorithm, digital signature algorithm)

digital subscriber voice terminal (DSVT)

digital telephony

Telephone systems that use digital communications technology. [AJP] (see also communications, system, technology)

digital watermarking

(I) Computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data--text, graphics, images, video, or audio--and for detecting or extracting the marks later. (C) The set of embedded bits (the digital watermark) is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. Depending on the particular technique that is used, digital watermarking can assist in proving ownership, controlling duplication, tracing distribution, ensuring data integrity, and performing other functions to protect intellectual property rights. [RFC2828] (see also control, function, integrity, owner, property)

digitized signature

(D) ISDs SHOULD NOT use this term because there is no current consensus on its definition. Although it appears to be used mainly to refer to various forms of digitized images of handwritten signatures, the term should be avoided because it might be confused with 'digital signature'. [RFC2828] (see also digital signature, signature)

digraph and/or trigraph

A two- and/or three-letter acronym for the assigned code word or nickname. [DSS]

diplomatic telecommunications service (DTS)

(see also network, communications, telecommunications)

direct access storage device (DASD)

(see also automated information system, access)

direct data feed

A process used by information aggregators to gather information directly from a website operator rather than copying it from a displayed webpage. [FFIEC] (see also information, process)

direct memory access (DMA)

(see also access, automated information system)

direct shipment

Shipment of COMSEC material directly from NSA to user COMSEC accounts. [CNSSI][CNSSI-4009] (see also communications security, users)

directed-energy warfare

Military action involving the use of directed-energy weapons, devices, and countermeasures to either cause direct damage or destruction of enemy equipment, facilities, and personnel, or to determine, exploit, reduce, or prevent hostile use of the electromagnetic spectrum through damage, destruction, and disruption. It also includes actions taken to protect friendly equipment, facilities, and personnel and retain friendly use of the electromagnetic spectrum. [DOD] (see also damage, warfare)

direction finding

A procedure for obtaining bearings of radio frequency emitters by using a highly directional antenna and a display unit on an intercept receiver or ancillary equipment. [DSS]

directive

Authoritative decision from an official body, which may or may not have binding force. [DSS]

directly trusted CA

A directly trusted CA is a CA whose public key has been obtained and is being stored by an end entity in a secure, trusted manner, and whose public key is accepted by that end entity in the context of one or more applications. [SC27] (see also application, entity, key, public-key, public-key infrastructure, trust)

directly trusted CA key

A directly trusted CA key is a public key of a directly trusted CA. It has been obtained and is being stored by an end entity in a secure, trusted manner. It is used to verify certificates without being itself verified by means of a certificate created by another CA. NOTE - If for example the CAs of several organizations cross-certify each other the directly trusted CA for an entity may be the CA of the entity's organization. Directly trusted CAs and directly trusted CA keys may vary from entity to entity. An entity may regard several CAs as directly trusted CAs. [SC27] (see also certificate, entity, public-key, key, public-key infrastructure, trust)

Director Central Intelligence Directive (DCID)

(see also intelligence)

Director of Central Intelligence Directive

Directive issued by the Director of Central Intelligence that establishes general policies and procedures to be followed by intelligence agencies and organizations under his jurisdiction before passage of the Intelligence Reform and Terrorism Prevention Act. Future Intelligence Community Directives, Intelligence Community Policy Guidance documents issued by the Director of National Intelligence will supersede Director of Central Intelligence Directives. [DSS] (see also intelligence)

directory

(see directory vs. Directory)

Directory Access Protocol

(N) An OSI protocol for communication between a directory user agent (a client) and a Directory System Agent (a server). [RFC2828] (see also database management system, system, users, access, protocols)

directory information base (DIB)

(see also information)

directory service

A service to search and retrieve information from a catalogue of well defined objects, which may contain information about certificates, telephone numbers, access conditions, addresses etc. An example is provided by a directory service conforming to the ITU-T Recommendation X.500. [SC27] (see also access, access control, certificate, information, object, public-key infrastructure)

directory user agent (DUA)

(see also users)

directory vs. Directory

(I) Not capitalized: The term 'directory' refers generically to database server or other system that provides information--such as a digital certificate or CRL--about an entity whose name is known. (I) Capitalized: 'Directory' refers specifically to the X.500 Directory. [RFC2828] (see also certificate, entity, information, public-key infrastructure, system)

disaster plan

(D) A synonym for 'contingency plan'. In the interest of consistency, ISDs SHOULD use 'contingency plan' instead of 'disaster plan'. disclosure (i.e. unauthorized disclosure) [RFC2828] (see also authorized, threat, contingency plan)

disaster recovery

The process of restoring an IS to full operation after an interruption in service, including equipment repair/replacement, file recovery/restoration, and resumption of service to users. [CIAO] (see also file, operation, process, reconstitution, users, contingency plan, recovery, risk management) (includes cold site, hot site)

disaster recovery plan

A plan that describes the process to recover from major processing interruptions. [FFIEC] A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities. [800-82] A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities. [SP 800-34] Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days. See Continuity of Operations Plan and Contingency Plan. [CNSSI-4009] Provides for the continuity of system operations after a disaster. [CNSSI] (see also application, critical, damage, management, operation, process, risk, risk management, software, system, contingency plan, recovery)

disclosure

Release of information through approved channels. [DSS] (see also release)

disclosure of information

Dissemination of information to anyone who is not authorized to access that information. [OVT] (see also access, access control, authorized, information)

disclosure record

Record of names and dates of initial access to any Program information. [DSS] (see also access)

disconnection

The termination of an interconnection between two or more IT systems. A disconnection may be planned (e.g., due to changed business needs) or unplanned (i.e. due to an attack or other contingency). [SP 800-47] (see also attack)

discrete event simulation

Discrete event simulation - An abstract mathematical representation of the computer system and its workloads that permits estimation of the performance of the computer system and related useful parameters using mathematical techniques and models individual transactions and jobs as a sequence of discrete events. [SRV] (see also computer, model, system)

discrete process

A type of process where a specified quantity of material moves as a unit (part or group of parts) between work stations and each unit maintains its unique identity. [800-82] (see also entity, identity, process)

discretionary access control (DAC)

(1) A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). (2) Methods of restricting access to objects or other resources based primarily on the instructions of arbitrary unprivileged users. Note: DAC is often used to enforce need-to-know. [AJP] (I) An access control service that enforces a security policy based on the identity of system entities and their authorizations to access system resources. (C) This service is termed 'discretionary' because an entity might have access rights that permit the entity, by its own volition, to enable another entity to access some resource. (O) 'A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject.' [RFC2828] A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). [CNSSI-4009] A means of restricting access to objects (for example, files, data entities) based on the identity and need-to-know of subjects (for example, users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). [DSS] A means of restricting access to objects based on the identity and need-to-know of the user, process and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. Compare to mandatory access control. [NCSC/TG004][SRV] A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). [TCSEC] A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that: (a) A subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject, (b) DAC is often employed to enforce need-to-know, (c) Access control may be changed by an authorized individual. Compare to Mandatory Access Control. [TNI] A non-policy-based method of restricting access to a system's files/objects based on the decision of the resource's owner. [IATF] Means of restricting access to objects based on the identity and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (directly or indirectly) to any other subject. [CNSSI] Methods of restricting access to objects or other resources based primarily on the instructions of arbitrary unprivileged users. [FCv1] The basis of this kind of security is that an individual user, or program operating on the user's behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user's control. [FIPS 191] (see also non-discretionary access control, authorization, authorized, entity, file, identity, object, owner, policy, privileged, process, resource, security, subject, system, users, access, control) (includes surrogate access)

disinfecting

Removing malware from within a file. [800-83] (see also file, malware, security)

disk imaging

Generating a bit-for-bit copy of the original media, including free space and slack space. [SP 800-86]

diskette

Metal or plastic disk, coated with iron oxide, on which data are stored for use by an Is. The disk is circular, rotates inside a square that allows the read/write head access to the disk. [DSS] (see also access)

dispersion

The extent to which the elements of a sample or the elements of a population are not all alike in the measured characteristic, are spread out, or vary from one another. Items that measure dispersion include: range, deviation, mean absolute deviation, variance, standard deviation, and coefficient of variation. [SRV] (see also standard)

disposition

Disposition indicates that a matter, an item, or a concept has been satisfactorily completed. It can also mean a person's character traits dealing mainly with the person's outlook on life. [DSS]

disruption

A circumstance or event that interrupts or prevents the correct operation of system services and functions. [RFC2828] An unplanned event that causes an information system to be inoperable for a length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). [SP 800-34] An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). [CNSSI-4009] (see also damage, function, operation, system, threat consequence)

dissemination

Provision of national intelligence to consumers in a form suitable for use. [DSS] (see also intelligence)

Distinguished Encoding Rules

(N) A subset of the Basic Encoding Rules, which gives exactly one way to represent any ASN.1 value as an octet string. (C) Since there is more than one way to encode ASN.1 in BER, DER is used in applications in which a unique encoding is needed, such as when a digital signature is computed on an ASN.1 value. [RFC2828] (see also application, certificate, code, digital signature, signature, Abstract Syntax Notation One, Basic Encoding Rules)

distinguished name (DN)

(I) An identifier that uniquely represents an object in the X.500 Directory Information Tree (DIT). (C) A DN is a set of attribute values that identify the path leading from the base of the DIT to the object that is named. An X.509 public-key certificate or CRL contains a DN that identifies its issuer, and an X.509 attribute certificate contains a DN or other form of name that identifies its subject. [RFC2828] A unique name or character string that unambiguously identifies an entity according to the hierarchical naming conventions of X.500 directory service. [CNSSI-4009] Globally unique identifier representing an individual's identity. [CNSSI] (see also X.509, certificate, entity, identify, identity, information, key, object, public-key, subject, public-key infrastructure) (includes subordinate distinguished name)

distinguishing identifier

Information which unambiguously distinguishes an entity in the authentication process. [FIPS 196; CNSSI-4009] Information which unambiguously distinguishes an entity in the non-repudiation process. [SC27] Information which unambiguously distinguishes an entity. [SC27] Information which unambiguously distinguishes an entity. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-2: 1996, ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)] Information which unambiguously distinguishes an entity in the non-repudiation process. [SC27] (see also authentication, entity, information, non-repudiation, process)

Distributed Authentication Security Service (DASS)

(I) An experimental Internet protocol that uses cryptographic mechanisms to provide strong, mutual authentication services in a distributed environment. [RFC2828] (see also cryptographic, cryptography, protocols, authentication, internet, security protocol)

distributed computing environment (DCE)

Open Group's integration of a set of technologies for application development and deployment in a distributed environment. Security features include a Kerberos-based authentication system, GSS-API interface, ACL-based authorization environment, delegation, and audit. [misc] (see also application, audit, authentication, interface, system, ACL-based authorization, Generic Security Service Application Program Interface) (includes kerberos)

distributed control system

In a control system, refers to control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit. [800-82] (see also intelligence, process, control, control systems, system)

distributed data

Data stored in more than one location over a network or several interconnected computers. [SRV] (see also computer, network)

distributed database

A database that is not stored in a central location, but is dispersed over a network of interconnected computers under the overall control of a central database management system whose storage devices are not all attached to the same processor. [SRV] (see also computer, control, network, process, system)

distributed dataprocessing (DDP)

Data processing in which some or all of the processing, storage, input/output, and control functions are dispersed among data processing stations. [SRV] (see also computer network, control, function, automated information system, process)

distributed denial-of-service (DDoS)

(DDoS) A Denial of Service technique that uses numerous hosts to perform the attack. [CNSSI-4009] A DoS technique that uses numerous hosts to perform the attack. [800-61] A variant of the denial-of-service attack that uses a coordinated attack from a distributed system of computers rather than from a single source. It often makes use of worms to spread to multiple computers that can then attack the target. [GAO] (see also computer, system, worm, denial-of-service, exploit)

distributed plant

A geographically distributed factory that is accessible through the Internet by an enterprise. [800-82] (see also access, internet)

distributed processing

A type of operation in which processing is spread among different computers that are linked through a communications network. Data processing that is performed by connected computer systems at more than one location. [SRV] (see also communications, computer, network, operation, system, automated information system, process)

distribution point

(I) An X.500 Directory entry or other information source that is named in a v3 X.509 public-key certificate extension as a location from which to obtain a CRL that might list the certificate. (C) A v3 X.509 public-key certificate may have a 'cRLDistributionPoints' extension that names places to get CRLs on which the certificate might be listed. A CRL obtained from a distribution point may (a) cover either all reasons for which a certificate might be revoked or only some of the reasons, (b) be issued by either the authority that signed the certificate or some other authority, and (c) contain revocation entries for only a subset of the full set of certificates issued by one CA or (c') contain revocation entries for multiple CAs. [RFC2828] (see also X.509, authority, certificate, information, key, public-key, revocation, revoked state, public-key infrastructure)

disturbance

An undesired change in a variable being applied to a system that tends to adversely affect the value of a controlled variable. [800-82] (see also control, system)

DNS spoofing

Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain. [NSAINT] assuming the DNS name of another system either by corrupting the name service cache of a victim system or by compromising a domain name server for a valid domain. [misc] (see also compromise, domain, system, domain name system, masquerade, spoof, spoofing)

document

Recorded information regardless of its physical form or characteristics, including, without limitation, written or printed matter, data processing cards and tapes, maps, charts, paintings, drawings, photos, engravings, sketches, working notes and papers, reproductions of such things by any means or process, and sound, voice, magnetic or electronic recordings in any form. [DSS]

documentary information

Information recorded on paper, film, transparency, electronic medium, or any other medium. This includes printed publications, reports, correspondence, maps, audiotapes, e-mail, spreadsheets, databases and graphical slides, technical drawings, software code, and information embodied in hardware. [DSS]

documentation

A family of security controls in the operations class dealing with the documentation it is necessary to maintain for the secure operation of an IT system. Documentation can include contingency plans, user manuals, hardware, software and application manuals, etc. [800-37] The written (or otherwise recorded) information about a Target of Evaluation required for an evaluation. This information may, but need not, be contained within a single document produced for the specified purpose. [AJP][ITSEC] (see also application, control, information, operation, security, software, system, target, users, target of evaluation)

DoD Information Technology Security Certification and Accreditation Process (DITSCAP)

The standard DoD approach for identifying information security requirements, providing security solutions, and managing information technology system security. (DoDI 5200.40) [IATF] (see also identify, information security, standard, system, accreditation, computer security, information, process, requirements, technology)

DoD Trusted Computer System Evaluation Criteria (TCSEC)

(see also computer, criteria, evaluation, system, trust)

domain

(I) Security usage: An environment or context that is defined by a security policy, security model, or security architecture to include a set of system resources and the set of system entities that have the right to access the resources. (I) Internet usage: That part of the Internet domain name space tree that is at or below the name the specifies the domain. A domain is a subdomain of another domain if it is contained within that domain. For example, D.C.B.A is a subdomain of C.B.A. (O) MISSI usage: The domain of a MISSI CA is the set of MISSI users whose certificates are signed by the CA. (O) OSI usage: An administrative partition of a complex distributed OSI system. [RFC2828] An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture. See Security Domain. [CNSSI-4009; SP 800-53; SP 800-37] System or group of systems operating under a common security policy. [CNSSI] The set of objects that a subject has the ability to access. [TCSEC][TDI][TNI] The unique context (e.g. access control parameters) in which a program is operating. Note: A subject's domain determines which access-control attributes an object must have for a subject operating in that domain to have a designated form of access. [FCv1] The unique context (e.g. access control parameters) in which a program is operating; in effect, the set of objects that a subject has the ability to access. [NCSC/TG004] The unique context (e.g. access control parameters) in which a program is operating; in effect, the set of objects that a subject has the ability to access. Note: A subject's domain determines which access control attributes an object must have for a subject operating in that domain to have a designated form of access. [AJP] (see also DNS spoofing, Internet Corporation for Assigned Names and Numbers, access, access control, access with limited privileges, boundary value analysis, boundary value testing, certificate, control, country code, cryptographic hash function, data input, executive state, firewall, hash function, hash token, identification data, identity, internet, metadata, model, one-way function, packet filtering, pharming, policy, policy creation authority, policy mapping, program, public-key certificate, public-key derivation function, public-key infrastructure, realm, registration, resource, revoked state, security, security authority, security perimeter, security policy information file, signature function, signature process, system, transport, trust relationship, uniform resource locator, users, validate, verification process, multilevel information systems security initiative, object, subject) (includes RA domains, certificate domain, certificate domain parameters, cross domain solution, domain controller, domain modulus, domain name, domain name service server, domain name system, domain of interpretation, domain parameter, domain verification exponent, public domain software, security domain, subset-domain)

domain controller

A server responsible for managing domain information, such as login identification and passwords. [800-82] (see also identification, information, passwords, control, domain)

domain modulus

A domain parameter, that is a positive integer resulting from the product of two distinct primes which are known only to the trusted third party. [SC27] (see also trust, domain)

domain name

(I) The style of identifier--a sequence of case-insensitive ASCII labels separated by dots ('bbn.com.')--defined for subtrees in the Internet Domain Name System and used in other Internet identifiers, such as host names (e.g. 'rosslyn.bbn.com.'), mailbox names (e.g. 'rshirey@bbn.com.'), and URLs (e.g. 'http://www.rosslyn.bbn.com/foo'). (C) The domain name space of the DNS is a tree structure in which each node and leaf holds records describing a resource. Each node has a label. The domain name of a node is the list of labels on the path from the node to the root of the tree. The labels in a domain name are printed or read left to right, from the most specific (lowest, farthest from the root) to the least specific (highest, closest to the root). The root's label is the null string, so a complete domain name properly ends in a dot. The top-level domains, those immediately below the root, include COM, EDU, GOV, INT, MIL, NET, ORG, and two-letter country codes (such as US) from ISO-3166. [RFC2828] (see also code, internet, resource, system, domain, domain name system)

domain name service server

A computer that determines Internet Protocol (IP) numeric addresses from domain names presented in a convenient, readable form. [FFIEC] (see also computer, protocols, domain, internet)

domain name system (DNS)

(I) The main Internet operations database, that is distributed over a collection of servers and used by client software for purposes such as translating a domain name-style host name into an IP address (e.g. 'rosslyn.bbn.com' is '192.1.7.10') and locating host that accepts mail for some mailbox address. (C) The DNS has three major components:

Domain name space and resource records: Specifications for the tree-structured domain name space, and data associated with the names.
Name servers: Programs that hold information about a subset of the tree's structure and data holdings, and also hold pointers to other name servers that can provide information from any part of the tree.
Resolvers: Programs that extract information from name servers in response to client requests; typically, system routines directly accessible to user programs. (C) Extensions to the DNS [R2065, R2137, R2536] support (a) key distribution for public keys needed for the DNS and for other protocols, (b) data origin authentication service and data integrity service for resource records, (c) data origin authentication service for transactions between resolvers and servers, and (d) access control of records.

[RFC2828] A General-purpose, distributed data query service, mainly used to look up host IP addresses based on host names. [misc] A database system that translates an IP address into a domain name [NASA] (see also access, access control, authentication, control, information, integrity, key, operation, program, protocols, public-key, resource, response, software, users, domain, internet, system) (includes DNS spoofing, domain name)

domain of interpretation (DOI)

(I) IPsec usage: An ISAKMP/IKE DOI defines payload formats, exchange types, and conventions for naming security-relevant information such as security policies or cryptographic algorithms and modes. (C) The DOI concept is based on work by the TSIG's CIPSO Working Group. [RFC2828] (see also algorithm, cryptographic, cryptography, information, internet protocol security, internet security protocol, security, domain)

domain parameter

A data item that is common to and known by or accessible to all entities within the domain. [SC27] A data item that is common to and known by or accessible to all entities within the domain. NOTE - The set of domain parameters may contain data items such as hash function identifier, length of the hash-token, length of the recoverable part of the message, finite field parameters, elliptic curve parameters, or other parameters specifying the security policy in the domain. [SC27] A data item that is common to and known by or accessible to all entities within the domain. NOTE. The set of domain parameters may contain data items such as hash function identifier, elliptic curve parameters, or other parameters specifying the security policy in the domain. [SC27] A data item that is common to and known by or accessible to all entities within the domain. [ISO/IEC 14888-1: 1998] A data item that is common to and known by or accessible to all entities within the domain. NOTE - The set of domain parameters may contain data items such as hash function identifier, length of the hash-token, length of the recoverable part of the message, finite field parameters, elliptic curve parameters, or other parameters specifying the security policy in the domain. [ISO/IEC 9796-3: 2000, ISO/IEC WD 15946-4 (10/2001)] A data item that is common to and known by or accessible to all entities within the domain. NOTE. The set of domain parameters may contain data items such as hash function identifier, elliptic curve parameters, or other parameters specifying the security policy in the domain. [SC27] (see also access, access control, function, hash, message, policy, security, tokens, domain)

domain verification exponent

A domain parameter that is a positive integer. [SC27] (see also domain, verification)

dominated by

(1) A security level A is dominated by security level B if the clearance/classification in A is less than or equal to the clearance/classification in B and the set of access approvals (e.g. compartment designators) in A is contained in (the set relation) the set of access approvals in B (i.e. each access approval appearing in A also appears in B). Depending on the policy enforced (e.g. nondisclosure or integrity), the definition of 'less than or equal to' and 'contained in' may vary. e.g. the level of an object of high integrity (i.e. an object which should be modifiable only by very trustworthy individuals) may be defined to be 'less than' the level of an object of low integrity (i.e. an object that is modifiable by everyone). (2) Security level A is dominated by security level B if (a) the clearance/classification in A is less than or equal to the clearance/classification in B, and (b) the set of access approvals (e.g. compartment designators) in A is contained in the set of access approvals in B (i.e. each access approval appearing in A also appears in B). This dominance relation is a special case of a partial order. [AJP] A security level A is dominated by security level B if the clearance/classification in A is less than or equal to the clearance/classification in B and the set of access approvals (e.g. compartment designators) in A is contained in (the set relation) the set of access approvals in B (i.e. each access approval appearing in A also appears in B). Depending upon the policy enforced (e.g. non-disclosure, integrity) the definition of 'less than or equal to' and 'contained in' may vary. e.g. the level of an object of high integrity (i.e. an object which should be modifiable by very trustworthy individuals) may be defined to be 'less than' the level of an object of low integrity (i.e. an object that is modifiable by everyone). [TNI] Security level A is dominated by security level B if (1) the clearance/classification in A is less than or equal to the clearance/classification in B, and (2) the set of access approvals (e.g. compartment designators) in A is contained in the set of access approvals in B (i.e. each access approval appearing in A also appears in B). This dominance relation is a special case of a partial order. [TDI] (see also dominates, access, access control, classification levels, classified, integrity, policy, security, trust) (includes object)

dominates

'Security level B dominates security level A' is synonymous with 'security level A is dominated by security level B.' [AJP][TDI] (I) Security level A is said to 'dominate' security level B if the hierarchical classification level of A is greater (higher) than or equal to that of B and the non-hierarchical categories of A include all of those of B. [RFC2828] Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset. [AJP][NCSC/TG004][TCSEC] security level B dominates security level A if A is dominated by B. [TNI] (see also dominated by, classification levels, classified, computer security, security)

dongle

(I) A portable, physical, electronic device that is required to be attached to a computer to enable a particular software program to run. (C) A dongle is essentially a physical key used for copy protection of software, because the program will not run unless the matching dongle is attached. When the software runs, it periodically queries the dongle and quits if the dongle does not reply with the proper authentication information. Dongles were originally constructed as an EPROM (erasable programmable read-only memory) to be connected to a serial input-output port of a personal computer. [RFC2828] (see also authentication, computer, information, key, program, software, tokens)

downgrade

(I) Reduce the classification level of information in an authorized manner. [RFC2828] The change of a classification label to a lower level without changing the contents of the data. Downgrading occurs only if the content of a file meets the requirements of the sensitivity level of the network for which the data is being delivered. [IATF] (see also authorized, classification levels, classified, file, information, network, requirements, security)

downgrading

Determination by a declassification authority that information classified and safeguarded at a specified level shall be classified and safeguarded at a lower level. [DSS] (see also classified)

download

The process of transferring a copy of a file from a remote computer to a local computer. [SRV] (see also computer, file, process)

draft RFC

(D) ISDs SHOULD NOT use this term, because the Request for Comment series is archival in nature and does not have a 'draft' category. [RFC2828] (see also Request for Comment)

drop accountability

Procedure under which a COMSEC account custodian initially receipts for COMSEC material, and provides no further accounting for it to its central office of record. Local accountability of the COMSEC material may continue to be required. [CNSSI] Procedure under which a COMSEC account custodian initially receipts for COMSEC material, and provides no further accounting for it to its central office of record. Local accountability of the COMSEC material may continue to be required. See Accounting Legend Code. [CNSSI-4009] (see also communications security)

Drug Enforcement Agency

The Drug Enforcement Agency is a Department of Justice law enforcement agency tasked with combating drug smuggling and use within the United States. Not only is the Drug Enforcement Agency the lead agency for domestic enforcement of the drug policy of the United States (sharing concurrent jurisdiction with the Federal Bureau of Investigation), it also coordinates and pursues drug investigations abroad. [DSS]

dual citizen

Citizen of more than one country. [DSS] (see also United States citizen)

dual control

(I) A procedure that uses two or more entities (usually persons) operating in concert to protect a system resource, such that no single entity acting alone can access that resource. [RFC2828] A process of utilizing two or more separate entities (usually persons) operating in concert to protect sensitive functions of information. [SRV] (see also access, access control, entity, function, information, process, resource, system, control, security)

dual driver service (DDS)

dual signature

(D) ISDs SHOULD NOT use this term except when stated as 'SET(trademark) dual signature' with the following meaning: (O) SET usage: A single digital signature that protects two separate messages by including the hash results for both sets in a single encrypted value. (C) Generated by hashing each message separately, concatenating the two hash results, and then hashing that value and encrypting the result with the signer's private key. Done to reduce the number of encryption operations and to enable verification of data integrity without complete disclosure of the data. [RFC2828] (see also digital signature, encryption, hash, integrity, key, message, operation, verification, Secure Electronic Transaction, signature)

dual technology

Passive infrared, microwave, or ultrasonic Intrusion Detection System sensors that combine the features of more than one volumetric technology. [DSS] (see also intrusion)

dual-homed gateway firewall

A firewall consisting of a bastion host with two network interfaces, one of that is connected to the protected network, the other of that is connected to the Internet. IP traffic forwarding is usually disabled, restricting all traffic between the two networks to whatever passes through some kind of application proxy. [SRV] (see also application, interface, internet, network, firewall, gateway)

dual-use certificate

A certificate that is intended for use with both digital signature and data encryption services. [SP 800-32]

due care

Managers and their organizations have a duty to provide for information security to ensure that the type of control, the cost of control, and the deployment of control are appropriate for the system being managed. [800-30] (see also control, information, information security, security, system)

dump

A mechanism to transfer the contents of computer memory to a printer or disk for debugging purposes. [SRV] (see also computer, failure)

dumpster diving

The practice of raiding the dumpsters behind buildings where producers and/or consumers of high-tech equipment are located with the expectation of finding discarded but still-valuable equipment or information. [AFSEC] sifting through a company's garbage to find information to help break into its computers. [FJC] (see also computer, identity theft, information, threat)

duplicate digital evidence

A duplicate is an accurate digital reproduction of all data objects contained on the original physical item and associated media. [SP 800-72]

duration

A field within a certificate that is composed of two subfields; 'date of issue' and 'date of next issue'. [SP 800-32]

dynamic analysis

The process of evaluating a system or component based on its behavior during execution. (NBS) Analysis that is performed by executing the program code. Contrast with static analysis. [OVT] (see also code, process, program, system, testing, analysis)

dynamic binding

Also known as run-time binding or late binding. Dynamic binding refers to the association of a message with a method during run time, as opposed to compile time. It means that a message can be sent to an object without prior knowledge of the object's class. A binding in which the name/class association is not made until the object designated by the name is created at execution time. [SRV] (see also association, message, object, backup)

dynamic subsystem

A subsystem that is not continually present during the execution phase of an information system. Service-oriented architectures and cloud computing architectures are examples of architectures that employ dynamic subsystems. [SP 800-37]

e-banking

The remote delivery of new and traditional banking products and services through electronic delivery channels. [FFIEC] (see also internet)

e-government

The use by the U.S. Government of Web-based Internet applications and other information technology. [CNSSI-4009]

e-mail server

A computer that manages e-mail traffic. [FFIEC] (see also computer, internet)

ease of use

An aspect of the assessment of the effectiveness of a Target of Evaluation, namely, that it cannot be configured or used in a manner that is insecure but which an administrator or end-user would reasonably believe to be secure. [ITSEC] An aspect of the assessment of the effectiveness of a Target of Evaluation, namely, that it cannot be configured or used in a manner that is insecure but which an administrator or end-user would reasonably believe to be secure. Note: this term can be used as a reference for each type of item to be evaluated or under evaluation. [AJP] (see also assessment, target, users, target of evaluation)

easter egg

Hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening. [SP 800-28] (see also development, threat)

eavesdropping

(I) Passive wiretapping done secretly, i.e. without the knowledge of the originator or the intended recipients of the communication. [RFC2828] An attack in which an attacker listens to a private communication. The best way to thwart this attack is by making it very difficult for the attacker to make any sense of the communication by encrypting all messages. [IATF][misc] Listening in to voice or electronic data transmissions without authorization. [AFSEC] The unauthorized interception of information-bearing emanations through the use of methods other than wiretapping. [SRV] Type of attack in which an adversary uses a WiMAX traffic analyzer within the range of a BS or SS/MS to monitor WiMAX communications. [800-127] (see also adversary, authorization, authorized, emanation, emanations security, information, message, shoulder surfing, attack)

eavesdropping attack

An attack in which an attacker listens passively to the authentication protocol to capture information which can be used in a subsequent active attack to masquerade as the claimant. [800-63][SP 800-63] (see also authentication, information, protocols, attack)

economic intelligence

Intelligence regarding economic resources, activities, and policies. [DSS] (see also intelligence)

economy of mechanism

(I) The principle that each security mechanism should be designed to be as simple as possible, so that the mechanism can be correctly implemented and so that it can be verified that the operation of the mechanism enforces the containing systems security policy. [RFC2828] (see also operation, policy, system, security)

EE

(D) ISDs SHOULD NOT use this abbreviation because of possible confusion among 'end entity', 'end-to-end encryption', 'escrowed encryption standard', and other terms. [RFC2828] (see also encryption, entity, escrow, standard)

effective key length

A measure of strength of a cryptographic algorithm, regardless of actual key length. [IATF] (see also algorithm, cryptographic, encryption, key)

effectiveness

(1) A property of a Target of Evaluation representing how well it provides security in the context of its actual or proposed operational use. (2) In security evaluations, an aspect of assurance assessing how well the applied security functions and mechanisms working together will actually satisfy the security requirements. (3) Effectiveness is established by evaluation (vetting) of a protection profile (or security target, if there is no protection profile) description of anticipated threats, intended method of use, and residual risk. Effectiveness includes establishing suitability for use in the specified environment. [AJP] A property of a Target of Evaluation representing how well it provides security in the context of its actual or proposed operational use. [ITSEC] In security evaluations, an aspect of assurance assessing how well the applied security functions and mechanisms working together will actually satisfy the security requirements. [JTC1/SC27] (see also file, function, operation, profile, property, requirements, risk, security target, target, threat, assurance)

egress filtering

Blocking outgoing packets that should not exit a network. [800-83] Filtering of outgoing network traffic. [SP 800-41] The process of blocking outgoing packets that use obviously false Internet Protocol (IP) addresses, such as source addresses from internal networks. [800-61] (see also internet, process, protocols, security)

egress point

Any authorized exit from an enclosed area [NASA] (see also authorized)

El Gamal algorithm

(N) An algorithm for asymmetric cryptography, invented in 1985 by Taher El Gamal, that is based on the difficulty of calculating discrete logarithms and can be used for both encryption and digital signatures. [ElGa, Schn]$ electronic codebook (ECB) (I) An block cipher mode in which a plaintext block is used directly as input to the encryption algorithm and the resultant output block is used directly as ciphertext. [RFC2828] (see also cipher, code, cryptography, digital signature, encryption, signature, algorithm)

elapsed time

Time as measured by an external observer, i.e. wall-clock time. [SRV]

electrical power systems

A critical infrastructure characterized by generation stations, transmission and distribution networks that create and supply electricity to end-users so that end-users achieve and maintain nominal functionality, including the transportation and storage of fuel essential to that system. [CIAO] (see also critical, function, users, critical infrastructures, system)

electromagnetic compatibility (EMC)

The ability of electronic systems to operate in their intended environments without suffering an unacceptable degradation of the performance as a result of unintentional electromagnetic radiation or response. [FIPS140] (see also response, system)

electromagnetic emanations

Signals transmitted as radiation through the air and through conductors. [SRV] (see also emanation, emanations security)

electromagnetic interference (EMI)

electromagnetic phenomena which either directly or indirectly can contribute to a degradation in the performance of an electronic system. [FIPS140] (see also system, risk)

electronic attack (EA)

That division of EW involving the use of electromagnetic, directed energy, or antiradiation weapons to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat capability. EA includes: actions taken to prevent or reduce an enemy's effective use of the electromagnetic spectrum, such as jamming and electromagnetic deception and employment of weapons that use either electromagnetic or directed energy as their primary destructive mechanism (lasers, radio frequency, particle beams). [NSAINT] (see also communications security, jamming, attack)

electronic authentication

(E-authentication) The process of establishing confidence in user identities electronically presented to an information system. [SP 800-63; CNSSI-4009] The process of establishing confidence in user identities electronically presented to an information system. [800-63] (see also information, process, system, users, authentication)

electronic benefit transfer (EBT)

(see also network)

electronic business (e-business)

Doing business online. [CNSSI-4009]

electronic codebook (ECB)

(see also code)

electronic commerce

(I) General usage: Business conducted through paperless exchanges of information, using electronic data interchange, electronic funds transfer (EFT), electronic mail, computer bulletin boards, facsimile, and other paperless technologies. (O) SET usage: 'The exchange of goods and services for payment between the cardholder and merchant when some or all of the transaction is performed via electronic communication.' [RFC2828] Using information technology to conduct business functions such as electronic payments and document interchange. [SRV] (see also communications, computer, electronic data interchange, email, function, information, internet, technology, Secure Electronic Transaction)

electronic counter-countermeasures (ECCM)

(see also countermeasures)

electronic countermeasures (ECM)

(see also countermeasures)

electronic credentials

Digital documents used in authentication that bind an identity or an attribute to a Subscriber's token. Note that this document distinguishes between credentials, and tokens while other documents may interchange these terms. [800-63] Digital documents used in authentication that bind an identity or an attribute to a subscriber's token. [CNSSI-4009] The electronic equivalent of a traditional paper-based credential/document that vouches for an individual's identity. [GAO] (see also authentication, entity, identity)

electronic data interchange (EDI)

(I) Computer-to-computer exchange, between trading partners, of business data in standardized document formats. (C) EDI formats have been standardized primarily by ANSI X12 and by EDIFACT (EDI for Administration, Commerce, and Transportation), that is an international, UN-sponsored standard primarily used in Europe and Asia. X12 and EDIFACT are aligning to create a single, global EDI standard. [RFC2828] A communications standard for the electronic exchange of documents, such as purchase orders and invoices, between buyers and sellers. [SRV] (see also communications, computer, electronic commerce, standard, value-added network)

electronic document management system (EDMS)

(see also system)

electronic evidence

Information and data of investigative value that is stored on or transmitted by an electronic device. [SP 800-72]

electronic fill device (EFD)

electronic funds transfer system (EFTS)

(see also system)

electronic generation, accounting, and distribution system (EGADS)

(see also system)

electronic intelligence (ELINT)

Technical and geolocation intelligence derived from foreign non-communications transmissions (for example, radar) by other than nuclear detonations or radioactive sources. [DSS] (see also foreign, intelligence)

electronic key entry

The entry of cryptographic keys into a cryptographic module in electronic form using a key loading device. The user entering the key may have no knowledge of the value of the key being entered. [FIPS140] The entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. (The operator of the key may have no knowledge of the value of the key being entered.) [FIPS 140-2] (see also cryptographic, module, users, key management)

electronic key management system (EKMS)

Interoperable collection of systems being developed by services and agencies of the U.S. Government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material. [CNSSI] The EKMS is a National Security Agency (NSA) effort to electronically provide communications security (COMSEC) material and provide a logistics support system consisting of interoperable Department, Agency or Organization (DAO) key management systems. [IATF] (see also communications, communications security, key management, system)

electronic messaging services

Services providing interpersonal messaging capability; meeting specific functional, management, and technical requirements; and yielding a business-quality electronic mail service suitable for the conduct of official government business. [CNSSI][CNSSI-4009] (see also function, internet, management, quality, requirements)

electronic personnel security questionnaire

Department of Defense software program used for preparing and electronically submitting security forms for a Personnel Security Investigation. [DSS] (see also security)

electronic protection (EP)

That division of EW involving actions taken to protect personnel, facilities, and equipment from any effects of friendly or enemy employment of EW that degrade, neutralize, or destroy friendly combat capability. [NSAINT] (see also assurance)

electronic questionnaire for investigative processing

Office of Personnel Management software program for preparing and electronically submitting security forms for a personnel security or suitability investigation. [DSS] (see also security)

electronic security (ELSEC)

Protection resulting from measures designed to deny unauthorized individuals information derived from the interception and analysis of noncommunications electromagnetic radiations. [CNSSI] Protection resulting from measures designed to deny unauthorized persons information from the interception and analysis of non-communication electromagnetic emissions. [DSS] (see also analysis, authorized, communications, information, security)

electronic signature

(D) ISDs SHOULD NOT use this term because there is no current consensus on its definition. [RFC2828] A method of signing an electronic message that (1) identifies and authenticates a particular person as the source of the electronic message and (2) indicates such person's approval of the information contained in the electronic message. [SRV] See digital signature. [CNSSI] The process of applying any mark in electronic form with the intent to sign a data object. See also Digital Signature. [CNSSI-4009] (see also digital signature, information, message, signature)

electronic surveillance

Acquisition of a nonpublic communication by electronic means without the consent of a person who is a party to an electronic communication or, in the case of a person who is visibly present at the place of communication, but not including the use of radio direction-finding equipment solely to determine the location of the transmitter. Electronic surveillance may involve consensual interception of electronic communication and the use of tagging, tracking, and location devices. [DSS] (see also Foreign Intelligence Surveillance Act)

electronic transmission

Transmission system that uses the flow of electric current (usually 4 to 20 milliamperes) to transmit output or input signals. [DSS]

electronic warfare (EW)

Any military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy. The three major subdivisions within electronic warfare are electronic attack, electronic protection, and electronic warfare support. [NSAINT] Military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy. Electronic warfare consists of three divisions: electronic attack, electronic protection, and electronic warfare support. [DOD] Military action involving use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy. The three major subdivisions within electronic warfare are electronic attack, electronic protection, and electronic warfare support. [DSS] (see also attack, control, warfare) (includes electronic warfare support)

electronic warfare support (ES)

That division of EW involving actions tasked by, or under direct control of, an operational commander to search for, intercept, identify, and locate sources of intentional and unintentional radiated electromagnetic energy for the purpose of immediate threat recognition. Thus, electronic warfare support provides information required for immediate decisions involving EW operations and other tactical actions such as threat avoidance, targeting and homing. ES data can be used to produce signals intelligence. (JP 1-02) [NSAINT] (see also control, identify, information, intelligence, operation, target, threat, electronic warfare, warfare)

electronically generated key

Key generated in a COMSEC device by introducing (either mechanically or electronically) a seed key into the device and then using the seed, together with a software algorithm stored in the device, to produce the desired key. [CNSSI][CNSSI-4009] (see also algorithm, communications security, software, key)

element

An indivisible security requirement. [CC2][CC21][SC27] (see also communications security, security)

eligibility

Determination that a person meets personnel security standards for access to Program material. [DSS] (see also access, security)

elliptic curve cryptography

(I) A type of asymmetric cryptography based on mathematics of groups that are defined by the points on a curve. (C) The most efficient implementation of ECC is claimed to be stronger per bit of key (against cryptanalysis that uses a brute force attack) than any other known form of asymmetric cryptography. ECC is based on mathematics different than the kinds originally used to define the Diffie-Hellman algorithm and the Digital Signature Algorithm. ECC is based on the mathematics of groups defined by the points on a curve, where the curve is defined by a quadratic equation in a finite field. ECC can be used to define both an algorithm for key agreement that is an analog of Diffie-Hellman and an algorithm for digital signature that is an analog of DSA. [RFC2828] (see also algorithm, analysis, attack, digital signature, key, signature, cryptography)

elliptic curve cryptosystem (ECC)

A public key cryptosystem where the public and the private key are points on an elliptic curve. ECC is purported to provide faster and stronger encryption than traditional public key cryptosystems (e.g. RSA). [misc] (see also encryption, key, public-key, asymmetric algorithm, cryptographic system, system)

Elliptic Curve Digital Signature Algorithm (ECDSA)

(N) A standard that is the elliptic curve cryptography analog of the Digital Signature Algorithm. [RFC2828] (see also cryptography, digital signature, standard, Digital Signature Standard, algorithm, signature)

email

Abbreviation for electronic mail, which consists of messages sent over an IS by communications applications. Email that is sent from one computer system to another or over the Internet must pass through gateways both to leave the originating system and to enter the receiving system. [CIAO] (see also SET qualifier, Secure Data Network System, X.400, application, bounce, communications, computer, electronic commerce, gateway, message, message authentication code vs. Message Authentication Code, message handling system, message integrity code, pretty good privacy, simple mail transfer protocol, system, internet) (includes email packages, email security software, letterbomb, mailbomb, multipurpose internet mail extensions, privacy enhanced mail, secure multipurpose internet mail extensions, spam)

email packages

To communicate via electronic mail, an end-user usually makes use of an Email client that provides the user-interface to create, send, retrieve and read Email. Various different Email packages provide the same set of basic functions but have different users-interfaces and perhaps, special/extra functions. Some Email packages provide encryption and digital signature capabilities. [RFC2504] (see also encryption, function, interface, signature, users, email) (includes email security software)

email security software

Software which provides security through digital signatures and encryption (and decryption) to enable the end-user to protect messages and documents prior to sending them over a possibly insecure network. PGP is an example of such software. [RFC2504] (see also encryption, message, network, signature, users, email, email packages, security software, software) (includes pretty good privacy)

emanation

(I) An signal (electromagnetic, acoustic, or other medium) that is emitted by a system (through radiation or conductance) as a consequence (i.e. byproduct) of its operation, and that may contain information. [RFC2828] A signal emitted by a system that is not explicitly allowed by its specification. [SRV] Unintentional data-related or intelligence-bearing signals that, if intercepted and analyzed, disclose the information transmission received, handled, or otherwise processes by any information processing equipment. [AFSEC] (see also RED signal, Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, eavesdropping, implant, information, intelligence, operation, procedural security, process, security architecture, suppression measure, system, TEMPEST, emanations security, threat) (includes electromagnetic emanations, emanations analysis)

emanations analysis

Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data. [RFC2828] (see also system, analysis, emanation, threat consequence)

emanations security (EMSEC)

(I) Physical constraints to prevent information compromise through signals emanated by a system, particular the application of TEMPEST technology to block electromagnetic radiation. [RFC2828] Protection resulting from measures taken to deny unauthorized individuals information derived from intercept and analysis of compromising emissions from cryptographic equipment or an information system. See TEMPEST. [CNSSI-4009] The protection that results from all measures designed to deny unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations. [SRV] (see also emissions security, Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, analysis, application, authorized, compromise, eavesdropping, implant, information, procedural security, security architecture, suppression measure, system, technology, TEMPEST) (includes compromising emanation performance requirement, compromising emanations, electromagnetic emanations, emanation, undesired signal data emanations)

embedded computer

Computer system that is an integral part of a larger system. [CNSSI][CNSSI-4009] (see also system, computer)

embedded cryptographic system

Cryptosystem performing or controlling a function as an integral element of a larger system or subsystem. [CNSSI][CNSSI-4009] (see also control, function, cryptographic, cryptographic system, system)

embedded cryptography

Cryptography engineered into an equipment or system whose basic function is not cryptographic. [CNSSI][CNSSI-4009] (see also cryptographic, function, system, cryptography)

embedded system

A system that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem. [AJP][NCSC/TG004] Information System that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem such as, ground support equipment, flight simulators, engine test stands, or fire control systems [DSS] (see also control, function, system)

emergency action message (EAM)

(see also message)

emergency action plan

Plan developed to prevent loss of national intelligence; protect personnel, facilities, and communications; and recover operations damaged by terrorist attack, natural disaster, or similar events. [DSS] (see also attack, damage, intelligence)

emergency plan

(D) A synonym for 'contingency plan'. In the interest of consistency, ISDs SHOULD use 'contingency plan' instead of 'emergency plan'. [RFC2828] The steps to be followed during and immediately after an emergency such as a fire, tornado, bomb threat, etc. [FFIEC] (see also threat, contingency plan)

emergency response

The immediate action taken upon occurrence of events such as natural disasters, fire, civil disruption, and bomb threats in order to protect lives, limit the damage to property, and minimize the impact on computer operations. A response to emergencies such as fire, flood, civil commotion, natural disasters, bomb threats, etc. in order to protect lives, limit the damage to property, and minimize the impact on computer operations. [SRV] (see also computer, damage, operation, property, threat, response)

emergency response time (EMRT)

(see also response)

emergency services

A critical infrastructure characterized by medical, police, fire, and rescue systems and personnel that are called upon when an individual or community is responding to emergencies. These services are typically provided at the local level (county or metropolitan area). In addition, state and Federal response plans define emergency support functions to assist in response and recovery. [CIAO] (see also critical, function, recovery, response, system, critical infrastructures)

emergency shutdown controls

The IT security and human safety controls installed in a facility to reduce the vulnerability to emergency system or facility shutdown. Such controls include but are not limited to battery-powered emergency lights and power to computer systems, master control switch(es) to disconnect power to all electronic equipment, master control switch(es) to shut down air-handling equipment, and startup and shutdown switches to exhaust and ventilate systems. [NASA] (see also IT security, computer, system, vulnerability, control, risk management)

emission security

Component of communications security resulting from all measures taken to deny unauthorized persons valuable information that might be derived from intercept and analysis of compromising emanations from cryptographic equipment and telecommunications systems. [DSS] (see also analysis, authorized, security)

emissions security (EMSEC)

Protection resulting from measures taken to deny unauthorized individuals information derived from intercept and analysis of compromising emanations from cryptographic equipment or an IS. [CNSSI] The protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from interception and from an analysis of compromising emanations from systems. [AJP][NCSC/TG004] (see also emanations security, RED signal, analysis, authorized, compromise, cryptography, information, system, telecommunications, Automated Information System security, TEMPEST, communications security, computer security)

employee

Person, other than the President and Vice President, employed by, detailed or assigned to, an agency, including members of the Armed Forces; an expert or consultant to an agency; an industrial or commercial contractor, licensee, certificate holder, or grantee of an agency, including all subcontractors; a personal services contractor; or any other category of person who acts for or on behalf of an agency as determined by the appropriate agency head. [DSS]

employment practices and workplace safety

an act inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity/discrimination events. [2003-53c] (see also operational risk loss)

empty position

A bit position of an array of bits to which no value is assigned. [SC27]

encapsulating security payload (ESA) (ESP)

(I) An Internet IPsec protocol designed to provide a mix of security services--especially data confidentiality service--in the Internet Protocol. (C) ESP may be used alone, or in combination with the IPsec AH protocol, or in a nested fashion with tunneling. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a host and a gateway. The ESP header is encapsulated by the IP header, and the ESP header encapsulates either the upper layer protocol header (transport mode) or an IP header (tunnel mode). ESP can provide data confidentiality service, data origin authentication service, connectionless data integrity service, an anti-replay service, and limited traffic flow confidentiality. The set of services depends on the placement of the implementation and on options selected when the security association is established. [RFC2828] A mechanism to provide confidentiality and integrity protection to IP datagrams. [NSAINT] This message header is designed of provide a mix of security services that provides confidentiality, data origin authentication, connectionless integrity, an anti-replay service, ad limited traffic flow confidentiality. [IATF] (see also association, authentication, confidentiality, connection, flow, gateway, integrity, internet, internet security protocol, message, protocols, tunnel, internet protocol security, security protocol)

encapsulating security payload protocol

IPsec security protocol that can provide encryption and/or integrity protection for packet headers and data. [800-77] (see also encryption, integrity, internet protocol security, internet security protocol, protocols, security)

encapsulation

Enveloping a user or resource in a defined set of attributes. [misc] The packaging of data and procedures into a single programmatic structure. In object-oriented programming languages, encapsulation means that an object's data structures are hidden from outside sources and are accessible only through the object's protocol. [SRV] (see also access, access control, object, program, protocols, resource, users)

encipher

(D) ISDs SHOULD NOT use this term as a synonym for 'encrypt'. [RFC2828] Convert plain text to cipher text by means of a cryptographic system. [CNSSI][CNSSI-4009] To convert plain text into an unintelligible form by means of a cipher system. [SRV] (see also cryptographic, system, cipher, encryption)

encipherment

(D) ISDs SHOULD NOT use this term as a synonym for 'encryption', except in special circumstances that are explained in the usage discussion under 'encryption'. [RFC2828] Alternative term for encryption. [SC27] The (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the data. [SC27] The (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the data. [ISO/IEC CD 10116 (12/2001)] The (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the information content of the data. [ISO/IEC 9797-1: 1999, ISO/IEC 9798-1: 1997, ISO/IEC 11770-1: 1996, ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)] Alternative term for encryption. [SC27] The (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the information content of the data. [SC27] (see also algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encryption algorithm, block chaining, ciphertext, cryptographic, cryptographic key, cryptographic synchronization, cryptography, decipherment, decryption, encryption algorithm, feedback buffer, information, initializing value, key, private decipherment transformation, private key, public-key, public-key certificate, cipher, encryption) (includes asymmetric encipherment system, encipherment algorithm, public encipherment key, public encipherment transformation, symmetric encipherment algorithm)

encipherment algorithm

Alternative term for encryption algorithm. [SC27] (see also encryption, algorithm, cipher, cryptography, encipherment)

enclave

Collection of computing environments connected by one or more internal networks under the control of a single authority and security policy, including personnel and physical security. [CNSSI] Collection of computing environments connected by one or more internal networks under the control of a single authority and security policy, including personnel and physical security. Enclaves always assume the highest mission assurance category and security classification of the Automated Information System applications or outsourced Information Technology-based processes they support, and derive their security needs from those systems. Examples of enclaves include local area networks and the applications they host, backbone networks, and data processing centers. [DSS] Collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location. [CNSSI-4009] (see also assurance, authority, control, policy, security)

enclave boundary

Point at which an enclave's internal network service layer connects to an external network's service layer, i.e. to another enclave or to a Wide Area Network (WAN). [CNSSI][CNSSI-4009] (see also boundary)

encode

(I) Use a system of symbols to represent information, which might originally have some other representation. (C) Examples include Morse code, ASCII, and BER. (D) ISDs SHOULD NOT use this term as a synonym for 'encrypt', because encoding is not usually intended to conceal meaning. [RFC2828] Convert plain text to cipher text by means of a code. [CNSSI][CNSSI-4009] To convert plain text into an unintelligible form by means of a code system. [SRV] (see also cipher, information, system, code, encryption)

encrypt

Generic term encompassing encipher and encode. [CNSSI][CNSSI-4009]

encrypt

(I) Cryptographically transform data to produce ciphertext. [RFC2828] Generic term encompassing encipher and encode. [CNSSI][CNSSI-4009] To convert plain text into ciphertext, an unintelligible form, through the use of a cryptographic algorithm. The term encrypt includes the meanings of encipher and encode. [SRV] (see also algorithm, code, cryptographic, cipher, cryptography, encryption)

encrypt for transmission only (EFTO)

(see also encryption, network)

encrypted key

A cryptographic key that has been encrypted using an Approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key. [FIPS 140-2] A cryptographic key that has been encrypted with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key. [FIPS140][SRV] (see also cryptographic, passwords, security, cipher, key, key recovery)

encrypted network

A network on which messages are encrypted (e.g., using DES, AES, or other appropriate algorithms) to prevent reading by unauthorized parties. [SP 800-32] (see also network)

encryption

(I) Cryptographic transformation of data (called 'plaintext') into form (called 'ciphertext') that conceals the data's original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called 'decryption', that is a transformation that restores encrypted data to its original state. (C) Usage note: For this concept, ISDs should use the verb 'to encrypt' (and related variations: encryption, decrypt, and decryption). However, because of cultural biases, some international usage, particularly ISO and CCITT standards, avoids 'to encrypt' and instead uses the verb 'to encipher' (and related variations: encipherment, decipher, decipherment). (O) 'The cryptographic transformation of data to produce ciphertext.' (C) Usually, the plaintext input to an encryption operation is cleartext. But in some cases, the plaintext may be ciphertext that was output from another encryption operation. (C) Encryption and decryption involve a mathematical algorithm for transforming data. In addition to the data to be transformed, the algorithm has one or more inputs that are control parameters: (a) key value that varies the transformation and, in some cases, (b) an initialization value that establishes the starting state of the algorithm. [RFC2828] (Reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the information content of the data. [SC27] 1) A data security technique used to protect information from unauthorized inspection or alteration. Information is encoded so that it appears as a meaningless string of letters and symbols during delivery or transmission. Upon receipt, the information is decoded using an encryption key. 2) The conversion of information into a code or cipher. [FFIEC] Conversion of plaintext to ciphertext through the use of a cryptographic algorithm. [FIPS 185] Cryptographic transformation of data (called 'plaintext') into a form (called 'ciphertext') that conceals the data's original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called 'decryption', which is a transformation that restores encrypted data to its original state. [800-82] The process of changing plaintext into ciphertext for the purpose of security or privacy. [SP 800-21; CNSSI-4009] The process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or storage. Encryption is based on an algorithm and at least one key. Even if the algorithm is known, the information cannot be decrypted without the key(s). [AJP] The transformation of data into a form readable only by using the appropriate key, held only by authorized parties. The key rearranges the data into its original form by reversing the encryption. It is a process of systematically encoding a bit stream before transmission so that an unauthorized party cannot decipher it. The process of transforming data to an unintelligible form in such a way that the original data either cannot be obtained (one-way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption). [SRV] To render information unintelligible by effecting a series of transformations using variable elements controlled by the application of a key to the normal representation of the information. [NASA] (see also cleartext, decryption, CAST, COMSEC control program, Clipper chip, Cryptographic Message Syntax, Diffie-Hellman, EE, El Gamal algorithm, Federal Standard 1027, Fortezza, IEEE P1363, IP splicing/hijacking, Internet Security Association and Key Management Protocol, Law Enforcement Access Field, MIME Object Security Services, Network Layer Security Protocol, Rivest Cipher 2, Rivest Cipher 4, Rivest-Shamir-Adleman algorithm, SET private extension, SOCKS, Secure/MIME, Simple Key-management for Internet Protocols, Skipjack, Terminal Access Controller Access Control System, Transport Layer Security Protocol, algorithm, application, application controls, asymmetric algorithm, asymmetric cryptography, asymmetric encipherment system, asymmetric keys, authentication code, authorized, baggage, block cipher, break, cardholder certificate, certificate revocation list, ciphertext, code, code book, common data security architecture, communications, computer cryptography, container, control, cooperative key generation, cryptanalysis, cryptographic, cryptographic algorithm, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptographic service, cryptographic system, cryptography, decrypt, dictionary attack, diffie-hellman group, digital envelope, digital signature, dual signature, elliptic curve cryptosystem, email packages, email security software, encapsulating security payload protocol, encipherment algorithm, encrypt for transmission only, in the clear, indistinguishability, information, information systems security, information systems security equipment modification, initialization vector, initialize, intelligent threat, internet protocol security, key, key agreement, key center, key distribution center, key generator, key logger, key pair, key recovery, key translation center, key transport, key-encrypting key, key-escrow system, keyed hash, keys used to encrypt and decrypt files, merchant certificate, message authentication code vs. Message Authentication Code, message integrity code, mode of operation, off-line cryptosystem, on-line cryptosystem, one-time pad, operation, over-the-air key transfer, over-the-air rekeying, password system, per-call key, personality label, privacy programs, privacy system, process, protected communications, protected distribution systems, protection suite, public-key cryptography, public-key forward secrecy, salt, secret-key cryptography, secure shell, secure socket layer, security, security management infrastructure, security mechanism, security strength, semantic security, session key, signature certificate, standard, start-up KEK, stream cipher, symmetric cryptographic technique, symmetric cryptography, symmetric key, system, system indicator, threat consequence, tokens, traffic analysis, triple DES, tunnel, unencrypted, version, virtual private network, wrap, Secure Electronic Transaction, privacy enhanced mail) (includes Cryptographic Application Program Interface, Escrowed Encryption Standard, International Data Encryption Algorithm, NULL encryption algorithm, The Exponential Encryption System, advanced encryption standard, asymmetric cryptographic algorithm, asymmetric encryption algorithm, bulk encryption, cipher, cryptographic functions, data encryption algorithm, data encryption key, data encryption standard, dedicated loop encryption device, effective key length, encipher, encipherment, encode, encrypt, encryption algorithm, encryption certificate, encryption software, encryption strength, encryption tools, end-to-end encryption, endorsed data encryption standard products list, file encryption, full disk encryption, hybrid encryption, key-encryption-key, link encryption, low-cost encryption/authentication device, one-way encryption, pretty good privacy, secure multipurpose internet mail extensions, superencryption, symmetric algorithm, symmetric encryption algorithm, tactical trunk encryption device, tamper, traffic encryption key, trunk encryption device)

encryption algorithm

Cryptographic technique used to protect the confidentiality of data. An encryption algorithm consists of two processes: encryption (or encipherment) which transforms plaintext into ciphertext, and decryption (or decipherment) which transforms ciphertext to plaintext. [SC27] Set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key. [CNSSI][CNSSI-4009] (see also cipher, communications security, confidentiality, control, cryptographic, encipherment, key, process, version, algorithm, encryption)

encryption certificate

(I) A public-key certificate that contains a public key that is intended to be used for encrypting data, rather than for verifying digital signatures or performing other cryptographic functions. C) A v3 X.509 public-key certificate may have a 'keyUsage' extension that indicates the purpose for which the certified public key is intended. [RFC2828] A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes. [SP 800-32] (see also X.509, cryptographic, digital signature, function, key, public-key, signature, certificate, encryption)

encryption software

The software that actually provides the needed functionality for end users to encrypt messages and files. PGP is one example. [RFC2504] (see also file, function, message, users, encryption, software)

encryption strength

The strength of encryption is measured by the amount of effort needed to break a cryptosystem. Typically this is measured by the length of the key used for encryption. The strength of encryption is algorithm-dependent. e.g. the minimum acceptable key length for DES is 56 bits, while the minimum acceptable length for RSA is 512 bits. By one measure RSA strength of encryption is proportional to 10**(sqrt(N)) ... ten raised to the square root of N, where N is the number of bits in the key. By comparison, ECC strength is approximately 10**(N/5) ... ten raised to N divided by 5. [misc] (see also algorithm, cryptographic system, key, system, encryption, quality of protection)

encryption tools

(see also encryption, security software)

end cryptographic unit

Device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted. [CNSSI-4009] (see also management, security)

end entity

(I) A system entity that is the subject of a public-key certificate and that is using, or is permitted and able to use, the matching private key only for a purpose or purposes other than signing a digital certificate; i.e. an entity that is not a CA. (D) 'A certificate subject which uses its public key for purposes other than signing certificates.' (C) ISDs SHOULD NOT use the X.509 definition, because it is misleading and incomplete. First, the X.509 definition should say 'private key' rather than 'public key' because certificates are not usefully signed with a public key. Second, the X.509 definition is weak regarding whether an end entity may or may not use the private key to sign a certificate, i.e. whether the subject may be a CA. The intent of X.509's authors was that an end entity certificate is not valid for use in verifying a signature on an X.509 certificate or X.509 CRL. Thus, it would have been better for the X.509 definition to have said 'only for purposes other than signing certificates'. (C) Despite the problems in the X.509 definition, the term itself is useful in describing applications of asymmetric cryptography. The way the term is used in X.509 implies that it was meant to be defined, as we have done here, relative to roles that an entity (that is associated with an OSI end system) is playing or is permitted to play in applications of asymmetric cryptography other than the PKI that supports applications. (C) Whether a subject can play both CA and non-CA roles, with either the same or different certificates, is a matter of policy. A v3 X.509 public-key certificate may have a 'basicConstraints' extension containing a 'cA' value that specifically 'indicates whether or not the public key may be used to verify certificate signatures'. [RFC2828] (see also X.509, application, certificate, cryptography, digital signature, key, policy, public-key, public-key infrastructure, role, signature, subject, system, entity)

end system

(I) An OSI term for a computer that implements all seven layers of the OSIRM and may attach to a subnetwork. (In the context of the Internet Protocol Suite, usually called a 'host'.) [RFC2828] (see also computer, internet, network, protocols, system)

end-item accounting

Accounting for all the accountable components of a COMSEC equipment configuration by a single short title. [CNSSI][CNSSI-4009]

end-to-end encryption

(I) Continuous protection of data that flows between two points in network, provided by encrypting data when it leaves its source, leaving it encrypted while it passes through any intermediate computers (such as routers), and decrypting only when the data arrives at the intended destination. (C) When two points are separated by multiple communication links that are connected by one or more intermediate relays, end-to-end encryption enables the source and destination systems to protect their communications without depending on the intermediate systems to provide the protection. [RFC2828] Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible. [SP 800-12] Encryption of information at its origin and decryption at its intended destination without intermediate decryption. [CNSSI][CNSSI-4009] The protection of information passed in a telecommunications system by cryptographic means, from point of origin to point of destination. [AJP][NCSC/TG004][SRV] (see also communications, computer, cryptographic, flow, information, network, router, system, telecommunications, encryption)

end-to-end security

Safeguarding information in an IS from point of origin to point of destination. [CNSSI] Safeguarding information in an information system from point of origin to point of destination. [CNSSI-4009] The safeguarding of information in a secure telecommunication system by cryptographic or protected distribution system means from point of origin to point of destination. [SRV] (see also cryptographic, cryptography, information, system, security)

end-user

(I) General usage: A system entity, usually a human individual, that makes use of system resources, primarily for application purposes as opposed to system management purposes. (I) PKI usage: A synonym for 'end entity'; but the term 'end entity' is preferred. [RFC2828] A person in contact with a Target of Evaluation who makes use only of its operational capability. [AJP][ITSEC] An (human) individual that makes use of computer systems and networks. [RFC2504] (see also application, computer, entity, network, operation, public-key infrastructure, resource, system, target, target of evaluation, users)

end-user computing (EUC)

(see also users)

endorsed cryptographic products list (ECPL)

(see also cryptographic)

endorsed data encryption standard products list (EDESPL)

(see also encryption, standard)

endorsed for unclassified cryptographic information (EUCI)

(see also classified, cryptographic, information)

endorsed for unclassified cryptographic item

Unclassified cryptographic equipment that embodies a U.S. Government classified cryptographic logic and is endorsed by NSA for the protection of national security information. [CNSSI] (see also information, classified, cryptographic)

Endorsed TEMPEST Products List (ETPL)

(see also TEMPEST)

endorsed tools list (ETL)

The list of formal verification tools endorsed by the NCSC for the development of systems with high levels of trust. [NCSC/TG004] The list of formal verification tools endorsed by the U.S. NCSC (National Computer Security Center) for the development of systems with high levels of trust. [AJP] (see also computer, computer security, system, trust, verification, Information Systems Security products and services catalogue, formal verification, national information assurance partnership)

endorsement

NSA approval of a commercially developed product for safeguarding national security information. [CNSSI] (see also information, security)

energy-efficient computer equipment

Computer equipment that provides equivalent or better performance and value to users, but uses significantly less energy than competing models. [SRV] (see also model, users, computer)

enforcement vector (EV)

Engineering

Process that captures and refines information security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration. [SP 800-37] (see also requirements, security)

engineering development model (EDM)

enhanced hierarchical development methodology

An integrated set of tools designed to aid in creating, analyzing, modifying, managing, and documenting program specifications and proofs. This methodology includes a specification parser and type checker, a theorem prover, and a multilevel security checker. Note: this methodology is not based on the hierarchical development methodology. [AJP][NCSC/TG004] (see also program, security, software development methodologies)

enrollment manager

The management role that is responsible for assigning user identities to management and non-management roles. [CNSSI-4009] (see also management)

enrollment service

The entity that manages the process of a certificate applicant applying for a certificate. [800-103] (see also certificate, entity, process)

ensure

To take appropriate action to guarantee that specified GRC IT Security Program tasks will be accomplished. [NASA] (see also IT security, assure, program, security)

enterprise

An organization that coordinates the operation of one or more processing sites. [800-82] An organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management. [CNSSI-4009] (see also management, operation, process, risk, security)

enterprise architecture

The description of an enterprise's entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise's boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise's overall security posture. [CNSSI-4009] (see also security)

enterprise resource planning (ERP)

(see also resource)

enterprise risk management

The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary. [CNSSI-4009] (see also threat, trust, management, risk)

enterprise service

A set of one or more computer applications and middleware systems hosted on computer hardware that provides standard information systems capabilities to end users and hosted mission applications and services. [CNSSI-4009] (see also users)

entity

A collection of information items that be grouped together conceptually and distinguished from their surroundings. An entity is described by its attributes. Entities can be linked, or can have relationships to other entities. [SRV] An active element in an open system. [FIPS 188] An individual (person), organization, device or process. An entity has an identifier to which it may be bound. [800-130] Any participant in an authentication exchange, such a participant may be human or nonhuman, and may take the role of a claimant and/or verifier. It can be either a subject (an active element that operates on information or the system state) or an object (a passive element that contains or receives information). [SRV] Any participant in an authentication exchange; such a participant may be human or nonhuman, and may take the role of a claimant and/or verifier. [FIPS 196] Either a subject (an active element that operates on information or the system state) or an object (a passive element that contains or receives information). [800-33][SP 800-27] (see also COMSEC account, Challenge Handshake Authentication Protocol, EE, Identification Protocol, Internet Corporation for Assigned Names and Numbers, MISSI user, OAKLEY, PIV issuer, PIV registrar, PKCS #10, X.509, X.509 public-key certificate, acceptance criteria, access control service, account aggregation, account fraud, accountability, accreditation authority, accreditation multiplicity parameter, adversary, alias, anonymous, applicant, applicant assertion, assurance, asymmetric cryptographic technique, attack, attribute, attribute authority, authenticate, authentication, authentication data, authentication exchange, authentication information, authentication protocol, authentication service, authenticator, authenticity, authority, authorization, authorized, availability, binding, biometric measurement, biometric system, biometrics, brand, capability, cardholder, certificate, certificate holder, certificate owner, certificate user, certification, certification authority, certification path, certification practice statement, certification request, certify, challenge/response, checksum, claimant, class 2, 3, 4, or 5, client, communications security, comparisons, component, compromise, configuration item, covert channel, credentials, credentials service provider, criminal groups, criticality assessment, cryptography, data confidentiality, data integrity, data integrity service, data origin authentication service, datagram, deception, deliberate exposure, digital certificate, digital id, digital signature, digital signature algorithm, directly trusted CA, directly trusted CA key, directory vs. Directory, discrete process, discretionary access control, distinguished name, distinguishing identifier, dual control, electronic credentials, end-user, enrollment service, evidence requester, evidence subject, exchange multiplicity parameter, explicit key authentication from A to B, exposures, false acceptance, false rejection, false rejection rate, falsification, flooding, fraud, help desk, human error, identification, identification and authentication, identification authentication, identification data, identifier, implicit key authentication from A to B, individual accountability, inference, insertion, insider, interception, intruder, intrusion, investigation service, issuing authority, judicial authority, kerberos, key confirmation, key confirmation from A to B, key distribution center, key establishment, key owner, key token, key translation centre, key transport, least privilege, login, malicious code, malware, mandatory access control, masquerade, masquerade attack, masquerading, misappropriation, mutual authentication, mutual suspicion, nations, non-repudiation, non-repudiation of creation, non-repudiation service, object, one-time passwords, organizational registration authority, origin authenticity, originator, outsourcing, password system, passwords, perpetrator, personal identification number, personal security environment, phishing, physical access control, practice statement, pre-authorization, principal, privacy, private accreditation information, private key, proprietary, protected channel, proxy server, pseudonym, public-key, public-key certificate, public-key derivation function, public-key information, public-key infrastructure, randomizer, recipient, references, registration, registration authority, relying party, repudiation, response, risk, risk management, role-based access control, root, router, salt, secret, secure envelope, secure socket layer, security authority, server, signature key, signer, simple authentication, site accreditation, source authentication, sponsor, spoof, strong authentication, subject, substitution, theft of service, threat, ticket, time variant parameter, time-stamp requester, time-stamp verifier, tokens, transaction intermediary, trapdoor, trojan horse, trust, trusted agent, unilateral authentication, users, usurpation, validate vs. verify, validation service, vendor, verification, verification key, verified name, verifier, violation of permissions, witness) (includes application entity, end entity, entity authentication, entity authentication of A to B, entity-wide security, external it entity, federated identity, identity, identity based access control, identity credential, identity credential issuer, identity management systems, identity proofing, identity theft, identity token, identity validation, identity verification, identity-based security policy, mutual entity authentication, peer entity authentication, peer entity authentication service, personal identity verification, personal identity verification card, redundant identity, system entity)

entity authentication

The corroboration that an entity is the one claimed. [SC27] (see also authentication, entity)

entity authentication of A to B

The assurance of the identity of entity A for entity B. [SC27] (see also assurance, identity, authentication, entity)

entity-wide security

Planning and management that provides a framework and continuing cycle of activity for managing risk, developing security policies, assigning responsibilities, and monitoring the adequacy of the entity's physical and cyber security controls. [CIAO] (see also control, cyberspace, risk, entity, security)

entrance national agency check

Personnel security investigation scoped and conducted in the same manner as a National Agency Check except that a technical fingerprint search of the files of the Federal Bureau of Investigation is not conducted. [DSS] (see also security)

entrapment

(I) 'The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit.' [RFC2828] Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations. [CNSSI][CNSSI-4009] The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations. [AFSEC][AJP][NCSC/TG004][SRV] (see also exploit, penetration, system, risk management)

entropy

A measure of the amount of uncertainty that an attacker faces to determine the value of a secret. Entropy is usually stated in bits. [800-63][SP 800-63] (see also attack)

entry control

The process of limiting physical access to an IT resource to authorized personnel only. [NASA] (see also access, authorized, controlled access area, process, resource, access control, control)

entry label

The naming information that identifies a registered PP or package uniquely. [SC27] (see also information)

entry-level certification

The most basic certification level, appropriate for systems engendering low levels of concern for confidentiality, integrity, and availability. [800-37] (see also availability, confidentiality, integrity, system, certification)

environment

(1) All entities - users, procedures, conditions, objects, AISs, and other IT products - that interact with (affect the development, operation, and maintenance of) an IT product. (2) The aggregate of external procedures, conditions, and objects that affect the development, operation, and maintenance of a system. [AJP] Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an IS. [CNSSI] Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an IT system. [800-37][CIAO] Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system. [FIPS 200; CNSSI-4009] All entities (users, procedures, conditions, objects, AISs, other IT products) that interact with (affect the development, operation, and maintenance of) that IT product. [FCv1] The aggregate of external procedures, conditions, and objects that affect the development, operation, and maintenance of a system. [NCSC/TG004] (see also development, operation, system, users) (includes object)

environment of operation

The physical surroundings in which an information system processes, stores, and transmits information. [SP 800-37; SP 800-53A] The physical, technical, and organizational setting in which an information system operates, including but not limited to: missions/business functions; mission/business processes; threat space; vulnerabilities; enterprise and information security architectures; personnel; facilities; supply chain relationships; information technologies; organizational governance and culture; acquisition and procurement processes; organizational policies and procedures; organizational assumptions, constraints, risk tolerance, and priorities/trade-offs). [SP 800-30] (see also risk, security, threat)

environmental failure protection (EFP)

The use of features designed to protect against a compromise of the security of a cryptographic module due to environmental conditions or fluctuations outside of the module's normal operating range. [FIPS140] (see also assurance, compromise, cryptographic, cryptography, module, failure, risk management)

environmental failure testing (EFT)

The use of testing to provide a reasonable assurance that a cryptographic module will not be affected by environmental conditions or fluctuations outside of the module's normal operating range in a manner that can compromise the security of the module. [FIPS140] (see also compromise, cryptographic, cryptography, module, failure, security testing, test)

environmentally controlled area

An area where temperature and humidity can be controlled to the extent that magnetic media and specialized equipment can be stored without damage [NASA] (see also damage, availability, control)

ephemeral key

(I) A public key or a private key that is relatively short-lived. [RFC2828] A cryptographic key that is generated for each execution of a key establishment process and that meets other requirements of the key type (e.g., unique to each message or session). In some cases, ephemeral keys are used more than once within a single session (e.g., broadcast applications) where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient's public key. [SP 800-57 Part 1] (see also public-key, requirements, key)

equipment radiation TEMPEST zone (ERTZ)

(see also TEMPEST)

equity

Information originally classified by or under the control of an agency. [DSS] (see also classified)

erasable programmable readonly memory

These devices are fabricated in much the same way as Erasable Programmable Read-Only Memory and, therefore, benefit from the industry's accumulated quality and reliability experience. As the name implies, erasure is accomplished by introducing electrical signals in the form of pulses to the device, rather than by exposing the device to ultraviolet light. Similar products using a nitride negative-channel metal-oxide semiconductor process are termed electrically alterable read-only memory. [DSS]

erasure

A process by which a signal recorded on magnetic media is removed. Erasure is accomplished in two ways: (1) by alternating current erasure, by which the information is destroyed by applying an alternating high and low magnetic field to the media; or (2) by direct current erasure, by which the media are saturated by applying a unidirectional magnetic field. [AJP][NCSC/TG004][SRV] Process intended to render magnetically stored information irretrievable by normal means. [CNSSI][CNSSI-4009] (see also destruction, information, process) (includes degauss, overwrite procedure)

error

(1) The difference between a computed, observed, or measured value and the true, specified, or theoretically correct value or condition. (2) An incorrect step, process, or data definition. Often called a bug. (3) An incorrect result. (4) A human action that produces an incorrect result, and (5) The deviation of a system from normal operation that may have been caused by a fault. [SRV] (1) The difference between a computed, observed, or measured value or condition and the true. specified, or theoretically correct value or condition. (2) An incorrect step, process, or data definition. Also: fault. (3) An incorrect result. Also: failure. (4) A human action that produces an incorrect result. Also: mistake. (ISO) A discrepancy between a computed, observed, or measured value or condition and the true, specified, or theoretically correct value or condition. An error is a mistake made by a developer. It might be typographical error, a misleading of a specifications, a misunderstanding of what a subroutine does, and so on (IEEE 1990). An error might lead to one or more faults. Faults are located in the text of the program. More precisely, a fault is the difference between incorrect program and the correct version (IEEE 1990). [OVT] (see also bug, fault, operation, process, program, system, version)

error analysis

The use of techniques to detect errors, to estimate/predict the number of errors, and to analyze error data both singly and collectively. [SRV] (see also analysis)

error detection and correction (EDAC)

error detection code (EDC)

(I) A checksum designed to detect, but not correct, accidental (i.e. unintentional) changes in data. [RFC2828] A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data. [FIPS 140-2; CNSSI-4009][FIPS140][SRV] (see also information, code, integrity) (includes check character)

error guessing

A test case design technique where the experience of the tester is used to postulate what faults might occur, and to design tests specifically to expose them. [OVT] (see also test)

error seeding

Planting errors in programs. [SRV] The process of intentionally adding known faults to those already in a computer program for the purpose of monitoring the rate of detection and removal, and estimating the number of faults remaining in the program. Contrast with mutation analysis. [OVT] (see also bebugging, analysis, assurance, computer, mutation analysis, process, program)

escort

Cleared person who accompanies a shipment of classified material to its destination. The classified material does not remain in the personal possession of the escort but the conveyance in which the material is transported remains under the constant observation and control of the escort. [DSS] (see also classified)

escrow

Something (e.g., a document, an encryption key) that is 'delivered to a third person to be given to the grantee only upon the fulfillment of a condition.' [FIPS 185] To place an electronic cryptographic key and rules for its retrieval into a storage medium maintained by a trusted third party. [800-130] (see also CAPSTONE chip, Clipper chip, EE, Law Enforcement Access Field, Skipjack, cryptographic, key, key management, key recovery, public-key infrastructure, retrieval, trust) (includes Escrowed Encryption Standard, key-escrow, key-escrow system)

Escrowed Encryption Standard (EES)

(N) A U.S. Government standard that specifies use of a symmetric encryption algorithm (SKIPJACK) and a Law Enforcement Access Field (LEAF) creation method to implement part of a key escrow system that provides for decryption of encrypted telecommunications when interception is lawfully authorized. (C) Both SKIPJACK and the LEAF are to be implemented in equipment used to encrypt and decrypt unclassified, sensitive telecommunications data. [RFC2828] (see also access, access control, algorithm, authorized, classified, communications, key, system, telecommunications, encryption, escrow, standard)

espionage

Act or practice of spying or of using spies to obtain secret intelligence. Overt, covert, or clandestine activity. A term typically used in conjunction with the country against which such an activity takes place. For example, espionage against the United States. [DSS] (see also covert, cybercrime, intelligence, threat) (includes cyber espionage)

essential elements of friendly information

In the context of friend or foe, these are specific pieces of information regarding friendly (that is, our own) intentions, capabilities, and activities likely sought by our foes (that is, our enemies/competitors). [DSS]

essential elements of information

In the context of friend or foe, these are specific pieces of information likely to be sought by friendly planners about specific adversaries' intentions, capabilities, and activities. [DSS]

essential secrecy

Condition achieved by denial of critical information to adversaries. [DSS] (see also critical)

establishment

Estelle

(N) A language (ISO 9074-1989) for formal specification of computer network protocols. [RFC2828] (see also computer, computer network, network, protocols)

ethernet meltdown

An event that causes saturation or near saturation on an Ethernet. It usually results from illegal or misrouted packets and typically lasts only a short time. As an example, consider an IP datagram directed to a nonexistent host and delivered via hardware broadcast to all machines on the network. Gateways receiving the broadcast will send out ARP packets in an attempt to find the host and deliver the datagram. [AFSEC] (see also gateway, illegal, network, threat)

ethernet sniffing

This is listening with software to the Ethernet interface for packets that interest the user. When the software sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like login or password. [AFSEC][NSAINT] (see also criteria, file, interface, login, packet sniffer, passwords, promiscuous mode, software, users, sniffing)

Europay, MasterCard, Visa (EMV)

(I) An abbreviation of 'Europay, MasterCard, Visa'. Refers to a specification for smart cards that are used as payment cards, and for related terminals and applications. [RFC2828] (see also application, tokens)

European Information Technology Security Evaluation Criteria (ITSEC)

Commission of the European Communities, European Information Technology Security Evaluation Criteria (ITSEC), Provisional Harmonized Criteria: Version 1.2, Office for Official Publications of the European Communities, Luxembourg, June 1991. [ITSEC] European security evaluation criteria for targets of evaluation (TOE). [AJP] (see also target, version, Common Criteria for Information Technology Security Evaluation, computer security, criteria, information, target of evaluation, technology) (includes assurance, correctness)

European quality award (EQA)

(see also quality)

evaluated products list (EPL)

(O) General usage: A list of information system equipment items that have been evaluated against, and found to be compliant with, particular set of criteria. (O) U.S. Department of Defense usage: The Evaluated Products List (http://www.radium.ncsc.mil/tpep/epl/) contains items that have been evaluated against the TCSEC by the NCSC, or against the Common Criteria by the NCSC or one of its partner agencies in another county. The List forms Chapter 4 of NSA's 'Information Systems Security Products and Services Catalogue'. [RFC2828] A list of equipment, hardware, software, and firmware that have been evaluated against, and found to be technically compliant, at a particular level of trust, with the DoD (US Department of Defense) TCSEC (Trusted Computer System Security Evaluation Criteria) by the NCSC (National Computer Security Center). The EPL is included in NSA's 'Information Systems Security Products and Services Catalogue,' that is available through the Government Printing Office. [AJP] A list of equipments, hardware, software, and/or firmware that have been evaluated against, and found to be technically compliant, at a particular level of trust, with the DoD TCSEC by the NCSC. The EPL is included in the U.S. National Security Agency Information Systems Security Products and Services Catalogue, that is available through the Government Printing Office. [NCSC/TG004] (see also computer, computer security, criteria, evaluation, information, software, system, trust, trusted computer system, Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership)

evaluated system

(I) Refers to a system that has been evaluated against security criteria such as the TCSEC or the Common Criteria. [RFC2828] (see also criteria, security, evaluation, system)

evaluation

(1) Technical assessment of a component's, product's, subsystem's, or system's security properties that establishes whether the component, product, subsystem, or system meets a specific set of requirements, e.g. defined evaluation criteria. Note: Evaluation is a term that causes much confusion in the security community, because it is used in many different ways. It is sometimes used in the general English sense (judgment or determination of worth or quality). Based on common usage of the term in the security community, one can distinguish between two types of evaluation: (a) evaluations that exclude the environment, and (b) evaluations that include the environment. This second type of evaluation, an assessment of a system's security properties with respect to a specific operational mission, is termed certification. Evaluations that exclude the environment are assessments of the security properties against a defined criterion. (2) The process - given a security policy, a consistent description of required security functions, and a targeted assurance level - of achieving assurance. Evaluation also includes the checking for security vulnerabilities (in relation to the security policy). (3) The assessment of An IT system, product, or component against defined evaluation criteria. [AJP] Assessment of a PP, an ST or a TOE, against defined criteria. [CC2][CC21][SC27] Assessment of a PP, an ST or a TOE, against defined criteria. [ISO/IEC 15408-1: 1999] Assessment of a deliverable against defined criteria. [SC27] Assessment of a deliverable against defined criteria. [SC27] Evaluation is a decision about significance, value, or quality of something, based on careful study of its good and bad features. Assessment of a PP [Protection Profile], an ST [Security Target] or a TOE [Target of Evaluation], against defined criteria. [OVT] Technical assessment of a component's, product's, subsystem's, or system's security properties that establishes whether or not the component, product, subsystem, or system meets a specific set of requirements. Note: Evaluation is a term that causes much confusion in the security community, because it is used in many different ways. It is sometimes used in the general English sense (judgement or determination of worth or quality). Based on common usage of the term in the security community, one can distinguish between two types of evaluation: (1) evaluations that exclude the environment, and (2) evaluations that include the environment. This second type of evaluation, an assessment of a system's security properties with respect to a specific operational mission, is termed certification within this document. Evaluations that exclude the environment, the type of evaluations considered herein, are assessments of the security properties against a defined criteria. [FCv1] The assessment of An IT system, product, or component against defined evaluation criteria. [ITSEC] The assessment of an IT product against predefined IT security evaluation criteria and IT security evaluation methods to determine whether or not the claims made for the security of the product are justified. [NIAP] The process -given a security policy, a consistent description of required security functions and a targeted assurance level -of achieving assurance. Evaluation also includes the checking for security vulnerabilities (in relation to the security policy). [JTC1/SC27] (see also analysis, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, FIPS approved security method, Government Accountability Office, IT security, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Orange book, Red book, Scope of Accreditation, Yellow book, accreditation, accreditation range, acquisition special access program, adjudication, approval/accreditation, approved technologies list, approved test methods list, assessment, benchmark, beyond A1, blue team, candidate TCB subset, certificate, certificate revocation list, certification agent or certifier, certification authority, common criteria, computer security, controlled access program oversight committee, controlled access protection, criteria, cryptographic system survey, cryptosystem survey, descriptive top-level specification, designated, designated laboratories list, designating authority, designation policy, evaluated products list, file, flaw hypothesis methodology, function, independent assessment, intelligence, interface control document, interim approval to operate, network component, observation reports, operations security assessment, penetration test, policy, preproduction model, process, profile, protection philosophy, quality, requirements for content and presentation, requirements for evidence, risk analysis, risk assessment, risk avoidance, risk management, risk treatment, security, security control assessment, security environment threat list, security policy model, security-compliant channel, self-inspection, source selection, sponsor, subset-domain, system, target, technology area, test method, test procedure, testing, threat assessment, training assessment, trusted network interpretation, trusted path, type certification, validated products list, certification) (includes Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology, DoD Trusted Computer System Evaluation Criteria, IT Security Evaluation Criteria, IT Security Evaluation Methodology, Information Technology Security Evaluation Criteria, Monitoring of Evaluations, Trusted Computer System Evaluation Criteria, Trusted Products Evaluation Program, access evaluation, assurance, certification and accreditation, certification test and evaluation, cryptographic system evaluation, cryptosystem evaluation, evaluated system, evaluation authority, evaluation facility, evaluation pass statement, evaluation products list, evaluation scheme, evaluation technical report, evaluation work plan, independent review and evaluation, monitoring and evaluation, program evaluation and review technique, quality of protection, risk evaluation, security evaluation, security test & evaluation, software system test and evaluation process, strength of a requirement, target of evaluation, technical surveillance countermeasures surveys and evaluations, training effectiveness evaluation, validation, verification)

evaluation and validation scheme

The systematic organization of the functions of evaluation and validation within a given country under the authority of an oversight body in order to ensure that high standards of competence and impartiality are maintained and that consistency is achieved. [NIAP] (see also authority, function, standard, system, validation)

evaluation assurance

(1) Source of IT product assurance based on the kind and intensity of the evaluation analysis performed on the product. (2) Specifies the nature and intensity of evaluation activities to be performed on a TOE (Target of Evaluation), based on the expected threat and the intended environments. [AJP] Source of IT product assurance based on the kind and intensity of the evaluation analysis performed on the product. [FCv1] Specifies the nature and intensity of evaluation activities to be performed on a TOE, based on the expected threat and the intended environments. [JTC1/SC27] (see also analysis, target, threat, assurance) (includes evaluation assurance level)

evaluation assurance component

Fundamental building block, specifying the type and the rigor of required evaluation activities, from which evaluation assurance requirements are assembled. [AJP][FCv1] (see also requirements, assurance, component)

evaluation assurance level (EAL)

A package consisting of assurance components from Part 3 that represents a point on the CC predefined assurance scale. [CC2][CC21][SC27] A scale for measuring the criteria for the evaluation of requirements. Uniformly increasing, the scale balances the level of assurance obtained with the cost and feasibility of acquiring that level of assurance. Firewall A system or combination of systems that enforces a boundary between two or more networks. [IATF] Predefined set of assurance components that represents a point on the CC assurance scale. [CC1] Set of assurance requirements that represent a point on the Common Criteria predefined assurance scale. [CNSSI][CNSSI-4009] (see also boundary, criteria, network, system, Common Criteria for Information Technology Security Evaluation, evaluation assurance, requirements) (includes evaluation criteria, evaluator, evaluator actions)

evaluation assurance package

Grouping of evaluation assurance components assembled to ease specification and common understanding of the type and the rigor of required evaluation activities. [AJP][FCv1] (see also assurance)

evaluation assurance requirements

Requirements in a protection profile that address both the type and the rigor of activities that must occur during product evaluation. [AJP][FCv1] (see also file, profile, assurance, requirements)

evaluation authority

A body that implements the CC for a specific community by means of an evaluation scheme and thereby sets the standards and monitors the quality of evaluations conducted by bodies within that community. [CC2][CC21][SC27] (see also quality, standard, authority, evaluation)

evaluation criteria

A set of requirements defining the conditions under which an evaluation is performed. These requirements can also be used in specification and development of systems and products. [AJP][JTC1/SC27] (see also system, criteria, evaluation assurance level)

evaluation facility

An organization which carries out evaluations, independently of the manufacturers and vendors of the products evaluated and usually on a commercial basis. [NIAP] (see also evaluation)

evaluation pass statement

A statement issued by an organisation that performs evaluations against ISO/IEC 15408 confirming that a PP has successfully passed assessment against the evaluation criteria given in clause 4 of Part 3 of that International Standard. [SC27] (see also assessment, criteria, standard, evaluation)

evaluation products list

List of validated products that have been successfully evaluated under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS). [CNSSI][CNSSI-4009] (see also assurance, evaluation)

evaluation scheme

The administrative and regulatory framework under which the CC is applied by an evaluation authority within a specific community. [CC2][CC21][SC27] (see also authority, evaluation)

evaluation technical report

A report giving the details of the findings of an evaluation, submitted by the CCTL to the NIAP Oversight Body as the principal basis for the validation report. [NIAP] (see also validation, Common Criteria Testing Laboratory, evaluation)

evaluation work plan

A document produced by a CCTL detailing the organization, schedule, and planned activity for an IT security evaluation. [NIAP] (see also IT security, computer security, security, Common Criteria Testing Laboratory, evaluation)

evaluator

(1) The independent person or organization that performs an evaluation. (2) Individual or group responsible for the independent assessment of IT product security (e.g. product evaluators, system security officers, system certifiers, and system accreditors). [AJP] Individuals or groups responsible for the independent assessment of IT product security (e.g. product evaluators, system security officers, system certifiers, and system accreditors). [FCv1] The independent person or organization that performs an evaluation. [ITSEC] (see also assessment, officer, security, system, evaluation assurance level)

evaluator actions

A component of the evaluation criteria for a particular phase or aspect of evaluation, identifying what the evaluator must do to check the information supplied by the sponsor of the evaluator, and the additional activities he must perform. [AJP][ITSEC] (see also criteria, identify, information, evaluation assurance level)

evasion

Modifying the format or timing of malicious activity so that its appearance changes but its effect on the target is the same. [800-94] (see also attack, malicious, target)

event

An occurrence of some specific data, situation or activity. [SC27] An occurrence, not yet assessed, that may affect the performance of an IT system. [CIAO] Any observable occurrence in a network or system. [800-61][SP 800-61] Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring. [CNSSI-4009] Occurrence or happening that is reasonably certain to occur and that can be set as the signal for automatic declassification of information. [DSS] Occurrence, not yet assessed, that may affect the performance of an IS. [CNSSI] (see also incident, system)

evidence

Information that either by itself or when used in conjunction with other information is used to establish proof about an event or action. NOTE - Evidence does not necessarily prove truth or existence of something but contributes to establish proof. [SC27] (see also audit trail, correctness, credentials, deception, delivery authority, development assurance, development assurance requirements, failure, forced entry, information, logging, monitor, non-repudiation, non-repudiation information, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, notarization, notary, operations security, operations security survey, proof, records, secure envelope, security audit trail, security environment threat list, security target, statistical estimate, surreptitious entry, time-stamping authority, time-stamping service, trust, trusted time stamping authority, validate vs. verify, validation, validation report, verifier, witness, assurance) (includes evidence requester, evidence subject, requirements for evidence)

evidence requester

An entity requesting an evidence to be generated either by another entity or by a trusted third party. [SC27] (see also entity, trust, evidence)

evidence subject

The entity responsible for the action, or associated with the event, with regard to which evidence is generated. [SC27] (see also entity, evidence, subject)

examination

A technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data. [SP 800-72]

examine

A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time. [SP 800-53A] (see also control, security)

exception

Adjudicative decision granting or continuing access eligibility despite a failure to meet adjudicative or investigative standards. Only the head of the agency concerned or designee make such decisions. An exception precludes reciprocity without review of the case by the gaining organization or program. There are three types: Condition: Access eligibility granted or continued with the proviso that one or more additional measures will be required. Such measures include additional security monitoring, restrictions on access and restrictions on an individual's handling of classified information. Submission of periodic financial statements, admonishment regarding use of drugs or excessive use of alcohol, and satisfactory progress in a Government approved counseling program is examples of conditions. Deviation: Access eligibility granted or continued despite either a significant gap in coverage or scope of investigation or an out-of-date investigation. 'Significant gap' means either a complete lack of coverage for a period of 6 months or more within the most recent 5 years investigated or the lack of a Federal Bureau of Investigation name or technical fingerprint check or the lack of one or more relevant investigative scope components (for example, employment checks or a subject interview for an Single Scope Background Investigation, financial review for any investigation) in its entirety. Waiver: Access eligibility granted or continued despite the presence of substantial issue information that would normally preclude access. Agency heads or their designees approve waivers only when the benefit of access clearly outweighs any security concern raised by the shortcoming. A waiver may require special limitations on access, additional security monitoring, and other restrictions on the person's handling of classified information beyond the normal need-to-know. [DSS] An event that causes suspension of normal program execution. Types include addressing exception, data exception, operation exception, overflow exception, protection exception, underflow exception. [OVT] (see also access, bug, classified, fault, flow, operation, program, security, subject)

exchange multiplicity parameter

Positive integer used to determine how manytimes the exchange of entity authentication messages shall be performed in one instance of the authentication mechanism. [SC27] (see also authentication, entity, message)

exculpatory evidence

Evidence that tends to decrease the likelihood of fault or guilt. [SP 800-72]

executable code

Programs in machine language ready to run in a particular computer environment. [SRV] (see also computer, program, code)

execute access

The ability to execute a software program [CIAO] (see also program, software, access)

execution, delivery, and process management

failed transaction processing or process management, from relations with trade counterparties and vendors. [2003-53c] (see also operational risk loss, process)

executive information systems (EIS)

(see also information, system)

executive order

Order issued by the President to create a policy and regulate its administration within the executive branch. [DSS]

executive state

(1) One of several states in which a system may operate and the only one in which certain privileged instructions may be executed. Such instructions cannot be executed when the system is operating in other (e.g. user) states. Synonymous with supervisor state. (2) A privileged state that can be used by supervisory software for multitasking operations. Reliable multitasking requires protection, such as segment-level protection. e.g. segment-level protection can have the following protection checks: (a) type check, (b) limit check, (c) restriction of addressable domain, (d) restriction of procedure entry points, and (e) restriction of instruction set. [AJP] One of several states in which a system may operate and the only one in which certain privileged instructions may be executed. Such instructions cannot be executed when the system is operating in other (e.g. user) states. [NCSC/TG004] One of several states in which an IS may operate, and the only one in which certain privileged instructions may be executed. Such privileged instructions cannot be executed when the system is operating in other states. Synonymous with supervisor state. [CNSSI] (see also domain, operation, privileged, software, system, users) (includes privileged instructions)

executive steering committee

A committee that manages the information portfolio of the organization. [SRV] The top-management team responsible for developing and sustaining the process management approach in the organization, including selecting and evaluating reengineering projects. [SRV] (see also information, process)

exempted

Nomenclature and marking indicating information was determined to fall within an enumerated exemption from automatic declassification under Executive Order 12958, as amended. [DSS]

exercise key

Key used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises. [CNSSI] (see also communications, key)

exercised

A program element is exercised by a test case when the input value causes the execution of that element, such as a statement, branch, or other structural element. [OVT] (see also program, test)

exhaustive testing

A test case design technique in which the test case suite comprises all combinations of input values and preconditions for component variables. (NBS) Executing the program with all possible combinations of values for program variables. Feasible only for small, simple programs. [OVT] (see also program, security testing, test)

expanded national agency check

Investigative inquiries (record reviews and/or interviews), as necessary, to determine if investigative issues are present or to substantiate or disprove unfavorable information disclosed during the conduct of a National Agency Check. [DSS]

expanded steel

Also called Expanded Metal Mesh. A lace work patterned material produced from 9/11 gauge sheet steel by making regular uniform cuts and then pulling it apart with uniform pressure. [DSS]

expansibility

The capability of being expanded or customized; synonymous with extensibility. [SRV]

expected output

Any data collected from monitoring and assessments as part of the Information Security Continuous Monitoring (ISCM) strategy. [SP 800-137] (see also security)

expert review team

Security experts to assist government entities with development of internal infrastructure protection plans; the ERT is charged with improving government-wide information systems security by sharing recommended practices, ensuring consistent infrastructure frameworks, and identifying needed technical resources. [CIAO] (see also identify, information, resource, security, system)

expire

(see certificate expiration)

explain

Give required information and show that it satisfies all relevant requirements. [AJP][FCv1] (see also information, requirements)

explicit key authentication from A to B

The assurance for entity B that A is the only other entity that is in possession of the correct key. NOTE - Implicit key authentication from A to B and key confirmation from A to B together imply explicit key authentication from A to B. [SC27] (see also assurance, entity, authentication, key)

exploit

(verb) To, in some way, take advantage of a vulnerability in a system in the pursuit or achievement of some objective. All vulnerability exploitations are attacks but not all attacks exploit vulnerabilities. (noun) Colloquially for exploit script: a script, program, mechanism, or other technique by which a vulnerability is used in the pursuit or achievement of some information assurance objective. It is common speech in this field to use the terms exploit and exploit script to refer to any mechanism, not just scripts, that uses a vulnerability. [OVT] A defined way to breach the security of an IT system through a vulnerability. [SC27] A technique or code that uses a vulnerability to provide system access to the attacker. [FFIEC] (see also Defensive Information Operations, access, access control, assurance, attack, code, covert channel, derf, entrapment, exploitable channel, firewall, flaw hypothesis methodology, information, information assurance, information superiority, information warfare, intelligent threat, non-technical countermeasure, object, operations security, penetration testing, port scan, program, security, security threat, smurf, system, technical vulnerability, threat agent, vulnerability, threat) (includes denial-of-service, distributed denial-of-service, exploit tools, logic bombs, phishing, sniffer, trojan horse, virus, vishing, war driving, worm, zero-day exploit)

exploit code

A program that allows attackers to automatically break into a system. [SP 800-40] (see also attack)

exploit tools

Publicly available and sophisticated tools that intruders of various skill levels can use to determine vulnerabilities and gain entry into targeted systems. [GAO] (see also system, vulnerability, exploit)

exploitable channel

(1) Any channel that is usable or detectable by subjects external to the Trusted Computing Base. (2) A covert channel that is usable or detectable by subjects external to the AIS's (Automated Information System's) Trusted Computing Base and can be used to violate the AIS's technical security policy. (3) Any information channel that is usable or detectable by subjects external to the Trusted Computing Base whose purpose is to violate the security policy of the computer system. [AJP] A covert channel that is usable or detectable by subjects external to the AIS's Trusted Computing Base and can be used to violate the AIS's technical security policy. [FCv1] Any channel that is usable or detectable by subjects external to the Trusted Computing Base. [TCSEC][TNI] Any information channel that is usable or detectable by subjects external to the Trusted Computing Base whose purpose is to violate the security policy of the computer system. [NCSC/TG004] Channel that allows the violation of the security policy governing an IS and is usable or detectable by subjects external to the trusted computing base. [CNSSI] Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. See Covert Channel. [CNSSI-4009] (see also computer, covert, exploit, information, policy, security, system, channel, threat, trusted computing base) (includes covert channel, subject)

exploitation

Process of obtaining intelligence information from any source and taking advantage of it. [DSS] The exploitation of an access control vulnerability is whatever causes the operating system to perform operations that are in conflict with the security policy as defined by the access control matrix. [OVT] (see also access, access control, control, intelligence, operation, policy, security, system, vulnerability)

exploitation of vulnerability

(see exploitation) (see also vulnerability)

export

Sending or taking a Defense article out of the United States in any manner, except by mere travel outside the United States by a person whose personal knowledge includes technical data; or, transferring registration or control to a foreign person of any aircraft, vessel, or satellite covered by the U.S. Munitions List, whether in the United States or abroad; or, disclosing (including oral or visual disclosure) or transferring in the United States any Defense article to an embassy, any agency, or subdivision of a foreign government (for example, diplomatic mission); or, performing a Defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad. [DSS] (see also foreign)

export license

The authorization issued by the Department of State, Office of Defense Trade Controls, or by the Department of Commerce, Bureau of Industry and Security, that permits export of International Traffic in Arms Regulations-or Export Administration Regulations- controlled articles, technical data, or services. [DSS] (see also authorization, security)

export license application

Request submitted by U.S. persons and foreign government entities in the United States to export International Traffic in Arms Regulations-or Export Administration Regulations-controlled technical data, services, or articles to a foreign person. [DSS] (see also foreign)

exposures

A measure of the potential risk to an IT system from both external and internal threats. [800-37] A threat action whereby sensitive data is directly released to an unauthorized entity. [RFC2828] An SCAP specification that provides unique, common names for publicly known information system vulnerabilities. [SP 800-128] The potential loss to an area due to the occurrence of an adverse event. [FFIEC] (see also authorized, entity, inadvertent disclosure, levels of concern, media protection, risk, risk assessment, system, unauthorized disclosure, threat consequence) (includes common vulnerabilities and exposures, external system exposure, internal system exposure)

extended industry standard architecture (EISA)

extensibility

A measure of the ease of increasing the capability of a system. [800-130] The ease with which a system can be modified to increase its storage or functional capacity. An extensible collection of interfaces, services, protocols, and supporting data formats. Synonymous with expansibility. [SRV] (see also function, interface, protocols, system)

extensible

The capability of being expanded or customized. For example, with extensible programming languages, programmers can add new control structures, statements, or data types. [SRV] (see also control, program)

Extensible Authentication Protocol (EAP)

(I) A framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences. (C) This protocol is intended for use primarily by a host or router that connects to a PPP network server via switched circuits or dial-up lines. [RFC2828] (see also challenge/response, network, passwords, response, router, authentication, protocols, security protocol)

extensible markup language (XML)

A specification for a generic syntax to mark data with simple, human-readable tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations. [800-82] Extensible Markup Language, abbreviated XML, describes a class of data objects called XML documents and partially describes the behavior of computer programs which process them. [800-63] (see also application, computer, object, process, program, validation, standard generalized markup language)

extension

(I) A data item defined for optional inclusion in a v3 X.509 public-key certificate or a v2 X.509 CRL. (C) The formats defined in X.509 can be extended to provide methods for associating additional attributes with subjects and public keys and for managing a certification hierarchy:

'Certificate extension': X.509 defines standard extensions that may be included in v3 certificates to provide additional key and security policy information, subject and issuer attributes, and certification path constraints.
'CRL extension': X.509 defines extensions that may be included in v2 CRLs to provide additional issuer key and name information, revocation reasons and constraints, and information about distribution points and delta CRLs.
'Private extension': Additional extensions, each named by an OID, can be locally defined as needed by applications or communities.

[RFC2828] The addition to an ST or PP of functional requirements not contained in Part 2 and/or assurance requirements not contained in Part 3 of the CC. [CC2][CC21][SC27] (see also X.509, application, assurance, certificate, certification, function, information, key, policy, public-key, requirements, revocation, security, standard, subject, public-key infrastructure)

external fraud

an act of a type intended to defraud, misappropriate property or circumvent the law, by a third party. [2003-53c] (see also property, fraud, operational risk loss)

external it entity

Any IT product or system, untrusted or trusted, outside of the TOE [Target of Evaluation] that interacts with the TOE. [OVT] Any IT product or system, untrusted or trusted, outside of the TOE that interacts with the TOE. [CC2][CC21][SC27] (see also system, target, trust, entity, target of evaluation)

external label

A physical label placed on the outside of magnetic media to identify the contents [NASA] (see also identify)

external network

A network not controlled by the organization. [SP 800-53; CNSSI-4009] (see also control, network)

external security controls

Measures that include physical, personnel, procedural, and administrative security requirements and a separate certification and accreditation process that govern physical access to an IT product. Note: These measures constitute assumptions and boundary conditions that are part of the environment described in a protection profile. [AJP][FCv1] (see also access, access control, accreditation, boundary, certification, file, process, profile, control, protection profile, risk management, security controls)

external security testing

Security testing conducted from outside the organization's security perimeter. [SP 800-115] Security testing that is conducted from outside the organization's security perimeter. [800-115] (see also security perimeter, security testing, test)

external system exposure

Relates to: (1) the method by which users access the system, (e.g., dedicated connection, intranet connection, Internet connection, wireless network), (2) the existence of backend connections to the system and to what the backend systems are connected, and (3) the number of users that access the system. [800-37] (see also access, access control, connection, internet, users, exposures, system)

external throughput rate

The number of interactive transactions or batch jobs completed per unit of elapsed time. [SRV]

extraction resistance

Capability of cryptographic equipment or secure telecommunications equipment to resist efforts to extract key. [CNSSI][CNSSI-4009] (see also communications, cryptography, key, telecommunications)

extranet

(I) A computer network that an organization uses to carry application data traffic between the organization and its business partners. (C) An extranet can be implemented securely, either on the Internet or using Internet technology, by constructing the extranet as a VPN. [RFC2828] A private network that uses Web technology, permitting the sharing of portions of an enterprise's information or operations with suppliers, vendors, partners, customers, or other enterprises. [CNSSI-4009] An intranet that is accessible or partially accessible to authorized users outside the organization. [CIAO] Extension to the intranet allowing selected outside users access to portions of an organization's intranet. [CNSSI] (see also access, access control, application, authorized, computer, computer network, network, technology, users, virtual private network, internet)

extraordinary security measures

Security measure necessary to adequately protect particularly sensitive information but that imposes a substantial impediment to normal staff management and oversight. Extraordinary security measures are: Program access nondisclosure agreements (read-on statements) Specific officials authorized to determine need-to-know (Access Approval Authority) Nicknames/code words for program identification Special access required markings Program billet structure Access roster Use of cover Use of special mission funds or procedures Use of a Special Access Programs facility/vault Use of a dedicated Special Access Programs security manager Any other security measure beyond those required to protect collateral information [DSS] (see also access, authorized, security)

facilities

All facilities required to support the core processes, including the resources to house and support information technology resources, and the other resource elements defined above. [CIAO] Buildings, structures, or other real property. Entities such as military bases, industrial sites, and office complexes may be identified as facilities. [DSS] (see also information, process, resource, technology)

facilities accreditation

Official determination of the physical, procedural, and technical security acceptability of a facility that authorizes its use to protect classified national security information. [DSS] (see also classified, security)

facilities certification

An official notification to the accreditor of the physical, procedural and technical security acceptability of a facility to protect classified national security information. [DSS] (see also classified, security, certification)

facility

Plant, laboratory, office, college, university, or commercial structure with associated warehouses, storage areas, utilities, and components, that, when related by function and location, form an operational entity. [DSS]

facility manager

Oversees changes and additions to the facility housing the IT system and ensures changes in facility design or construction do not adversely affect the security of existing systems. [800-37] (see also security, system)

facility security clearance

Administrative determination that, from a security viewpoint, a facility is eligible for access to classified information of a certain category (and all lower categories). [DSS] (see also access, classified, security)

facsimile (FAX)

fail safe

(I) A mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system. [RFC2828] Automatic protection of programs and/or processing systems when hardware or software failure is detected. [CNSSI][CNSSI-4009] Pertaining to the automatic protection of programs and/or processing systems to maintain safety when a hardware or software failure is detected in a system. [AJP][NCSC/TG004] The automatic termination and protection of programs or other processing operations when a hardware or software failure is detected in a system. [SRV] (see also failure, operation, process, program, software, system, failure control)

fail soft

(I) Selective termination of affected non-essential system functions and processes when a failure occurs or is detected in the system. [RFC2828] Pertaining to the selective termination of affected nonessential processing when a hardware or software failure is detected in a system. [AJP][NCSC/TG004] Selective termination of affected nonessential processing when hardware or software failure is determined to be imminent. [CNSSI][CNSSI-4009] The selective termination of affected nonessential processing when a hardware or software failure is detected in a system. Examples of its application can be found in distributed data processing systems. [SRV] (see also application, failure, function, process, software, system, automated information system, failure control)

failed logon

Any unsuccessful attempt to gain user access to IT resources [NASA] (see also access, resource, users, logon, threat)

failover

The capability to switch over automatically (typically without human intervention or warning) to a redundant or standby information system upon the failure or abnormal termination of the previously active system. [SP 800-53; CNSSI-4009]

failure

Deviation of the software from its expected delivery or service. (after Fenton) The inability of a system or component to perform its required functions within specified performance requirements. [OVT] Discrepancy between the external results of a program's operation and the software product requirements. A software failure is evidence of the existence of a fault in the software. [SRV] (see also fault, IS related risk, abend, abort, accountability, anomaly, availability, backup procedures, bomb, contingency plan, crash, critical mechanism, defect, dump, evidence, fail safe, fail soft, fallback procedures, flooding, function, mean-time-to-repair, mean-time-to-service-restoral, operation, outage, problem, program, recovery procedures, requirements, software, software reliability, strength of a requirement, system, uninterruptible power supply, vulnerability, risk) (includes environmental failure protection, environmental failure testing, failure access, failure control, mean-time-between-failure, mean-time-between-outages, mean-time-to-fail)

failure access

An unauthorized and usually inadvertent access to data resulting from a hardware or software failure in the system. [AJP][NCSC/TG004][SRV] Type of incident in which unauthorized access to data results from hardware or software failure. [CNSSI][CNSSI-4009] (see also authorized, incident, software, system, unauthorized access, access, failure, threat)

failure control

(I) A methodology used to provide fail-safe or fail-soft termination and recovery of functions and processes when failures are detected or occur in a system. [RFC2828] Methodology used to detect imminent hardware or software failure and provide fail safe or fail soft recovery. [CNSSI][CNSSI-4009] The methodology used to detect failures and provide fail-safe or fail-soft recovery from hardware and software failures in a system. [AJP][NCSC/TG004] (see also function, process, recovery, software, system, control, failure, risk management) (includes fail safe, fail soft)

fallback procedures

In the event of failure of transactions or the system, it is the ability to fall back to the original or alternate method for continuation of processing. [SRV] (see also backup, failure, process, system)

false acceptance

In biometrics, the instance of a security system incorrectly verifying or identifying an unauthorized person. It typically is considered the most serious of biometric security errors as it gives unauthorized users access to systems that expressly are trying to keep them out. [CNSSI-4009] When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity [SP 800-76] (see also access, entity, identity, security, system, users)

false acceptance rate

Refers to the rate at which an unauthorized individual is accepted by the system as a valid user. [GSA] The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. A system's false acceptance rate typically is stated as the ratio of the number of false acceptances divided by the number of identification attempts. [CNSSI-4009] The probability that a biometric system will incorrectly identify an individual or will fail to reject an impostor. The rate given normally assumes passive impostor attempts. [SP 800-76] (see also access, authorized, system, users, biometrics)

false denial of origin

Action whereby the originator of data denies responsibility for its generation. [RFC2828] (see also threat consequence)

false denial of receipt

Action whereby the recipient of data denies receiving and possessing the data. [RFC2828] (see also threat consequence)

false negative

An instance in which a security tool intended to detect a particular threat fails to do so. [800-83] An instance in which an intrusion detection and prevention technology fails to identify malicious activity as being such. [800-94] Occurs when an actual intrusive action has occurred but the system allows it to pass as non-intrusive behavior. [NSAINT][OVT] (see also identify, intrusion, intrusion detection, malicious, system, technology, threat, risk)

false positive

An alert that incorrectly indicates that malicious activity is occurring. [800-115][800-61][SP 800-61] An instance in which a security tool incorrectly classifies benign content as malicious. [800-83] An instance in which an intrusion detection and prevention technology incorrectly identifies benign activity as being malicious. [800-94] Occurs when the system classifies an action as anomalous (a possible intrusion) when it is a legitimate action. [NSAINT][OVT] (see also classified, intrusion, intrusion detection, malicious, system, technology, risk)

false rejection

In biometrics, the instance of a security system failing to verify or identify an authorized person. It does not necessarily indicate a flaw in the biometric system; for example, in a fingerprint-based system, an incorrectly aligned finger on the scanner or dirt on the scanner can result in the scanner misreading the fingerprint, causing a false rejection of the authorized user. [CNSSI-4009] When a biometric system fails to identify an applicant or fails to verify the legitimate claimed identity of an applicant. [SP 800-76] (see also entity, identity, security, system)

false rejection rate

The measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user. A system's false rejection rate typically is stated as the ratio of the number of false rejections divided by the number of identification attempts. [CNSSI-4009] The probability that a biometric system will fail to identify an applicant, or verify the legitimate claimed identity of an applicant. [SP 800-76] (see also access, entity, identity, security, system)

falsification

A threat action whereby false data deceives an authorized entity. [RFC2828] (see also authorized, entity, threat consequence)

family

A grouping of components that share security objectives but may differ in emphasis or rigour. [CC2][CC21][SC27] (see also object, security)

fault

A condition that causes a device or system component to fail to perform in a required manner. [AFSEC][AJP][NCSC/TG004] An incorrect step, process, or data definition in a computer program. A manifestation of an error in software. A fault, if encountered may cause a failure. (after do178b) An incorrect step, process, or data definition in a computer program which causes the program to perform in an unintended or unanticipated manner. [OVT] An incorrect step, process, or data definition in a computer program. A physical malfunction or abnormal pattern of behavior that is causing or will cause, an outage, error, or degradation of communications services on a communications network. [SRV] (see also failure, Federal Standard 1027, alarm reporting, alarm surveillance, anomaly, bug, communications, computer, correctness, debug, defect, error, exception, function, maintenance, network, network management, problem, process, program, software, software reliability, system, trap, threat) (includes fault injection, fault isolation, fault management, fault tolerance, fault tolerant, security fault analysis)

fault injection

The hypothesized errors that software fault injection uses are created by either: (1) adding code to the code under analysis, (2) changing the code that is there, or (3) deleting code from the code under analysis. Code that is added to the program for the purpose of either simulating errors or detecting the effects of those errors is called {\it instrumentation code}. To perform fault injection, some amount of instrumentation is always necessary, and although this can be added manually, it is usually performed by a tool. [OVT] (see also analysis, code, program, software, fault)

fault isolation

identifies the area of malfunction or failure and/or limits the effect of malfunction or failure [misc] (see also accountability, function, fault)

fault management

The prevention, detection, reporting, diagnosis, and correction of faults and fault conditions. Fault management includes alarm surveillance, trouble tracking, fault diagnosis, and fault correction. [SRV] (see also fault)

fault tolerance

A method of ensuring continued operation through redundancy and diversity. [AFSEC] The ability of a processor to maintain effectiveness after some subsystems have failed. [SRV] The ability of a system or component to continue normal operation despite the presence of hardware or software faults. [NSAINT][OVT] (see also fault tolerant, operation, process, risk, software, system, fault)

fault tolerant

Of a system, having the built-in capability to provide continued, correct execution of its assigned function in the presence of a hardware and/or software fault. [800-82] (see also fault tolerance, availability, function, software, system, fault)

fear, uncertainty, or doubt (FUD)

(see also deterrence)

Federal Criteria for Information Technology Security

US draft security criteria for trusted systems. [AJP] (see also system, trust, Common Criteria for Information Technology Security Evaluation, computer security, criteria, information, technology) (includes Federal Criteria Vol. I, assurance, correctness)

Federal Criteria Vol. I (FCv1)

Nat'l Inst. of Standards and Technology (NIST) and Nat'l Security Agency (NSA), Federal Criteria for Information Technology Security: Vol. I, Protection Profile Development; Vol. II, Registry of Protection Profiles, Version 1.0, Dec. 1992. [FCv1] (see also computer security, file, information, profile, standard, technology, version, Federal Criteria for Information Technology Security, National Institute of Standards and Technology, criteria) (includes protection profile)

federal enterprise architecture

A business-based framework for governmentwide improvement developed by the Office of Management and Budget that is intended to facilitate efforts to transform the federal government to one that is citizen-centered, results-oriented, and market-based. [SP 800-53; SP 800-18; SP 800-60; CNSSI-4009] (see also management)

Federal Information Processing Standards (FIPS)

(N) The Federal Information Processing Standards Publication (FIPS PUB) series issued by the U.S. National Institute of Standards and Technology as technical guidelines for U.S. Government procurements of information processing system equipment and services. [FP031, FP039, FP046, FP081, FP102, FP113, FP140, FP151, FP180, FP185, FP186, FP188] (C) Issued under the provisions of section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. [RFC2828] (see also computer, computer security, property, security, system, technology, National Institute of Standards and Technology, information, process, standard) (includes Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Information Processing Standards Publication 140, data encryption standard)

Federal Information Processing Standards Publication 140 (FIPS140)

federal information system

An information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency. [SP 800-53; FIPS 200; FIPS 199; 40 U.S.C., Sec. 11331;]

federal personnel manual

Manual issued and updated by the Office of Personnel Management and designed to administer the personnel management of civilian employees of the Federal Government. [DSS]

Federal Public-key Infrastructure (FPKI)

(N) A PKI being planned to establish facilities, specifications, and policies needed by the U.S. Federal Government to use public-key certificates for INFOSEC, COMSEC, and electronic commerce involving unclassified but sensitive applications and interactions between Federal agencies as well as with entities of other branches of the Federal Government, state, and local governments, business, and the public. [RFC2828] (see also application, certificate, classified, communications security, key, public-key, public-key infrastructure)

federal record

Includes all books, papers, maps, photographs, machinereadable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the U.S. Government under federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government or because of the informational value of data in them. Library and museum material made or acquired and preserved solely for reference, and stocks of publications and processed documents, are not included. (section 3301, title 44 of the United States Code). [DSS]

Federal Reserve Banks

The Federal Reserve Banks provide a variety of financial services, including funds transfer, book-entry securities, ACH, and clearing and settling checks drawn on depository institutions located in all regions of the United States. [FFIEC]

federal secure telephone service (FSTS)

Federal Standard 1027

(N) An U.S. Government document defining emanation, anti-tamper, security fault analysis, and manual key management criteria for DES encryption devices, primary for OSI layer 2. Was renamed 'FIPS PUB 140' when responsibility for protecting unclassified, sensitive information was transferred from NSA to NIST, and then was superseded by FIPS PUB 140-1. [RFC2828] (see also FIPS PUB 140-1, National Security Agency, analysis, classified, criteria, emanation, emanations security, encryption, fault, information, key, key management, security, tamper, National Institute of Standards and Technology, standard)

federal telecommunications system (FTS)

(see also communications, system, telecommunications)

federated identity

A system that allows individuals to use the same user name, password or other identity credential to access the Web sites or services of more than one organization in order to conduct transactions. [GSA] (see also access, access control, federation, system, users, entity, identity)

federation

Members of a federation system depend on each other to authenticate their respective users and vouch for their access to services offered by other members of the federation. [GSA] (see also access, access control, assurance level, federated identity, relying party, system, users)

fedline

FedLine is the Federal Reserve Bank's proprietary electronic platform providing a common electronic delivery channel for financial institution access to Federal Reserve financial services including Fedwire funds transfer. [FFIEC] (see also access, access control)

fedwire

The Federal Reserve System's nationwide real-time gross settlement electronic funds and securities transfer network. Fedwire is a credit transfer system, and each funds transfer is settled individually against an institution's reserve or clearing account on the books of the Federal Reserve as it is processed and is considered a final and irrevocable payment.Finality Irrevocable and unconditional transfer of payment during settlement. [FFIEC] (see also process, system)

feedback buffer

Variable used to store input data for the encipherment process. At the starting point FB has the value of SV. [SC27] (see also cipher, cryptography, encipherment, process)

ferroelectric random access memory

Type of nonvolatile memory developed by Ramtron International Corporation. Ferroelectric Random Access Memory combines the access of speed of Dynamic Random Access Memory and Static Random Access Memory with the non-volatility of Read-only memory. Because of its high speed, it is replacing Electrically Erasable Programmable Read-Only Memory in many devices. The term Ferroelectric Random Access Memory itself is a trademark of Ramtron. [DSS] (see also access)

fetch protection

(1) A system-provided restriction to prevent a program from accessing data in another user's segment of storage. (2) The aggregate of all processes and procedures in a system designed to inhibit unauthorized access, contamination, or elimination of a file. [AJP] A system-provided restriction to prevent a program from accessing data in another user's segment of storage. [NCSC/TG004] (see also access, assurance, authorized, file, process, program, system, unauthorized access, access control) (includes contamination)

fiber distributed data interface (FDDI)

fiber-optics

A method of transmitting light beams along optical fibers. A light beam, such as that produced in a laser, can be modulated to carry information. A single fiber-optic channel can carry significantly more information than most other means of information transmission. Optical fibers are thin strands of glass or other transparent material. [SRV] (see also information)

field

A specific location of data where it is stored on a computer file. [SRV] (see also computer, file)

field device

Equipment that is connected to the field side on an ICS. Types of field devices include RTUs, PLCs, actuators, sensors, HMIs, and associated communications. [800-82] (see also communications)

field site

A subsystem that is identified by physical, geographical, or logical segmentation within the ICS. A field site may contain RTUs, PLCs, actuators, sensors, HMIs, and associated communications. [800-82] (see also communications, system)

fieldbus

A digital, serial, multi-drop, two-way data bus or communication path or link between low-level industrial field equipment such as sensors, transducers, actuators, local controllers, and even control room devices. Use of fieldbus technologies eliminates the need of point-to-point wiring between the controller and each device. A protocol is used to define messages over the fieldbus network with each message identifying a particular sensor on the network. [800-82] (see also control, message, protocols)

file

A collection of data records stored on a computer medium. [SRV] (see also Federal Criteria Vol. I, Minimum Interoperability Specification for PKI Components, PHF, PKIX, Tripwire, access type, anonymous login, antivirus software, archiving, assignment, attack signature recognition, audit, audit software, audit trail, authentication, authorization, backup, backup generations, backup procedures, batch mode, browse access protection, capability, card initialization, clean system, component, computer, computer fraud, connection, container, cookies, correctness, data dictionary, data synchronization, decomposition, deliverable, development assurance requirements, digital signature, disaster recovery, discretionary access control, disinfecting, downgrade, download, effectiveness, encryption software, ethernet sniffing, evaluation, evaluation assurance requirements, external security controls, fetch protection, field, firewall, functional protection requirements, general controls, gopher, granularity, hash function, hash totals, honeypot, hypertext markup language, integration test, intrusion detection systems, key-escrow, logic bombs, login, macro virus, malicious applets, mandatory access control, message digest, metadata, multipartite virus, multipurpose internet mail extensions, national computer security assessment program, national information assurance partnership, object, off-line attack, on-access scanning, output, permissions, personal security environment, pretty good privacy, product rationale, programmable logic controller, prowler, purge, purging, push technology, quarantine, quarantining, real-time system, recovery procedures, redundancy, refinement, register, review techniques, rootkit, sampling frame, sandboxed environment, sanitize, script, secure hash algorithm, security certificate, security label, security target, security-relevant event, server, snarf, social engineering, stateful protocol analysis, superuser, suspicious activity report, system administrator privileges, system resources, system software, tracking cookie, trigger, trojan horse, trusted certificate, trusted key, uniform resource locator, upload, users, utility programs, virus, virus signature, web browser cache, web of trust, work product) (includes CKMS profile, COMSEC profile, IT default file protection parameters, Network File System, access profile, assurance profile, communications profile, critical system files, default file protection, file encryption, file infector virus, file integrity checker, file integrity checking, file protection, file security, file transfer, file transfer access management, file transfer protocol, keys used to encrypt and decrypt files, master file, profile, profile assurance, protection profile, protection profile family, secure profile inspector, security policy information file, system files, system profile, transaction file, trust-file PKI, user profile)

file encryption

The process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided. [SP 800-111] (see also access, authentication, process, encryption, file)

file infector virus

A virus that attaches itself to a program file, such as a word processor, spreadsheet application, or game. [800-61] A virus that attaches itself to executable programs, such as word processors, spreadsheet applications, and computer games. [800-83] (see also application, computer, process, program, file, virus)

file integrity checker

Software that generates, stores, and compares message digests for files to detect changes to the files. [800-115][800-61] (see also message, software, file, integrity)

file integrity checking

Software that generates, stores, and compares message digests for files to detect changes to the files. [800-115][800-61] (see also compromise, message, software, file, integrity)

file name anomaly

1. A mismatch between the internal file header and its external extension; or 2. A file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension. [SP 800-72]

file protection

Aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents. [CNSSI][CNSSI-4009] The aggregate of all processes and procedures in a system designed to inhibit unauthorized access, contamination, or elimination of a file. [NCSC/TG004][SRV] (see also access, assurance, authorized, process, system, unauthorized access, access control, file) (includes contamination)

file security

Means by which access to computer files is limited to authorized users only. [CNSSI][CNSSI-4009] The means by which access to computer files is limited to authorized users only. [AJP][NCSC/TG004][SRV] (see also access, authorized, computer, access control, file)

file series

File units or documents arranged according to a filing system or kept together because they relate to a particular subject or function, result from the same activity, document a specific kind of transaction, take a particular physical form, or have some other relationship arising out of their creation, receipt, or use, such as restrictions on access or use. [DSS] (see also access, subject)

file series exemption

Exception to the 25-year automatic declassification provisions of Executive Order 12958, as amended. This exception applies to entire blocks of records, that is, 'file series,' within an agency's records management program. To qualify for this exemption, the file series must be replete with exemptible information. [DSS]

file transfer

The process of transferring files between two computer systems over a network, using a protocol such as FTP or HTTP. [RFC2504] (see also computer, network, process, protocols, system, file)

file transfer access management (FTAM)

(see also network, access, file)

file transfer protocol (FTP)

(I) A TCP-based, application-layer, Internet Standard protocol for moving data files from one computer to another. [RFC2828] A means to exchange files across a network. [SRV] (see also application, computer, network, standard, file, internet, protocols)

fill device

COMSEC item used to transfer or store key in electronic form or to insert key into a cryptographic equipment. [CNSSI] COMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment. [CNSSI-4009] (see also communications security, cryptography, key)

fill device interface unit (FDIU)

(see also interface)

filtering router

(I) An internetwork router that selectively prevents the passage of data packets according to a security policy. (C) A filtering router may be used as a firewall or part of a firewall. A router usually receives a packet from a network and decides where to forward it on a second network. A filtering router does the same, but first decides whether the packet should be forwarded at all, according to some security policy. The policy is implemented by rules (packet filters) loaded into the router. The rules mostly involve values of data packet control fields (especially IP source and destination addresses and TCP port numbers).$ financial institution (N) 'An establishment responsible for facilitating customer-initiated transactions or transmission of funds for the extension of credit or the custody, loan, exchange, or issuance of money.' [RFC2828] (see also screening router, control, establishment, internet, network, packet filter, policy, security, router)

finality

Irrevocable and unconditional transfer of payment during settlement. [FFIEC]

financial crimes enforcement network

Activity of the Department of the Treasury that supports law enforcement investigative efforts and fosters interagency and global cooperation against domestic and international financial crimes; it provides U.S. policymakers with strategic analyses of domestic and worldwide money laundering developments, trends, and patterns. The Financial Crimes Enforcement Network works toward those ends through information collection, analysis, and sharing, as well as technological assistance and implementation of the Bank Secrecy Act and other Department of Treasury authorities. [DSS] (see also analysis, network)

financial disclosure

Personnel security requirement for clearance processing requiring that subjects provide information regarding one's total financial situation in areas such as assets, liabilities, and indebtedness. [DSS] (see also security, subject)

fingerprint

(I) A pattern of curves formed by the ridges on a fingertip. (D) ISDs SHOULD NOT use this term as a synonym for 'hash result' because it mixes concepts in a potentially misleading way. (D) ISDs SHOULD NOT use this term with the following PGP definition, because the term and definition mix concepts in a potentially misleading way and duplicate the meaning of 'hash result': (O) PGP usage: A hash result used to authenticate a public key (key fingerprint) or other data. [RFC2828] (see also authentication, hash, key, public-key)

finite population correction factor (FPC)

A multiplier that makes adjustments for the sampling efficiency gained when sampling is without replacement and when the sample size is large (greater than 5 or 10 percent) with respect to the population size. This multiplier reduces the sampling error for a given sample size or reduces the required sample size for a specified measure of precision (in this case, desired sampling error). [SRV]

finite state machine (FSM)

A mathematical model of a sequential machine that is comprised of a finite set of states, a finite set of inputs, a finite set of outputs, a mapping from the sets of inputs and states into the set of states (i.e. state transitions), and a mapping from the sets of inputs and states onto the set of outputs (i.e. an output function). [FIPS140] (see also function, model)

FIPS approved security method

A security method (e.g. cryptographic algorithm, cryptographic key generation algorithm or key distribution technique, authentication technique, or evaluation criteria) that is either a) specified in a FIPS, or b) adopted in a FIPS and specified either in an appendix to the FIPS or in a document referenced by the FIPS. [FIPS140] (see also algorithm, authentication, criteria, cryptographic, evaluation, key, Federal Information Processing Standards, National Institute of Standards and Technology, security policy)

FIPS PUB 140-1

(N) The U.S. Government standard for security requirements to be met by a cryptographic module used to protect unclassified information in computer and communication systems. (C) The standard specifies four increasing levels (from 'Level 1' to 'Level 4') of requirements to cover a wide range of potential applications and environments. The requirements address basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference and electromagnetic compatibility (EMI/EMC), and self-testing. NIST and the Canadian Communication Security Establishment jointly certify modules. [RFC2828] (see also Federal Information Processing Standards Publication 140, Federal Standard 1027, algorithm, application, authorized, classified, communications security, computer, cryptographic, cryptography, establishment, information, interface, key, key management, module, requirements, role, security, security testing, software, standard, system, test, zeroization, zeroize, Federal Information Processing Standards, National Institute of Standards and Technology) (includes random number generator)

FIPS PUB

An acronym for Federal Information Processing Standards Publication. FIPS publications (PUB) are issued by NIST after approval by the Secretary of Commerce. [SP 800-64]

FIPS-Validated Cryptography

A cryptographic module validated by the Cryptographic Module Validation Program (CMVP) to meet requirements specified in FIPS 140-2 (as amended). As a prerequisite to CMVP validation, the cryptographic module is required to employ a cryptographic algorithm implementation that has successfully passed validation testing by the Cryptographic Algorithm Validation Program (CAVP). See NSA-Approved Cryptography. [SP 800-53] (see also requirements, cryptography)

fire barrier

A substance within, above, or below an IT facility that bars, restrains, or obstructs the spread of a fire to other parts of the facility or adjoining areas. [NASA] (see also availability)

fire suppression system

Equipment used to extinguish fires [NASA] (see also availability, system)

FIREFLY

Key management protocol based on public key cryptography. [CNSSI][CNSSI-4009] (see also cryptography, key, key management, management, protocols, public-key)

firewall

(I) An internetwork gateway that restricts data communication traffic to and from one of the connected networks (the one said to be 'inside' the firewall) and thus protects that network's system resources against threats from the other network (the one that is said to be 'outside' the firewall). (C) A firewall typically protects a smaller, secure network (such as a corporate LAN, or even just one host) from a larger network (such as the Internet). The firewall is installed at the point where the networks connect, and the firewall applies security policy rules to control traffic that flows in and out of the protected network. (C) A firewall is not always a single computer. For example, a firewall may consist of a pair of filtering routers and one or more proxy servers running on one or more bastion hosts, all connected to a small, dedicated LAN between the two routers. The external router blocks attacks that use IP to break security (IP address spoofing, source routing, packet fragments), while proxy servers block attacks that would exploit a vulnerability in a higher layer protocol or service. The internal router blocks traffic from leaving the protected network except through the proxy servers. The difficult part is defining criteria by which packets are denied passage through the firewall, because a firewall not only needs to keep intruders out, but usually also needs to let authorized users in and out. [RFC2828] 1) An electronic boundary that prevents unauthorized users from accessing certain files on a network; or, a computer used to maintain such a boundary.2) An access control mechanism that acts as a barrier between two or more segments of a computer network or overall client-server architecture, used to protect internal networks or network segments from unauthorized users or processes. [CIAO] A device or group of devices that enforces an access control policy between networks. While there are many different ways to accomplish it, all firewalls do the same thing: control access between networks. The most common configuration involves a firewall connecting two segments (one protected and one unprotected), but this is not the only possible configuration. Many firewalls support tri-homing, allowing use of a DMZ network. It is possible for a firewall to accommodate more than three interfaces, each attached to a different network segment. The criteria by which access are controlled are not specified here. Typically this has been done using network- or transport-layer criteria (such as IP subnet or TCP port number), but there is no reason this must always be so. A growing number of firewalls are controlling access at the application layer, using user identification as the criterion. And firewalls for ATM networks may control access based on data link-layer criteria. [RFC2647] A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures. [SP 800-41] A gateway that limits access between networks in accordance with local security policy. [SP 800-32] A hardware or software link in a network that relays only data packets clearly intended and authorized to reach the other side. [FFIEC] A hardware/software capability that limits access between networks and/or systems in accordance with a specific security policy. [CNSSI-4009] A mechanism to protect IS computing sites against Internet-borne threats. It can be thought of as a pair of mechanisms: one that exists to block traffic, and the other that exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. [SRV] A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits access between networks in accordance with local security policy. The typical firewall is an inexpensive micro-based Unix box kept clean of critical data, with many modems and public network ports on it, but just one carefully watched connection back to the rest of the cluster. [NSAINT] A system that enforces a boundary between two or more networks. [misc] An inter-network gateway that restricts data communication traffic to and from one of the connected networks (the one said to be 'inside' the firewall) and thus protects that network's system resources against threats from the other network (the one that is said to be 'outside' the firewall). [800-82] Firewall, A system or combination of systems that enforces a boundary between tow or more networks. Gateway that limits access between networks in accordance with local security policy. The typical firewall is an inexpensive micro-based Unix box kept clean of critical data, with a bunch of modems and public network ports on it but just one carefully watched connection back to the rest of the cluster. [AFSEC] System designed to defend against unauthorized access to or from a private network. [CNSSI] System designed to prevent unauthorized access to or from a private network. [DSS] The process integrated with a computer operating system that detects and prevents undesirable applications and remote users from accessing or performing operations on a secure computer; security domains are established which require authorization to enter. [800-130] (see also access, access control, application, application level gateway, attack, authorization, authorized, boundary, circuit level gateway, computer, computer network, control, countermeasures, criteria, critical, data source, domain, exploit, file, flow, identification, interface, network, operation, policy, process, protocols, resource, router, screening router, software, spoof, system, threat, unauthorized access, unit of transfer, users, vulnerability, front-end security filter, gateway, guard, internet, security filter, security software) (includes application gateway firewall, application proxy, application-level firewall, bastion host, circuit proxy, connection, demilitarized zone, dual-homed gateway firewall, firewall machine, goodput, homed, host-based firewall, illegal traffic, logging, network address translation, network level firewall, packet filter, packet filtering, packet filtering firewall, protected network, proxy, rejected traffic, router-based firewall, ruleset, screened host firewall, screened subnet firewall, stateful packet filtering, trusted gateway, unprotected network)

firewall control proxy

The component that controls a firewall's handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination. [SP 800-58] (see also control)

firewall machine

Computer on a network used to isolate, filter, and protect local systems from external connectivity by controlling the amount and kinds of traffic that will pass between the two. Is a dedicated gateway machine with special security precautions on it, used to service outside network connections and dial-in lines. The idea is to protect a cluster of more loosely administered machines hidden behind it from crackers. [AFSEC] (see also connection, security, firewall)

firmware

(I) Computer programs and data stored in hardware--typically in read-only memory (ROM) or programmable read-only memory (PROM)--such that the programs and data cannot be dynamically written or modified during execution of the programs. [RFC2828] Application recorded in permanent or semi permanent computer memory. [CIAO] Program recorded in permanent or semipermanent computer memory. [800-37][CNSSI] The programs and data (i.e. software) permanently stored in hardware (e.g. in ROM, PROM, or EPROM) such that the programs and data cannot be dynamically written or modified during execution. Programs and data stored in EEPROM are considered as software. [FIPS140] The programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution. [FIPS 140-2] (see also application, computer, program, software, cryptographic module)

fishbone diagram

A graphic technique for identifying cause-and-effect relationships among factors in a given situation or problem. Also called Ishikawa Diagramming. [SRV] (see also identify)

fishbowl

To contain, isolate and monitor an unauthorized user within a system in order to gain information about the user. [NSAINT] (see also authorized, information, system, users)

fixed COMSEC facility

COMSEC facility located in an immobile structure or aboard a ship. [CNSSI] (see also communications security)

fixed disk

Magnetic storage device used for high volume data storage and retrieval purposes, which is not removable from the computer in which operates. [DSS]

fixed price contract

A contract that provides for a firm price, or in appropriate cases, an adjusted price. [SRV]

flash memory

Special type of Electrically Erasable Programmable ReadOnly Memory that can be erased and reprogrammed in blocks instead of one byte at a time. Many modern personal computers have their Basic Input-Output System stored on a flash memory chip so that it can easily update if necessary. Such a Basic Input-Output System is sometimes called flash Basic Input-Output System. Flash memory is also popular is modems because it enables the modern manufacturer to support new protocols as they become standardized. Flash memory is commonly used in Universal Serial Bus disk drives such as 'Jump Drives.' [DSS]

flaw

An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed. [AJP][TCSEC][TNI] An error of commission, omission, or oversight in an IT product that may allow protection mechanisms to be bypassed. [FCv1] Error of commission, omission, or oversight in an IS that may allow protection mechanisms to be bypassed. [CNSSI] Error of commission, omission, or oversight in an information system that may allow protection mechanisms to be bypassed. [CNSSI-4009] (see also system, threat)

flaw hypothesis methodology

(I) An evaluation or attack technique in which specifications and documentation for a system are analyzed to hypothesize flaws in the system. The list of hypothetical flaws is prioritized on the basis of the estimated probability that a flaw exists and, assuming it does, on the ease of exploiting it and the extent of control or compromise it would provide. The prioritized list is used to direct a penetration test or attack against the system. [RFC2828] A system analysis and penetration technique where specifications and documentation for the system are analyzed and then flaws in the system are hypothesized. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists and, assuming a flaw does exist, on the ease of exploiting it and on the extent of control or compromise it would provide. The prioritized list is used to direct the actual testing of and/or penetration attack against the system. [AJP] A system analysis and penetration technique where specifications and documentation for the system are analyzed and then flaws in the system are hypothesized. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists and, assuming a flaw does exist, on the ease of exploiting it and on the extent of control or compromise it would provide. The prioritized list is used to direct the actual testing of the computer system. [TCSEC][TNI] A systems analysis and penetration technique in which specifications and documentation for the system are analyzed and then flaws in the system are hypothesized. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw exists and, assuming a flaw does exist, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to direct a penetration attack against the system. [NCSC/TG004][OVT] System analysis and penetration technique in which the specification and documentation for an IS are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system. [CNSSI] System analysis and penetration technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system. [CNSSI-4009] (see also analysis, attack, compromise, computer, control, evaluation, exploit, penetration, security testing, system, test, risk management)

flexibility

Effort required to modify an operational program. [SRV] (see also operation, program)

flooding

(I) An attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly.$ flow analysis (I) An analysis performed on a nonprocedural formal system specification that locates potential flows of information between system variables. By assigning security levels to the variables, the analysis can find some types of covert channels. [RFC2828] An attack that attempts to cause a failure in a system by providing more input than the system can process properly. [CNSSI-4009] Sending large numbers of messages to a host or network at a high rate. In this publication, it specifically refers to wireless access points. [800-94] Type of incident involving insertion of a large volume of data resulting in denial of service. [CNSSI] (see also access, access control, analysis, computer, covert, entity, failure, flow, information, message, process, system, attack, incident)

flow

A particular network communication session occurring between hosts. Host-Based Intrusion Detection and Prevention System: A program that monitors the characteristics of a single host and the events occurring within that host to identify and stop suspicious activity. [800-94] (see also Bell-LaPadula security model, Gypsy verification environment, access, boundary host, cascading, coding, concurrent connections, confidentiality, contact interface, contactless interface, continuous process, controlled interface, encapsulating security payload, end-to-end encryption, exception, firewall, flooding, hierarchical development methodology, identify, information superiority, infrastructure, interface, internet protocol, internet protocol security, intrusion, intrusion detection, lattice model, link encryption, mandatory access control, network behavior analysis system, packet filtering, ping of death, pressure sensor, program, read, read access, sensor, subject, system, topology, traffic analysis, user data protocol, valve, vulnerability, wiretapping, workgroup computing, write) (includes buffer overflow, data flow control, data flow diagram, information flow, information flow control, modeling or flowcharting, security flow analysis, traffic flow confidentiality, traffic-flow security, underflow, workflow)

flow control

(I) A procedure or technique to ensure that information transfers within a system are not made from one security level to another security level, and especially not from a higher level to a lower level. [RFC2828] (see information flow control)

flush

Computer program that is part of the Computer Security Toolbox. Flush is a Microsoft Disk Operating System (MS-DOS) based program used to eliminate appended data with a file or files and appended data located in unallocated or free space on a disk or diskette. [DSS] (see also security)

focused testing

A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Also known as gray box testing. [SP 800-53A]

foe

An opponent; the antithesis of friend. [DSS] (see also threat)

for official use only (FOUO)

Designation applied to unclassified information that may be exempt from mandatory release to the public under the Freedom of Information Act. [DSS] (see also classified)

For Official Use Only Certified TEMPEST Technical Authority

An experienced, technically qualified U.S. Government employee who has met established certification requirements in accordance with the Committee in National Security Systems approved criteria and has been appointed by a U.S. Government department or agency to fulfill Certified Transient Electromagnetic Pulse Emanation Standard, or TEMPEST, Technical Authority responsibilities. [DSS] (see also certification, requirements, security)

forced entry

Entry by an unauthorized individual who leaves evidence of the act. [DSS] (see also authorized, evidence)

foreground information

Information and material jointly generated and funded pertaining to the cooperative program. This information is available for use by all participating governments in accordance with the terms of a Memorandum of Agreement. [DSS]

foreign

not one of the following: United States, Northern Mariana Islands, District of Columbia, American Somoa, Guam, Puerto Rico, US Virgin Islands, Trust Territories of the Pacific Islands [misc] (see also Defense Personnel Exchange Program, Defense Services, U.S. person, United States national, acquisition systems protection, caveat, communications intelligence, controlled information, cooperative program personnel, counterintelligence, counterintelligence assessment, criminal activity, critical financial markets, damage to the national security, delegation of disclosure authority letter, derogatory information, designated intelligence disclosure official, electronic intelligence, export, export license application, formerly restricted data, government-to-government transfer, intelligence, intelligence community, long-haul telecommunications, national security system, national security-related information, oral/visual disclosure, program protection plan, psychological operations, release prefix, security assurance, security policy automation network, senior intelligence officer, sensitive information, special access required programs oversight committee, special activity, tear line, technical security, technology control plan, technology transfer, telemetry intelligence, threat, unclassified sensitive) (includes Foreign Intelligence Surveillance Act, Office of Foreign Assets Control, foreign contact, foreign disclosure, foreign disclosure point of contact, foreign exchange personnel, foreign government information, foreign intelligence, foreign intelligence service, foreign interest, foreign liaison officer, foreign military sales, foreign national, foreign owned, controlled or influenced, foreign ownership, control, or influence, foreign person, foreign relations of the united states, foreign representative, foreign travel briefing, foreign visit, representative of a foreign interest, senior foreign official)

foreign contact

Contact with any person or entity not a U.S. citizen. [DSS] (see also United States citizen, foreign)

foreign disclosure

Disclosure of classified military information or controlled unclassified information to an authorized representative of a foreign government or international organization. The transfer or disclosure of classified military information or controlled unclassified information to a foreign national who is an authorized employee of the U.S. Government or a U.S. contractor technically is not a 'foreign disclosure,' because the disclosure is not made to the person's government. For U.S. contractors, access by such persons will be handled under the provisions of the Arms Export Control Act or Export Administration Act and the National Industrial Security Program. [DSS] (see also access, authorized, classified, security, foreign)

foreign disclosure point of contact

Foreign Disclosure points of contact are Department of Navy officials appointed by the Chief of Naval Operations, Commandant of the Marine Corps, Component Commanders, Commanders of Systems Commands, and Chief of Naval Research for coordination of foreign disclosure reviews and to facilitate a complete and timely response to foreign requests for classified military information or controlled unclassified information representing the consolidated organization position Foreign Disclosure points of contact do not hold disclosure authority, unless also appointed as a Designated Disclosure Authorities. [DSS] (see also classified, foreign)

foreign exchange personnel

Military or civilian officials of a foreign defense establishment (a Department of Defense equivalent) assigned to a Department of Defense Component in accordance with the terms of an exchange agreement and who perform duties, prescribed by a position description, for the Department of Defense Component. [DSS] (see also foreign)

foreign government information

Information provided to the U.S. Government by a foreign government or governments, an international organization of governments, an international organization of governments, or any element thereof, with the expectation that the information, the source of the information, or both, are to be held in confidence; or, information produced by the United States pursuant to or as a result of a joint arrangement with a foreign government or governments, or an international organization of governments, or any element thereof, requiring that the information, the arrangement, or both, are to be held in confidence; or, information received and treated as Foreign Government Information under the terms of a predecessor order to Executive Order 12958, as amended. [DSS] (see also foreign)

foreign intelligence

Information relating to the capabilities, intentions, and activities of foreign powers, organizations or persons, but not including counterintelligence except for information on international terrorist activities. [DSS] (see also foreign, intelligence)

foreign intelligence service

Organization of a foreign government engaging in intelligence activities. [DSS] (see also foreign, intelligence)

Foreign Intelligence Surveillance Act

foreign interest

Any foreign government, agency of a foreign government, or representative of a foreign government; any form of business enterprise or legal entity organized, chartered or incorporated under the laws of any country other than the United States or its possessions and trust territories, and any person who is not a citizen or national of the United States. [DSS] (see also trust, foreign)

foreign liaison officer

Foreign government military member or civilian employee authorized by his or her government and certified by a Department of Defense Component to act as an official representative of that government in its dealings with a Department of Defense Component in connection with programs, projects, or agreements of interest to that government. There are three types of Foreign Liaison Officers: Security Assistance. A foreign government representative assigned to a Department of Defense/Department of Navy Component or contractor facility in accordance with a requirement that is described in a Foreign Military Sales Letter of Offer and Letter of Acceptance. Operational. A foreign government representative who is assigned to a Department of Defense/Department of Navy Component in accordance with a documented requirement to coordinate operational matters, such as combined planning or combined exercises. National Representative. A foreign government representative who is assigned to his or her national embassy or delegation in the United States (for example, an attaché) to conduct liaison activities with the Department of Defense and the Department of Defense Components. [DSS] (see also authorized, connection, security, foreign)

foreign military sales

That part of security assistance authorized by the Arms Export Control Act and conducted using formal contracts or agreements between the U.S. Government and an authorized foreign purchaser. These contracts, called Letters of Offer and Acceptance are signed by both the U.S. Government and the purchasing Government or international organization and provide for the sale of Defense articles and/or Defense services (to include training) from Department of Defense stocks or through purchase under Department of Defense-managed contracts. [DSS] (see also authorized, security, foreign)

foreign national

A person not a citizen or national of the United States. [DSS] (see also foreign)

foreign owned, controlled or influenced (FOCI)

(see also control, foreign)

foreign ownership, control, or influence

A company is considered to be operating under Foreign Ownership, Control, or Influence whenever a foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts. [DSS] (see also access, authorized, classified, foreign)

foreign person

Natural person not a lawful permanent resident as section 1101(a)(20), title 8 of the United States Code defines, or not a protected individual as section 1324b(a)(3), title 8 of the United States Code defines. It also means any foreign corporation, business association, partnership, trust, society, or any other entity or group that is not incorporated or organized to do business in the United States, as well as international organizations, foreign governments, and any agency or subdivision of foreign governments (for example, diplomatic missions). [DSS] (see also trust, foreign)

foreign relations of the united states

Official documentary historical record of major U.S. foreign policy decisions and significant diplomatic activity. The series, produced by the Department of State's Office of the Historian, began in 1861 and now comprises more than 350 individual volumes. The volumes published over the last 2 decades contain declassified records from the foreign affairs agencies. [DSS] (see also classified, foreign)

foreign representative

Person, regardless of citizenship, representing a foreign interest in dealings with the U.S. Government, or a person sponsored by a foreign government or international organization. A U.S. national is treated as a foreign person when acting as a foreign representative. [DSS] (see also foreign)

foreign travel briefing

Security briefing given to a person with access to classified information who intends to travel outside the United States. [DSS] (see also access, classified, security, foreign)

foreign visit

Contact by a foreign representative with a Department of Navy organization or contractor facility. Such visits are of two types, based on sponsorship: Official Foreign Visit. Contact by foreign representatives under the sponsorship of their government or an international organization with a Department of Defense Component or Department of Defense contractor facility. Only official visitors have access to classified or controlled unclassified information. Unofficial Foreign Visit. Contact by foreign nationals with a Department of Defense/Department of Navy command or activity for unofficial purposes, such as courtesy calls and general visits to commands or events that are open to the public, or without sponsorship of their government. Such visitors can have access only to information that has been approved for public disclosure. [DSS] (see also access, classified, foreign)

forensic copy

An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm. [SP 800-72; CNSSI-4009]

forensic specialist

A professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered. [SP 800-72]

forensics

fork bomb

Also known as Logic Bomb - Code that can be written in one line of code on any Unix system; used to recursively spawn copies of itself, "explodes" eventually eating all the process table entries and effectively locks up the system. [NSAINT] Code that can be written in one line of code on any Unix system; used to recursively spawn copies of itself, 'explodes' eventually eating all the process table entries and effectively locks up the system. [AFSEC] (see also code, process, system, threat)

formal

Expressed in a restricted syntax language with defined semantics based on well established mathematical concepts. [CC2][CC21][OVT][SC27] (see also informal, semantics) (includes formal access approval, formal development methodology, formal model of security policy, formal proof, formal security policy model, formal specification, formal top-level specification, formal verification)

formal access approval

A formalization of the security determination for authorizing access to a specific type of classified or sensitive information, based on specified access requirements, a determination of the individual's security eligibility and a determination that the individual's official duties require the individual be provided access to the information. [CNSSI-4009] Documented approval by a data owner allowing access to a particular category of information. [AJP][NCSC/TG004] Process for authorizing access to classified or sensitive information with specified access requirements, such as Sensitive Compartmented Information (SCI) or Privacy Data, based on the specified access requirements and a determination of the individual's security eligibiity and need-to-know. [CNSSI] (see also classified, information, owner, privacy, process, requirements, security, access, formal)

formal development methodology

A collection of languages and tools that enforces a rigorous method of verification. This methodology uses the Ina Jo specification language for successive stages of system development, including identification and modeling of requirements, high-level design, and program design. [AJP][NCSC/TG004] Software development strategy that proves security design specifications. [CNSSI] (see also identification, model, program, requirements, security, software, system, verification, formal, software development methodologies)

formal language

A language whose syntax (i.e. rules for creating correct sentences with proper structure) is defined such that the rules are unambiguous and all syntactically correct sentences of the language can be recognized as being correct by an automaton (e.g., a computer running a syntax analysis application program). [800-130] (see also analysis, application, computer, program)

formal method

Mathematical argument which verifies that the system satisfies a mathematically-described security policy. [CNSSI][CNSSI-4009] (see also policy, security, system)

formal model of security policy

An underlying model of security policy expressed in a formal style, i.e. an abstract statement of the important principles of security that a TOE will enforce. [AJP][ITSEC] (see also formal security policy model, formal, model, policy, security, target of evaluation)

formal proof

A complete and convincing mathematical argument, presenting the full logical justification for each proof step, for the truth of a theorem or set of theorems. [NCSC/TG004] A complete and convincing mathematical argument, presenting the full logical justification for each proof step, for the truth of a theorem or set of theorems. The formal verification process uses formal proofs to show the truth of certain properties of formal specification and for showing that computer programs satisfy their specifications. [TCSEC] A complete and convincing mathematical argument, presenting the full logical justification for each proof step, for the truth of a theorem or set of theorems. The formal verification process uses formal proofs to show the truth of certain properties of formal specification and for showing that computer programs satisfy their specifications. Automated tools may (but need not) be used to formulate and/or check the proof. [AJP][TNI] Complete and convincing mathematical argument presenting the full logical justification for each proof step and for the truth of a theorem or set of theorems. [CNSSI][CNSSI-4009] (see also computer, process, program, verification, formal, formal verification)

formal security policy

Mathematically-precise statement of a security policy. [CNSSI][CNSSI-4009] (see also policy, security)

formal security policy model

(1) A mathematically precise statement of a security policy. To be adequately precise, such a model must represent the initial state of a system, the way in which the system progresses from one state to another, and a definition of a 'secure' state of the computer system. To be acceptable as a basis for a TCB, the model must be supported by a formal proof that if the initial state of the computer system satisfies the definition of a 'secure' state and if all assumptions required by the model hold, then all future states of the computer system will be secure. Some formal modeling techniques include state-transition models, denotational semantics models, and algebraic specification models. (2) Mathematically-precise statement consisting of (a) a formal technical security policy (given by constraints on a product's external interface and/or constraints on the handling of controlled entities internal to the product), (b) rules of operation that show how the definition of security is to be enforced, and (c) a formal proof showing that the rules of operation guarantee satisfaction of the definition of security. [AJP] A mathematically precise statement of a security policy. To be adequately precise, such a model must represent the initial state of a system, the way in which the system progresses from one state to another, and a definition of a 'secure' state of the computer system. To be acceptable as a basis for a TCB, the model must be supported by a formal proof that if the initial state of the computer system satisfies the definition of a 'secure' state and if all assumptions required by the model hold, then all future states of the computer system will be secure. Some formal modeling techniques include: state transition models, denotational semantics models, and algebraic specification models. [NCSC/TG004] A mathematically precise statement of a security policy. To be adequately precise, such a model must represent the initial state of a system, the way in which the system progresses from one state to another, and a definition of a 'secure' state of the computer system. To be acceptable as a basis for a TCB, the model must be supported by a formal proof that if the initial state of the computer system satisfies the definition of a 'secure' state and if all assumptions required by the model hold, then all future states of the computer system will be secure. Some formal modeling techniques include: state transition models, temporal logic models, denotational semantics models, algebraic specification models. [TCSEC][TNI] Mathematically-precise statement consisting of (a) a formal technical security policy (given by constraints on a Product's external interface and/or constraints on the handling of controlled entities internal to the Product), (b) rules of operation that show how the definition of security is to be enforced, and (c) a formal proof showing that the rules of operation guarantee satisfaction of the definition of security. [FCv1] (see also formal model of security policy, computer, control, interface, operation, semantics, system, formal, formal verification, model, policy, security policy, trusted computing base) (includes Bell-LaPadula security model, Biba Integrity model)

formal specification

(I) A specification of hardware or software functionality in a computer-readable language; usually a precise mathematical description of the behavior of the computer system with the aim of providing a correctness proof. [RFC2828] (I) A specification of hardware or software functionality in a computer-readable language; usually a precise mathematical description of the behavior of the system with the aim of providing a correctness proof. [OVT] Statement about a product made using the restricted syntax and grammar of a formal reasoning system and a set of terms that have been precisely and uniquely defined or specified. Note: The formal statement should be augmented by an informal explanation of the conventions used and the ideas being expressed. A well-formed syntax and semantics with complete specification of all constructs used must be referenced. [AJP][FCv1] (see also informal specification, computer, function, semantics, software, system, formal, formal verification) (includes formal top-level specification)

formal top-level specification (FTLS)

A top-level specification that is written in a formal mathematical language to allow theorems showing the correspondence of the computer system specification to its formal requirements to be hypothesized and formally proven. [AJP][TCSEC][TNI] A top-level specification that is written in a formal mathematical language to allow theorems showing the correspondence of the computer system specification to its formal requirements to be hypothesized and formally proven. formal verification: The process of using formal proofs to demonstrate the consistency between a formal specification of a system and a formal security policy model (design verification) or between the formal specification and its high level program implementation (implementation verification). [NCSC/TG004] Top-level specification written in a formal mathematical language to allow theorems, showing the correspondence of the system specification to its formal requirements, to be hypothesized and formally proven. [CNSSI] (see also computer, model, policy, process, program, requirements, security, system, verification, formal, formal specification, top-level specification)

formal verification

Process of using formal proofs to demonstrate the consistency between formal specification of a system and formal security policy model (design verification) or between formal specification and its high-level program implementation (implementation verification). [CNSSI] The process of using formal proofs to demonstrate the consistency (design verification) between a formal specification of a system and a formal security policy model or (implementation verification) between the formal specification and its program implementation. [AJP][TCSEC][TNI] (see also model, policy, process, program, security, system, formal, verification) (includes endorsed tools list, formal proof, formal security policy model, formal specification)

format

The organization of information according to preset specifications (usually for computer processing) [syn: formatting, data format, data formatting] [OVT] (see also computer, information, process)

formatting function

The function that transforms the payload, associated data, and nonce into a sequence of complete blocks. [SP 800-38C]

formerly restricted data

Information removed from the Restricted Data category upon a joint determination by the Department of Energy (or antecedent agencies) and the Department of Defense that such information related primarily to the military utilization of atomic weapons and that such information can be safeguarded adequately as classified Defense information. For purposes of foreign dissemination, this information is treated in the same manner as Restricted Data. [DSS] (see also classified, foreign)

formulary

(I) A technique for enabling a decision to grant or deny access to be made dynamically at the time the access is attempted, rather than earlier when an access control list or ticket is created. [RFC2828] (see also access, access control, control)

Fortezza

(N) A registered trademark of NSA, used for a family of interoperable security products that implement a NIST/NSA-approved suite of cryptographic algorithms for digital signature, hash, encryption, and key exchange. The products include a PC card that contains a CAPSTONE chip, serial port modems, server boards, smart cards, and software implementations. [RFC2828] (see also CAPSTONE chip, MISSI user, SSO PIN, SSO-PIN ORA, algorithm, cryptographic, digital signature, encryption, hash, key, no-PIN ORA, personal identification number, personality label, signature, slot, software, tokens, user PIN, user-PIN ORA, National Institute of Standards and Technology, National Security Agency)

Forum of Incident Response and Security Teams (FIRST)

(N) An international consortium of CSIRTs that work together to handle computer security incidents and promote preventive activities. (C) FIRST was founded in 1990 and, as of September 1999, had nearly 70 members spanning the globe. Its mission includes:

Provide members with technical information, tools, methods, assistance, and guidance.
Coordinate proactive liaison activities and analytical support.
Encourage development of quality products and services.
Improve national and international information security for government, private industry, academia, and the individual.
Enhance the image and status of the CSIRT community.

forward cipher

One of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key. The term 'forward cipher operation' is used for TDEA, while the term 'forward transformation' is used for DEA. [SP 800-67]

forward engineering

The traditional process of moving from high-level abstractions and logical, implementation-independent designs to the physical implementations of a system. [SRV] (see also process, system)

forward secrecy

The confidence that the compromise of a long-term private key does not compromise any earlier session keys. [ANSI] (see also compromise, internet protocol security, internet security protocol, key) (includes forward secrecy with respect to A, forward secrecy with respect to both A and B individually, mutual forward secrecy, public-key forward secrecy)

forward secrecy with respect to A

The property that knowledge of A's long-term private key subsequent to a key agreement operation does not enable an opponent to recompute previously derived keys. [SC27] (see also key, operation, property, forward secrecy)

forward secrecy with respect to both A and B individually

The property that knowledge of A's long-term private key or knowledge of B's long term private key subsequent to a key agreement operation does not enable an opponent to recompute previously derived keys. NOTE - This differs from mutual forward secrecy in which knowledge of both A's and B's long term private keys does not enable recomputation of previously derived keys. [SC27] (see also key, operation, property, forward secrecy)

frame relay

A type of fast packet technology using variable length packets called frames. By contrast, a cell relay system, such as asynchronous transfer mode, transports user data in fixed-sized cells. [SRV] (see also automated information system, system, technology, users)

framework

A description of the components (i.e. building blocks) that can be combined or used in various ways to create a 'system' (e.g., building, automobile, computer, CKMS). [800-130] (see also computer, system)

framing

A frame is an area of a webpage that scrolls independently of the rest of the webpage. Framing generally refers to the use of a standard frame containing information (like company name and navigation bars) that remains on the screen while the user moves around the text in another frame. [FFIEC] (see also information, standard, users)

fraud

An intentional deception or misrepresentation made by an entity with the knowledge that the deception could result in some unauthorized benefit. [misc] Fraud is an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Two types of misstatements resulting from fraud are relevant to the auditor's consideration in a financial statement audit: misstatements arising from fraudulent financial reporting and misstatements arising from misappropriation of assets. [GAO] (see also authentication, authorized, computer abuse, criminal groups, entity, identity theft, invalidity date, pharming, phishing, replay attacks, suspicious activity report, unforgeable, illegal, threat) (includes ACH debit fraud, account fraud, computer fraud, external fraud, fraudulent financial reporting, internal fraud)

fraudulent financial reporting

Intentional misstatements or omissions of amounts or reporting disclosures in financial statements to deceive financial statement users. They could involve intentional alteration of accounting records, misrepresentation of transactions, intentional misapplication of accounting principles, or other means. [GAO] (see also audit, fraud)

Freedom of Information Act

Provision that any person has a right, enforceable in court, of access to Federal agency records, except to the extent that such records (or portions thereof) are protected from disclosure by one of nine exemptions. [DSS] (see also access)

freight forwarder

Commercial firm that makes arrangements for the transfer of freight. [DSS]

frequency division multiple access (FDMA)

A technique for sharing a single transmission channel, such as a satellite transponder, among two or more users by assigning each to an exclusive frequency band within the channel. [IATF] (see also users, access)

frequency hopping

Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications. [CNSSI][CNSSI-4009] (see also algorithm, authorized, communications, communications security, jamming, telecommunications)

friend

Country, individual, or organization with which one is allied in a struggle or cause. [DSS]

friendly

Word describing an operation or activity carried out by a friend (for example, friendly fire). [DSS]

front-end processor (FEP)

A computer that handles communications processing for a mainframe [NASA] (see also communications, computer, automated information system, process)

front-end security filter

(1) A process that is invoked to process data according to a specified security policy prior to releasing the data outside the processing environment or upon receiving data from an external source. (2) A process implemented in hardware or software that is logically separated from the remainder of the computer system to protect the system's integrity. [AJP] A process that is invoked to process data according to a specified security policy prior to releasing the data outside the processing environment or upon receiving data from an external source. [TCSEC] A security filter, which could be implemented in hardware or software, that is logically separated from the remainder of the computer system to protect the system's integrity. [NCSC/TG004] Security filter logically separated from the remainder of an IS to protect system integrity. Synonymous with firewall. [AFSEC][CNSSI] (see also computer, integrity, policy, process, software, system, security) (includes firewall)

full accreditation

The system security requirements have been satisfied and the security controls have been implemented correctly and are operating effectively. The system is approved to operate in the intended environment as stated in the security plan and few, if any, restrictions on processing apply. [800-37] (see also control, process, requirements, security, system, accreditation)

full disk encryption

The process of encrypting all the data on the hard disk drive used to boot a computer, including the computer's operating system, and permitting access to the data only after successful authentication with the full disk encryption product. [SP 800-111] (see also access, authentication, computer, process, system, encryption)

full maintenance

Complete diagnostic repair, modification, and overhaul of COMSEC equipment, including repair of defective assemblies by piece part replacement. [CNSSI] Complete diagnostic repair, modification, and overhaul of COMSEC equipment, including repair of defective assemblies by piece part replacement. See Limited Maintenance. [CNSSI-4009] (includes depot maintenance)

full-duplex

A communications channel that carries data in both directions. [FFIEC] (see also communications)

function

functional component

Fundamental building block, specifying what an IT product must be capable of doing, from which functional protection requirements are assembled. [AJP][FCv1] Security functional components are used to express a wide range of security functional requirements within PPs and STs. Components are ordered sets of functional elements, and these sets are grouped into families with common objectives (e.g. Security Audit Trail Protection) and classes with common intent (e.g. Audit). Components other than those defined may be used at the discretion of evaluation authorities. A hierarchy may exist between components. Components are constructed from elements, which are the lowest level expression of security requirements, against which the evaluation should be performed. [CC1] (see also audit, requirements, Common Criteria for Information Technology Security Evaluation, component, function, security target) (includes object)

functional package

Grouping of functional components assembled to ease specification and common understanding of what an IT product is capable of doing. [AJP][FCv1] (see also function) (includes security target)

functional proponent

See network sponsor. [CNSSI] (see also function, network sponsor)

functional protection requirements

Requirements in a protection profile that address what conforming IT products must be capable of doing. [AJP][FCv1] (see also assurance, file, profile, function, protection profile)

functional security requirements specification (FSRS)

(see also function, requirements, security)

functional test case design

Test case selection that is based on an analysis of the specification of the component without reference to its internal workings. [OVT] (see also analysis, black-box testing, function, test)

functional testing

Segment of security testing in which advertised security mechanisms of an IS are tested under operational conditions. [CNSSI] Segment of security testing in which advertised security mechanisms of an information system are tested under operational conditions. [CNSSI-4009] Testing that ignores the internal mechanism of a system or component and focuses solely on the outputs generated in response to the selected inputs and execution conditions. [OVT] The portion of security testing in which the advertised features of a system are tested for correct operation. [TCSEC][TNI] The portion of security testing in which the advertised features of a system are tested, under operational conditions, for correct operation. [AJP] The segment of security testing in which the advertised security mechanisms of the computer system are tested, under operational conditions, for correct operation. [NCSC/TG004][SRV] (see also black-box testing, computer, operation, response, system, function, security testing, test)

functional unit

A functionally distinct part of a basic component. [AJP][ITSEC] (see also component, function)

functionality

(1) Set of functional protection requirements to be implemented in IT products. (2) The totality of functional properties of a TOE that contributes to security. [AJP] The set of functional protection requirements to be implemented in IT products. [FCv1] The totality of functional properties of a TOE that contributes to security. [JTC1/SC27] (see also requirements, security, function, target of evaluation)

functionality class

A defined set of security functions in a system or product, designed to meet a security policy. [AJP][JTC1/SC27] A predefined set of complementary security enforcing functions capable of being implemented in a Target of Evaluation. [ITSEC] (see also policy, security, system, target, function, target of evaluation)

future narrow band digital terminal (FNBDT)

It is a network-independent/transport-independent message layer. FNBDT operates in the Narrow Band portion of the STE spectrum (64 kbps and below). [IATF] (see also message, network, security)

gap analysis

A comparison that identifies the difference between actual and desired outcomes. [FFIEC] (see also audit, vulnerability analysis, analysis, risk analysis)

garbled

The modification of a cryptographic key in which one or more of its elements (e.g., bit, digit, character) has been changed or destroyed. [800-130] (see also cryptographic, destruction, key)

gas and oil production, storage and transportation

A critical infrastructure characterized by the production and holding facilities for natural gas, crude and refined petroleum, and petroleum-derived fuels, the refining and processing facilities for these fuels and the pipe-lines, ships, trucks, and rail systems that transport these commodities from their source to systems that are dependent upon gas and oil in one of their useful forms. [CIAO] (see also critical, process, role, system, critical infrastructures)

gateway

(I) A relay mechanism that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables host computers on one network to communicate with hosts on the other; an intermediate system that is the interface between two computer networks. (C) In theory, gateways are conceivable at any OSI layer. In practice, they operate at OSI layer 3 or layer 7. When the two networks differ in the protocol by which they offer service to hosts, the gateway may translate one protocol into another or otherwise facilitate interoperation of hosts. [RFC2828] A communications device/program that passes data between networks. [misc] Interface between networks that facilitates compatibility by adapting transmission speeds, protocols, codes, or security measures. [CIAO] Interface providing a compatibility between networks by converting transmission speeds, protocols, codes, or security measures. [CNSSI] Interface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures. [CNSSI-4009] The means of communicating between networks. It is designed to reduce the problems of interfacing different networks or devices. The networks involved may be any combination of local networks which employ different level protocols or local and long-haul networks. [SRV] (see also Chernobyl packet, authentication header, bastion host, break, cardholder certification authority, certification hierarchy, code, communications, component, computer, computer network, email, encapsulating security payload, ethernet meltdown, function, geopolitical certificate authority, guard, interface, internet control message protocol, internetwork, local-area network, merchant certification authority, network, operation, program, protocols, router, screened host firewall, screened subnet firewall, secure network server, security, system, transport mode vs. tunnel mode, tunnel, virtual private network, wiretapping, application proxy) (includes application gateway firewall, application level gateway, circuit level gateway, common gateway interface, dual-homed gateway firewall, firewall, gateway server, payment gateway, payment gateway certification authority, security gateway, trusted gateway, wireless gateway server)

gateway server

A computer (server) that connects a private network to the private network of a servicer or other business. [FFIEC] (see also computer, gateway, internet)

gauss

Unit of measure of magnetic flux density. [DSS]

general accounting office (GAO)

general controls

Controls, other than application controls, that relate to the environment within which application systems are developed, maintained, and operated, and that are therefore applicable to all the applications at an institution. The objectives of general controls are to ensure the proper development and implementation of systems, and the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IT strategy and an IT security policy, the organization of IT staff to separate conflicting duties and planning for disaster prevention and recovery. [FFIEC] (see also IT security, application, computer, file, integrity, object, operation, policy, program, recovery, security, system, control)

General Services Administration

Independent agency of the U.S. Government, established in 1949 to help manage and support the basic functioning of Federal agencies. The General Services Administration supplies products and communications for U.S. Government offices, provides transportation and office space to Federal employees, and develops Governmentwide, cost-minimizing policies, among other management tasks. Its stated mission is to 'help Federal agencies better serve the public by offering, at best value, superior workplaces, expert solutions, acquisition services and management policies.' [DSS]

general support system

An interconnected information resource under the same direct management control that shares common functionality. It normally includes hardware, software, information, data, applications, communications, facilities, and people, and provides support for a variety of users and/or applications. Individual applications support different mission-related functions. Users may be from the same or different organizations. [800-37] An interconnected set of information resources that is under the same direct management control and shares common functionality. A general support system normally includes hardware, software, information, data, applications, communications, and people. [NASA] An interconnected set of information resources under the same direct management control that shares common functionality. It normally includes hardware, software, information, data, applications, communications, and people. [OMB Circular A-130, App. III] An interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. A system can be, for example, a local area network (LAN) including smart terminals that supports a branch office, an agency-wide backbone, a communications network, a departmental data processing center including its operating system and utilities, a tactical radio network, or a shared information processing service organization (IPSO). [CNSSI-4009] (see also application, communications, control, function, information, management, resource, software, users, system)

general-purpose system

A computer system that is designed to aid in solving a wide variety of problems. [AJP][TCSEC] (see also computer, system)

GeneralizedTime

(N) The ASN.1 data type 'GeneralizedTime' (specified in ISO 8601) contains a calendar date (YYYYMMDD) and a time of day, that is either (a) the local time, (b) the Coordinated Universal Time, or (c) both the local time and an offset allowing Coordinated Universal Time to be calculated. [RFC2828] (see also UTCTime, coordinated universal time)

generally accepted system security principles (GSSP)

(see also security, system)

generation

The key and metadata management function used to compute or create a cryptographic key. [800-130] (see also cryptographic, function, key, metadata)

Generic Security Service Application Program Interface (GSS-API)

(I) An Internet Standard protocol that specifies calling conventions by which an application (typically another communication protocol) can obtain authentication, integrity, and confidentiality security services independently of the underlying security mechanisms and technologies, thus allowing the application source code to be ported to different environments. (C) 'A GSS-API caller accepts tokens provided to it by its local GSS-API implementation and transfers the tokens to a peer on a remote system; that peer passes the received tokens to its local GSS-API implementation for processing. The security services available through GSS-API in this fashion are implementable (and have been implemented) over a range of underlying mechanisms based on and [asymmetric cryptography].' [RFC2828] A programming interface that allows two applications to establish a security context independent of the underlying security mechanisms. GSS-API is used to hide the details of the security mechanism. Typically both applications use the same mechanism at any given time. The security context is used to mutually authenticate the parties as well as protect the privacy and integrity of the communication. Some mechanisms also allow non-repudiation and delegation. The GSS-API is fully defined in Internet RFC's 1508 and 1509. Various RFCs and proposed RFCs define the implementation of the GSS-API using a specific mechanism. [misc] (see also authentication, code, confidentiality, cryptography, integrity, non-repudiation, privacy, process, protocols, standard, system, tokens, application, interface, internet, program, security protocol) (includes distributed computing environment, security support programming interface)

generic SIO class

An SIO class in which the data types for one or more of the components are not fully specified. [SC27]

generic threat

Class of threats with common characteristics pertaining to vulnerabilities, agents, event sequences, and resulting misfortunes. [AJP][FCv1] (see also vulnerability, threat)

Generic Upper Layer Security (GULS)

(I) Generic Upper Layer Security service element (ISO 11586), a five-part standard for the exchange of security information and security-transformation functions that protect confidentiality and integrity of application data. [RFC2828] (see also application, confidentiality, function, information, integrity, standard, security)

geopolitical certificate authority (GCA)

(O) SET usage: In a SET certification hierarchy, an optional level that is certified by a BCA and that may certify cardholder CAs, merchant CAs, and payment gateway CAs. Using GCAs enables a brand to distribute responsibility for managing certificates to geographic or political regions, so that brand policies can vary between regions as needed. [RFC2828] (see also certification, gateway, public-key infrastructure, Secure Electronic Transaction, authority, certificate)

geosynchronous orbit

The orbit of a satellite in which the speed and path are precisely timed to position it 22,300 miles over a fixed location on Earth. [SRV]

global command and control system (GCCS)

A comprehensive, worldwide network of systems that provide the NCA, Joint staff, combatant and functional unified commands, services, and defense agencies, Joint Task Forces and their service components, and others with information processing and dissemination capabilities necessary to conduct C2 of forces. [IATF] (see also function, information, network, process, command and control, control, control systems, security, system)

global information grid (GIG)

It is a globally interconnected, end-to-end set of information capabilities, associated processes and personnel for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. [IATF] The globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and National Security Systems. Non-GIG IT includes stand-alone, self-contained, or embedded IT that is not, and will not be, connected to the enterprise network. [CNSSI-4009] The globally interconnected, end-to-end set of information capabilities, and associated processes for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The Global Information Grid includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and National Security Systems. [DOD] The globally interconnected, end-to-end set of information capabilities, associated processes, and personnel for collecting, processing, storing, disseminating, and managing information on demand to war fighters, policy makers, and support personnel. (DoD Directive 8100.1, 19 Sept. 2002) [CNSSI] (see also application, communications, policy, process, software, system, information, security)

global information infrastructure

(GII) Worldwide interconnections of the information systems of all countries, international and multinational organizations, and international commercial communications. [CNSSI-4009] Worldwide interconnections of the information systems of all countries, international and multinational organizations, and international commercial communications. [CNSSI] (see also communications, connection, system, information)

global network information environment (GNIE)

A composition of all information system technologies used to process, transmit, store, or display DoD information. It has been superceded by Global Information Grid (GIG). [IATF] (see also process, system, information, network, security)

global positioning system (GPS)

(see also system)

global requirements

Those which require analysis of the entire system and for which separate analysis of the individual TCB subsets does not suffice. [AJP][TDI] (see also local requirements, analysis, system, requirements, trusted computing base)

global telecommunications service (GTS)

(see also network, communications, telecommunications)

goodput

The number of bits per unit of time forwarded to the correct destination interface of the DUT/SUT, minus any bits lost or retransmitted. Firewalls are generally insensitive to packet loss in the network. As such, measurements of gross bit forwarding rates are not meaningful since (in the case of proxy-based and stateful packet filtering firewalls) a receiving endpoint directly attached to a DUT/SUT would not receive any data dropped by the DUT/SUT. The type of traffic lost or retransmitted is protocol-dependent. TCP and ATM, for example, request different types of retransmissions. Testers must observe retransmitted data for the protocol in use, and subtract this quantity from measurements of gross bit forwarding rate. [RFC2647] (see also bit forwarding rate, interface, network, protocols, test, firewall)

gopher

A protocol designed to allow a user to transfer text or binary files among computer hosts across networks. [SRV] (see also computer, file, network, protocols, users)

Government Accountability Office

The audit, evaluation, and investigative arm of Congress. It is located in the legislative branch of the Government. Its stated mission is: 'the agency exists to support the Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the Federal Government for the benefit of the American people.' [DSS] (see also audit, evaluation)

government contracting activity

Element of an agency designated by the agency head and delegated broad authority regarding acquisition functions. [DSS]

government emergency telecommunications service (GETS)

(see also network, communications, telecommunications)

government program manager

Senior Government program official with ultimate responsibility for all aspects of the program. [DSS]

government services

Sufficient capabilities at the Federal, state and local levels of government are required to meet the needs for essential services to the public. [CIAO] (see also critical infrastructures)

government-approved facility

Government-owned room or outside of a Special Access Program Facility with controlled or restricted assess designed to limit public access that has operational procedures in place to actually limit access; any government-owned Special Access Program Facility or area within a Special Access Program Facility. [DSS] (see also access)

government-off-the-shelf

Item developed by the Government and produced to military or commercial standards and specifications, is readily available for delivery from an industrial source, and may be procured without change to satisfy a military requirement. [DSS]

government-to-government transfer

Principle that classified information and material is transferred by Government officials through official Government channels (for example, military postal service or diplomatic courier) or through other channels expressly agreed upon in writing by the governments involved. In either case, the information or material may be transferred only to a person specifically designated in writing by the foreign government as its designated government representative for that purpose. [DSS] (see also classified, foreign)

graduated security

A security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics. [FIPS 201][GSA] (see also risk, system, technology, threat, security)

granularity

(1) Relative fineness or coarseness to which an access control mechanism or other IT product aspect can be adjusted. (2) An expression of the relative size of a data object. Note: Protection at the file level is considered course granularity, whereas protection at the field level is considered to be finer granularity. The phrase 'the granularity of a single user' means the access control mechanism can be adjusted to include or exclude any single user. [AJP] An expression of the relative size of a data object; e.g. protection at the file level is considered coarse granularity, whereas protection at field level is considered to be of a finer granularity. [NCSC/TG004] Relative fineness or coarseness to which an access control mechanism or other IT product aspect can be adjusted. Note: Protection at the file level is considered course granularity, whereas protection at the field level is considered to be finer granularity. [FCv1] The relative fineness or coarseness by which a mechanism can be adjusted. The phrase 'the granularity of a single user' means the access control mechanism can be adjusted to include or exclude any single user. [TCSEC] (see also access, control, file, access control) (includes object)

granularity of a requirement

Determination of whether a requirement applies to all the attributes of users, subjects, or objects, and all TCB functional components. [AJP][FCv1] (see also function, users, requirements, trusted computing base) (includes object, subject)

graphical-user interface (GUI)

A combination of menus, screen design, keyboard commands, command language, and help screens that together create the way a user interacts with a computer. Allows users to move in and out of programs and manipulate their commands by using a pointing device (often a mouse). Synonymous with user interface. [SRV] A computer program designed to allow a computer user to interact easily with the computer typically by using a mouse to make choices from menus or groups of icons [CIAO] (see also computer, key, program, interface, users)

GRC senior staff

Independent organizations whose chiefs report directly to the GRC Center Director. These include directorates, program/project, and staff offices. [NASA] (see also program)

Green book

(D) Except as an explanatory appositive, ISDs SHOULD NOT use this term as a synonym for 'Defense Password Management Guideline'. Instead, use the full proper name of the document or, in subsequent references, a conventional abbreviation. (D) Usage note: To improve international comprehensibility of Internet Standards and the Internet Standards Process, ISDs SHOULD NOT use 'cute' synonyms for document titles. No matter how popular and clearly understood a nickname may be in one community, it is likely to cause confusion in others. For example, several other information system standards also are called 'the Green Book'. The following are some examples:

Each volume of 1992 ITU-T (at that time, CCITT) standards.
'PostScript Language Program Design', Adobe Systems, Addison-Wesley, 1988.
IEEE 1003.1 POSIX Operating Systems Interface.
'Smalltalk-80: Bits of History, Words of Advice', Glenn Krasner, Addison-Wesley, 1983.
'X/Open Compatibility Guide'.
A particular CD-ROM format developed by Phillips.

[RFC2828] (see also information, interface, internet, passwords, process, program, standard, system, rainbow series)

ground wave emergency network (GWEN)

(see also network)

group

Named collection of user identifiers. [AJP][FCv1] (see also users)

group key encryption key

A cryptographic key used to encrypt the GTEK sent in multicast messages between a BS and two or more SSs/MSs. [800-127] (see also key)

group of users

Security software often allow permissions to be set for groups (of users) as opposed to individuals. [RFC2504] (see also security, software, users)

group traffic encryption key

A cryptographic key used to encrypt multicast traffic between a BS and two or more SSs/MSs. [800-127] (see also key)

group user id

A character string that uniquely identifies a specific collection of users. Issuance of a group user ID requires a risk justification and concurrence from all functional managers. [NASA] (see also function, risk, user id)

guard (system)

A mechanism limiting the exchange of information between information systems or subsystems. [CNSSI-4009]

guard

(I) A gateway that is interposed between two networks (or computers, or other information systems) operating at different security levels (one level is usually higher than the other) and is trusted to mediate all information transfers between the two levels, either to ensure that no sensitive information from the first (higher) level is disclosed to the second (lower) level, or to protect the integrity of data on the first (higher) level. [RFC2828] A highly assured device that negotiates the transfer of data between enclaves operating at different security levels. [IATF] A processor that provides a filter between two disparate systems operating at different security levels or between a user terminal and a database to filter out data that the user is not authorized to access. [AJP][NCSC/TG004] A processor that provides a filter between two systems operating at different security levels or between a user terminal and a database to filter our data that the user is not authorized to access. [AFSEC] Mechanism limiting the exchange of information between systems. [CNSSI] Properly trained and equipped individual whose duties include the protection of a Special Access Program Facility. Guards must be U.S. citizens and with primary duty focus on the protection of U.S. Government classified information. Guards must also possess a SECRET clearance. [DSS] (see also United States citizen, access, access control, authorized, classified, computer, gateway, information, integrity, network, process, system, trust, users, security) (includes firewall)

guerrilla warfare

Military and paramilitary operations conducted in enemy-held or hostile territory by irregular, predominantly indigenous forces. [DOD] (see also warfare)

guessing entropy

A measure of the difficulty that an attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution. [800-63][SP 800-63] (see also attack, passwords, random, system)

guest system

System that enters the Special Access Program Facility not already certified or accredited by the respective cognizant Special Access Program Facility authority is considered a guest system. [DSS] (see also access)

guideline

(1) An example of how a policy might be applied to a specific situation (2) An outline or checklist of detailed procedures recommended to satisfy a policy [NASA] (see also policy)

Guidelines and Recommendations for Security Incident Processing (GRIP)

(I) A contraction of 'Guidelines and Recommendations for Security Incident Processing', the name of the IETF working group that seeks to facilitate consistent handling of security incidents in the Internet community. (C) Guidelines to be produced by the WG will address technology vendors, network service providers, and response teams in their roles assisting organizations in resolving security incidents. These relationships are functional and can exist within and across organizational boundaries. [RFC2828] (see also function, internet, network, response, role, technology, incident, process, security incident)

Gypsy verification environment

An integrated set of tools for specifying, coding, and verifying programs written in the Gypsy language, a language similar to Pascal which has both specification and programming features. This methodology includes an editor, a specification processor, a verification condition generator, a user-directed theorem prover, and an information flow tool. [AJP][NCSC/TG004] (see also flow, information, process, program, users, software development methodologies, verification)

hackers

(I) Someone with a strong interest in computers, who enjoys learning about them and experimenting with them. (C) The recommended definition is the original meaning of the term (circa 1960), which then had a neutral or positive connotation of 'someone who figures things out and makes something cool happen'. Today, the term is frequently misused, especially by journalists, to have the pejorative meaning of cracker. [RFC2828] A person who delights in having an intimate understanding of the internal workings of a system, computers, and computer networks in particular. The term is often misused in a pejorative context, where 'cracker' would be the correct term. [RFC1983] A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn on the minimum necessary. [NSAINT][OVT] An individual who attempts to break into a computer without authorization. [FFIEC] Any unauthorized user who gains, or attempts to gain, access to an IS, regardless of motivation. [CIAO] Hackers break into networks for the thrill of the challenge, bragging rights in the hacker community, revenge, stalking others, and monetary gain, among other reasons. While gaining unauthorized access once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage. [GAO] Individual who gains unauthorized access to an automated information system. [DSS] Unauthorized user who attempts to or gains access to an IS. [CNSSI][IATF] Unauthorized user who attempts to or gains access to an information system. [CNSSI-4009] generally, an individual with an affinity for computers. White-hat hackers are intrigued by the intellectual challenge of tearing apart computer systems to improve computer security. Black-hat hackers purposely crash systems, steal passwords, etc., not necessarily for financial gain. [FJC] (see also Samurai, access, access control, attack, authorization, authorized, computer, computer network, critical, damage, hacking run, information, intelligence, internet, malicious, network, program, protocols, security, system, users, threat) (includes cracker, hacking, script bunny)

hacking

Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network. [NSAINT] (see also authorized, information, network, security, system, hackers)

hacking run

A hack session extended long outside normal working times, especially one longer than 12 hours. [NSAINT] (see also hackers)

half-block

A string of bits of length L_f/2. [SC27] A string of bits of length L_f/2. [SC27]

handcarrier

Cleared employee who occasionally handcarries classified material to its destination in connection with a classified visit or meeting. The classified material remains the personal possession of the carrier except for authorized overnight storage. [DSS] (see also authorized, classified, connection)

handle

(I) (1.) Verb: Perform processing operations on data, such as receive and transmit, collect and disseminate, create and delete, store and retrieve, read and write, and compare. (2.) Noun: An online pseudonym, particularly one used by a cracker; derived from citizens band radio culture. [RFC2828] (see also operation, process)

handle via special access control channels only

Protective marking (similar to For Official Use Only) used within Special Access Program control channels. It is used to identify CLASSIFIED or UNCLASSIFIED information requiring protection in special access channels. When Handle Via Special Access Channels Only is used to help identify classified Special Access Program information, the material must be protected in accordance with the security requirements of the individual Special Access Program or the highest standard where more than one Special Access Program is included. [DSS] (see also classified, requirements, security, access)

handler

A type of program used in DDoS attacks to control agents distributed throughout a network. Also refers to an incident handler, which refers to a person who performs incident response work. [800-61] (see also attack, control, incident, program, response)

handshaking procedures

A dialogue between two entities (e.g. a user and a computer, a computer and another computer, or a program and another program) for the purpose of identifying and authenticating the entities to one another. [AJP][NCSC/TG004] Dialogue between two IS's for synchronizing, identifying, and authenticating themselves to one another. [CNSSI] Dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another. [CNSSI-4009] (see also authentication, computer, identify, program, users)

hard copy key

Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories (PROM). [CNSSI][CNSSI-4009] (see also program, key)

hard disk

Magnetic storage device used for high volume data storage and retrieval purposes to include ones both removable and nonremovable from the computers in which they operate. [DSS]

hard-copy output

Paper or film output from an IT peripheral, such as line printer output, printed console logs, paper plots, and microfiche [NASA]

hardened unique storage (HUS)

hardened unique storage Key (HUSK)

(see also key)

hardening

Configuring a host's operating systems and applications to reduce the host's security weaknesses. [SP 800-123] The process of securing a computer's administrative functions or inactivating those features not needed for the computer's intended business purpose. [FFIEC] (see also assurance, availability, business process, computer, function, process, security)

hardware

(I) The material physical components of a computer system. [RFC2828] The physical components of a computer system. [CIAO] The physical components of an information system. See also Software and Firmware. [CNSSI-4009] The physical equipment used to process programs and data in a cryptographic module. [FIPS140] (see also computer, cryptographic, module, process, program, software, system, cryptographic module)

hardware and system software maintenance

A family of security controls in the operations class dealing with the secure maintenance activities of hardware and system software. [800-37] (see also control, operation, security, software, system)

hardware or software error

Error that causes failure of a system component and leads to disruption of system operation. [RFC2828] (see also operation, system, software, threat consequence)

hardware token

(see tokens)

hardwired key

Permanently installed key. [CNSSI][CNSSI-4009] (see also key)

hash

A fixed length cryptographic output of variables, such as a message, being operated on by a formula, or cryptographic algorithm. [FFIEC] It is a condensed representation of the message called a message digest. [SRV] Value computed on data to detect error or manipulation. [CNSSI][CNSSI-4009][IATF] (see also Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Cryptographic Message Syntax, Data Authentication Algorithm, Fortezza, MD2, MD4, MD5, POP3 APOP, Rivest-Shamir-Adleman algorithm, S/Key, SET private extension, SET qualifier, algorithm, certificate revocation tree, challenge-response protocol, checksum, code, cryptographic, cryptographic algorithm, cryptographic component, cryptographic service, cryptographic system, cryptography, cyclic redundancy check, data authentication code vs. Data Authentication Code, data items' representation, data string, digital signature, digital signature algorithm, domain parameter, dual signature, fingerprint, imprint, initializing value, integrity, integrity check, matrix, message, message authentication code vs. Message Authentication Code, message digest, message integrity code, one-time passwords, one-way function, output transformation, public-key forward secrecy, reduction-function, round-function, secure socket layer, thumbprint, witness, word, security) (includes collision-resistant hash function, cryptographic hash function, hash algorithm, hash code, hash function, hash function identifier, hash result, hash token, hash totals, hash value, hashed message authentication code, hashing, hashword, keyed hash, keyed hash algorithm, secure hash algorithm, secure hash standard)

hash algorithm

Algorithm that creates a hash based on a message. [800-77] (see also message, algorithm, hash)

hash code

(D) ISDs SHOULD NOT use this term (especially not as a synonym for 'hash result') because it mixes concepts in a potentially misleading way. A hash result is not a 'code' in any sense defined by this glossary. [RFC2828] String of bits that is the output of a hash function. [SC27] The string of bits that is the output of a hash function. [SC27][SRV] The string of bits that is the output of a hash function. NOTE - The literature on this subject contains a variety of terms that have the same or similar meaning as hash-code. Modification Detection Code, Manipulation Detection Code, digest, hash-result, hash-value and imprint are some examples. [SC27] The string of bits that is the output of a hash function. NOTE - The literature on this subject contains a variety of terms that have the same or similar meaning as hash-code. Modification Detection Code, Manipulation Detection Code, digest, hash-result, hash-value and imprint are some examples. [ISO/IEC 10118-1: 2000] The string of bits that is the output of a hash function. [ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998, ISO/IEC FDIS 15946-2 (04/2001), ISO/IEC WD 15946-4 (10/2001)] String of bits that is the output of a hash function. [SC27] (see also function, hash function, subject, code, hash)

hash function

(I) An algorithm that computes a value based on a data object (such as a message or file; usually variable-length; possibly very large), thereby mapping the data object to a smaller data object (the 'hash result') that is usually a fixed-size value. (O) 'A (mathematical) function which maps values from a large (possibly very large) domain into a smaller range. A 'good' hash function is such that the results of applying the function to a (large) set of values in the domain will be evenly distributed (and apparently at random) over the range.' (C) The kind of hash function needed for security applications is called a 'cryptographic hash function', an algorithm for which it is computationally infeasible (because no attack is significantly more efficient than brute force) to find either (a) a data object that maps to a pre-specified hash result (the 'one-way' property) or (b) two data objects that map to the same hash result (the 'collision-free' property). (C) A cryptographic hash is 'good' in the sense stated in the 'O' definition for hash function. Any change to an input data object will, with high probability, result in a different hash result, so that the result of a cryptographic hash makes a good checksum for data object. [RFC2828] A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions are specified in FIPS 180 and are designed to satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any new prespecified output, and 2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output. [FIPS 186] A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties: 1) One-Way. It is computationally infeasible to find any input that maps to any prespecified output. 2) Collision Resistant. It is computationally infeasible to find any two distinct inputs that map to the same output. [SP 800-63; FIPS 201] A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and 2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output. [800-63] A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties.

For a given output, it is computationally infeasible to find an input which maps to this output.
For a given input, it is computationally infeasible to find a second input which maps to the same output.

It is computationally infeasible to find for a given output, an input which maps to this output.
It is computationally infeasible to find for a given input, a second input which maps to the same output.

NOTE - Computational feasibility depends on the specific security requirements and environment. [SC27] A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties. A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties. Function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties. Function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties. A function which maps strings of bits to fixed-length strings of bits, satisfying two properties. [SC27] A function which maps strings of bits to fixed-length strings of bits, satisfying two properties.

It is computationally infeasible to find for a given output, an input which maps to this output.
It is computationally infeasible to find for a given input, a second input which maps to the same output.

The literature on this subject contains a variety of terms which have the same or similar meaning as hash function. Compressed encoding and condensing function are some examples.

Computational feasibility depends on the specific security requirements and environment.

[SC27] A mathematical function that maps a string of arbitrary length (up to a predetermined maximum size) to a fixed length string. [FIPS 198] Function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties.

It is computationally infeasible to find for a given output, an input which maps to this output.
It is computationally infeasible to find for a given input, a second input which maps to the same output.

hash function identifier

A byte identifying a specific hash function. [SC27] (see also identify, function, hash)

hash result

(I) The output of a hash function. (O) 'The output produced by a hash function upon processing a message' (where 'message' is broadly defined as 'a digital representation of data'). (The recommended definition is compatible with this ABA definition, but we avoid the unusual definition of 'message'.) [RFC2828] (see also function, hash function, message, process, hash)

hash token

A concatenation of a hash-code and an optional control field, called hash function identifier, which can be used to identify the hash function and the padding method. [SC27] A concatenation of a hash-code and an optional control field, which can be used to identify the hash function and the padding method. NOTE - The control field with hash function identifier is mandatory unless the hash function is uniquely determined by the signature mechanism or by the domain parameters. [SC27] A concatenation of a hash-code and an optional control field, which can be used to identify the hash function and the padding method. NOTE - The control field with hash function identifier is mandatory unless the hash function is uniquely determined by the signature mechanism or by the domain parameters. [ISO/IEC 9796-3: 2000, ISO/IEC WD 15946-4 (10/2001)] A concatenation of a hash-code and an optional control field, called hash function identifier, which can be used to identify the hash function and the padding method. [SC27] (see also code, control, domain, function, identify, signature, hash, tokens)

hash totals

A numerical summation of one or more corresponding fields of a file that would not ordinarily be summed. Typically used to detect when changes in electronic information have occurred. [FFIEC] Value computed on data to detect error or manipulation. [CNSSI][CNSSI-4009][IATF] Value computed on data to detect error or manipulation. See Checksum. [CNSSI-4009] (see also file, information, hash)

hash value

(D) ISDs SHOULD NOT use this term (especially not as a synonym for 'hash result', the output of a hash function) because it might be confused with 'hashed value' (the input to a hash function). [RFC2828] Hash Value/Result - See Message Digest. [FIPS 186; CNSSI-4009] The fixed-length bit string produced by a hash function [800-130] The result of applying a cryptographic hash function to data (e.g., a message). [SP 800-106] (see also cryptographic, function, hash function, message, hash)

hashed message authentication code (HMAC)

(I) A keyed hash that can be based on any iterated cryptographic hash (e.g. MD5 or SHA-1), so that the cryptographic strength of HMAC depends on the properties of the selected cryptographic hash. (C) Assume that H is a generic cryptographic hash in which a function is iterated on data blocks of length B bytes. L is the length of the of hash result of H. K is a secret key of length L <= K <= B. The values IPAD and OPAD are fixed strings used as inner and outer padding and defined as follows: IPAD = the byte 0x36 repeated B times, OPAD = the byte 0x5C repeated B times. HMAC is computed by H(K XOR OPAD, H(K XOR IPAD, inputdata)). (C) The goals of HMAC are as follows:

To use available cryptographic hash functions without modification, particularly functions that perform well in software and for which software is freely and widely available.
To preserve the original performance of the selected hash without significant degradation.
To use and handle keys in a simple way.
To have a well-understood cryptographic analysis of the strength of the mechanism based on reasonable assumptions about the underlying hash function.
To enable easy replacement of the hash function in case a faster or stronger hash is found or required.

[RFC2828] (see also analysis, cryptographic, cryptography, function, key, software, code, hash, message, message authentication code)

hashing

Computation of a hash total. [CNSSI] The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data. [SP 800-72; CNSSI-4009] (see also hash)

hashword

Memory address containing hash total. [CNSSI][CNSSI-4009] (see also hash)

hazard

Natural or manmade source or cause of harm or difficulty. [NIPP]

head of department of defense component

Includes the Secretary of Defense; Secretaries of the Military Departments; Chairman of the Joint Chiefs of Staff; and Commanders of Unified and Specified Commands and Directors of Defense Agencies. [DSS]

health information exchange

(HIE) A health information organization that brings together healthcare stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community. [NISTIR-7497]

help desk

A support entity that can be called upon to get help with a computer or communication problem. [RFC2504] (see also communications, computer, entity)

hierarchical decomposition

The ordered, structured reduction of a system or a component to primitives. [AJP][TNI] (see also system, development process)

hierarchical development methodology (HDM)

A methodology for specifying and verifying the design programs written in the Special specification language. The tools for this methodology include the Special specification processor, the Boyer-Moore theorem prover, and the Feiertag information flow tool. [AJP][NCSC/TG004] (see also flow, information, process, program, software development methodologies)

hierarchical input process output (HIPO)

(see also process)

hierarchical PKI

(I) A PKI architecture based on a certification hierarchy. [RFC2828] (see also certification, public-key infrastructure)

hierarchy management

(I) The process of generating configuration data and issuing public-key certificates to build and operate a certification hierarchy. [RFC2828] (see also certificate, certification, key, process, public-key, public-key infrastructure)

hierarchy of trust

(D) ISDs SHOULD NOT use this term with regard to PKI, especially not as a synonym for 'certification hierarchy', because this term mixes concepts in a potentially misleading way. [RFC2828] (see also certification, public-key infrastructure, trust)

high assurance guard

A guard that has two basic functional capabilities: a Message Guard and a Directory Guard. The Message Guard provides filter service for message traffic traversing the Guard between adjacent security domains. The Directory Guard provides filter service for directory access and updates traversing the Guard between adjacent security domains. [CNSSI-4009] An enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. [SP 800-32] Device comprised of both hardware and software that is designed to enforce security rules during the transmission of X.400 message and X.500 directory traffic between enclaves of different classification levels (e.g., UNCLASSIFIED and SECRET). [CNSSI] (see also access, classified, control, message, software, assurance)

high availability

A failover feature to ensure availability during device or component interruptions. [SP 800-113] (see also availability)

high impact

The loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e. 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries). [FIPS 199; CNSSI-4009] (see also availability, damage, security, threat)

high-impact system

An information system in which at least one security objective (i.e. confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high. [800-53][800-60][SP 800-37; SP 800-53; SP 800-60; FIPS 200] An information system in which at least one security objective (i.e. confidentiality, integrity, or availability) is assigned a potential impact value of high. [CNSSI-4009] (see also availability, information, integrity, object, security, system)

hijack attack

(I) A form of active wiretapping in which the attacker seizes control of a previously established communication association. [RFC2828] (see also IP splicing/hijacking, association, control, hijacking, pagejacking, spoofing, terminal hijacking, attack)

hijacking

An attack that occurs during an authenticated session with a database or system. The attacker disables a user's desktop system, intercepts responses from the application, and responds in ways that prolong the session. [CIAO] The use of an authenticated user's communication session to communicate with system components. [FFIEC] (see also application, attack, hijack attack, response, session hijack attack, system, users)

hoax

An act meant to trick or deceive a user into taking an action, usually detrimental to the user or the IT system, that the user otherwise would not take [NASA] (see also social engineering, system, users, threat)

home office facility

Headquarters facility of a multiple facility organization. [DSS]

homed

The number of logical interfaces a DUT/SUT contains. Firewalls typically contain at least two logical interfaces. In network topologies where a DMZ is used, the firewall usually contains at least three interfaces and is said to be tri-homed. Additional interfaces would make a firewall quad-homed, quint- homed, and so on. It is theoretically possible for a firewall to contain one physical interface and multiple logical interfaces. This configuration is discouraged for testing purposes because of the difficulty in verifying that no leakage occurs between protected and unprotected segments. [RFC2647] (see also interface, network, security testing, test, firewall) (includes tri-homed)

honeypot

(I) A system (e.g. a web server) or a system resource (e.g. a file on a server), that is designed to be attractive to potential crackers and intruders, like honey is attractive to bears. (D) It is likely that other cultures have different metaphors for this concept. To ensure international understanding, ISDs should not use this term unless they also provide an explanation like this one. [RFC2828] A host that is designed to collect data on suspicious activity and has no authorized users other than its administrators. [800-61] A system (e.g., a Web server) or system resource (e.g., a file on a server) that is designed to be attractive to potential crackers and intruders and has no authorized users other than its administrators. [CNSSI-4009] (see also attack, authorized, file, resource, system, users)

host

(I) General computer network usage: A computer that is attached to communication subnetwork or internetwork and can use services provided by the network to exchange data with other attached systems. (I) Specific Internet Protocol Suite usage: A networked computer that does not forward Internet Protocol packets that are not addressed to the computer itself. (C) Derivation: As viewed by its users, a host 'entertains' guests, providing application layer services or access to other computers attached to the network. However, even though some traditional peripheral service devices, such as printers, can now be independently connected to networks, they are not usually called hosts. [RFC2828] A computer that is accessed by a user from a remote location. [FFIEC] A single computer or workstation; it can be connected to a network [NSAINT] Any computer-based system connected to the network and containing the necessary protocol interpreter software to initiate network access and carry out information exchange across the communications network. This definition encompasses typical 'mainframe' hosts, generic terminal support machines (e.g. ARPANET TAC, DoDIIS NTC), and workstations connected directly to the communications subnetwork and executing the intercomputer networking protocols. A terminal is not a host because it does not contain the protocol software needed to perform information exchange; a workstation (by definition) is a host because it does have such capability. [AJP][TNI] (see also access, access control, application, communications, computer, computer network, information, internet, network, protocols, software, system, users, automated information system)

host based

Information, such as audit data from a single host which may be used to detect intrusions [NSAINT] (see also audit, information, intrusion, automated information system)

host to front-end protocol

A set of conventions governing the format and control of data that are passed from a host to a front-end machine. [AJP][NCSC/TG004] (see also control, automated information system, protocols)

host-based firewall

A firewall where the security is implemented in software running on a general-purpose computer. Security in host-based firewalls is generally at the application level, rather than at a network level. [SRV] (see also application, computer, network, software, automated information system, firewall)

host-based intrusion prevention system

A program that monitors the characteristics of a single host and the events occurring within the host to identify and stop suspicious activity. [800-83] (see also identify, program, intrusion, system)

host-based security

The technique of securing an individual system from attack; host-based security is operating system and version dependent. [IATF] (see also attack, system, version, security)

hot site

A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. [SP 800-34] An alternate site with a duplicate IS already set up and running, maintained by an organization or its contractor to ensure continuity of service for critical systems in the event of a disaster. [CIAO] Backup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on. Desks will have desktop PCs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully functioning element of an organization. [CNSSI-4009] (see also cold site, critical, software, system, disaster recovery)

hot wash

A debrief conducted immediately after an exercise or test with the staff and participants. [SP 800-84] (see also test)

https

(I) When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, that is usually SSL. [RFC2828] (see also access, access control, internet, protocols, security)

human error

Action or inaction that unintentionally disables a system component. [RFC2828] Human action or inaction that unintentionally results in an entity gaining unauthorized knowledge of sensitive data. [RFC2828] Human action or inaction that unintentionally results in the alteration of system functions or data. [RFC2828] (see also authorized, entity, function, system, threat consequence)

human intelligence

Category of intelligence derived from information collected and/or provided by human sources. [DSS] (see also intelligence)

human user

Any person who interacts with the TOE. [CC2][CC21][SC27] (see also target of evaluation, users)

human-machine interface

The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software. [800-82] (see also control, software, interface)

hybrid encryption

(I) An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption. (C) Asymmetric algorithms require more computation than equivalently strong symmetric ones. Thus, asymmetric encryption is not normally used for data confidentiality except in distributing symmetric keys in applications where the key data is usually short (in terms of bits) compared to the data it protects. [RFC2828] (see also algorithm, application, confidentiality, cryptography, key, encryption)

hybrid security control

A security control that is implemented in an information system in part as a common control and in part as a system-specific control. See also Common Control and System-Specific Security Control. [SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009] (see also control, security)

hybrid threat

Threats that incorporate a full range of different modes of warfare including conventional capabilities, irregular tactics and formations, terrorist acts including indiscriminate violence and coercion, and criminal disorder, conducted by both states and a variety of non-state actors. [GAO] A threat that simultaneously employs regular and irregular forces, including terrorist and criminal elements to achieve their objectives using an ever-changing variety of conventional and unconventional tactics to create multiple dilemmas. [GAO] An adversary that simultaneously and adaptively employs some fused combination of (1) political, military, economic, social and information means and (2) conventional, irregular, terrorism and disruptive/criminal conflict methods. It may include a combination of state and non-state actors. [GAO] (see also criminal, hybrid warfare, information, object, warfare, threat)

hybrid warfare

Conflict executed by either state and/or non-state threats that employs multiple modes of warfare to include conventional capabilities, irregular tactics, and criminal disorder. [GAO] (see also criminal, hybrid threat, threat, warfare)

hydrometer

An instrument used to determine specific gravity that sinks in a fluid to a depth used as a measure of the fluid's specific gravity. The instrument is a sealed, graduated tube, weighted at one end. [SRV]

hydrophone

An electrical instrument for detecting or monitoring sound under water. [SRV]

hydroscope

An optical device used for viewing objects much below the surface of water. [SRV] (see also object)

hygrograph

An automatic hygrometer that records variations in atmospheric humidity. [SRV]

hygrometer

Any of several instruments that measure atmospheric humidity. [SRV]

hygroscope

An instrument that measures changes in atmospheric moisture. [SRV]

hyperlink

(I) In hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link (e.g. by selecting the object with a mouse pointer and then clicking). [RFC2828] An electronic link providing direct access from one distinctively marked place in a hypertext or hypermedia document to another in the same or a different document [CIAO] An item on a webpage that, when selected, transfers the user directly to another location in a hypertext document or to another webpage, perhaps on a different machine. Also simply called a 'link.' [FFIEC] (see also access, access control, information, link, object, users, world wide web)

hypermedia

(I) A generalization of hypertext; any media that contain hyperlinks that point to material in the same or another data object. [RFC2828] (see also internet, object)

hypertext

(I) A computer document, or part of a document, that contains hyperlinks to other documents; i.e. text that contains active pointers to other text. Usually written in Hypertext Markup Language and accessed using a web browser. [RFC2828] (see also access, access control, computer, internet, standard generalized markup language, world wide web)

hypertext markup language (HTML)

(I) A platform-independent system of syntax and semantics for adding characters to data files (particularly text files) to represent the data's structure and to point to related data, thus creating hypertext for use in the World Wide Web and other applications. [RFC2828] A markup language that is a subset of SGML and is used to create hypertext and hypermedia documents on the World Wide Web incorporating text, graphics, sound, video, and hyperlinks. [CIAO] The mechanism used to create web pages. [SRV] (see also application, file, semantics, system, standard generalized markup language, world wide web)

hypertext transfer protocol (HTTP)

(I) A TCP-based, application-layer, client-server, Internet protocol used to carry data requests and responses in the World Wide Web. [RFC2828] The native protocol of the web, used to transfer hypertext documents. [SRV] (see also application, internet, network, response, secure socket layer, protocols, world wide web)

IA architecture

A description of the structure and behavior for an enterprise's security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise's mission and strategic plans. [CNSSI-4009] Activity that aggregates the functions of developing IA operational, system, and technical architecture products for the purpose of specifying and implementing new or modified IA capabilities within the IT environment. (DoD Directive 8100.1, 19 Sept 2002) [CNSSI] (see also function, operation, security, system, information assurance)

IA infrastructure

The underlying security framework that lies beyond an enterprise's defined boundary, but supports its IA and IA-enabled products, its security posture and its risk management plan. [CNSSI-4009] (see also management, risk, security)

IA product

Product whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, non- repudiation of data); correct known vulnerabilities; and/or provide layered defense against various categories of non-authorized or malicious penetrations of information systems or networks. [CNSSI-4009] (see also access, authentication, control, security)

IA-enabled information technlogogy product

Product or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities. Examples include such products as security-enabled web browsers, screening routers, trusted operating systems, and security-enabled messaging systems. [CNSSI] (see also role, router, security, system, technology, trust, information)

IA-enabled information technology product

IA-enabled product

Product whose primary role is not security, but provides security services as an associated feature of its intended operating capabilities. Note: Examples include such products as security-enabled Web browsers, screening routers, trusted operating systems, and security enabling messaging systems. [CNSSI-4009] (see also security, trust)

ICMP flood

(I) A denial of service attack that sends a host more ICMP echo request ('ping') packets than the protocol implementation can handle. [RFC2828] (see also denial-of-service, protocols, attack)

identification

(I) An act or process that presents an identifier to a system so that the system can recognize a system entity and distinguish it from other entities. [RFC2828] An act or process that presents an identifier to a system so that the system can recognize a system entity (e.g., user, process, or device) and distinguish that entity from all others. [CNSSI-4009] In a biometric security system, the process of comparing a biometric data sample against all of the system's database reference templates in order to establish the identity of the person trying to gain access to the system. [800-103] Process an IS uses to recognize an entity. [CNSSI] Process of uniquely determining the unique identity of an entity. [SC27] Process that enables recognition of an entity by an IT product. [FCv1][IATF] Process that enables recognition of an entity by an IT product/system that may be by the use of unique machine-readable user names. [AJP] The process of determining to what identity a particular individual corresponds. [GAO] The process of discovering the true identity (i.e. origin, initial history) of a person or item from the entire collection of similar persons or items. [FIPS 201][GSA] The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system. [800-82][SP 800-47] The process that enables recognition of an entity by a system, generally by the use of unique machine-readable user names. [NCSC/TG004][SRV] The process used by an IS to recognize an entity such as a user or another process. [CIAO] (see also Attack Sensing and Warning, IT security support functions, SSO PIN, access, access control, alarm reporting, anonymity, anti-spoof, attribute certificate, bar code, biometric system, candidate TCB subset, certificate, class 2, 3, 4, or 5, comparisons, compromised key list, configuration control, digital forensics, digital id, domain controller, entity, firewall, formal development methodology, identity credential, identity credential issuer, individual electronic accountability, information systems security, information systems security equipment modification, key tag, network component, network sniffing, operations security, personal identity verification, pre-certification phase, primary account number, process, public-key derivation function, redundant identity, registration authority, relying party, repair action, resource, risk analysis, risk assessment, risk management, security controls, spoofing, system, target vulnerability validation techniques, threat assessment, token device, trusted agent, uniform resource identifier, user PIN, users, validate vs. verify, verification, vulnerability assessment, accountability, authentication) (includes Identification Protocol, bank identification number, configuration identification, control identification list, identification and accreditation, identification and authentication, identification authentication, identification data, identification, friend or foe, identification, friend, foe, or neutral, identify, identity, identity based access control, identity-based security policy, key management identification number, personal identification number, privacy, authentication, integrity, identification, non-repudiation, radio frequency identification, risk identification, target identification and analysis techniques, terminal identification, trusted identification forwarding)

identification and accreditation (I&A)

(see also accreditation, identification)

identification and authentication (I&A)

A family of security controls in the technical class dealing with ensuring that users are individually authenticated via passwords, tokens, or other devices, and that access controls to the IT system are enforcing segregation of duties. [800-37] Identity of an entity with some level of assurance. [IATF] (see also access, access control, control, entity, identity, system, users, assurance, identification)

identification authentication

The process of determining the identity of a user that is attempting to access a physical location or computer resource. Authentication can occur through a variety of mechanisms including challenge/response, time-based code sequences, biometric comparison, or other techniques. [GSA] (see also access, access control, code, computer, entity, identity, process, resource, response, users, identification)

identification data

A sequence of data items, including the distinguishing identifier for an entity, assigned to an entity and used to identify it. NOTE - The identification data may additionally contain data items such as identifier of the signature process, identifier of the signature key, validity period of the signature key, restrictions on key usage, associated security policy parameters, key serial number, or domain parameters. [SC27] Sequence of data items, including the distinguishing identifier for an entity, assigned to an entity and used to identify it. NOTE - Examples of data items which may be included in the identification data include: an account number, expiry date, serial number, etc. [SC27] Sequence of data items, including the distinguishing identifier for an entity, assigned to an entity and used to identify it. NOTE - Examples of data items which may be included in the identification data include: an account number, expiry date, serial number, etc. [ISO/IEC 9798-5: 1999] A sequence of data items, including the distinguishing identifier for an entity, assigned to an entity and used to identify it. NOTE - The identification data may additionally contain data items such as identifier of the signature process, identifier of the signature key, validity period of the signature key, restrictions on key usage, associated security policy parameters, key serial number, or domain parameters. [SC27] (see also domain, entity, identify, identity credential, key, policy, process, security, signature, identification)

Identification Protocol

(I) An client-server Internet protocol for learning the identity of a user of a particular TCP connection. (C) Given a TCP port number pair, the server returns a alphanumeric string that identifies the owner of that connection on the server's system. The protocol is not intended for authorization or access control. At best, it provides additional auditing information with respect to TCP. [RFC2828] (see also access, access control, audit, authorization, connection, control, entity, identity, information, owner, system, users, identification, internet, protocols, security protocol)

identification, friend or foe (IFF)

(see also identification)

identification, friend, foe, or neutral (IFFN)

(see also identification)

identifier

A data object - often, a printable, non-blank character string - that definitively represents a specific identity of a system entity, distinguishing that identity from all others. [CNSSI-4009] A text string used by the CKMS to select a specific key from a collection of keys. [800-130] Unique data used to represent a person's identity and associated attributes. A name or a card number are examples of identifiers. [FIPS 201][GSA] (see also entity, identity, key)

identify

identity

A representation (e.g. a string) uniquely identifying an authorized user, which can either be the full or abbreviated name of that user or a pseudonym. [CC2][CC21][SC27] A set of attributes that uniquely describe a person within a given context. [SP 800-63] A unique name of an individual person. Since the legal names of persons are not necessarily unique, the identity of a person must include sufficient additional information (for example an address, or some unique identifier such as an employee or account number) to make the complete name unique. [800-63] Information that is unique within a security domain and that is recognized as denoting a particular entity within that domain. [800-33][SRV] The set of attribute values (i.e. characteristics) by which an entity is recognizable and that, within the scope of an identity manager's responsibility, is sufficient to distinguish that entity from any other entity. [CNSSI-4009] The set of physical and behavioral characteristics by which an individual is uniquely recognizable. [FIPS 201][GAO][GSA] (see also Identification Protocol, KMI-aware device, KOA agent, OAKLEY, applicant assertion, assurance, attribute authority, authenticate, authentication data, authentication exchange, authentication information, authentication mechanism, authentication protocol, authentication service, authenticator, authenticity, authorization, authorized, automated information system media control system, binding, biometric measurement, biometric system, biometrics, cardholder, certificate, certification authority, certify, challenge/response, claimant, comparisons, component, covert operation, credentials, criminal groups, cryptography, data integrity service, data origin authentication service, digital certificate, digital id, digital signature, digital signature algorithm, discrete process, discretionary access control, distinguished name, domain, electronic credentials, entity authentication of A to B, false acceptance, false rejection, false rejection rate, identification and authentication, identification authentication, identifier, identify, individual accountability, information, interoperability, key owner, masquerade attack, masquerading, mutual authentication, mutual entity authentication, non-repudiation, object, one-time passwords, organizational registration authority, password system, passwords, peer entity authentication service, personal identification number, personally identifiable information, phishing, physical access control, policy-based access control, principal, private accreditation information, protected channel, proxy server, pseudonym, public-key certificate, public-key infrastructure, references, registration, registration authority, relying party, response, role-based access control, secure socket layer, security, simple authentication, source authentication, strong authentication, subject, ticket, tokens, trust, undercover operation, unilateral authentication, users, validate vs. verify, verification, verified name, verifier, witness, entity, identification) (includes federated identity, identity based access control, identity binding, identity credential, identity credential issuer, identity management systems, identity proofing, identity registration, identity theft, identity token, identity validation, identity verification, identity-based security policy, personal identity verification, redundant identity, tradecraft identity, workcraft identity)

identity based access control (IBAC)

Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to specific objects are assigned based on user identity. [SP 800-53; CNSSI-4009] (see also authorization, access, control, entity, identification, identity)

identity binding

Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority. [FIPS 201] (see also identity)

identity credential

A thing that a person possesses - in this case a log-in ID, in the form of a User ID and PIN and/or password - that identifies that person as a distinct individual. [GSA] Information (electronic or printed) that seeks to either uniquely identify or provides qualifications or defining attributes about an individual identity. [800-103] (see also identification, identification data, identify, identity credential issuer, information, users, credentials, entity, identity)

identity credential issuer

An organization that issues identity credentials to individuals, and validates those credentials when presented by a user attempting to access a protected Web resource. An identity credential issuer may be a government agency, an academic institution, or a commercial business, such as a bank. [GSA] (see also PIV issuer, access, access control, certification authority, identification, identity credential, resource, users, validate, credentials, entity, identity)

identity management systems

Identity management system comprised of one or more systems or applications that manages the identity verification, validation and issuance process. [GSA] (see also application, process, validation, verification, entity, identity, system)

identity proofing

The process by which a CSP and an RA validate sufficient information to uniquely identify a person. [800-63] The process by which a Credentials Service Provider (CSP) and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person. [SP 800-63] The process of providing sufficient information (e.g., identity history, credentials, documents) to a PIV Registrar when attempting to establish an identity. [GSA] The process of providing sufficient information (e.g., identity history, credentials, documents) to a Personal Identity Verification Registrar when attempting to establish an identity. [FIPS 201] The process of providing sufficient information, such as identity history, credentials, and documents, to facilitate the establishment of an identity. [GAO] (see also authority, establishment, information, process, registration, validate, entity, identity)

identity registration

The process of making a person's identity known to the Personal Identity Verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person's relevant attributes into the system. [FIPS 201; CNSSI-4009] (see also identity)

identity theft

fraud committed or attempted using the identifying information of another person without lawful authority [FTC] fraud committed using the identifying information of another person, subject to such further definition as the FTC may prescribe, by regulation [FTC] (see also dumpster diving, fraud, identify, information, keystroke logger, phishing, shoulder surfing, social engineering, spyware, subject, entity, identity, theft) (includes ACH debit fraud, account fraud)

identity token

Smart card, metal key, or other physical object used to authenticate identity. [CNSSI][CNSSI-4009] (see also key, object, entity, identity, tokens)

identity validation

Tests enabling an IS to authenticate users or resources. [CNSSI] Tests enabling an information system to authenticate users or resources. [CNSSI-4009] (see also resource, test, users, entity, identity, validation)

identity verification

The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card or system and associated with the identity being claimed. [FIPS 201][GSA][SP 800-79] (see also access, access control, process, system, entity, identity, verification)

identity-based security policy

(I) 'A security policy based on the identities and/or attributes of users, a group of users, or entities acting on behalf of the users and the resources/objects being accessed.' [RFC2828] A security policy based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access. [800-33][SP 800-33][SRV] (see also access, access control, object, process, resource, subject, system, users, entity, identification, identity, policy, security)

IEEE 802.10

(N) An IEEE committee developing security standards for local area networks. [RFC2828] (see also network, security, standard)

IEEE P1363 (P1363)

(N) An IEEE working group, Standard for Public-Key Cryptography, developing a comprehensive reference standard for asymmetric cryptography. Covers discrete logarithm (e.g. DSA), elliptic curve, and integer factorization (e.g. RSA); and covers key agreement, digital signature, and encryption. [RFC2828] (see also cryptography, digital signature, encryption, key, public-key, signature, standard)

illegal

illegal drug use

Use of drugs, possession, or distribution of which is unlawful under the Controlled Substances Act. Such a term does not include the use of a drug taken under the supervision of a licensed health care professional, other uses authorized by the Controlled Substances Act or other provisions of law. [DSS] (see also authorized, illegal)

illegal traffic

Packets specified for rejection in the rule set of the DUT/SUT. A buggy or misconfigured firewall might forward packets even though its rule set specifies that these packets be dropped. Illegal traffic differs from rejected traffic in that it describes all traffic specified for rejection by the rule set, while rejected traffic specifies only those packets actually dropped by the DUT/SUT. [RFC2647] (see also rejected traffic, bit forwarding rate, ruleset, firewall, illegal)

image

An exact bit-stream copy of all electronic data on a device, performed in a manner that ensures that the information is not altered. [SP 800-72]

imagery

Collectively, the representations of objects reproduced electronically or by optical means on film, electronic display devices, or other media. [DSS] (see also object)

imagery intelligence

Intelligence derived from exploitation of collection by visual photography, infrared sensors, lasers, electrooptics, and radar sensors such as synthetic aperture radar wherein images of objects are reproduced optically or electronically on film, electronic display devices, or other media. [DSS] (see also object, intelligence)

imaging system

A method of translating and recording pictures in microfilm, videotape, or computer format. [SRV] (see also computer, system)

IMAP4 AUTHENTICATE

(I) A IMAP4 'command' (better described as a transaction type, or protocol-within-a-protocol) by which an IMAP4 client optionally proposes a mechanism to an IMAP4 server to authenticate the client to the server and provide other security services. (C) If the server accepts the proposal, the command is followed by performing a challenge-response authentication protocol and, optionally, negotiating a protection mechanism for subsequent POP3 interactions. The security mechanisms that are used by IMAP4 AUTHENTICATE--including Kerberos, GSSAPI, and S/Key--are described in. [RFC2828] (see also authentication, challenge/response, key, protocols, response, security)

imitative communications

Introduction of deceptive messages or signals into [CNSSI] (see also message, communications)

imitative communications deception

Introduction of deceptive messages or signals into an adversary's telecommunications signals. [DSS] (see also adversary)

immediate family member

Mother, father, sister, brother, spouse, son, daughter. Each of the terms includes all its variants; for example, 'sister' includes sister by blood, sister by adoption, half-sister, stepsister, and foster sister. For purposes of determining access eligibility, cohabitants have a status identical to that of immediate family. [DSS] (see also access)

immigrant alien

Alien lawfully admitted into the United States under an immigration visa for permanent residence. [DSS]

impact

The amount of loss or damage that can be expected from a successful attack on an asset. Loss may be monetary, but may include loss of lives and destruction of a symbolic structure. [GAO] The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. [800-60][CNSSI-4009][SP 800-60] The result of an unwanted incident. [SC27] (see also attack, authorized, availability, damage, incident, information, risk assessment, system)

impact level

High, Moderate, or Low security categories of an information system established in FIPS 199 which classify the intensity of a potential impact that may occur if the information system is jeopardized. [SP 800-34] The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. [800-60][CNSSI-4009][SP 800-60] (see also availability, security)

impact value

The assessed potential impact resulting from a compromise of the confidentiality, integrity, or availability of an information type, expressed as a value of low, moderate, or high. [SP 800-30] (see also availability)

impersonating

Form of spoofing. [CNSSI] (see also impersonation, spoof)

impersonation

An attempt to gain access to a computer system by posing as an authorized user. Synonymous with masquerading, mimicking. [SRV] (see also impersonating, masquerade, access, access control, active attack, address spoofing, authentication, authorized, computer, ip spoofing, man-in-the-middle attack, masquerading, mimicking, network, replay attacks, social engineering, spoofing, system, users, attack) (includes verifier impersonation attack)

implant

Electronic device or electronic equipment modification designed to gain unauthorized interception of information-bearing emanations. [CNSSI][CNSSI-4009] (see also authorized, emanation, emanations security, information)

implementation

A phase of the development process wherein the detailed specification of a Target of Evaluation is translated into actual hardware and software. [AJP][ITSEC] (see also process, software, target, target of evaluation)

implementation under test (IUT)

The particular portion of equipment that is to be studied for testing. The implementation may include one or more protocols. [OVT] (see also protocols, security testing, test)

implementation vulnerability

A vulnerability resulting from an error made in the software or hardware implementation of a satisfactory design. [OVT] (see also software, vulnerability)

implicit key authentication from A to B

The assurance for entity B that A is the only another entity can possibly be in possession of the correct key. [SC27] (see also assurance, entity, authentication, key)

imported software

All software entering the GRC community [NASA] (see also software)

imprint

A string of bits, either the hash-code of a data string or the data string itself. [SC27] (see also code, hash)

improved emergency message automatic transmission system (IEMATS)

(see also message, system)

in the clear

(I) Not encrypted. [RFC2828] (see also encryption)

inadvertent disclosure

Type of incident involving accidental exposure of information to an individual not authorized access. [CNSSI][CNSSI-4009] (see also access, access control, authorized, exposures, information, risk, incident)

inadvertent disclosure incident

Set of circumstances or security incident in which a person had involuntary access to classified information to which the individual was or is not normally authorized. [DSS] (see also access, authorized, classified, security, security incident)

inappropriate usage

A person who violates acceptable computing use policies. [800-61] (see also threat)

incapacitation

A threat action that prevents or interrupts system operation by disabling a system component. [RFC2828] An abnormal condition when the level of products and services a critical infrastructure provides its customers is reduced. While typically a temporary condition, an infrastructure is considered incapacitated when the duration of reduced performance causes a debilitating impact. [CIAO] (see also critical, critical infrastructures, operation, system, risk, threat consequence)

incident

(IS) Assessed occurrence having actual or potentially adverse effects on an IS. (COMSEC) Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission of national security information. [CNSSI] A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. [800-61][800-94][SP 800-61] An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system; or the information the system processes, stores, or transmits; or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. [CNSSI-4009] An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. [FIPS 200; SP 800-53] An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Incidents may be intentional or unintentional. [800-82] An occurrence that has been assessed as having an adverse effect on the security or performance of an IT system. [CIAO] An occurrence, caused by either human action or natural phenomena, that may cause harm and may require action. Incidents can include major disasters, emergencies, terrorist attacks, terrorist threats, wild and urban fires, floods, hazardous materials spills, nuclear accidents, aircraft accidents, earthquakes, hurricanes, tornadoes, tropical storms, war-related disasters, public health and medical emergencies, and other occurrences requiring an emergency response. [NIPP] Event that has actual or potentially adverse effects on AIS. Any intrusion or attempted intrusion into a computer system. Incidents can include probes of multiple computer systems. [AFSEC] (see also COMSEC insecurity, antivirus software, availability, classified information spillage, communications security, computer, computer emergency response team, event, failure access, handler, impact, indication, information, infrastructure assurance, integrity, intrusion, intrusion detection, intrusion detection and prevention, intrusion prevention, intrusion prevention system, joint task force-computer network defense, mitigation, precursor, process, protective technologies, response, security, security controls, security event, security policy, signature, spyware detection and removal utility, standard, system, vulnerability, threat) (includes COMSEC incident, Computer Incident Advisory Capability, Forum of Incident Response and Security Teams, Guidelines and Recommendations for Security Incident Processing, IT security incident, attack, automated security incident measurement, compromise, computer incident assessment capability, computer intrusion, computer security incident, computer security incident response capability, computer security incident response team, contamination, cyber incident, data compromise, denial-of-service, flooding, inadvertent disclosure, incident handling, incident response capability, multiple component incident, probe, program automated information system security incident support team, security incident, security intrusion, suspicious event)

incident handling

The mitigation of violations of security policies and recommended practices. [800-61][SP 800-61] (see also security, incident, response)

incident of security concern

Assessed event of attempted entry, unauthorized entry, and/or attack against a facility, operation, or an Automated Information System. Events that, at the time of occurrence, cannot be determined to be an actual violation of law, but that warrant preliminary inquiry and subsequent reporting. Examples include drug use and distribution, alcohol abuse, discovery or possession of contraband articles in security areas, and unauthorized attempts to access classified data. [DSS] (see also access, attack, authorized, classified, security)

incident response

(see incident handling)

incident response capability

A family of security controls in the operations class dealing with responding to an assessed occurrence having actual or potentially adverse effects on an IT system. [800-37] (see also control, operation, security, system, incident, response)

incident response plan

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization's information system(s). [SP 800-34] The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of an incident against an organization's IT system(s). [CNSSI-4009] (see also attack, cyberspace)

incomplete parameter checking

A system design flaw that results when all parameters have not been fully anticipated for accuracy and consistency, thus making the system vulnerable to penetration. [AJP][NCSC/TG004][SRV] System flaw that exists when the operating system does not check all parameters fully for accuracy and consistency, thus making the system vulnerable to penetration. [CNSSI][CNSSI-4009] (see also penetration, system, threat)

inculpatory evidence

Evidence that tends to increase the likelihood of fault or guilt. [SP 800-72]

independence

Self-governance, freedom from conflict of interest and undue influence. The IT auditor should be free to make his or her own decisions, not influenced by the organization being audited, or by its managers and employees. [FFIEC] (see also audit)

independent assessment

In this document, an evaluation of how well an IT system and its operating environment meet its required security controls, performed by an organization or individual that does not have a vested interest in the outcome of the assessment. An independent assessment can be performed by individuals either internal or external to the agency undergoing the evaluation, as long as they are free from personal and external factors that could impair their independence or their perceived independence, (e.g., they designed the system under review). [800-37] (see also control, evaluation, security, system, assessment)

independent research and development

A contractor-funded research and development effort not sponsored by, or required in performance of, a contract or grant that consists of projects falling within the areas of basic research; applied research; development; and systems, and other concept formulation studies. [DSS]

independent review and evaluation

A review or evaluation of any GRC IT system conducted by person(s) not associated with that particular system. Such a review may be conducted anytime at the option of the Center Director, CCSM, or the CIO. [NASA] (see also system, evaluation)

independent validation and verification

Review, analysis, and testing conducted by an independent party throughout the lifecycle of software development to ensure that the new software meets user or contract requirements. [SRV] (see also analysis, requirements, security testing, software, software development, test, users, validation, verification)

independent validation authority

(IVA) Entity that reviews the soundness of independent tests and system compliance with all stated security controls and risk mitigation actions. IVAs will be designated by the Authorizing Official as needed. [CNSSI-4009] Independent Verification & Validation (IV&V) - A comprehensive review, analysis, and testing (software and/or hardware) performed by an objective third party to confirm (i.e. verify) that the requirements are correctly defined, and to confirm (i.e. validate) that the system correctly implements the required functionality and security requirements. [CNSSI-4009] (see also control, requirements, risk, security, software)

indication

A sign that a malware incident may have occurred or may be occurring. [800-83] A sign that an incident may have occurred or may be currently occurring. [800-61][SP 800-61] (see also signature, incident, malware, security)

indicator

A sign that an incident may have occurred or may be currently occurring. [800-61][SP 800-61] Recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack. [CNSSI][CNSSI-4009] (see also adversary, attack)

indirect certificate revocation list (ICRL)

(I) In X.509, a CRL that may contain certificate revocation notifications for certificates issued by CAs other than the issuer of the ICRL. [RFC2828] (see also X.509, certificate, public-key infrastructure, revocation)

indistinguishability

(I) An attribute of an encryption algorithm that is a formalization of the notion that the encryption of some string is indistinguishable from the encryption of an equal-length string of nonsense. (C) Under certain conditions, this notion is equivalent to 'semantic security'. [RFC2828] (see also algorithm, encryption, security)

individual accountability

Ability to associate positively the identity of a user with the time, method, and degree of access to an IS. [CNSSI] Ability to associate positively the identity of a user with the time, method, and degree of access to an information system. [CNSSI-4009] Requires individual users to be held accountable for their actions after being notified of the rules of behavior in the use of the system and the penalties associated with the violation of those rules. [800-37] The ability to associate positively the identify of a user when accessing a computer system. [SRV] The ability to associate positively the identity of a user with the time, method, and degree of access to a system. [AJP][NCSC/TG004] The condition that enables activities on an IT system to be traced to individuals who may then be held accountable for their actions [NASA] (see also access, access control, computer, entity, identify, identity, system, users)

individual electronic accountability

The identification and authentication of an IT user by the system before access to the IT system is allowed [NASA] (see also access, access control, authentication, identification, system, users)

individuals

A citizen of the United States or an alien lawfully admitted for permanent residence. Agencies may, consistent with individual practice, choose to extend the protections of the Privacy Act and E-Government Act to businesses, sole proprietors, aliens, etc. [800-60][SP 800-60] An assessment object that includes people applying specifications, mechanisms, or activities. [SP 800-53A] (see also privacy)

indoctrination

Initial indoctrination and/or instruction provided each individual approved to a Special Access Program before exposure of a unique nature of Program information and the policies, procedures, and practices for its handling. [DSS] (see also access)

industrial control system

An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include supervisory control and data acquisition systems (SCADA) used to control geographically dispersed assets, as well as distributed control systems (DCS) and smaller control systems using programmable logic controllers to control localized processes. [SP 800-53; SP 800-53A; SP 800-39; SP 800-30] (see also control)

industrial espionage

Act of seeking a competitive, commercial advantage by obtaining a competitor's trade secrets and/or logistics. The acquisition of industrial information through clandestine operations. [DSS]

industrial security

Portion of information security concerned with protection of classified information in the custody of U.S. industry. [DSS] (see also classified, information security, security)

industry standard architecture (ISA)

infection

The act or result of affecting injuriously, an infective agent or material contaminated with an infective agent, usually malicious logic in the form of a worm, virus, Trojan horse, etc. [AFSEC] (see also malicious, virus, worm, threat)

inference

A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications. [RFC2828] (see also access, access control, authorized, communications, entity, threat consequence)

informal

Expressed in natural language. [CC2][CC21][SC27] (see also formal) (includes informal specification)

informal security policy

Natural language description, possibly supplemented by mathematical arguments, demonstrating the correspondence of the functional specification to the high-level design. [CNSSI][CNSSI-4009] (see also function, policy, security)

informal specification

Statement about (the properties of) a product made using the grammar, syntax, and common definitions of a natural language (e.g. English). Note: While no notational restrictions apply, the informal specification is also required to provide defined meanings for terms which are used in a context other than that accepted by normal usage. [AJP][FCv1] (see also formal specification, development process, informal)

information

information and communications

A critical infrastructure characterized by computing and telecommunications equipment, software, processes, and people that support: a) The processing, storage, and transmission of data and information; b) the processes and people that convert data into information and information into knowledge; and c) the data and information themselves. [CIAO] (see also critical, process, software, telecommunications, communications, critical infrastructures, information)

information architecture

The technologies, interfaces, and geographical locations of functions involved with an organization's information activities. [SRV] (see also function, interface, automated information system, information)

information assurance (IA)

Information Operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. (DODD S-3600.1 of 9 Dec 96) [NSAINT] Information operations (IO) that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. [IATF] Information operations protecting and defending information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. It includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Including: Information Assurance Certification and Accreditation: Standard Department of Defense approach for identifying information security requirements, providing security solutions, and managing the security of Department of Defense information systems. Information Assurance Control: Objective Information Assurance condition of integrity, availability, or confidentiality achieved through application of specific safeguards or through the regulation of specific activities that is expressed in a specified format, that is, a control number, a control name, control text, and a control class. Specific management, personnel, operational, and technical controls are applied to each Department of Defense information system to achieve an appropriate level of integrity, availability, and confidentiality. Information Assurance Product: Product or technology whose primary purpose is to provide security services (for example, confidentiality, authentication, integrity, access control, non-repudiation of data); correct known vulnerabilities; and/or provide layered defense against various categories of nonauthorized or malicious penetrations of information systems or networks. Examples include such products as data/network encryptors, firewalls, and intrusion detection devices. Information Assurance -Enabled Information Technology Product: Product or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities. Examples include such products as securityenabled web browsers, screening routers, trusted operating systems, and security-enabled messaging systems. [DSS] Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Information operations actions taken to affect an adversary's information and information systems while defending one's own information and information systems. [CIAO] Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. [CNSSI][SP 800-59; CNSSI-4009] Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. [DOD] (see also Defensive Information Operations, access, adversary, authentication, authorized, availability, certification, common criteria, confidentiality, exploit, information security, information systems security manager, integrity, intrusion, level of protection, levels of concern, malicious, non-repudiation, object, operation, requirements, system, trust, vulnerability, assurance, information) (includes IA architecture, IA-enabled information technology product, defense-wide information assurance program, information assurance manager, information assurance officer, information assurance product, national information assurance partnership)

information assurance component

(IAC) An application (hardware and/or software) that provides one or more Information Assurance capabilities in support of the overall security and operational objectives of a system. [CNSSI-4009] (see also software, assurance)

information assurance manager

(IAM) See Information Systems Security Manager. [CNSSI-4009] Manager responsible for an organization's information system security program. The manager is appointed by a Commander or Commanding Officer, or by company management in the case of a contractor. The Information Assurance Manager is the single point of contact for the organization concerning security matters to the Designated Approving Authority. The title of Information Assurance Manager replaced Information Systems Security Manager. [DSS] See information systems security manager. [CNSSI] (see also system, information, information assurance)

information assurance officer

(IAO) See Information Systems Security Officer. [CNSSI-4009] Person responsible to the Information Assurance Manager who ensures that operational security is maintained for specific Information System, sometimes referred to as a Network Security Officer, Terminal Area Security, or Information System Security Custodian. An Information Assurance Officer may be responsible for more than one system. The title of Information Assurance Officer replaced Information Systems Security Officer. [DSS] See information systems security officer. [CNSSI] (see also network security officer, system, system administrator, information, information assurance, officer)

information assurance product

Product or technology whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, non-repudiation of data) correct known vulnerabilities; and/or provide layered defense against various categories of non-authorized or malicious penetrations of information systems or networks. Examples include such products as data/network encryptors, firewalls, and intrusion detection devices. [CNSSI] (see also access, access control, authentication, authorized, control, integrity, intrusion, intrusion detection, malicious, system, technology, vulnerability, information, information assurance)

information category

A convenient means of classifying the information stored, processed, or transmitted by GRC's IT systems. By knowing the kind of information associated with the system, managers have a fundamental understanding of the types of security controls that will be needed. The categories are mission; business and restricted technology; scientific, engineering, and research; administrative; and public access. [NASA] (see also access, access control, classified, control, process, security, system, technology, information)

information center (IC)

information domain

A three-part concept for information sharing, independent of, and across information systems and security domains that 1) identifies information sharing participants as individual members, 2) contains shared information objects, and 3) provides a security policy that identifies the roles and privileges of the members and the protections required for the information objects. [CNSSI-4009] (see also security)

information engineering

An approach to planning, analyzing, designing, and developing an information system with an enterprise-wide perspective and an emphasis on data and architectures. [SRV] (see also system, automated information system, information)

information environment

Aggregate of individuals, organizations, and/or systems that collect, process, or disseminate information, also included is the information itself. [CNSSI-4009] Aggregate of individuals, organizations, or systems that collect, process, or disseminate information, also included is the information itself. [CNSSI] (see also process, system, automated information system, information)

information flow

The sequence, timing, and direction of how information proceeds through an organization or a computer system. [SRV] The sequence, timing, and direction of how information proceeds through an organization. [SRV] (see also computer, system, automated information system, flow, information)

information flow control

A procedure to ensure that information transfers within a system are not made from a higher security level object to an object of a lower security level. [AJP][NCSC/TG004] Procedure to ensure that information transfers within an IS are not made from a higher security level object to an object of a lower security level. [CNSSI] Procedure to ensure that information transfers within an information system are not made in violation of the security policy. [CNSSI-4009] (see also security, system, control, flow, information) (includes object)

information integrity

State that exists when information is unchanged from its source and has not been accidentally or intentionally modified, altered, or destroyed. [DSS]

information management

The planning, budgeting, manipulating, and controlling of information throughout its lifecycle. [CNSSI-4009] (see also control, management)

information operations (IO)

Action involving the acquisition, transmission, storage, or transformation of information that enhances the employment of military forces. [DSS] Actions taken to affect adversary information and ISs while defending one's own information and ISs. [CNSSI] Actions taken to affect adversary information and information systems while defending one's own information and information systems. (DODD S-3600.1 of 9 Dec 96) [NSAINT] The integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial human and automated decision-making process, information, and information systems while protecting our own. [CNSSI-4009] (see also adversary, system, automated information system, information, operation)

information owner

Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, classification, collection, processing, dissemination, and disposal. [CNSSI-4009] Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. [800-60][CNSSI][DSS] Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. See Information Steward. [FIPS 200; SP 800-37; SP 800-53; SP 800-60; SP 800-18] (see also authority, control, operation, process, information, owner)

information processing standard

A set of detailed technical guidelines used to establish uniformity to support specific functions and/or interoperability in hardware, software, or telecommunications development, testing, and/or operation. [AJP] (see also communications, function, interoperability, operation, security testing, software, telecommunications, test, information, process, standard)

information protection policy

The set of laws, rules, and practices that regulate how an IT product will, within specified limits, counter threats expected in the product's assumed operational environment. [AJP][FCv1] (see also assurance, operation, security policy, threat, information, policy)

information rate

(see bandwidth)

information ratio (IR)

information resources

Information and related resources, such as personnel, equipment, funds, and information technology. [800-60][FIPS 200; FIPS 199; SP 800-53; SP 800-18; SP 800-60;] (see also technology, information, resource)

information security (INFOSEC)

(I) Referring to security measures that implement and assure security services in computer systems (i.e. COMPUSEC) and communication systems (i.e. COMSEC). [RFC2828] Actions taken for the purpose of reducing system risk, specifically, reducing the probability that a threat will succeed in exploiting critical infrastructure vulnerabilities using electronic, RF, or computer-based means. [CIAO] Result of any system of policies and procedures for identifying, controlling, and protecting from unauthorized disclosure information that executive order or statute protects. [DSS] The preservation of confidentiality, integrity and availability of information. NOTE - Confidentiality is defined as ensuring that information is accessible only to those authorized to have access. Integrity is defined as safeguarding the accuracy and completeness of information and processing methods. Availability is defined as ensuring that authorized users have access to information and associated assets when required. [SC27] The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. [800-60][SP 800-37; SP 800-53; SP 800-53A; SP 800-18; SP 800-] The result of any system of policies and/or procedures for identifying, controlling, and protecting from unauthorized disclosure, information whose protection is authorized by executive order or statute. [NSAINT] (see also Abrams, Jojodia, Podell essays, British Standard 7799, DoD Information Technology Security Certification and Accreditation Process, Forum of Incident Response and Security Teams, International Traffic in Arms Regulations, National Institute of Standards and Technology, National Security Agency, Sensitive Information Computer Security Act of 1987, access, access control, activity security manager, attack, authorized, availability, communications security, computer, confidentiality, contractor special security officer, control, critical, due care, identify, industrial security, information assurance, information system security officer, integrity, management controls, mission critical, national information assurance partnership, national security system, non-technical countermeasure, process, public-key infrastructure, review techniques, risk, rules of engagement, security policy, system, target identification and analysis techniques, target vulnerability validation techniques, technical countermeasures, threat, users, vulnerability, information, security) (includes information security oversight office, information security policy, information security testing, information systems security)

information security architect

Individual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization's core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes. [SP 800-37] (see also requirements, security)

information security architecture

An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise's security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise's mission and strategic plans. [SP 800-39] (see also security)

information security oversight office

The Information Security Oversight Office is responsible to the President for policy and oversight of the Government security classification system and the National Industrial Security Program. Its authority derives from Executive Order 12958, 'Classified National Security Information,' and Executive Order 12829, 'National Industrial Security Program,' as amended. The Information Security Oversight Office is a component of the National Archives and Records Administration and receives policy and program guidance from the National Security Council. [DSS] (see also classified, information security)

information security policy

Aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information. [CNSSI] Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information. [SP 800-53; SP 800-37; SP 800-18; CNSSI-4009] (see also information, information security, policy)

information security program plan

Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements. [SP 800-37; SP 800-53; SP 800-53A] (see also control, management, requirements, security)

information security risk

The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. See Risk. [SP 800-30] (see also access, risk)

information security testing

The process of validating the effective implementation of security controls for information systems and networks, based on the organization's security requirements. [800-115] (see also control, process, requirements, system, information, information security, security testing, test)

information sharing

The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs. [SP 800-16] (see also requirements)

information sharing and analysis center

Centers designed by the private sector that serve as a mechanism for gathering, analyzing, appropriately sanitizing and disseminating private sector information. These centers could also gather, analyze, and disseminate information from the NIPC for further distribution to the private sector. ISACs also are expected to share important information about vulnerabilities, threats, intrusions, and anomalies, but do not interfere with direct information exchanges between companies and the Government. [CIAO] (see also intrusion, threat, vulnerability, analysis, information)

information sharing environment

1. An approach that facilitates the sharing of terrorism and homeland security information; or 2. ISE in its broader application enables those in a trusted partnership to share, discover, and access controlled information. [CNSSI-4009] (see also access, control, security, trust)

information steward

An agency official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. [CNSSI-4009] Individual or group that helps to ensure the careful and responsible management of federal information belonging to the Nation as a whole, regardless of the entity or source that may have originated, created, or compiled the information. Information stewards provide maximum access to federal information to elements of the federal government and its customers, balanced by the obligation to protect the information in accordance with the provisions of FISMA and any associated security-related federal policies, directives, regulations, standards, and guidance. [SP 800-37] (see also access, control, management, security)

information superhighway

Integration of telephone, data, or video services into an advanced high-speed, interactive, broadband, and digital communications system. [SRV] (see also communications, system, information)

information superiority

The capability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary's ability to do the same. (DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also adversary, exploit, flow, process, information)

information system (IS)

1) The entire infrastructure, organization, personnel, and components for the collection, processing, storage, transmission, display, dissemination, and disposition of information. 2) All the electronic and human components involved in the collection, processing, storage, transmission, display, dissemination, and disposition of information. An IS may be automated (e.g., a computerized information system) or manual (e.g., a library's card catalog). [CIAO] A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. [800-60][FIPS 200; FIPS 199; SP 800-53A; SP 800-37; SP 800-60;] Assembly of computer hardware, software, and firmware configured for automating the functions of calculating, computing, sequencing, storing, retrieving, displaying, communicating, or otherwise manipulating data, information, and textual material. [DSS] SP 800-18; 44 U.S.C., Sec. 3502; OMB Circular A-130, App. III A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. [Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.] [SP 800-53; CNSSI-4009] Set of information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of information. [CNSSI] The organized collection, processing, maintenance, transmission, and dissemination of information in accordance with defined procedures, whether automated or manual. [SRV] (see also computer, control, process, resource, information, system)

information system and network security

Protection afforded to information systems to preserve the Availability, Integrity, and Confidentiality of the systems and the information contained with the system. Such protection is the integrated application of Communications Security, Transient Electromagnetic Pulse Emanation Standard (TEMPEST), and Information Systems Security executed in unison with personnel security, operations security, industrial security, resources protection, and physical security. [DSS] (see also availability, network, security)

information system lifecycle

The phases through which an information system passes, typically characterized as initiation, development, operation, and termination (i.e. sanitization, disposal and/or destruction). [CNSSI-4009] (see also development)

information system owner

Official responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system. [FIPS 200] (see also development)

information system resilience

The ability of an information system to continue to operate while under attack, even if in a degraded or debilitated state, and to rapidly recover operational capabilities for essential functions after a successful attack. [SP 800-30] The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a timeframe consistent with mission needs. [SP 800-39] (see also attack)

information system security engineer/system design security officer

Individual responsible for the engineering process that captures and refines information protection requirements and ensures integration into Information Technology acquisition processes through purposeful security design or configuration. [DSS] (see also requirements, security)

information system security officer (ISSO)

Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program. [800-60][SP 800-39][SP 800-53A; SP 800-60] The person responsible to the DAA (designated approving authority) for ensuring that security is provided for and implemented throughout the lifecycle of an AIS from the beginning of the concept development plan through its design, development, operation, maintenance, and secure disposal. [AJP] The person responsible to the DAA for ensuring that security is provided for and implemented throughout the lifecycle of an AIS from the beginning of the concept development plan through its design, development, operation, maintenance, and secure disposal. [NCSC/TG004] (see also authority, information security, operation, owner, program, computer security, information, officer, system, system security officer)

information system storage device

Physical storage device used by an information system upon which data are recorded. [DSS]

information systems audit and control association (ISACA)

(see also association, audit, control, information, system)

information systems audit and control foundation (ISACF)

(see also audit, control, information, system)

information systems security (INFOSEC) (ISS)

(INFOSEC) Protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. [CNSSI-4009] Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. [CNSSI][DSS][IATF] (see also computer security, access, access control, authentication, authorized, denial-of-service, encryption, identification, process, unauthorized access, users, information, information security, system, threat) (includes network security, system security, system security engineering, telecommunications security)

information systems security association (ISSA)

information systems security engineering (ISSE)

A structured system engineering process, tailored to the unique needs of a specific customer, focused on the selection of an effective security protection solution including identifying the customer's requirements, determining the a-priori/initial vulnerabilities and threats of the existing or planned communications system, determining applicable security solutions and/or countermeasures, identifying the residual risk, and implementing a risk management process to determine if the risk is acceptable to the customer. [IATF] Process that captures and refines information protection requirements and ensures their integration into IT acquisiton processes through purposeful security design or configuration. [CNSSI] (see also communications, countermeasures, identify, process, risk management, vulnerability, computer security, information, requirements, system, threat)

information systems security equipment modification

Modification of any fielded hardware, firmware, software, or portion thereof, under NSA configuration control. There are three classes of modifications: mandatory (to include human safety); optional/special mission modifications; and repair actions. These classes apply to elements, subassemblies, equipment, systems, and software packages performing functions such as key generation, key distribution, message encryption, decryption, authentication, or those mechanisms necessary to satisfy security policy, labeling, identification, or accountability. [CNSSI] (see also authentication, control, encryption, function, identification, key, message, policy, software, computer security, information, system) (includes COMSEC modification)

information systems security manager (ISSM)

Individual responsible for a program, organization, system, or enclave's information assurance program. [CNSSI] (see also assurance, information assurance, program, computer security, information, system)

information systems security officer (ISSO)

Individual responsible to the ISSM for ensuring the appropriate operational IA posture is maintained for a system, program, or enclave. [CNSSI] (see also operation, program, computer security, information, officer, system) (includes network security officer)

information systems security product

Item (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security. [CNSSI] (see also module, information, security, system)

Information Systems Security products and services catalogue

A catalogue issued quarterly by the U.S. National Security Agency that incorporates the DPL, EPL, ETL, PPL and other security product and service lists. This catalogue is available through the U.S. Government Printing Office, Washington, DC 20402, (202) 783-3238. [NCSC/TG004] (see also computer security, information, system) (includes degausser products list, endorsed tools list, evaluated products list, preferred products list)

information systems security representative

Provider assigned individual responsibility for the onsite security of an Automated Information System, processing information for the customer. [DSS] (see also security)

information systems/technology (IS/IT)

(see also information, system, technology)

information technology (IT)

Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which. 1) requires the use of such equipment; or 2) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources. [SP 800-53; SP 800-53A; SP 800-37; SP 800-18; SP 800-] Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which: (i) requires the use of such equipment; or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, firmware, software, and similar procedures, services (including support services), and related resources. [800-60] The computers, ancillary equipment, telecommunications equipment, software, firmware, services, and related resources used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of machine readable data or information [NASA] The hardware and software that processes information, regardless of the technology involved, whether computers, telecommunications, or others. [CIAO] The hardware, firmware, and software used as part of the information system to perform DoD information functions. This definition includes computers, telecommunications, automated information systems, and automatic data processing equipment as well as any assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store and/or control data or information. [IATF] (see also communications, computer, control, function, management, process, resource, software, system, telecommunications, automated information system, information, technology)

Information Technology Security Evaluation Criteria (ITSEC)

(N) Standard developed for use in the European Union; accommodates wider range of security assurance and functionality combinations than the TCSEC. Superseded by the Common Criteria. [RFC2828] (see also assurance, function, standard, computer security, criteria, evaluation, information, technology)

information technology system

An international term for an information system, which consists of one or more Automated Information Systems (AISs) or computer systems and communications systems. [AJP] (see also communications, computer, automated information system, information, system, technology)

information type

A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management) defined by an organization or in some instances, by a specific law, Executive Order, directive, policy, or regulation. [800-60] (see also policy, privacy, security, information)

information warfare (IW)

Actions taken to achieve information superiority by adversely affecting an adversary's information, information-based processes, and/or information systems while defending one's own information, informationbased processes, and/or information systems. Information operations conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries. [DSS] Actions taken to achieve information superiority by affecting adversary information, information based processes, and information systems, while defending our own information, information based processes, and information systems. Any action to deny, exploit, corrupt, or destroy the enemy's information and its functions, protect themselves against those actions; and exploiting their own military information functions. [AFSEC][NSAINT] IO conducted during times of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries. [CIAO] Information Operations conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries. (DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also adversary, exploit, function, object, operation, process, system, information, threat, warfare)

infrastructure

The framework of interdependent networks and systems comprising identifiable industries, institutions (including people and procedures), and distribution capabilities that provide a reliable flow of products and services essential to the defense and economic security of the United States, the smooth functioning of government at all levels, and society as a whole. Consistent with the definition in the Homeland Security Act, infrastructure includes physical, cyber, and/or human elements. [NIPP] The framework of interdependent networks and systems comprising identifiable industries, institutions (including people and procedures), and distribution capabilities that provide a reliable flow of products and services essential to the defense and economic security of the United States, the smooth functioning of governments at all levels, and society as a whole. [CIAO] (see also flow, function, security, system)

infrastructure assurance

Preparatory and reactive risk management actions intended to increase confidence that a critical infrastructure's performance level will continue to meet customer expectations despite incurring threat inflicted damage. For instance, incident mitigation, incident response, and service restoration. [CIAO] (see also confidence, critical, critical infrastructures, damage, incident, response, risk, risk management, threat, assurance)

infrastructure protection

Proactive risk management actions intended to prevent a threat from attempting to or succeeding at destroying or incapacitating critical infrastructures. For instance, threat deterrence and vulnerability defense. [CIAO] (see also assurance, critical, risk, threat, vulnerability, critical infrastructures)

ingress filtering

Blocking incoming packets that should not enter a network. [800-83] The process of blocking incoming packets that use obviously false IP addresses, such as reserved source addresses. [800-61] (see also internet, process, security)

inheritance

A mechanism that allows objects of a class to acquire part of their definition from another class (called a superclass). Inheritance can be regarded as a method for sharing a behavioral description. [SRV] A relationship among classes, wherein one class shares the structure or behavior defined in one or more other classes. [SRV] (see also object)

initial operating capability

Time when a person in authority (for example, program/ project managers of operations personnel) declares a system meets enough requirements to formally be declared operational while the system may not meet all of the original design specifications to be declared fully operational. [DSS] (see also requirements)

initial transformation

A function that is applied at the beginning of a MAC algorithm. [SC27] (see also algorithm, function, network)

initialization value (IV)

(I) An input parameter that sets the starting state of a cryptographic algorithm or mode. (Sometimes called 'initialization vector' or 'message indicator'.) (C) An IV can be used to introduce cryptographic variance in addition to that provided by a key, and to synchronize one cryptographic process with another. For an example of the latter, cipher block chaining mode requires an IV. [RFC2828] (see also initialization vector, algorithm, cipher, cryptographic, key, message, process)

initialization vector

(D) For consistency, ISDs SHOULD NOT use this term as a synonym for 'initialization value'. [RFC2828] A vector used in defining the starting point of an encryption process within a cryptographic algorithm (e.g. the DES Cipher Block Chaining (CBC) mode of operation). [FIPS140] A vector used in defining the starting point of an encryption process within the cryptographic algorithm. [SRV] (see also initialization value, algorithm, cipher, cryptographic, encryption, operation, process, data encryption standard)

initialize

Setting the state of a cryptographic logic prior to key generation, encryption, or other operating mode. [CNSSI][CNSSI-4009] (see also cryptographic, cryptography, encryption, key)

initializing value

A value used in defining the starting point of a hash function. [SC27] A value used in defining the starting point of a hash function. [ISO/IEC 10118-1: 2000] Value used in defining the starting point of a hash function. [ISO/IEC FDIS 9797-2 (09/2000)] Value used in defining the starting point of an encipherment process. [SC27] Value used in defining the starting point of a hash function. [SC27] Value used in defining the starting point of an encipherment process. [SC27] (see also cipher, encipherment, function, hash, process)

initiator

The entity that initiates an authentication exchange. [FIPS 196] (see also authentication)

inline sensor

A sensor deployed so that the network traffic it is monitoring must pass through it. [800-94]

input

A variable (whether stored within a component or outside it) that is read by the component. [OVT] The financial and nonfinancial resources that the organization obtained or received to produce its outputs. [SRV] (see also resource)

input data

information that is entered into a cryptographic module for the purposes of transformation or computation. [FIPS140] (see also cryptographic, information, module, cryptographic module)

input preparation cycle

The actions performed by IT operations personnel to prepare a job for input to and processing by the IT [NASA] (see also operation, process)

input/output (I/O)

(see also automated information system)

insertion

Introducing false data that serves to deceive an authorized entity. [RFC2828] (see also authorized, entity, threat consequence)

inside threat

An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. [SP 800-32] (see also access, threat)

insider

An entity inside the security perimeter that is authorized to access system resources but uses them in a way not approved by those who granted the authorization. [800-82] The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes contractors hired by the organization, as well as employees who accidentally introduce malware into systems. [GAO] an employee who works alone or with outsiders to compromise his or her company s computer system. [FJC] (see also access, attack, authorization, authorized, compromise, computer, covert channel, damage, entity, malicious intruder, resource, security, security perimeter, system, threat) (includes insider attack, insider threat)

insider attack

An attack originating from inside a protected network. [IATF] (see also insider threat, network, attack, insider)

insider threat

A disgruntled insider with knowledge of the victim's system. [misc] An entity with authorized access (i.e. within the security domain) that has the potential to harm an information system or enterprise through destruction, disclosure, modification of data, and/or denial of service. [CNSSI-4009] (see also abuse of privilege, access, insider attack, internal vulnerability, security, insider)

inspectable space

Determination of the three-dimensional space surrounding equipment that processes classified and/ or sensitive information within which Transient Electromagnetic Pulse Emanation Standard, or TEMPEST, exploitation is not considered practical, or where legal authority to identify and remove a potential Transient Electromagnetic Pulse Emanation Standard exploitation exists. [DSS] Three dimensional space surrounding equipment that process classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. Synonymous with zone of control. [CNSSI] Three dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. Synonymous with zone of control. [CNSSI-4009] (see also TEMPEST, authority, classified, control, identify, information, process)

instance

An object described by a class. [SRV] (see also object)

instantiate

To create a new instance of a class or type. [SRV]

Institute of Electrical and Electronics Engineers, Inc (IEEE)

institute of internal auditors (IIA)

(see also audit)

instrument

1. A tool or device that is used to do a particular task. 2. A device that is used for making measurements of something. In software and system testing, to install or insert devices or instructions into hardware or software to monitor the operation of a system or component. [OVT] (see also operation, security testing, software, system, test)

instrumentation

Instrumentation is a group or collection of instruments, usually ones that are part of the same machine. Devices or instructions installed or inserted into hardware or software to monitor the operation of a system or component. The insertion of additional code into the program in order to collect information about program behavior during program execution. (NBS) The insertion of additional code into a program in order to collect information about program behavior during program execution. Useful for dynamic analysis techniques such as assertion checking, coverage analysis, tuning. [OVT] (see also analysis, code, information, operation, program, software, system)

integral file block

Distinct component of a file series that should be maintained as a separate unit to ensure the integrity of the records. An integral file block may consist of a set of records covering either a specific topic or a range of time such as presidential administration or a 5-year retirement schedule within a specific file series that is retired from active use as a group. [DSS]

Integrated CASE tools

Software tools that provide for planning, analysis, and design, with fully-integrated code generation. These tools are fully integrated so one tool component directly employs information from another. A repository stores the knowledge from multiple tools in an integrated manner. [SRV] (see also analysis, code, information, software)

integrated logistics support (ILS)

Integrated services digital network (ISDN)

A worldwide digital communications network evolving from existing telephone services. The goal of ISDN is to replace the current analog telephone system with totally digital switching and transmission facilities capable of carrying data ranging from voice to computer transmission, music, and video. Computers and other devices are connected to ISDN lines through simple, standardized interfaces. When fully implemented, ISDN is expected to provide users with faster, more extensive communications services in data, video, and voice. [SRV] An emerging communications system enabling the simultaneous transmission of data, facsimile, video, and voice over a single communications link. [AJP] (see also communications, computer, interface, standard, system, users, network)

integrated test facility (ITF)

(see also software development, test)

integration test

A process to confirm that program units are linked together and interface with the files or databases correctly. [SRV] (see also file, interface, process, program, software development, test)

integrity

(1) Correctness and appropriateness of the content and/or source of a piece of information. (2) The prevention of the unauthorized modification of information. (3) Sound, unimpaired, or perfect condition. [AJP] 1) Condition existing when an IS operates without unauthorized modification, alteration, impairment, or destruction of any of its components.2) The accuracy, completeness and reliable transmission and reception of information and its validity in accordance with business values and expectations; the adequacy and reliability of processes assuring personnel selection, access and safety; and the adequacy and reliability of processes assuring only authorized access to, and safety of, physical facilities. [CIAO] Assurance that information in an IT system is protected from unauthorized, unanticipated, or unintentional modification or destruction. System integrity also addresses the quality of an IT system reflecting the logical correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data. [800-37] Assuring information will not be accidentally or maliciously altered or destroyed. [NSAINT] Assuring information will not be accidentally or maliciously altered or destroyed. Sound, unimpaired or perfect condition. [OVT] Correctness and appropriateness of the content and/or source of a piece of information. [FCv1] Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. [800-60][800-82][SP 800-53; SP 800-53A; SP 800-18; SP 800-27; SP 800-] Protection against unauthorized modification or destruction of information. A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination. [GSA] Quality of an IS reflecting the logical correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data. Note that, in a formal security mode, integrity is interpreted more narrowly to mean protection against unauthorized modification or destruction of information. [CNSSI] Quality of an information system reflecting the logical correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data. In a formal security mode, integrity is interpreted more narrowly to mean protection against unauthorized modification or destruction of information. [DSS] Sound, unimpaired, or perfect condition. The property that an object is changed only in a specified and authorized manner. The property that sensitive data has not been modified or deleted in an unauthorized and undetected manner. [SRV] The prevention of the unauthorized modification of information. [ITSEC][NIAP] The property of safeguarding the accuracy and completeness of assets. [SC27] The property that sensitive data has not been modified or deleted in an unauthorized and undetected manner. [FIPS140] The property whereby an entity has not been modified in an unauthorized manner. [CNSSI-4009] The security objective that generates the requirement for protection against either intentional or accidental attempts to violate data integrity (the property that data has not been altered in an unauthorized manner) or system integrity (the quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation). [800-33] The security objective that generates the requirement for protection against either intentional or accidental attempts to violate data integrity (the property that data has when it has not been altered in an unauthorized manner) or system integrity (the quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation). [800-30] The state achieved by maintaining and authenticating the accuracy and accountability of system data, hardware, and software. [SRV] The state that exists when computerized data are the same as those in the source documents or have been correctly computed from source data and have not been exposed to accidental or malicious alteration or destruction [NASA] [of data] A security service that allows verification that an unauthorized modification of information (including changes, insertions, deletions, and duplications) has not occurred either maliciously or accidentally. [IATF] (see also Biba model, Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, IT security controls, IT security incident, Rivest-Shamir-Adleman algorithm, Secure Electronic Transaction, access, access control, adequate security, antivirus software, application server attack, archive, asymmetric cryptography, attack, authenticate, authentication, authentication code, authentication header, authentication header protocol, authorized, business process, common security, communications security, computer, computer abuse, computer emergency response team, computer forensics, computer related controls, computer security, configuration control, critical system files, cut-and-paste attack, cyclic redundancy check, data contamination, data encryption key, data encryption standard, data origin authentication service, data security, database management system, defense-in-depth, defense-wide information assurance program, destruction, digital forensics, digital signature, digital signature algorithm, digital watermarking, domain name system, dominated by, dual signature, encapsulating security payload, encapsulating security payload protocol, entry-level certification, front-end security filter, function, general controls, guard, hash, high-impact system, incident, information, information assurance, information assurance product, information security, internet protocol security, intrusion, kerberos, key wrapping, level of concern, levels of concern, line managers, low-impact system, malicious, malicious code, malware, message authentication code, message authentication code vs. Message Authentication Code, message digest, mid-level certification, moderate-impact system, network management, network security, non-repudiation, object, post-accreditation phase, potential impact, privacy enhanced mail, process, property, protected channel, protection suite, public-key certificate, public-key infrastructure, quality, reference monitor, requirements for procedures and standards, review techniques, sandboxed environment, seal, secure DNS, secure envelope, secure hypertext transfer protocol, secure shell, secure single sign-on, secure socket layer, security category, security controls, security event, security objectives, security policy, security requirements, signature, signed applet, simple key management for IP, simple network management protocol, software, supervisory control and data acquisition, system, threat, top-level certification, transmission, trojan horse, trust, trusted channel, trusted computer system, verification, virtual private network, vulnerability, assurance, quality of protection, security goals) (includes Biba Integrity model, Clark Wilson integrity model, authenticity, checksum, connectionless data integrity service, correctness, correctness integrity, data authentication code, data integrity, data integrity service, error detection code, file integrity checker, file integrity checking, integrity check, integrity check value, integrity policy, integrity-checking tools, message integrity code, operational integrity, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, secure hash algorithm, source integrity, system and data integrity, system integrity, system integrity service, two-person integrity)

integrity check

(D) ISDs SHOULD NOT use this term as a synonym for 'cryptographic hash' or 'protected checksum', because this term unnecessarily duplicates the meaning of other, well established terms. [RFC2828] (see also cryptographic, cryptography, hash, integrity)

integrity check value

Checksum capable of detecting modification of an IS. [CNSSI] Checksum capable of detecting modification of an information system. [CNSSI-4009] (see also integrity)

integrity policy

A security policy to prevent unauthorized users from modifying or writing sensitive information. [AJP][TNI] (see also authorized, information, security, security policy, users, integrity, policy)

integrity-checking tools

(see also integrity, security software)

intellectual property

An asset of a person or organization having value because of their creativity (e.g., copyright, trademark, patent, trade secret). [800-130] Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Under intellectual property law, the holder of one of these abstract 'properties' has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered. [CNSSI-4009] Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation. [SP 800-32] (see also control, property)

intelligence

(i) the product resulting from the collection, processing, integration, analysis, evaluation, and interpretation of available information concerning foreign countries or areas; or (ii) information and knowledge about an adversary obtained through observation, investigation, analysis, or understanding. The term 'intelligence' includes foreign intelligence and counterintelligence. [800-60] Information and/or knowledge about an adversary obtained through observation, investigation, analysis, or understanding. [DSS] (see also Defense Information Infrastructure, Defense Information Systems Network Designated Approving Authority, Defense Security Service, Defensive Information Operations, National Security Agency, accreditation, acquisition special access program, acquisition systems protection, adversary, alternative compensatory control measures, analysis, asset, authorized adjudicative agency, authorized classification and control markings register, authorized investigative agency, brute force attack, case officer, classification markings and implementation working group, cognizant security agency, command and control warfare, compromising emanations, computer network exploitation, controlled access program coordination office, controlled access program oversight committee, controlled access programs, cryptology, determination authority, dissemination, distributed control system, electronic warfare support, emanation, emergency action plan, espionage, evaluation, exploitation, foreign, hackers, information, internal vulnerability, national security information, national security system, non-disclosure agreement, operations security, packet switching, personnel security exceptions, physical security waiver, principal accrediting authority, process, program protection plan, reciprocity, report of investigation, risk avoidance, scattered castles, security environment threat list, senior review group, sensitive activities, sensitive compartmented information, sensitive compartmented information facility, sensitive compartmented information facility accreditation, sensitive compartmented information facility database, signal flags, single scope background investigation - periodic reinvestigation, special access program, special access required programs oversight committee, special activity, special security center, sponsoring agency, suspicious contact, systems security steering group, tear line, technical threat analysis, threat assessment, traffic analysis, unconventional warfare) (includes Director Central Intelligence Directive, Director of Central Intelligence Directive, Foreign Intelligence Surveillance Act, acoustic intelligence, advanced intelligence network, command, control, communications and intelligence, communications intelligence, compartmented intelligence, counterintelligence, counterintelligence assessment, designated intelligence disclosure official, economic intelligence, electronic intelligence, foreign intelligence, foreign intelligence service, human intelligence, imagery intelligence, intelligence activities, intelligence activity, intelligence collection, intelligence community, intelligence community classification and control markings implementation, intelligence cycle, intelligence information, intelligence sources and methods, intelligence special access program, intelligence system, measurement and signature intelligence, national intelligence, open source intelligence, senior intelligence officer, senior officials of the intelligence community, special intelligence, telemetry intelligence)

intelligence activities

The term 'intelligence activities' includes all activities that agencies within the Intelligence Community are authorized to conduct pursuant to Executive Order 12333, United States Intelligence Activities. [800-60] (see also authorized, intelligence)

intelligence activity

An activity that an agency within the Intelligence Community is authorized to conduct under Executive Order 12333. [DSS] (see also authorized, intelligence)

intelligence collection

Act of gathering information from available sources to meet an intelligence requirement. [DSS] (see also intelligence)

intelligence community

Aggregate of the following executive branch organizations and agencies involved in intelligence activities: Central Intelligence Agency; National Security Agency; Defense Intelligence Agency; offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs; Bureau of Intelligence and Research of the Department of State; intelligence elements of the military services; Federal Bureau of Investigation; Department of the Treasury; and Department of Energy; and staff elements of the Office of the Director of Central Intelligence. [DSS] The term 'intelligence community' refers to the following agencies or organizations: (i) The Central Intelligence Agency (CIA); (ii) The National Security Agency (NSA); (iii) The Defense Intelligence Agency (DIA); (iv) The offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs; (v) The Bureau of Intelligence and Research of the Department of State; (vi) The intelligence elements of the Army, Navy, Air Force, and Marine Corps, the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Department of Energy; and (vii) The staff elements of the Director of Central Intelligence. [800-60] (see also foreign, program, security, intelligence)

intelligence community classification and control markings implementation

Companion document to the Authorized Classification and Control Marking Register providing guidance on the syntax and use of classification and control markings. [DSS] (see also authorized, intelligence)

intelligence cycle

Steps by which information is converted into intelligence and made available to users. The cycle includes five steps: planning and direction; collection; processing; production; and dissemination. [DSS] (see also users, intelligence)

intelligence information

Unevaluated material that may be used in the production of intelligence. [DSS] (see also intelligence)

intelligence sources and methods

Sources: Persons, images, signals, documents, databases, and communications media capable of providing intelligence information through collection and analysis programs, for example, Human Intelligence, Imagery Intelligence, Signal Intelligence, Geospatial, and Measurement and Signature Intelligence Methods: Information collection and analysis strategies, tactics, operations and technologies employed to produce intelligence products. If intelligence sources or methods are disclosed without authorization, their effectiveness may be substantially negated or impaired. (The term 'intelligence sources and methods' is used in legislation and executive orders to denote specific protection responsibilities of the Director of National Intelligence.) [DSS] (see also analysis, authorization, intelligence)

intelligence special access program

Special Access Program established primarily to protect planning and execution of especially sensitive intelligence or counterintelligence operations or collection activities. [DSS] (see also access, intelligence)

intelligence system

Any system (formal or informal) used to manage data gathering, obtain and process the data, interpret the data, and provide analytically sound opinions to decision makers in order that they may make informed decisions with regard to various courses of action. The term is not limited to intelligence organizations or services but includes any system, in all its parts, that accomplishes the listed tasks. [DSS] (see also intelligence)

intelligent electronic device

Any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers). [800-82] (see also control, function, process)

intelligent threat

(I) A circumstance in which an adversary has the technical and operational capability to detect and exploit a vulnerability and also has the demonstrated, presumed, or inferred intent to do so.$ International Data Encryption Algorithm (IDEA) (N) A patented, symmetric block cipher that uses a 128-bit key and operates on 64-bit blocks. [RFC2828] (see also adversary, algorithm, cipher, cryptography, encryption, exploit, key, operation, vulnerability, threat)

intending citizen

Alien who belongs to one of the following four categories under the Immigration Reform and Control Act of 1986. [DSS]

intent

Demonstrating a deliberate series of actions with the objective of debilitating defense or economic security by destroying or incapacitating a critical infrastructure. [CIAO] (see also critical, object, security)

intention

Aim or design (as distinct from a capability) to execute a specified course of action. [DSS]

inter-TSF transfers

Communicating data between the TOE and the security functions of other trusted IT products. [CC2][CC21][SC27] (see also function, trust, TOE security functions, target of evaluation)

interactive mode

The ability to interact or converse with a computer by giving commands and receiving response in real time. [SRV] (see also computer, response)

interarea interswitch rekeying key (IIRK)

(see also key, rekey)

intercept

Data obtained through passive collection of signals. Interrupting access, communication, or the flow of a process. [DSS] (see also access, interception, threat)

interception

A threat action whereby an unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. [RFC2828] (see also access, access control, authorized, entity, intercept, threat consequence)

interconnected network

Network information system comprising two or more separately accredited systems and/or networks. [DSS] (see also network)

interconnection security agreements

An agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations. [800-37] Written management authorization to interconnect information systems based upon acceptance of risk and implementation of established controls. [CNSSI] (see also authorization, control, information, requirements, risk, system, connection, security)

interdependence

Dependence among elements or sites of different infrastructures, and therefore, effects by one infrastructure upon another. [CIAO] (see also risk)

interdependency

Mutually reliant relationship between entities (objects, individuals, or groups). The degree of interdependency does not need to be equal in both directions. [NIPP]

interdiction

The act of impeding or denying the use of computer system resources to a user. [SRV] (see denial-of-service)

interface

(1) A shared boundary across which information is passed. (2) A Hardware or software component that connects two or more other components for the purpose of passing information from one to the other. (3) To connect two or more components for the purpose of passing information from one to the other. (4) To serve as a connecting or connected component as in (2). (1) (ISO) A shared boundary between two functional units, defined by functional characteristics, common physical interconnection characteristics, signal characteristics, and other characteristics, as appropriate. The concept involves the specification of the connection of two devices having different functions. (2) A point of communication between two or more processes, persons, or other physical entities. (3) A peripheral device which permits two or more devices to communicate. [OVT] A common boundary or connector between two applications or devices, such as the graphical user interface (GUI) that allows a human user to interact with an application written in code. [CIAO] A logical section of a cryptographic module that defines a set of entry or exit points that provide access to the module, including information flow or physical access. [FIPS140] Common boundary between independent systems or modules where interactions take place. [CNSSI][CNSSI-4009] Computer programs that translate information from one system or application into a format required for use by another system or application. [FFIEC] The common boundary between independent systems or modules where communication takes place. [SRV] (see also FIPS PUB 140-1, Green book, Integrated services digital network, PC card, PKCS #11, POSIX, TTY watcher, access, access control, application, architecture, bit forwarding rate, block cipher, boundary, buffer overflow, code, communications, computer, connection, connection establishment time, connection teardown time, console, cryptographic, cryptography, data source, distributed computing environment, dual-homed gateway firewall, email packages, ethernet sniffing, extensibility, firewall, flow, formal security policy model, function, gateway, goodput, homed, information, information architecture, integration test, line conditioning, line conduction, module, on-line system, payment gateway, process, program, promiscuous mode, protocol data unit, proximity, remote terminal emulation, ruleset, scope of a requirement, significant change, smartcards, software, software system test and evaluation process, stealth mode, subnetwork, system, teleprocessing, tri-homed, trusted agent, user representative, users) (includes Cryptographic Application Program Interface, Generic Security Service Application Program Interface, TOE security functions interface, application program interface, application programming interface, common gateway interface, contact interface, contactless interface, controlled interface, cryptographic application programming interface, fiber distributed data interface, fill device interface unit, graphical-user interface, human-machine interface, interface control document, interface control unit, interface testing, internetwork private line interface, layer management interface, network interface card, secure digital net radio interface unit, security support programming interface, user interface, user interface system)

interface control document

Technical document describing interface controls and identifying the authorities and responsibilities for ensuring the operation of such controls. This document is baselined during the preliminary design review and is maintained throughout the IS lifecycle. [CNSSI] Technical document describing interface controls and identifying the authorities and responsibilities for ensuring the operation of such controls. This document is baselined during the preliminary design review and is maintained throughout the information system lifecycle. [CNSSI-4009] (see also authorization, baseline, evaluation, identify, lifecycle, operation, control, interface)

interface control unit (ICU)

interface testing

Testing conducted to evaluate whether systems or components pass data and control correctly to each other. Integration testing where the interfaces between system components are tested. [OVT] (see also control, system, interface, security testing, test)

interference

Disruption of system operations by blocking communications or user data or control information. [RFC2828] (see also communications, control, information, operation, system, users, threat consequence)

interim access authorization

Determination to grant access authorization before receipt and adjudication of the individual's complicated background investigation. [DSS] (see also temporary access eligibility, access, authorization)

interim accreditation

Temporary authorization granted by a DAA for an IT system to process, store and/or transmit information based on preliminary results of security certification of the system. [800-37] (see also authorization, information, process, security, system, accreditation)

interim accreditation action plan

A document created for the IT system which has received an interim accreditation to operate, and that is issued to the program manager or system owner by the DAA along with the interim accreditation letter. The action plan includes: (1) the critical mission that mandates the system be operational, (2) the list of specific corrective actions necessary to demonstrate the needed security controls are implemented correctly and are effective, (3) the agreed upon timeline for taking designated corrective actions, (4) the resources necessary to properly complete the corrective actions, and (5) operational restrictions that are imposed to lessen the risk during the interim accreditation. [800-37] (see also control, critical, operation, owner, program, resource, risk, security, system, accreditation)

interim approval to operate

(IATO) Temporary authorization granted by a DAA for an information system to process information based on preliminary results of a security evaluation of the system. (To be replaced by ATO and POA&M) [CNSSI-4009] Temporary authorization granted by a DAA for an IS to process information based on preliminary results of a security evaluation of the system. [CNSSI] Temporary authorization granted by a Designated Approving Authority for an information system to process classified information in its operational environment based on preliminary results of a security evaluation of the system. [DSS] (see also authorization, classified, evaluation, information, process, security, system)

interim approval to test

Temporary authorization to test an information system in a specified operational information environment within the timeframe and under the conditions or constraints enumerated in the written authorization. [CNSSI][CNSSI-4009] (see also authorization, information, operation, system, test)

interim security clearance

Security clearance based on completion of minimum investigative requirements-and granted on a temporary basis, pending the completion of the full investigative requirements. [DSS] (see also requirements, temporary access eligibility, security)

interleaving attack

A masquerade which involves use of information derived from one or more ongoing or previous authentication exchanges. [SC27] (see also authentication, information, attack)

internal communication channel

A communication channel between separated parts of TOE. [CC2][CC21][SC27] (see also channel, communication channel, communications, target of evaluation)

internal control questionnaire (ICQ)

(see also control)

internal fraud

an act of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/discrimination events, which involve at least one internal party. [2003-53c] (see also policy, property, fraud, operational risk loss)

internal label

A header block on magnetic media that identifies the contents [NASA]

internal network

A network where 1) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or 2) cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints provides the same effect (at least with regard to confidentiality and integrity). An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned. [CNSSI-4009] A network where: (i) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or (ii) cryptographic encapsulation or similar security technology provides the same effect. An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned. [SP 800-53] (see also control, security, network)

internal rate of return (IRR)

internal security controls

(1) Hardware, firmware, and software features within a system that restricts access to resources (hardware, software, and data) to authorized subjects only (persons, programs, or devices). (2) Mechanisms implemented in the hardware, firmware, and software of an IT product which provide protection for the IT product. [AJP] Hardware, firmware, and software features within a system that restricts access to resources (hardware, software, and data) to authorized subjects only (persons, programs, or devices). [NCSC/TG004][SRV] Hardware, firmware, or software features within an IS that restrict access to resources only to authorized subjects. [CNSSI] Hardware, firmware, or software features within an information system that restrict access to resources only to authorized subjects. [CNSSI-4009] Mechanisms implemented in the hardware, firmware, and software of an IT product which provide protection for the IT product. [FCv1] (see also access, access control, authorized, program, resource, software, system, control, risk management, security controls) (includes subject)

internal security testing

Security testing conducted from inside the organization's security perimeter. [SP 800-115] Security testing that is conducted from inside the organization's security perimeter. [800-115] (see also security perimeter, security testing, test)

internal subject

A subject that is not acting as a direct surrogate for a user. A process that is not associated with any user but performs system-wide functions such as packet switching, line printer spooling, and so on. (also known as a daemon or a service machine). [AJP][TNI] (see also function, process, system, users, subject)

internal system exposure

Relates to the types of individuals that have authorization to access the system and the information the system stores, processes, and transmits. It includes such items as individual security background assurances and/or clearance levels, access approvals, and need-to-know. [800-37] (see also access, access control, assurance, authorization, information, process, security, exposures, system)

internal throughput time

The number of interactive transactions or batch jobs completed per unit of CPU time. [SRV]

internal TOE transfer

Communicating data between separated parts of the TOE. [CC2][CC21][SC27] (see also target of evaluation)

internal vulnerability

The inside threat posed by an individual, with access to classified national intelligence, including Sensitive Compartmented information, who may betray his or her trust. [DSS] (see also access, classified, insider threat, intelligence, trust, vulnerability)

International Data Encryption Algorithm (IDEA)

A private key encryption-decryption algorithm that uses a key that is twice the length of a DES key. [NSAINT] This is a symmetric encryption algorithm that is popular outside of the United States and Canada. However, DES is still the most popular symmetric algorithm anywhere. [misc] (see also key, algorithm, encryption, symmetric algorithm)

international organization

Entity established by recognized governments under an international agreement which, by charter or otherwise, is able to acquire and transfer property, make contracts and agreements, obligate its members, and pursue legal remedies. [DSS]

International organization for standardization (ISO)

(I) International Organization for Standardization, a voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations and non-voting observer organizations. (C) Legally, ISO is a Swiss, non-profit, private organization. ISO and the IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in developing international standards through ISO and IEC technical committees that deal with particular fields of activity. Other international governmental and non-governmental organizations, in liaison with ISO and IEC, also take part. (ANSI is the U.S. voting member of ISO. ISO is a class D member of ITU-T.) (C) The ISO standards development process has four levels of increasing maturity: Working Draft (WD), Committee Draft (CD), Draft International Standard (DIS), and International Standard (IS). In information technology, ISO and IEC have a joint technical committee, ISO/IEC JTC 1. DISs adopted by JTC 1 are circulated to national bodies for voting, and publication as an IS requires approval by at least 75% of the national bodies casting a vote. [RFC2828] International organization for standardization - An organization established to develop and define data processing standards to be used throughout participating countries. [SRV] (see also ITU-T, information, process, system, technology, automated information system, standard) (includes Open Systems Interconnection Reference model)

international standards organization (ISO)

(see also standard)

international telecommunication union (ITU)

(see also network)

International Traffic in Arms Regulations (ITAR)

(N) Rules issued by the U.S. State Department, by authority of the Arms Export Control Act (22 U.S.C. 2778), to control export and import of defense articles and defense services, including information security systems, such as cryptographic systems, and TEMPEST suppression technology. [RFC2828] (see also TEMPEST, authority, control, cryptographic, cryptography, information, information security, security, system, technology)

internet

A collection of interconnected networks that use a common set of protocols called the TCP/IP stack to enable communication between the connected computer systems. [RFC2504] A cooperative message-forwarding system linking computer networks all over the world. [FFIEC] A decentralized, global network of computers (Internet hosts), linked by the use of common communications protocols (Transmission Control Protocol/Internet protocol, or TCP/IP). The Internet allows users worldwide to exchange messages, data, and images. [CIAO] The Internet is the single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share (a) the protocol suite specified by the Internet Architecture Board (IAB), and (b) the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN). [CNSSI-4009] The single interconnected world-wide system of commercial, government, educational, and other computer networks that share the set of protocols specified by the Internet Architecture Board (IAB) and the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN). [800-82] (see also Green book, Guidelines and Recommendations for Security Incident Processing, IPsec Key Exchange, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Message Security Protocol, Open Systems Interconnection Reference model, Request for Comment, Secure Electronic Transaction, ankle-biter, application gateway firewall, attack, authentication header, bill payment, bill presentment, certification hierarchy, communications, computer, computer emergency response team, computer emergency response teams' coordination center, computer network, concept of operations, confidentiality, connection, control, cookies, countermeasures, demilitarized zone, denial-of-service, dial-up line, distributed plant, domain, domain name, dual-homed gateway firewall, egress filtering, electronic commerce, electronic messaging services, encapsulating security payload, end system, external system exposure, filtering router, hackers, host, https, hypermedia, hypertext, hypertext transfer protocol, ingress filtering, interoperability standards/protocols, lurking, message, national information infrastructure, network, network address translation, network connection, network worm, object identifier, one-time passwords, online certificate status protocol, open systems security, packet assembly and disassembly, password sniffing, peer-to-peer communication, personal communications network, phishing, point-to-point tunneling protocol, policy certification authority, pop-up box, port scanning, privacy enhanced mail, protocols, public-key forward secrecy, remote authentication dial-in user service, repudiation, rules of behavior, scan, secure socket layer, security assertion markup language, spam, system, trojan horse, trusted gateway, users, validate vs. verify, vendor, virtual mall, vishing, web server, website hosting) (includes ARPANET, Distributed Authentication Security Service, Generic Security Service Application Program Interface, IP address, Identification Protocol, Internet Architecture Board, Internet Assigned Numbers Authority, Internet Corporation for Assigned Names and Numbers, Internet Draft, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Message Access Protocol, version 4, Internet Policy Registration Authority, Internet Protocol Security Option, Internet Security Association and Key Management Protocol, Internet Society, Internet Society Copyright, Internet Standard, Internet Standards document, Internet worm, MIME Object Security Services, PKIX, POP3 AUTH, Post Office Protocol, version 3, Rexd, SOCKS, Secure/MIME, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, USENET, anonymous login, cyberspace, domain name service server, domain name system, e-banking, e-mail server, email, extranet, file transfer protocol, firewall, gateway server, internet control message protocol, internet key exchange protocol, internet protocol, internet protocol security, internet service provider, internet vs. Internet, internetwork, internetwork private line interface, intranet, listserv, mailing list, management information base, markup language, multipurpose internet mail extensions, point-to-point protocol, port, pretty good privacy, proxy server, router, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure shell, simple mail transfer protocol, simple network management protocol, sniffer, telnet, traceroute, transmission control protocol, transmission control protocol/internet protocol, transport layer security, tunnel, uniform resource identifier, uniform resource locator, uniform resource name, user data protocol, virtual private network, wide area information service, world wide web, worm)

Internet Architecture Board (IAB)

(I) A technical advisory group of the ISOC, chartered by the ISOC Trustees to provide oversight of Internet architecture and protocols and, in the context of Internet Standards, a body to which decisions of the IESG may be appealed. Responsible for approving appointments to the IESG from among nominees submitted by the IETF nominating committee. [RFC2828] (see also advisory, protocols, standard, trust, Internet Society, internet)

Internet Assigned Numbers Authority (IANA)

(I) From the early days of the Internet, the IANA was chartered by the ISOC and the U.S. Government's Federal Network Council to be the central coordination, allocation, and registration body for parameters for Internet protocols. Superseded by ICANN. [RFC2828] (see also network, protocols, registration, Internet Society, authority, internet)

internet control message protocol (ICMP)

(I) An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network. [RFC2828] A message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP is used by a device, often a router, to report and acquire a wide range of communications-related information. [IATF] (see also communications, gateway, information, network, process, router, standard, control, internet, message, protocols, security)

Internet Corporation for Assigned Names and Numbers (ICANN)

(I) The non-profit, private corporation that has assumed responsibility for the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions formerly performed under U.S. Government contract by IANA and other entities. (C) The Internet Protocol Suite, as defined by the IETF and the IESG, contains numerous parameters, such as internet addresses, domain names, autonomous system numbers, protocol numbers, port numbers, management information base object identifiers, including private enterprise numbers, and many others. The Internet community requires that the values used in these parameter fields be assigned uniquely. ICANN makes those assignments as requested and maintains a registry of the current values. (C) ICANN was formed in October 1998, by a coalition of the Internet's business, technical, and academic communities. The U.S. Government designated ICANN to serve as the global consensus entity with responsibility for coordinating four key functions for the Internet: the allocation of IP address space, the assignment of protocol parameters, the management of the DNS, and the management of the DNS root server system. [RFC2828] (see also domain, entity, function, information, key, object, protocols, system, internet)

Internet Draft

(I) A working document of the IETF, its areas, and its working groups. (Other groups may also distribute working documents as Internet Drafts.) An Internet Draft is not an archival document like an RFC is. Instead, an Internet Draft is a preliminary or working document that is valid for a maximum of six months and may be updated, replaced, or made obsolete by other documents at anytime. It is inappropriate to use an Internet Draft as reference material or to cite it other than as 'work in progress.' [RFC2828] (see also update, internet)

Internet Engineering Steering Group (IESG)

(I) The part of the ISOC responsible for technical management of IETF activities and administration of the Internet Standards Process according to procedures approved by the ISOC Trustees. Directly responsible for actions along the 'standards track', including final approval of specifications as Internet Standards. Composed of IETF Area Directors and the IETF chairperson, who also chairs the IESG. [RFC2828] (see also process, standard, trust, Internet Society, internet)

Internet Engineering Task Force (IETF)

(I) A self-organized group of people who make contributions to the development of Internet technology. The principal body engaged in developing Internet Standards, although not itself a part of the ISOC. Composed of Working Groups, which are arranged into Areas (such as the Security Area), each coordinated by one or more Area Directors. Nominations to the IAB and the IESG are made by a committee selected at random from regular IETF meeting attendees who have volunteered. [R2026, R2323] Internet Message Access Protocol, version 4 (IMAP4) (I) An Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client. (C) IMAP4 has mechanisms for optionally authenticating a client to server and providing other security services. [RFC2828] (see also access, access control, authentication, message, protocols, random, security, standard, technology, version, Internet Society, internet)

internet key exchange protocol

Protocol used to negotiate, create, and manage security associations. [800-77] (see also association, security, internet, key, protocols)

Internet Message Access Protocol, version 4 (IMAP4)

(see also access, internet, message, protocols, version)

Internet Policy Registration Authority (IPRA)

(I) An X.509-compliant CA that is the top CA of the Internet certification hierarchy operated under the auspices of the ISOC. [RFC2828] (see also X.509, certification, public-key infrastructure, Internet Society, authority, internet, policy, registration)

internet protocol (IP)

(I) A Internet Standard protocol (version 4 and version 6) that moves datagrams (discrete sets of bits) from one computer to another across an internetwork but does not provide reliable delivery, flow control, sequencing, or other end-to-end services that TCP provides. (C) In the OSIRM, IP would be located at the top of layer 3. [RFC2828] A communications protocol that routes packets of data. The address of the destination system is used by intermediate routers to select a path through the network. [CIAO] Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. [CNSSI][CNSSI-4009] (see also communications, computer, control, flow, network, router, standard, system, version, internet, protocols)

internet protocol security (IPsec)

(I) (1.) The name of the IETF working group that is specifying a security architecture and protocols to provide security services for Internet Protocol traffic. (2.) A collective name for that architecture and set of protocols. (Implementation of IPsec protocols is optional for IP version 4, but mandatory for IP version 6.) (C) Note that the letters 'sec' are lower-case. (C) The IPsec architecture specifies (a) security protocols (AH and ESP), (b) security associations (what they are, how they work, how they are managed, and associated processing), (c) key management (IKE), and (d) algorithms for authentication and encryption. The set of security services include access control service, connectionless data integrity service, data origin authentication service, protection against replays (detection of the arrival of duplicate datagrams, within a constrained window), data confidentiality service, and limited traffic flow confidentiality. [RFC2828] An OSI Network layer security protocol that provides authentication and encryption over IP networks. [800-127] intended to secure LAN-to-LAN connections over the Internet with a public-key system. [misc] (see also Internet Security Association and Key Management Protocol, NULL encryption algorithm, OAKLEY, Photuris, access, access control, aggressive mode, algorithm, association, authentication, authentication header protocol, confidentiality, connection, control, cookies, domain of interpretation, encapsulating security payload protocol, encryption, flow, forward secrecy, integrity, internet security protocol, key, key management, main mode, pre-shared key, process, protection suite, public-key, quick mode, secure socket layer, security association, security gateway, security parameters index, system, transport mode, triple DES, version, communications security, internet, protocols, security protocol) (includes IPsec Key Exchange, authentication header, encapsulating security payload, transport mode vs. tunnel mode, tunnel mode)

Internet Protocol Security Option (IPSO)

(I) Refers to one of three types of IP security options, which are fields that may be added to an IP datagram for the purpose of carrying security information about the datagram. (D) ISDs SHOULD NOT use this term without a modifier to indicate which of the three types is meant.

'DoD Basic Security Option' (IP option type 130): Defined for use on U.S. Department of Defense common user data networks. Identifies the Defense classification level at which the datagram is to be protected and the protection authorities whose rules apply to the datagram.
'protection authority' is a National Access Program (e.g. GENSER, SIOP-ESI, SCI, NSA, Department of Energy) or special access program that specifies protection rules for transmission and processing of the information contained in the datagram.
'DoD Extended Security Option' (IP option type 133): Permits additional security labeling information, beyond that present in the Basic Security Option, to be supplied in the datagram to meet the needs of registered authorities.
'Common IP Security Option' (CIPSO) (IP option type 134): Designed by TSIG to carry hierarchic and non-hierarchic security labels. (Formerly called 'Commercial IP Security Option'.) Was published as Internet-Draft; not advanced to RFC.

Internet Security Association and Key Management Protocol (ISAKMP)

(I) An Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism. (C) ISAKMP supports negotiation of security associations for protocols at all TCP/IP layers. By centralizing management of security associations, ISAKMP reduces duplicated functionality within each protocol. ISAKMP can also reduce connection setup time, by negotiating a whole stack of services at once. Strong authentication is required on ISAKMP exchanges, and a digital signature algorithm based on asymmetric cryptography is used within ISAKMP's authentication component. [RFC2828] (see also algorithm, authentication, connection, cryptography, digital signature, encryption, establishment, function, internet protocol security, internet security protocol, signature, association, internet, key management, protocols, security protocol)

internet security protocol

internet service provider (ISP)

A company that provides its customers with access to the Internet. [FFIEC] (see also access, access control, internet)

Internet Society (ISOC)

(I) A professional society concerned with Internet development (including technical Internet Standards); with how the Internet is and can be used; and with social, political, and technical issues that result. The ISOC Board of Trustees approves appointments to the IAB from among nominees submitted by the IETF nominating committee. [RFC2828] (see also standard, trust, internet) (includes Internet Architecture Board, Internet Assigned Numbers Authority, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Policy Registration Authority, Internet Society Copyright, Request for Comment)

Internet Society Copyright

Copyright (C) The Internet Society (2000). All Rights Reserved.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. [RFC2504][RFC2828] (see also process, standard, Internet Society, internet)

Internet Standard

(I) A specification, approved by the IESG and published as an RFC, that is stable and well-understood, is technically competent, has multiple, independent, and interoperable implementations with substantial operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Internet. (C) The Internet Standards Process is an activity of the ISOC and is organized and managed by the IAB and the IESG. The process is concerned with all protocols, procedures, and conventions used in or by the Internet, whether or not they are part of the Internet Protocol Suite. The 'Internet Standards Track' has three levels of increasing maturity: Proposed Standard, Draft Standard, and Standard. [RFC2828] (see also Request for Comment, operation, process, protocols, internet, standard)

Internet Standards document (ISD)

(C) In this Glossary, this term refers to an RFC, Internet-Draft, or other item that is produced as part of the Internet Standards Process. However, neither the term nor the abbreviation is widely accepted and, therefore, SHOULD NOT be used in an ISD unless it is accompanied by an explanation like this. [RFC2828] (see also process, Request for Comment, internet, standard)

internet vs. Internet

(I) Not capitalized: A popular abbreviation for 'internetwork'. (I) Capitalized: 'The Internet' is the single, interconnected, worldwide system of commercial, government, educational, and other computer networks that share the set of protocols specified by the IAB and the name and address spaces managed by the ICANN. (C) The protocol set is named the 'Internet Protocol Suite'. It also is popularly known as 'TCP/IP', because TCP and IP are two of its fundamental components. These protocols enable a user of any one of the networks in the Internet to communicate with, or use services located on, any of the other networks. (C) Although the Internet does have architectural principles, no Internet Standard formally defines a layered reference model for the IPS that is similar to the OSIRM. However, Internet community documents do refer (inconsistently) to layers: application, socket, transport, internetwork, network, data link, and physical. In this Glossary, Internet layers are referred to by name to avoid confusing them with OSIRM layers, which are referred to by number. [RFC2828] (see also application, computer, computer network, model, network, protocols, standard, system, users, internet)

Internet worm

A worm program that was unleashed on the Internet in 1988. It was written by Robert T. Morris as an experiment that got out of hand. [NSAINT] Independent program that replicates from machine to machine across network connections often clogging networks and computer systems as it spreads. [AFSEC] (see also computer, connection, network, program, system, internet, worm)

internetwork

(I) A system of interconnected networks; a network of networks. Usually shortened to 'internet'. (C) An internet is usually built using OSI layer 3 gateways to connect a set of subnetworks. When the subnetworks differ in the OSI layer 3 protocol service they provide, the gateways sometimes implement a uniform internetwork protocol (e.g. IP) that operates at the top of layer 3 and hides the underlying heterogeneity from hosts that use communication services provided by the internet. [RFC2828] (see also communications, gateway, protocols, system, internet, network)

internetwork private line interface

Network cryptographic unit that provides secure connections, singularly or in simultaneous multiple connections, between a host and a predetermined set of corresponding hosts. [CNSSI] (see also connection, cryptographic, interface, internet, network)

interoperability

A measure of the ability of one set of entities to physically connect to and logically communicate with another set of entities. [800-130] Capability of one system to communicate with another system through common protocols. [DSS] For the purposes of this standard, interoperability allows any government facility or information system, regardless of the PIV Issuer, to verify a cardholder's identity using the credentials on the PIV Card. [FIPS 201] The ability of computers to act upon information received from one another. [AJP] The ability of two or more systems or components to exchange information and to use the information that has been exchanged. [GAO] The ability of two or more systems or components to exchange information and to use the information that has been exchanged. It is the capability of systems to communicate with one another and to exchange and use information including content, format, and semantics. [SRV] The ability of two or more systems or components to exchange information and to use the information that has been exchanged. It is the capability of systems, subsystems, or components to communicate with one another, exchange services, and use information, including content, format, and semantics. [SRV] (see also interoperable, PKIX, application programming interface, computer, identity, information, information processing standard, open system environment, open systems, portability, recommended practices, security assertion markup language, semantics, site accreditation, system) (includes Minimum Interoperability Specification for PKI Components, Trusted Systems Interoperability Group, interoperability standards/protocols)

interoperability standards/protocols

Commonly agreed on standards that enable different computers or programs to share information. Example: HTTP (Hypertext Transfer Protocol) is a standard method of publishing information as hypertext in HTML format on the Internet. [FFIEC] (see also computer, information, internet, program, interoperability, protocols, standard)

interoperable

software, or hardware, that is able to run on multiple machines from multiple vendors in a meaningful way without causing problems. [misc] (see also interoperability, software)

interoperate

To provide services to or accept services from other systems, subsystems, or components and to use the exchanged services effectively. [SRV] (see also system)

interpersonal messaging (IPM)

interpretation

Expert technical judgment, when required, regarding the meaning or method of application of any technical aspect of the criteria and/or methodology. [NIAP] (see also application, criteria)

interpreted virus

A virus that is composed of source code that can be executed only by a particular application or service. [800-83] (see also application, code, virus)

interswitch rekeying key (IRK)

(see also key, rekey)

interval estimate

The general term for an estimate of a population parameter that is a range of numerical values. The estimation of a parameter in terms of an interval, for which one can assert with a given probability (or degree of confidence) that it contains the actual value of the parameter. [SRV] (see also confidence)

interval variable

A quantitative variable, the attributes of which are ordered and for which the numerical differences between adjacent attributes are interpreted as equal. [SRV]

interview

A type of assessment method that is characterized by the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or lead to the location of evidence, the results of which are used to support the determination of security control effectiveness over time. [SP 800-53A] (see also control, security)

intranet

(I) A computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders. [RFC2828] A private network for communications and sharing of information that, like the Internet, is based on TCP/IP but is accessible only to authorized users within an organization. An organization's intranet is usually protected from external access by a firewall. [CIAO] A private network that is employed within the confines of a given enterprise (e.g., internal to a business or agency). [CNSSI-4009] (see also access, access control, authorized, communications, computer, computer network, information, network, technology, users, internet)

intruder

(I) An entity that gains or attempts to gain access to a system or system resource without having authorization to do so. [RFC2828] (see also access, access control, authorization, entity, resource, system, intrusion)

intrusion

A deliberate or accidental set of events that potentially causes unauthorized access to, activity against, and/or activity in, an information technology (IT) system. [SC27] A threat action whereby an unauthorized entity gains access to sensitive data by circumventing a system's security protections. [RFC2828] An unauthorized access or penetration of a computer system. [AFSEC] Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. [NSAINT] Attacks or attempted attacks from outside the security perimeter of an IT system. [CIAO] Unauthorized act of bypassing the security mechanisms of a system. [CNSSI][CNSSI-4009] (see also access, access control, accountability, agent, anomaly detection, anomaly detection model, antivirus software, attack, authorization, authorized, availability, balanced magnetic switch, break-wire detector, channel scanning, compromise, computer, computer security incident, confidentiality, console, cracker, dual technology, entity, false negative, false positive, flow, host based, incident, information, information assurance, information assurance product, information sharing and analysis center, integrity, management server, misuse detection model, multihost based auditing, network based, network behavior analysis system, resource, rules based detection, security, sensor, shim, stealth mode, stealth probe, subversion, system, technology, trustworthy system, tuning, unauthorized access, threat consequence) (includes Intrusion Detection In Our Time, SATAN, computer intrusion, computer security intrusion, host-based intrusion prevention system, intruder, intrusion detection, intrusion detection and prevention, intrusion detection and prevention system, intrusion detection system load balancer, intrusion detection systems, intrusion detection tools, intrusion prevention, intrusion prevention system, meaconing, intrusion, jamming, and interference, network-based intrusion prevention system, penetration, security intrusion, wireless intrusion detection and prevention system)

intrusion detection

(I) A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner. [RFC2828] Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network. [IATF] Pertaining to techniques which attempt to detect intrusion into a computer or network by observation of actions, security logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network. [NSAINT] Pertaining to techniques which attempt to detect intrusion into a computer or network by observation of security logs or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network. [AFSEC] The process of identifying that an intrusion has been attempted, is occurring, or has occurred. [SC27] The process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents. [800-94] detection of network break-ins or attempted break-ins via software. [misc] (see also access, access control, accountability, agent, antivirus software, audit, authorization, authorized, channel scanning, computer, console, countermeasures, false negative, false positive, flow, identify, incident, information, information assurance product, intrusion prevention system, management server, network, network behavior analysis system, process, resource, rules based detection, security, sensor, shim, software, stealth mode, stealth probe, system, tuning, intrusion) (includes Intrusion Detection In Our Time, intrusion detection and prevention, intrusion detection system load balancer, intrusion detection systems, intrusion detection tools, wireless intrusion detection and prevention system)

intrusion detection and prevention

The process of monitoring the events occurring in a computer system or network, analyzing them for signs of possible incidents, and attempting to stop detected possible incidents. [800-94] (see also computer, incident, process, system, intrusion, intrusion detection)

intrusion detection and prevention system

An appliance or software product that provides complementary security services to a personal firewall, monitoring and analyzing the internal state of a client device. IDPS products review logs to ensure that the system and applications are not functioning unexpectedly, such as applications inexplicably accessing or altering other portions of the system. Several host-based IDPS software products also monitor inbound and outbound network communications and report or possibly block suspicious activity. [800-127] (see also access, security, intrusion)

Intrusion Detection In Our Time (IDIOT)

A system that detects intrusions using pattern-matching. [NSAINT] (see also system, intrusion, intrusion detection, security software)

intrusion detection system load balancer

A device that aggregates and directs network traffic to monitoring systems, such as intrusion detection and prevention sensors. [800-94] (see also intrusion, intrusion detection, system)

intrusion detection systems (IDS)

(Host-Based) IDSs which operate on information collected from within an individual computer system. This vantage point allows host-based IDSs to determine exactly which processes and user accounts are involved in a particular attack on the Operating System. Furthermore, unlike network-based IDSs, host-based IDSs can more readily 'see' the intended outcome of an attempted attack, because they can directly access and monitor the data files and system processes usually targeted by attacks. [SP 800-36; CNSSI-4009] (Network-Based) IDSs which detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network- based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment. [SP 800-36; CNSSI-4009] A security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner. [800-82] A system that detects and identifies unauthorized or unusual activity on the hosts and networks; this is accomplished by the creation of audit records and checking the audit log against the intrusion thresholds. [IATF] A technical system that is used to identify and respond to intrusions in IT systems. [SC27] Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network. Pertaining to techniques that attempt to detect intrusion into a computer or network by observation of security logs or audit data. [CIAO] Hardware or software product that gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organizations) and misuse (attacks from within the organizations.) [CNSSI-4009] Security alarm system to detect unauthorized entry. [DSS] Software that automates the intrusion detection process. [800-94] Software that looks for suspicious activity and alerts administrators. [800-61] Software/hardware that detects and logs inappropriate, incorrect, or anomalous activity. IDS are typically characterized based on the source of the data they monitor: host or network. A host-based IDS uses system log files and other electronic audit data to identify suspicious activity. A network-based IDS uses a sensor to monitor packets on the network to which it is attached. [FFIEC] (see also access, attack, audit, authorized, computer, file, identify, information, network, process, resource, software, target, intrusion, intrusion detection, security software, system)

intrusion detection tools

Tools to identify attempts to penetrate a computer system and gain unauthorized access. [SRV] (see also access, access control, authorized, computer, identify, system, unauthorized access, intrusion, intrusion detection, security software)

intrusion prevention

The process of monitoring the events occurring in a computer system or network, analyzing them for signs of possible incidents, and attempting to stop detected possible incidents. [800-94] (see also accountability, computer, countermeasures, incident, process, system, intrusion) (includes intrusion prevention system)

intrusion prevention system

A system that can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets. [800-82] Software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. Also called an intrusion detection and prevention system. [800-94] (see also incident, intrusion detection, software, target, intrusion, intrusion prevention, system)

invalidation

Administrative action rendering a contractor ineligible to receive additional classified information, except that information necessary for completion of essential contracts as determined by appropriate Government contracting agencies. [DSS] (see also classified)

invalidity date

(N) An X.509 CRL entry extension that 'indicates the date at which it is known or suspected that the [revoked certificate's private key] was compromised or that the certificate should otherwise be considered invalid'. (C) This date may be earlier than the revocation date in the CRL entry, and may even be earlier than the date of issue of earlier CRLs. However, the invalidity date is not, by itself, sufficient for purposes of non-repudiation service. For example, to fraudulently repudiate a validly-generated signature, a private key holder may falsely claim that the key was compromised at some time in the past. [RFC2828] (see also X.509, certificate, compromise, digital signature, fraud, key, non-repudiation, revocation, revoked state, signature, public-key infrastructure)

inverse cipher

Series of transformations that converts ciphertext to plaintext using the Cipher Key. [FIPS 197]

investigation service

An entity that examines credentials and evaluates their authenticity. [800-103] (see also entity)

IP address

(I) A computer's internetwork address that is assigned for use by the Internet Protocol and other protocols. (C) An IP version 4 address is written as a series of four 8-bit numbers separated by periods. For example, the address of the host named 'rosslyn.bbn.com' is 192.1.7.10. (C) An IP version 6 address is written as x:x:x:x:x:x:x:x, where each 'x' is the hexadecimal value of one of the eight 16-bit parts of the address. For example, 1080:0:0:0:8:800:200C:417A and FEDC:BA98:7654:3210:FEDC:BA98:7654:3210. [RFC2828] (see also computer, network, protocols, version, internet)

ip payload compression protocol

Protocol used to perform lossless compression for packet payloads [800-77] (see also protocols)

IP security

Suite of protocols for securing Internet Protocol (IP) communications at the network layer, layer 3 of the OSI model by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment. [CNSSI-4009] (see also security)

IP splicing/hijacking

An action whereby an active, established, session is intercepted and co-opted by the unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the session or network layer. [NSAINT] (see also authentication, authorized, encryption, hijack attack, network, role, users, attack)

ip spoofing

An attack resulting from a system impersonating another system by using its IP network address. [misc] An attack whereby a system attempts to illicitly impersonate another system by using IP network address. [AFSEC][NSAINT] (see also impersonation, network, system, address spoofing, masquerade, spoof, spoofing)

IPsec Key Exchange (IKE)

(I) An Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP. [RFC2828] (see also association, authentication, establishment, internet, protocols, internet protocol security, internet security protocol, key)

irregular warfare

A violent struggle among state and non-state actors for legitimacy and influence over the relevant population(s). Irregular warfare favors indirect and asymmetric approaches, though it may employ the full range of military and other capacities, in order to erode an adversary's power, influence, and will. [DOD] (see also warfare)

IS related risk

The probability that a particular threat agent will exploit, or trigger, a particular information system vulnerability and the resulting mission/business impact if this should occur. IS-related risks arise from legal liability or mission/business loss due to (1) unauthorized (malicious, nonmalicious, or accidental) disclosure, modification, or destruction of information, (2) nonmalicious errors and omissions, (3) IS disruption due to natural or man-made disasters, and (4) failure to exercise due care and diligence in the implementation and operation of the IS. [SRV] (see also authorized, failure, information, malicious, operation, system, threat, vulnerability, risk)

IS security architecture

A description of security principles and an overall approach for complying with the principles that drive the system design; i.e. guidelines on the placement and implementation of specific security services within various distributed computing environments. [800-33][SP 800-27][SRV] (see also system, computer security)

isolation

The containment of subjects and objects in a system in such a way that they are separated from one another, as well as from the protection controls of the operating system. [AJP][NCSC/TG004][SRV] (see also control, system) (includes object, subject)

isolator

A device or assembly of devices that isolates or disconnects a telephone or Computerized Telephone System from all wires exiting a Special Access Program Facility and accepted as effective for security purposes by the Telephone Security Group. [DSS] (see also access, security)

issue

(I) Generate and sign a digital certificate (or CRL) and, usually, distribute it and make it available to potential certificate users (or CRL users). (C) The ABA Guidelines explicitly limit this term to certificate creation, and exclude the act of publishing. In general usage, however, 'issuing' a digital certificate (or CRL) includes not only certificate creation but also making it available to potential users, such as by storing it in a repository or other directory or otherwise publishing it. [RFC2828] (see also certificate, public-key infrastructure, users)

issue case

Case containing any issue information, even if fully mitigated. [DSS]

issuer

(I) 'Issuer' of a certificate or CRL: The CA that signs the digital certificate or CRL. (C) An X.509 certificate always includes the issuer's name. The name may include a common name value. (N) 'Issuer' of a payment card: SET usage: 'The financial institution or its agent that issues the unique primary account number to the cardholder for the payment card brand.' (C) The institution that establishes the account for a cardholder and issues the payment card also guarantees payment for authorized transactions that use the card in accordance with card brand regulations and local legislation. [RFC2828] (see also X.509, authorized, certificate, public-key infrastructure, Secure Electronic Transaction)

issuing authority

An entity that issues credentials, and that updates credential status after issuance. [800-103] (see also entity, update, authority)

IT default file protection parameters

System file protection options in effect for all files that have not had file protection parameters specified by explicit action of the file owner [NASA] (see also owner, system, access control, file)

IT resources

All assets associated with an IT system. Assets include but are not limited to the following: facilities housing IT; hardware consisting of computers, telecommunications systems and networks, and ancillary peripheral equipment; all firmware, software, and data; and raw supplies including magnetic media, computer paper, and film. [NASA] (see also communications, computer, software, system, telecommunications, resource)

IT security

All aspects related to defining, achieving, and maintaining confidentiality, integrity, availability, non-repudiation, accountability, authenticity, and reliability. [SC27] Information operations protect and defend information and IT systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of IT systems by incorporating protection, detection and reaction capabilities. [800-37] The state of security in an IT system. [AJP][JTC1/SC27] (see also computer security, Common Criteria Testing Laboratory, Common Criteria for Information Technology Security Evaluation, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, approved technologies list, approved test methods list, assure, audit, authentication, availability, center for information technology excellence, certification, compliance-based, confidentiality, conformant validation certificate, contingency plan, deliverables list, designated, designated laboratories list, emergency shutdown controls, ensure, evaluation, evaluation work plan, general controls, information, integrity, management control processes, non-repudiation, observation reports, operation, organization computer security representative, party, protection profile, residual risk, risk treatment, risk-based, security goals, security target, system, technology area, waiver, Automated Information System security) (includes IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security achitecture, IT security certification, IT security controls, IT security database, IT security goal, IT security incident, IT security objective, IT security plan, IT security policy, IT security product, IT security support functions)

IT security achitecture

IT security architecture

IT security awareness

The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. [SP 800-50] (see also security)

IT security certification

The issue, by an independent body, of a formal statement or certificate confirming the results of an evaluation of a TOE, and the fact that the evaluation criteria used were correctly applied. Note: this term could also be called 'TOE certification' to make its application clearer. [AJP][JTC1/SC27] (see also application, certificate, criteria, Automated Information System security, IT security, certification, computer security, target of evaluation)

IT security controls

The physical, electronic, and administrative IT security measures established and applied to IT facilities and IT hardware, firmware, software, and information to afford the appropriate level of protection and ensure integrity, availability, and confidentiality. [NASA] (see also availability, confidentiality, information, integrity, security controls, software, IT security, control, security)

IT security database

The primary tool used by the CCSM, DCCSM, and the IT Security Committee to manage the GRC IT Security Program. The IT security database contains the following information: the current roster of names and contact information for the CCSM, DCCSM, and OCSR's; the name of each IT system under GRC's cognizance and the type of system (e.g., CS or GSS), the category or categories of information stored, processed, or transmitted by that system; the name and contact information of the individual responsible for the security of that system; the date of the most recent IT security plan; the date of the next scheduled periodic review of security controls; the date that the system was authorized to process sensitive information; the date that the next annual review for significant changes is scheduled to be performed and the date that this annual review expires; dates names, and organizational or corporate affiliation of attendees at CCSM-sponsored training. [NASA] (see also authorized, control, information, process, program, system, IT security, security)

IT security education

IT Security Education seeks to integrate all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multidisciplinary study of concepts, issues, and principles (technological and social), and strives to produce IT security specialists and professionals capable of vision and proactive response. [SP 800-50] (see also security)

IT Security Evaluation Criteria

A compilation of the information which needs to be provided and actions which need to be taken in order to provide grounds for confidence that security evaluations will be carried out effectively and to a consistent standard throughout the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also confidence, information, standard, validation, Automated Information System security, IT security, computer security, criteria, evaluation)

IT Security Evaluation Methodology

A methodology which needs to be used by evaluation facilities in applying in order to give grounds for confidence that evaluations will be carried out effectively and to a consistent standard throughout the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also confidence, criteria, standard, validation, Automated Information System security, IT security, computer security, evaluation)

IT security goal

(see security goals) (see also IT security, security)

IT security incident

Any event or suspected event or vulnerability that affects the user community and could pose a threat to the integrity, availability, or confidentiality of GRC's data or systems. Security incidents are actions, activities, or deficiencies in the protection(s) of resources that involve, cause, or result in the possession of unauthorized knowledge, the wrongful disclosure of IT information, the unauthorized alteration of data or systems, or other computer-related action prohibited by law. [NASA] (see also authorized, availability, computer, confidentiality, information, integrity, resource, security-relevant event, system, users, vulnerability, IT security, incident, security incident)

IT security investment

An IT application or system that is solely devoted to security. For instance, intrusion detection systems (IDS) and public key infrastructure (PKI) are examples of IT security investments. [SP 800-65] (see also security)

IT security metrics

Metrics based on IT security performance goals and objectives. [SP 800-55] (see also security)

IT security objective

(see security objectives) (see also IT security, object, security)

IT security plan

A document that is published by the line manager of an IT system and presents the means by which that manager intends to secure the system. The security plan is required for all IT systems in the Federal Government, and the content is prescribed by OMB Circular A-130, appendix III. [NASA] (see also system, IT security, security)

IT security policy

Rules, directives and practices that govern how assets, including sensitive information, are managed, protected and distributed within an organization and its IT systems. [SC27] The 'documentation of IT security decisions' in an organization. NIST SP 800-12 categorizes IT Security Policy into three basic types: 1) Program Policy.high-level policy used to create an organization's IT security program, define its scope within the organization, assign implementation responsibilities, establish strategic direction, and assign resources for implementation. 2) Issue-Specific Policies.address specific issues of concern to the organization, such as contingency planning, the use of a particular methodology for systems risk management, and implementation of new regulations or law. These policies are likely to require more frequent revision as changes in technology and related factors take place. 3) System-Specific Policies.address individual systems, such as establishing an access control list or in training users as to what system actions are permitted. These policies may vary from system to system within the same organization. In addition, policy may refer to entirely different matters, such as the specific managerial decisions setting an organization's electronic mail (email) policy or fax security policy. [SP 800-35] (see also access, control, information, management, risk, system, users, IT security, computer security, policy)

IT security product

A package of IT software, firmware and/or hardware, providing functionality designed for use or incorporation within a multiplicity of systems. [CC2][CC21][SC27] (see also function, software, system, IT security, computer security)

IT security support functions

Ancillary functions that include but are not limited to security administration, user identification and password administration, and system and application software support [NASA] (see also application, identification, software, system, users, IT security, function, security)

IT security training

IT Security Training strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT security (e.g., management, systems design and development, acquisition, auditing). The most significant difference between training and awareness is that training seeks to teach skills, which allow a person to perform a specific function, while awareness seeks to focus an individual's attention on an issue or set of issues. The skills acquired during training are built upon the awareness foundation, in particular, upon the security basics and literacy material. [SP 800-50] (see also audit, development, management, security)

IT system

A specific IT installation, with a particular purpose and operational environment. [AJP][CC2][CC21][ITSEC][JTC1/SC27][NIAP][SC27] The set of agency information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of information. Categories of IT systems are major applications and general support systems. [800-37] (see automated information system)

IT-related risk

The net mission impact considering (1) the probability that a particular threat source will exercise (accidentally trigger or intentionally exploit) a particular information system vulnerability and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission loss due to

Unauthorized (malicious or accidental) disclosure, modification, or destruction of information
Unintentional errors and omissions
IT disruptions due to natural or man-made disasters
Failure to exercise due care and diligence in the implementation and operation of the IT system.

[800-30] The net mission/business impact (probability of occurrence combined with impact) from a particular threat source exploiting, or triggering, a particular information technology vulnerability. IT related-risks arise from legal liability or mission/business loss due to:

Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information.
Non-malicious errors and omissions.
IT disruptions due to natural or man-made disasters.
Failure to exercise due care and diligence in the implementation and operation of the IT.

[800-33] The net mission/business impact considering 1) the likelihood that a particular threat source will exploit, or trigger, a particular information system vulnerability, and 2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to: . Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information; . Non-malicious errors and omissions; . IT disruptions due to natural or man-made disasters; or . Failure to exercise due care and diligence in the implementation and operation of the IT. [SP 800-27] (see also authorized, information, malicious, operation, system, technology, threat, vulnerability, risk)

iteration

The use of a component more than once with varying operations. [CC2][CC21][SC27] (see also operation)

ITU-T

(N) International Telecommunications Union, Telecommunication Standardization Sector (formerly 'CCITT'), a United Nations treaty organization that is composed mainly of postal, telephone, and telegraph authorities of the member countries and that publishes standards called 'Recommendations'. (C) The Department of State represents the United States. ITU-T works on many kinds of communication systems. ITU-T cooperates with ISO on communication protocol standards, and many Recommendations in that area are also published as an ISO standard with an ISO name and number. [RFC2828] (see also International organization for standardization, communications, protocols, standard, system, telecommunications) (includes CCITT, Open Systems Interconnection Reference model)

jamming

An attack in which a device is used to emit electromagnetic energy on a wireless network's frequency to make it unusable. [SP 800-48] An attack that attempts to interfere with the reception of broadcast communications. [CNSSI-4009] Emitting electromagnetic energy on a wireless network's frequencies to make them unusable by the network. [800-94] (see also anti-jam, anti-jamming, attack, electronic attack, frequency hopping) (includes advanced self-protection jammer, meaconing, intrusion, jamming, and interference, radio frequency jamming)

Java

A new programming language invented by Sun Microsystems. It can be used as a general purpose application programming language with built-in networking libraries. It can also be used to write small applications called applets. [SRV] (see also application, network, program, system, software)

jitter

As it relates to queuing, the difference in latency of packets. [800-127] The time or phase difference between the data signal and the ideal clock. [800-82]

joint authorization

Security authorization involving multiple authorizing officials. [SP 800-37] (see also security, authorization)

joint personnel adjudication system

Centralized Department of Defense database of standardized personnel security processes; virtually consolidates the Department of Defense Central Adjudication Facilities by offering real-time information concerning clearances, access, and investigative statuses to authorized Department of Defense security personnel and other interfacing organizations (for example, Defense Security Service, Defense Manpower Data Center, Defense Civilian Personnel Management, and the Air Force Personnel Center). [DSS] (see also access, authorized, security)

joint task force-computer network defense

The focal point for defense of DOD computer networks and systems, monitoring incidents and potential threats, and coordinating across DOD to formulate and direct actions to stop or contain damage and restore network functionality. [CIAO] (see also damage, function, incident, system, threat, computer, computer network, network)

joint use agreement

Written agreement signed by two or more accrediting authorities whose responsibility includes information processed on a common Automated Information System or network. Such an agreement defines a Cognizant Security Authority and the security arrangements that will govern the operation of the network. [DSS] (see also security)

joint venture

A combination of two or more contractors without any actual partnership or corporation designation who perform or act jointly in a specific endeavor, such as the negotiation for or performance of a contract. [DSS]

JTC1 Registration Authority

An organisation appointed by the ISO and IEC councils to register objects in accordance with a JTC 1 procedural Standard. [SC27] (see also object, standard, authority, registration)

judgment sample

A sample in whose selection personal judgment plays a significant part, unlike a probability sample. Though judgment samples are sometimes required by practical considerations and may lead to satisfactory results, they do not lend themselves to analysis by standard statistical methods. [SRV] (see also analysis, standard)

judicial authority

An entity that performs dispute resolution; it may be a legal authority, or an arbitrator whose actions are agreed to by both parties involved in the dispute. [800-103] (see also entity, authority)

kerberos

(N) A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket-based, peer entity authentication service and access control service distributed in a client-server network environment. [R1510, Stei] (C) Kerberos was developed by Project Athena and is named for the three-headed dog guarding Hades. [RFC2828] A means of verifying the identities of principals on an open network. It accomplishes this without relying on the authentication, trustworthiness, or physical security of hosts while assuming all packets can be read, modified and inserted at will. It uses a trust broker model and symmetric cryptography to provide authentication and authorization of users and systems on the network. [SP 800-95] A third-party trusted host authentication system devised at MIT within Project Athena. The Kerberos authentication server is a central system that knows about every principal and its passwords. It issues tickets to principals who successfully authenticate themselves. These tickets can be used to authenticate one principal (e.g. a user) to another (e.g. a server application). Moreover, Kerberos sets up a session key for the principals that can be used to protect the privacy and the integrity of the communication. For this reason, the Kerberos system is also called a Key Distribution Center (KDC). [misc] A widely used authentication protocol developed at MIT. In 'classic' Kerberos, users share a secret password with a Key Distribution Center (KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is furnished a 'ticket' by the KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-to-KDC exchange. [800-63] A widely used authentication protocol developed at the Massachusetts Institute of Technology (MIT). In 'classic' Kerberos, users share a secret password with a Key Distribution Center (KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is furnished a 'ticket' by the KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-to- KDC exchange. Longer password length and complexity provide some mitigation to this vulnerability, although sufficiently long passwords tend to be cumbersome for users. [SP 800-63] (see also access, access control, application, attack, authorization, control, cryptography, entity, integrity, key, network, passwords, privacy, protocols, system, technology, trust, users, vulnerability, Simple Authentication and Security Layer, distributed computing environment, security software) (includes key distribution center, session key, third party trusted host model)

kernelized secure operating system (KSOS)

(see also system)

key

key agreement

(I) A key establishment method (especially one involving asymmetric cryptography) by which two or more entities, without prior arrangement except a public exchange of data (such as public keys), each computes the same key value. i.e. each can independently generate the same key value, but that key cannot be computed by other entities. (O) 'A method for negotiating a key value on line without transferring the key, even in an encrypted form, e.g. the Diffie-Hellman technique.' (O) 'The procedure whereby two different parties generate shared symmetric keys such that any of the shared symmetric keys is a function of the information contributed by all legitimate participants, so that no party can predetermine the value of the key.' (C) For example, a message originator and the intended recipient can each use their own private key and the other's public key with the Diffie-Hellman algorithm to first compute a shared secret value and, from that value, derive a session key to encrypt the message. [RFC2828] A key establishment procedure where resultant keying material is a function of information contributed by two or more participants, so that no party can predetermine the value of the keying material independent of the other party's contribution. [800-130] The process of establishing a shared secret key between entities in such a way that neither of them can predetermine the value of that key. [SC27] (see also algorithm, cryptography, encryption, establishment, function, information, message, process, public-key, shared secret, key)

key authentication

(N) 'The assurance of the legitimate participants in a key agreement that no non-legitimate party possesses the shared symmetric key.' [RFC2828] (see also assurance, authentication, key)

key bundle

The three cryptographic keys (Key1, Key2, Key3) that are used with a Triple Data Encryption Algorithm (TDEA) mode. [SP 800-67] (see also key)

key card

(see also key)

key center

(I) A centralized key distribution process (used in symmetric cryptography), usually a separate computer system, that uses key-encrypting keys (master keys) to encrypt and distribute session keys needed in a community of users. (C) An ANSI standard defines two types of key center: key distribution center and key translation center. [RFC2828] (see also computer, cryptography, encryption, process, standard, system, users)

key confirmation

(N) 'The assurance of the legitimate participants in a key establishment protocol that the intended parties sharing the symmetric key actually possess the shared symmetric key.' [RFC2828] A procedure to provide assurance to one party (the key confirmation recipient) that another party (the key confirmation provider) actually possesses the correct secret keying material and/or shared secret. [800-130] The assurance for one entity that another identified entity is in possession of the correct key. [SC27] (see also assurance, entity, establishment, protocols, key)

key confirmation from A to B

The assurance for entity B that entity A is in possession of the correct key. [SC27] (see also assurance, entity, key)

key control

The ability to choose the key, or the parameters used in the key computation. [SC27] (see also control, key)

key derivation function

A key derivation function outputs one or more shared secrets, used as keys, given shared secrets and other mutually known parameters as input. [SC27] (see also function, key)

key distribution

(I) A process that delivers a cryptographic key from the location where it is generated to the locations where it is used in a cryptographic algorithm. [RFC2828] (see also algorithm, cryptographic, key exchange, key management/exchange, process, key) (includes key distribution center, key distribution service)

key distribution center (KDC)

(I) A type of key center (used in symmetric cryptography) that implements a key distribution protocol to provide keys (usually, session keys) to two (or more) entities that wish to communicate securely. (C) A KDC distributes keys to Alice and Bob, who (a) wish to communicate with each other but do not currently share keys, (b) each share a KEK with the KDC, and (c) may not be able to generate or acquire keys by themselves. Alice requests the keys from the KDC. The KDC generates or acquires the keys and makes two identical sets. The KDC encrypts one set in the KEK it shares with Alice, and sends that encrypted set to Alice. The KDC encrypts the second set in the KEK it shares with Bob, and either sends that encrypted set to Alice for her to forward to Bob, or sends it directly to Bob (although the latter option is not supported in the ANSI standard). [RFC2828] COMSEC facility generating and distributing key in electronic form. [CNSSI][CNSSI-4009] (see also communications security, cryptography, encryption, entity, protocols, standard, trust, kerberos, key distribution, key management)

key distribution centre

An entity trusted to generate or acquire, and distribute keys to entities that each share a key with the KDC. [SC27] (see key distribution center) (see also key)

key distribution service

The service of distributing keys securely to authorized entities performed by a Key Distribution Center and described in ISO/IEC 11770-1. [SC27] (see also authorized, key, key distribution)

key entry

The process by which a key (and perhaps its associated Meta-data) is entered into a cryptographic module in preparation for active use. [800-130] (see also cryptographic, module, process, key)

key establishment

(I) A process that combines the key generation and key distribution steps needed to set up or install a secure communication association. (O) 'The procedure to share a symmetric key among different parties by either key agreement or key transport.' (C) Key establishment involves either key agreement or key transport:

Key transport: One entity generates a secret key and securely sends it to the other entity. (Or each entity generates a secret value and securely sends it to the other entity, where the two values are combined to form a secret key.)
Key agreement: No secret is sent from one entity to another. Instead, both entities, without prior arrangement except a public exchange of data, compute the same secret value. i.e. each can independently generate the same value, but that value cannot be computed by other entities.

[RFC2828] The process by which a key is securely shared between two or more security entities, either by transporting a key from one entity to another (key transport) or deriving a key from information shared by the entities (key agreement). [800-130] The process by which cryptographic keys are securely established among cryptographic modules using key transport and/or key agreement procedures. See Key Distribution. [CNSSI-4009] The process by which cryptographic keys are securely established among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key transport and/or key agreement protocols), or a combination of automated and manual methods (consists of key transport plus key agreement). [FIPS 140-2] The process of making available a shared secret key to one or more entities. Key establishment includes key agreement and key transport. [SC27] (see also association, entity, information, process, security, establishment, key)

key exchange

Process of exchanging public keys (and other information) in order to establish secure communications. [CNSSI][CNSSI-4009] The process of exchanging public keys in order to establish secure communications. [SP 800-32] (see also communications, information, key distribution, process, public-key, key) (includes Key Exchange Algorithm)

Key Exchange Algorithm (KEA)

(N) A key agreement algorithm that is similar to the Diffie-Hellman algorithm, uses 1024-bit asymmetric keys, and was developed and formerly classified at the 'Secret' level by NSA. (C) On 23 June 1998, the NSA announced that KEA had been declassified. [RFC2828] (see also National Security Agency, classified, algorithm, key, key exchange)

key expansion

Routine used to generate a series of Round Keys from the Cipher Key. [FIPS 197] (see also key)

key generating function

A function which takes as input a number of parameters, at least one of which shall be secret, and which gives as output keys appropriate for the intended algorithm and application. The function shall have the property that it shall be computationally infeasible to deduce the output without prior knowledge of the secret input. [SC27] (see also algorithm, application, property, function, key, key generation)

key generation

(I) A process that creates the sequence of symbols that comprise a cryptographic key. [RFC2828] (see also cryptographic, process, key) (includes key generating function, key generator)

key generation exponent

A positive integer known only to the trusted third party. [SC27] (see also trust, key)

key generation material

Random numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys. [SP 800-32; CNSSI-4009] (see also key)

key generator (KG)

(I) An algorithm that uses mathematical rules to deterministically produce a pseudo-random sequence of cryptographic key values. (I) An encryption device that incorporates a key generation mechanism and applies the key to plaintext (e.g. by exclusive OR-ing the key bit string with the plaintext bit string) to produce ciphertext. [RFC2828] (see also algorithm, cipher, cryptographic, encryption, random, key, key generation)

key label

A key label is a text string that provides a human-readable and perhaps machine-readable set of descriptors for the key. [800-130] (see also key)

key length

(I) The number of symbols (usually bits) needed to be able to represent any of the possible values of a cryptographic key. [RFC2828] (see also cryptographic, key)

key lifecycle

(see key lifecycle state) (see also key, lifecycle)

key lifecycle state

One of the set of finite states that describes the accepted use of a cryptographic key at that time in its lifetime including: Pre-Activation; Active; Suspended; Deactivated Revoked; Compromised; Destroyed; Destroyed Compromised. [800-130] (see also compromise, cryptographic, destruction, revoked state, key management, lifecycle) (includes active state, compromised state, deactivated state, destroyed compromised state, destroyed state, key state transition, pre-activation state, revoked state, suspended state)

key lifetime

(N) MISSI usage: An attribute of a MISSI key pair that specifies a time span that bounds the validity period of any MISSI X.509 public-key certificate that contains the public component of the pair. [RFC2828] (see also X.509, certificate, public-key, public-key infrastructure, key, multilevel information systems security initiative)

key list

Printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format. [CNSSI][CNSSI-4009] (see also key)

key loader

A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or a component of a key that can be transferred, upon request, into a cryptographic module. [CNSSI-4009] A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module. [FIPS 140-2][FIPS140] (see also cryptographic, module, key management)

key logger

A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures. [800-82][SP 800-82] (see also computer, encryption, keystroke logger, passwords, program, attack, key)

key management

(I) The process of handling and controlling cryptographic keys and related material (such as initialization values) during their lifecycle in a cryptographic system, including ordering, generating, distributing, storing, loading, escrowing, archiving, auditing, and destroying the material. (O) 'The generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy.' (O) 'The activities involving the handling of cryptographic keys and other related security parameters (e.g. IVs, counters) during the entire lifecycle of the keys, including their generation, storage, distribution, entry and use, deletion or destruction, and archiving.' [RFC2828] Supervision and control of the process whereby key is generated, stored, protected, transferred, loaded, used, and destroyed. [IATF] The activities involving the handling of cryptographic keys and other related security parameters (e.g. IVs, counters) during the entire lifecycle of the keys, including their generation, storage, distribution, entry and use, deletion or destruction, and archiving. [FIPS140] The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire lifecycle of the keys, including their generation, storage, establishment, entry and output, and zeroization. [FIPS 140-2; CNSSI-4009] The activities involving the handling of cryptographic keys and other related security parameters during the entire lifecycle of the keys, including the generation, storage, distribution, entry and use, deletion, destruction, and archiving. [SRV] The administration and use of the generation, registration, certification, deregistration, distribution, installation, storage, archiving, revocation, derivation and destruction of keying material in accordance with a security policy. [SC27] The handling and protection of keys used to encrypt or decrypt data. Key management is practiced during the generation, distribution, storage, and destruction of these keys. [NASA] (see also Cryptographic Message Syntax, Diffie-Hellman, FIPS PUB 140-1, FIREFLY, Federal Standard 1027, Rivest-Shamir-Adleman algorithm, Secure Data Network System, Standards for Interoperable LAN/MAN Security, application, asymmetric cryptography, audit, certification, communications security, control, cryptanalysis, cryptographic, cryptographic system, cryptographic token, cryptography, destruction, escrow, internet protocol security, one-time pad, policy, privacy enhanced mail, process, registration, revocation, secure hypertext transfer protocol, symmetric cryptography, system, token management, management, security) (includes Internet Security Association and Key Management Protocol, Key Management Protocol, Simple Key-management for Internet Protocols, automated key distribution, automated key management center, automated key management system, cryptographic key management system, electronic key entry, electronic key management system, key, key distribution center, key lifecycle state, key loader, key management application service element, key management center, key management identification number, key management infrastructure, key management ordering and distribution center, key management protocol data unit, key management system, key management system Agent, key management user agent, key management/exchange, key recovery, key-escrow, manual key distribution, manual key entry, simple key management for IP)

key management application service element (KMASE)

(see also application, key management)

key management center (KMC)

(see also key management)

key management device

A unit that provides for secure electronic distribution of encryption keys to authorized users. [CNSSI-4009] (see also users, key, management)

key management identification number (KMID)

(see also identification, key management)

key management infrastructure (KMI)

(KMI) All parts - computer hardware, firmware, software, and other equipment and its documentation; facilities that house the equipment and related functions; and companion standards, policies, procedures, and doctrine that form the system that manages and supports the ordering and delivery of cryptographic material and related information products and services to users. [CNSSI-4009] Framework and services that provide the generation, production, storage, protection, distribution, control, tracking, and destruction for all cryptographic key material, symmetric keys as well as public keys and public key certificates. [CNSSI] Framework established to issue, maintain, and revoke keys accommodating a variety of security technologies, including the use of software. Labeling Process of assigning a representation of the sensitivity of a subject or object [IATF] (see also certificate, control, cryptographic, object, process, public-key, software, subject, users, key management, management)

key management ordering and distribution center (KMODC)

(see also key management)

Key Management Protocol (KMP)

(N) A protocol to establish a shared symmetric key between a pair (or a group) of users. (One version of KMP was developed by SDNS, and another by SILS.) [RFC2828] (see also users, version, key management, protocols, security protocol)

key management protocol data unit (KMPDU)

(see also key management, protocols)

key management system (KMS)

(see also key management, system)

key management system Agent (KMSA)

(see also key management, system)

key management user agent (KMUA)

(see also key management, users)

key management/exchange

A method of electronically transmitting, in a secure fashion, a secret key for use with a secret key cryptographic system. Key management can be used to support communications privacy. This method can be accomplished most securely with public key cryptographic systems, which do not require the sharing of secret keys with third parties. Instead, a secret key is encrypted with a recipient's public key, and the recipient decrypts the result with his or her private key to receive the secret key. A variation of key management that is based on key exchange does not require encrypting the secret key. [AJP] (see also communications, cryptographic, key distribution, privacy, public-key, system, key management)

key material identification number

Unique number automatically assigned to each piece of Secure Telephone/Secure Telephone Equipment keying material by the Telephone/Secure Telephone Equipment. [DSS] (see also key)

key material identifier (KMID)

(N) MISSI usage: A 64-bit identifier that is assigned to a key pair when the public key is bound to a MISSI X.509 public-key certificate. [RFC2828] (see also X.509, certificate, public-key, public-key infrastructure, key, multilevel information systems security initiative)

key output

The process by which a key (and perhaps its bound metadata) are extracted from a cryptographic module (usually for remote storage). [800-130] (see also cryptographic, metadata, module, process, key)

key owner

An entity (e.g., person, group, organization, device, module) authorized to use a cryptographic key or key pair and whose identity is associated with a cryptographic key or key pair. [800-130] (see also authorized, cryptographic, entity, identity, module, key, owner)

key pair

(I) A set of mathematically related keys--a public key and a private key--that are used for asymmetric cryptography and are generated in a way that makes it computationally infeasible to derive the private key from knowledge of the public key. (C) A key pair's owner discloses the public key to other system entities so they can use the key to encrypt data, verify a digital signature, compute a protected checksum, or generate a key in a key agreement algorithm. The matching private key is kept secret by the owner, who uses it to decrypt data, generate a digital signature, verify a protected checksum, or generate a key in a key agreement algorithm. [RFC2828] A public key and its corresponding private key; a key pair is used with a public key algorithm. [SP 800-21; CNSSI-4009] Public key and its corresponding private key as used in public key cryptography. [CNSSI] Two mathematically related keys having the properties that (1) one key can be used to encrypt a message that can only be decrypted using the other key, and 2) even knowing one key, it is computationally infeasible to discover the other key. [SP 800-32] (see also algorithm, cryptography, digital signature, encryption, owner, public-key, signature, system, key)

key processor (KP)

(see also key, process)

key production key (KPK)

Key used to initialize a keystream generator for the production of other electronically generated key. [CNSSI][CNSSI-4009] (see also key)

key recovery

(I) A process for learning the value of a cryptographic key that was previously used to perform some cryptographic operation. (I) Techniques that provide an intentional, alternate (i.e. secondary) means to access the key used for data confidentiality service in an encrypted association. (C) We assume that the encryption mechanism has a primary means of obtaining the key through a key establishment algorithm or protocol. For the secondary means, there are two classes of key recovery techniques--key escrow and key encapsulation:

'Key escrow': A key recovery technique for storing knowledge of
cryptographic key or parts thereof in the custody of one or more third parties called 'escrow agents', so that the key can be recovered and used in specified circumstances. Key escrow is typically implemented with split knowledge techniques. For example, the Escrowed Encryption Standard entrusts two components of a device-unique split key to separate escrow agents. The agents provide the components only to someone legally authorized to conduct electronic surveillance of telecommunications encrypted by that specific device. The components are used to reconstruct the device-unique key, and it is used to obtain the session key needed to decrypt communications.
'Key encapsulation': A key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that which only certain third parties called 'recovery agents' can perform the decryption operation to retrieve the stored key.
Key encapsulation typically allows direct retrieval of the secret key used to provide data confidentiality.

[RFC2828] A broad term that applies to many different techniques including key-escrow, commercial key recovery, cryptographic backup and recovery, and trusted third party. Implementations can include split knowledge using two or more trusted third parties and key encrypting keys. [KeyAll] Mechanisms and processes that allow authorized parties to retrieve the cryptographic key used for data confidentiality. [CNSSI][CNSSI-4009] (see also access, access control, algorithm, association, authorized, backup, communications, confidentiality, cryptographic, encryption, escrow, establishment, key-escrow, operation, process, protocols, retrieval, standard, telecommunications, trust, key management, recovery) (includes data key, encrypted key, key-encrypting key, key-escrow system, plaintext key, session key, split knowledge)

key resources

As defined in the Homeland Security Act, key resources are publicly or privately controlled resources essential to the minimal operations of the economy and government. [NIPP] (see also key)

key service unit

Electromechanical switching device that controls routing and operation of an analog telephone system. [DSS] (see also key)

key space

(I) The range of possible values of a cryptographic key; or the number of distinct transformations supported by a particular cryptographic algorithm. [RFC2828] (see also algorithm, cryptographic, key)

key state transition

The process of moving from one key lifecycle state to another. [800-130] (see also lifecycle, process, key, key lifecycle state)

key storage device (KSD)

(see also key)

key stream

Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key. [CNSSI][CNSSI-4009] (see also cipher, control, cryptographic system, process, security, system, key)

key tag

Identification information associated with certain types of electronic key. [CNSSI][CNSSI-4009] (see also identification, information, key)

key tape

Punched or magnetic tape containing key. Printed key in tape form is referred to as a key list. [CNSSI][CNSSI-4009] (see also key)

key token

Key management message sent from one entity to another entity during the execution of a key management mechanism. [SC27] (see also entity, message, key, tokens)

key translation center

(I) A type of key center (used in a symmetric cryptography) that implements a key distribution protocol to convey keys between two (or more) parties who wish to communicate securely. (C) A key translation center translates keys for future communication between Bob and Alice, who (a) wish to communicate with each other but do not currently share keys, (b) each share a KEK with the center, and (c) have the ability to generate or acquire keys by themselves. Alice generates or acquires a set of keys for communication with Bob. Alice encrypts the set in the KEK she shares with the center and sends the encrypted set to the center. The center decrypts the set, reencrypts the set in the KEK it shares with Bob, and either sends that encrypted set to Alice for her to forward to Bob, or sends it directly to Bob (although direct distribution is not supported in the ANSI standard). [RFC2828] (see also cryptography, encryption, protocols, standard, key)

key translation centre (KTC)

An entity trusted to translate keys between entities that each share a key with the KTC. [SC27] (see also entity, trust, key)

key transport

(I) A key establishment method by which a secret key is generated by one entity in a communication association and securely sent to another entity in the association. (O) 'The procedure to send a symmetric key from one party to other parties. As a result, all legitimate participants share a common symmetric key in such a way that the symmetric key is determined entirely by one party.' (C) For example, a message originator can generate a random session key and then use the Rivest-Shamir-Adleman algorithm to encrypt that key with the public key of the intended recipient. [RFC2828] A key establishment procedure whereby one party (the sender) selects and encrypts the keying material and then distributes the material to another party (the receiver). [800-130] The process of transferring a key from one entity to another entity, suitably protected. [SC27] The secure transport of cryptographic keys from one cryptographic module to another module. [FIPS 140-2; CNSSI-4009] (see also algorithm, association, encryption, entity, establishment, message, process, public-key, random, key)

key update

(I) Derive a new key from an existing key. [RFC2828] (see also key, update)

key updating

Irreversible cryptographic process for modifying key. [CNSSI][CNSSI-4009] (see also cryptographic, process, key)

key validation

(N) 'The procedure for the receiver of a public key to check that the key conforms to the arithmetic requirements for such a key in order to thwart certain types of attacks.' [RFC2828] (see also attack, public-key, requirements, key, validation)

key variable generator (KVG)

(see also key)

key wrap

A method of encrypting keying material (along with associated integrity information) that provides both confidentiality and integrity protection using a symmetric key algorithm. [SP 800-56A] (see also key)

key wrapping

A method of encrypting keys (along with associated integrity information) that provides both confidentiality and integrity protection using a symmetric key. [800-130] (see also information, integrity, key)

key-auto-key (KAK)

Cryptographic logic using previous key to produce key. [CNSSI][CNSSI-4009] (see also cryptographic, key)

key-encrypting key (KEK)

(I) A cryptographic key that is used to encrypt other keys, either DEKs or other KEKs, but usually is not used to encrypt application data. [RFC2828] A cryptographic key that is used for the encryption or decryption of other keys. [FIPS140] (see also application, cryptographic, encryption, key, key recovery)

key-encryption-key (KEK)

A key derived from the authorization key that is used to encrypt traffic encryption keys (TEK) during the TEK exchange. [800-127] Key that encrypts or decrypts other key for transmission or storage. [CNSSI][CNSSI-4009] (see also authorization, encryption, key)

key-escrow

1. The processes of managing (e.g., generating, storing, transferring, auditing) the two components of a cryptographic key by two key component holders. 2. A key recovery technique for storing knowledge of a cryptographic key, or parts thereof, in the custody of one or more third parties called 'escrow agents,' so that the key can be recovered and used in specified circumstances. [CNSSI-4009] A deposit of the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber's private key for the benefit of the subscriber, an employer, or other party, upon provisions set forth in the agreement. [SP 800-32] Keys are used to encrypt and decrypt files. key-escrow is used to store keys for use by third parties to access the data in encrypted files. [RFC2504] The processes of managing (e.g. generating, storing, transferring, auditing) the two components of a cryptographic key by two component holders. A key component is the two values from which a key can be derived. [SRV] The processes of managing (e.g., generating, storing, transferring, auditing) the two components of a cryptographic key by two key component holders. [FIPS 185] The system of giving a piece of a key to each of a certain number of trustees such that the key can be recovered with the collaboration of all the trustees. [NSAINT] (see also access, access control, audit, cryptographic, file, key recovery, process, system, trust, escrow, key management)

key-escrow system

A mechanism for the secure escrow and controlled release of secret or private encryption keys to law enforcement officials. A U.S. Federal standard specifying technology that provides a mechanism for the secure escrow of encryption keys, which can be used to intercept messages only by government officials acting under proper legal authorization. The standard relies on a key escrow chip, known as Clipper, programmed with the classified Skipjack algorithm. [SRV] A system that entrusts the two components comprising a cryptographic key (e.g., a device unique key) to two key component holders (also called 'escrow agents'). [FIPS 185; CNSSI-4009] An electronic means of reconstructing a secret key (for secret key encryption) or a private key (for public key encryption). The reconstructed key can then be used in a process to decrypt a communication. [AJP] (see also algorithm, authorization, classified, control, encryption, message, process, program, public-key, standard, technology, trust, escrow, key, key recovery, system)

keyed hash

(I) A cryptographic hash (e.g.,) in which the mapping to a hash result is varied by a second input parameter that is a cryptographic key. (C) If the input data object is changed, a new hash result cannot be correctly computed without knowledge of the secret key. Thus, the secret key protects the hash result so it can be used as a checksum even when there is a threat of an active attack on the data. There are least two forms of keyed hash:

A function based on a keyed encryption algorithm.
A function based on a keyless hash that is enhanced by combining (e.g. by concatenating) the input data object parameter with a key parameter before mapping to the hash result.

[RFC2828] (see also algorithm, attack, authentication, cryptographic, encryption, function, object, threat, hash, key)

keyed hash algorithm

Algorithm that creates a hash based on both a message and a secret key; also known as a hash message authentication code algorithm. [800-77] (see also authentication, code, message, algorithm, hash, key)

keying material

(I) Data (such as keys, key pairs, and initialization values) needed to establish and maintain a cryptographic security association. [RFC2828] Key, code, or authentication information in physical or magnetic form. [CNSSI] Key, code, or authentication information in physical, electronic, or magnetic form. [CNSSI-4009] The data (e.g. keys, initialisation values) necessary to establish and maintain cryptographic keying relationships. [SC27] (see also association, authentication, code, cryptographic, information, security, key)

keys used to encrypt and decrypt files

To make use of encryption, an end-user has to provide some secret, in the form of some data, usually called a key. [RFC2504] (see also encryption, users, file, key)

keystroke logger

A device that monitors and records keyboard usage. [800-83] (see also identity theft, key logger, keystroke monitoring, key)

keystroke monitoring

A specialized form of audit trail software, or a specially designed device, that records every key struck by a user and every character of the response that the AIS returns to the user. [NSAINT] The process used to view or record both the keystrokes entered by a computer user and the computer's response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails. [SP 800-12; CNSSI-4009] (see also audit, keystroke logger, response, software, users, attack, key)

killer packets

A method of disabling a system by sending Ethernet or IP packets which exploit bugs in the networking code to crash the system. [SRV] (see also code, network, system, attack)

kiosk

A publicly accessible computer terminal that permits customers to directly communicate with the financial institution via a network. [FFIEC] (see also access, access control, computer)

KMI operating account

A KMI business relationship that is established 1) to manage the set of user devices that are under the control of a specific KMI customer organization, and 2) to control the distribution of KMI products to those devices. [CNSSI-4009] (see also control)

KMI protected channel

A KMI Communication Channel that provides 1) Information Integrity Service; 2) either Data Origin Authentication Service or Peer Entity Authentication Service, as is appropriate to the mode of communications; and 3) optionally, Information Confidentiality Service. [CNSSI-4009] (see also authentication)

KMI-aware device

A user device that has a user identity for which the registration has significance across the entire KMI (i.e. the identity's registration data is maintained in a database at the PRSN level of the system, rather than only at an MGC) and for which a product can be generated and wrapped by a PSN for distribution to the specific device. [CNSSI-4009] (see also identity)

known-plaintext attack

(I) A cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs (although the analyst may also have other clues, such as the knowing the cryptographic algorithm). [RFC2828] (see also algorithm, analysis, cipher, cryptographic, cryptography, key, attack)

KOA agent

A user identity that is designated by a KOA manager to access PRSN product delivery enclaves for the purpose of retrieving wrapped products that have been ordered for user devices that are assigned to that KOA. [CNSSI-4009] (see also access, identity)

KOA manager

The Management Role that is responsible for the operation of one or KOA's (i.e. manages distribution of KMI products to the end cryptographic units, fill devices, and ADPs that are assigned to the manager's KOA). [CNSSI-4009] (see also management)

KOA registration manager

The individual responsible for performing activities related to registering KOAs. [CNSSI-4009]

label

See security label. [CNSSI] (see also security label)

labeled security protections

Elementary-level mandatory access control protection features and intermediate-level discretionary access control features in a TCB that uses sensitivity labels to make access control decisions. [CNSSI] (see also access, access control, control, trust, security)

laboratory attack

Use of sophisticated signal recovery equipment in a laboratory environment to recover information from data storage media. [CNSSI][SP 800-88; CNSSI-4009] (see also information, recovery, attack)

language

A framework for exchanging authentication and authorization information. Security typically involves checking the credentials presented by a party for authentication and authorization. SAML standardizes the representation of these credentials in an XML format called .assertions,. enhancing the interoperability between disparate applications. [SP 800-95] A protocol consisting of XML-based request and response message formats for exchanging security information, expressed in the form of assertions about subjects, between online business partners. [CNSSI-4009] Any means of conveying or communicating ideas; specifically, human speech; the expression of ideas by the voice; sounds, expressive of thought, articulated by the organs of the throat and mouth. [OVT] (see also authentication, authorization, automated information system, security)

language of temporal ordering specification (LOTOS)

(N) A language (ISO 8807-1990) for formal specification of computer network protocols; describes the order in which events occur. [RFC2828] (see also computer, computer network, network, protocols)

laptop

(see laptop computer) (see also portable computer system)

laptop computer

A portable computer usually powered by a rechargeable battery. The smaller versions are also called notebook computers. [CIAO] (see also automated information system, version, computer)

large scale integration (LSI)

(see also automated information system)

last mile broadband access

Communications technology that bridges the transmission distance between the broadband service provider infrastructure and the customer premises equipment. [800-127] (see also access)

lattice

A partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound. [AJP][TCSEC][TDI][TNI] (see also test, Bell-LaPadula security model)

lattice model

(I) A security model for flow control in a system, based on the lattice that is formed by the finite security levels in a system and their partial ordering. (C) The model describes the semantic structure formed by a finite set of security levels, such as those used in military organizations. (C) A lattice is a finite set together with a partial ordering on its elements such that for every pair of elements there is a least upper bound and a greatest lower bound. For example, a lattice is formed by a finite set S of security levels -- i.e. a set S of all ordered pairs (x, c), where x is one of a finite set X of hierarchically ordered classification levels (X1, ..., Xm), and c is a (possibly empty) subset of a finite set C of non-hierarchical categories (C1, ..., Cn) -- together with the 'dominate' relation. [RFC2828] (see also classification levels, classified, control, flow, system, test, Bell-LaPadula security model, model)

Law Enforcement Access Field (LEAF)

(N) A data item that is automatically embedded in data encrypted by devices that implement the Escrowed Encryption Standard. [RFC2828] (see also encryption, escrow, standard, Clipper chip, access)

law enforcement sensitive

Unclassified information of a sensitive and proprietary nature that if disclosed could cause harm to law enforcement activities by jeopardizing investigations, compromising operations, or causing life-threatening situations for confidential informants, witnesses, or law enforcement personnel. [DSS] (see also classified, threat)

lawful permanent resident

An individual having been lawfully accorded the privilege of residing permanently in the United States as an immigrant in accordance with the immigration laws, such status not having changed. [DSS]

Layer 2 Forwarding Protocol (L2F)

(N) An Internet protocol (originally developed by Cisco Corporation) that uses tunneling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user. [RFC2828] (see also internet, network, users, protocols, security protocol)

Layer 2 Tunneling Protocol (L2TP)

(N) An Internet client-server protocol that combines aspects of PPTP and L2F and supports tunneling of PPP over an IP network or over frame relay or other switched network. (C) PPP can in turn encapsulate any OSI layer 3 protocol. Thus, L2TP does not specify security services; it depends on protocols layered above and below it to provide any needed security. [RFC2828] (see also internet, network, protocols, security protocol, tunnel)

layer management entry (LME)

layer management interface (LMI)

(see also interface)

layered solution

The judicious placement of security protections and attack countermeasures that can provide an effective set of safeguards that are tailored to the unique needs of a customer's situation. [IATF] (see also attack, countermeasures, security)

lead

Single investigative element of a case requiring action. Leads include reference interviews, record checks, subject interviews, local agency checks, and national agency checks. [DSS] (see also subject)

leakage

Unauthorized, covert removal or the obtaining of copies of data from a computer system. [AFSEC] (see also authorized, computer, covert, system, threat)

leapfrog attack

Use of userid and password information obtained illicitly from one host to compromise another host. The act of TELNETing through one or more hosts in order to confuse a trace (a standard cracker procedure). [AFSEC][NSAINT] (see also compromise, information, passwords, standard, users, attack)

least privilege

(I) The principle that a security architecture should be designed so that each system entity is granted the minimum system resources and authorizations that the entity needs to do its work. (C) This principle tends to limit damage that can be caused by an accident, error, or unauthorized act. [RFC2828] A principle that requires that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. For certain applications, the most restrictive set of privileges could pertain to the lowest clearance. The application of this principle limits the damage that can result from accident, error, or unauthorized use of a system, such as an AIS. [AJP] Feature of a system in which operations are granted the fewest permissions possible in order to perform their tasks. The principle that requires that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use. [OVT] Principle requiring that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. Application of this principle limits the damage that can result from accident, error, or unauthorized use of an IS. [CNSSI] Principle that requires that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. Note: Application of this principle limits the damage that can result from accident, error, or unauthorized use of a system, such as an AIS. [FCv1] The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function. [CNSSI-4009] The principle that requires that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use. [NCSC/TG004][SRV] The security objective of granting users only those accesses they need to perform their official duties. [SP 800-12] This principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use. [TCSEC][TNI] (see also access, application, authorized, damage, entity, operation, resource, security, system, users, privilege) (includes need-to-know, subject)

least trust

The principal that a security architecture should be designed in a way that minimizes 1) the number of components that require trust, and 2) the extent to which each component is trusted. [CNSSI-4009] (see also security, trust)

legacy data

Legacy data is data and/or information that has not been standardized. [SRV] (see also automated information system, information, standard)

legacy systems

A legacy system is characterized by the following: (1) It was originally designed to meet the historical needs of the organization, (2) it was (or has become) critical to some aspects of business operations, and cannot be readily eliminated, (3) it has typically been modified so manytimes that few, if any, systems analysts or programmers understand the system as a whole, and (4) it does not have current documentation. Most legacy systems are also stovepipe systems. [SRV] A system that was originally designed to meet the historical needs of the organization, cannot be readily eliminated, and does not have current documentation. Most legacy systems are stovepipe systems. [SRV] A term commonly used to refer to existing computers systems and applications with which new systems or applications must exchange information. [FFIEC] (see also application, business process, computer, critical, information, operation, program, system)

letter of compelling need

Letter, signed by the Security Officer and Program Manager, used to justify or offset the risk related to accessing an individual not fully meeting access criteria. A Letter of Compelling Need describes the benefit to the specific Special Access Program by describing the candidate's unique talent, particular expertise, or critically needed skill. [DSS] (see also access, critical, risk, security)

letter of consent

Letter of Consent is no longer used. [DSS]

letter of intent

Letter from a Central Adjudication Facility to a subject, notifying of the Central Adjudication Facility's intent to deny/revoke security clearance/eligibility and the reasons for the proposed action. [DSS] (see also security, subject)

letterbomb

A piece of email containing live data intended to do malicious things to the recipient's machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to denial of service. [NSAINT] A piece of email containing live data intended to do malicious things to the recipient's machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to tragic. [AFSEC] (see also denial-of-service, malicious, email, threat)

level of concern

Rating assigned to a specific information system by the Designated Approving Authority. A separate Level of Concern is assigned to each Information System for Confidentiality, Integrity, and Availability. The Level of Concern for Confidentiality, Integrity, and Availability can be Basic, Medium, or High. The Level of Concern assigned to an Information System for Confidentiality is based on information it maintains processes and transmits. The Level of Concern assigned to an Information System for Integrity is based on the degree for resistance to unauthorized modifications. The Level of Concern assigned to an Information System for Availability is based on the needed availability of the information maintained, processed, and transmitted by the systems for mission accomplishment and how much too tolerance for delay is allowed. [DSS] Rating assigned to an IS indicating the extent to which protection measures, techniques, and procedures must be applied. High, Medium, and Basic are identified levels of concern. A separate Level-of-Concern is assigned to each IS for confidentiality, integrity, and availability. [CNSSI] Rating assigned to an information system indicating the extent to which protection measures, techniques, and procedures must be applied. High, Medium, and Basic are identified levels of concern. A separate Level-of-Concern is assigned to each information system for confidentiality, integrity, and availability. [CNSSI-4009] (see also authorized, availability, integrity)

level of protection

Extent to which protective measures, techniques, and procedures must be applied to ISs and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs. Levels of protection are: 1. Basic: IS and networks requiring implementation of standard minimum security countermeasures. 2. Medium: IS and networks requiring layering of additional safeguards above the standard minimum security countermeasures. 3. High: IS and networks requiring the most stringent protection and rigorous security countermeasures. [CNSSI] Extent to which protective measures, techniques, and procedures must be applied to information systems and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs. Levels of protection are: 1. Basic: information systems and networks requiring implementation of standard minimum security countermeasures. 2. Medium: information systems and networks requiring layering of additional safeguards above the standard minimum security countermeasures. 3. High: information systems and networks requiring the most stringent protection and rigorous security countermeasures. [CNSSI-4009] (see also assurance, countermeasures, information, information assurance, network, risk, security, standard, system, threat, vulnerability)

levels of concern

An expression of the criticality/sensitivity of an IT system in the areas of confidentiality, integrity, availability, and exposure, expressed qualitatively as high, moderate or low. The level of concern indicates the extent to which security controls must be applied to an IT system based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs. [800-37] (see also assurance, availability, confidentiality, control, critical, exposures, information, information assurance, integrity, risk, security, system, threat, vulnerability)

liability

Liability for something such as debt or crime is the legal responsibility for it; a technical term in law. [OVT]

license

An agreement by a contractor to permit the use of copyrighted software under certain terms and conditions. [SRV] (see also software)

lifecycle

The stages of an IT system's lifetime from conceptual design through disposal of asset at the end of useful life. [NASA] (see also active state, certificate management services, compromised state, deactivated state, destroyed compromised state, destroyed state, interface control document, key state transition, pre-activation state, revoked state, security event, software assurance, suspended state, system) (includes key lifecycle, key lifecycle state, lifecycle management, lifecycle stage)

lifecycle management

The process of administering an automated information system throughout its expected life, with emphasis on strengthening early decisions that affect system costs and utility throughout the system's life. [SRV] (see also information, process, system, automated information system, lifecycle)

lifecycle stage

An instance within the deliverable lifecycle that relates to the state of the deliverable. [SC27] (see also lifecycle)

light tower

A device containing a series of indicator lights and an embedded controller used to indicate the state of a process based on an input signal. [800-82] (see also control, process)

Lightweight Directory Access Protocol (LDAP)

(N) A client-server protocol that supports basic use of the X.500 Directory (or other directory servers) without incurring the resource requirements of the full Directory Access Protocol (DAP). (C) Designed for simple management and browser applications that provide simple read/write interactive directory service. Supports both simple authentication and strong authentication of the client to the directory server. [RFC2828] (see also application, authentication, requirements, resource, access, protocols, security protocol)

likelihood of occurrence

In Information Assurance risk analysis, a weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability. [CNSSI-4009] (see also assurance, risk, threat, vulnerability)

limited access authorization

Authorization for access to CONFIDENTIAL or SECRET information granted to non-U.S. citizens and immigrant aliens, which is limited to only that information necessary to the successful accomplishment of their assigned duties and based on a background investigation scoped for 10 years. [DSS] (see also United States citizen, access, authorization)

limited background investigation

Investigation consisting of a Personal Subject Interview; National Agency Check plus credit search; personal interviews with employers (3 years), residence and educational sources (3 years); and law enforcement searches (5 years). [DSS] (see also subject)

limited maintenance

COMSEC maintenance restricted to fault isolation, removal, and replacement of plug-in assemblies. Soldering or unsoldering usually is prohibited in limited maintenance. [CNSSI] COMSEC maintenance restricted to fault isolation, removal, and replacement of plug-in assemblies. Soldering or unsoldering usually is prohibited in limited maintenance. See Full Maintenance. [CNSSI-4009] (see also communications security)

limited network analyzer

A device that performs statistical analysis by counting packets or counting types of packets but cannot read packet content [NASA] (see also analysis, network)

limited rate initial preproduction (LRIP)

line conditioning

Elimination of unintentional signals or noise induced or conducted on a telecommunications or IS signal, power, control, indicator, or other external interface line. [CNSSI] Elimination of unintentional signals or noise induced or conducted on a telecommunications or information system signal, power, control, indicator, or other external interface line. [CNSSI-4009] (see also communications, control, interface, telecommunications)

line conduction

Unintentional signals or noise induced or conducted on a telecommunications or IS signal, power, control, indicator, or other external interface line. [CNSSI] Unintentional signals or noise induced or conducted on a telecommunications or information system signal, power, control, indicator, or other external interface line. [CNSSI-4009] (see also communications, control, interface, telecommunications)

line managers

GRC management officials accountable for assuring the integrity, availability, and confidentiality of sensitive/critical data, applications, and data processing installations. Line managers in this usage must be civil servants. [NASA] (see also application, availability, confidentiality, critical, integrity, process)

line of business

'lines of business' or 'areas of operation' describe the purpose of government in functional terms or describe the support functions that the government must conduct in order to effectively deliver services to citizens. Lines of business relating to the purpose of government and the mechanisms the government uses to achieve its purposes tend to be mission-based. Lines of business relating to support functions and resource management functions that are necessary to conduct government operations tend to be common to most agencies. The recommended information types provided in NIST SP 800-60 are established from the 'business areas' and 'lines of business' from OMB's Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.3 [SP 800-60] The following OMB-defined process areas common to virtually all federal agencies: Case Management, Financial Management, Grants Management, Human Resources Management, Federal Health Architecture, Information Systems Security, Budget Formulation and Execution, Geospatial, and IT Infrastructure. [SP 800-53] (see also management, security)

line supervision

Class I: Achieved through the use of Data Encryption Standard or algorithm based on the cipher feedback or cipher block chaining mode of encryption. Certification by the National Institute of Science and Technology or another independent testing laboratory is required. Class II: Systems in which transmission is based on pseudo random generated or digital encoding using an interrogation and response scheme throughout the entire communication, or Underwriter's Laboratory Class AA line supervision. The signal ust not repeat itself within a minimum 6-month period, Class II security shall be impervious to compromise using resistance, voltage, current, or signal substitution techniques. [DSS] (see also certification, compromise, security)

line-of-sight signal propagation

Electromagnetic signaling that is highly sensitive to radio frequency obstacles and therefore requires an unobstructed view between transmitting stations. [800-127]

linear predictive coding (LPC)

lines of business

'Lines of business' or 'areas of operation' describe the purpose of government in functional terms or describe the support functions that the government must conduct in order to effectively deliver services to citizens. Lines of business relating to the purpose of government and the mechanisms the government uses to achieve its purposes tend to be mission-based. Lines of business relating to support functions and resource management functions that are necessary to conduct government operations tend to be common to most agencies. The recommended information types provided in NIST SP 800-60 is established from the 'business areas' and 'lines of business' from OMB's Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.2 [800-60] (see also function, information, operation, resource, version)

link

(I) World Wide Web usage: See: hyperlink. (I) Subnetwork usage: A point-to-point communication channel connecting two subnetwork relays (especially one between two packet switches) that is implemented at OSI layer 2. (C) The relay computers assume that links are logically passive. If a computer at one end of a link sends a sequence of bits, the sequence simply arrives at the other end after a finite time, although some bits may have been changed either accidentally (errors) or by active wiretapping. [RFC2828] (see also communications, computer, hyperlink, network, world wide web)

link encryption

(I) Stepwise protection of data that flows between two points in a network, provided by encrypting data separately on each network link, i.e. by encrypting data when it leaves a host or subnetwork relay and decrypting when it arrives at the next host or relay. Each link may use a different key or even a different algorithm. [RFC2828] Encryption of information between nodes of a communications system. [CNSSI][CNSSI-4009] Link encryption encrypts all of the data along a communications path (e.g., a satellite link, telephone circuit, or T1 line). Since link encryption also encrypts routing data, communications nodes need to decrypt the data to continue routing. [SP 800-12] The application of online crypto-operations to a link of a communications system so that all information passing over the link is encrypted in its entirety. It provides end-to-end encryption within each link in a communications network. [SRV] (see also algorithm, application, communications, flow, information, key, network, operation, system, encryption)

list-oriented

A computer protection system in which each protected object has a list of all subjects authorized to access it. [AJP][NCSC/TG004] IS protection in which each protected object has a list of all subjects authorized to access it. [CNSSI] Information system protection in which each protected object has a list of all subjects authorized to access it. [CNSSI-4009] (see also ticket-oriented, access, access control, authorized, computer, system, authorization) (includes object, subject)

listserv

The most common kind of maillist, Listservs originated on BITNET but they are now common on the Internet. [AFSEC] (see also internet)

local access

Access to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network. [SP 800-53; CNSSI-4009] (see also access)

local agency check

Investigative check of places such as local police departments or courts to determine whether the subject has been involved in criminal conduct. A Local Agency Check is a part of Personnel Security Investigations except Entrance National Agency Check. [DSS] (see also criminal, security, subject)

local authority

Local Management Device/Key Processor (LMD/KP) - EKMS platform providing automated management of COMSEC material and generating key for designated users. [CNSSI-4009] Organization responsible for generating and signing user certificates in a PKI-enabled environment. [CNSSI-4009] Organization responsible for generating and signing user certificates. [CNSSI] (see also certificate, management, users, authority)

local logon

To employ user authentication to access IT directly [NASA] (see also access, users, logon)

local loop

A communications circuit connecting the telephone company central office with a subscriber's instrument. [SRV] (see also communications)

local management device (LMD)

local management device/key processor (LMD/KP)

EKMS platform providing automated management of COMSEC material and generating key for designated users. [CNSSI] (see also communications security, users, key, process)

local registration authority

(LRA) A Registration Authority with responsibility for a local community. [SP 800-32] A Registration Authority with responsibility for a local community in a PKI-enabled environment. [CNSSI-4009]

local requirements

Those for which separate analysis of the individual TCB subsets suffices to determine compliance for the composite TCB. [AJP][TDI] (see also global requirements, analysis, requirements, trusted computing base)

local-area network (LAN)

A communication system designed for intra-building data communications. A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables a device to interact with any other on the network. A user-owned, user-operated, high volume data transmission facility connecting a number of communicating devices (e.g. computers, terminals, word processors, printers, mass storage units) within a single building or several buildings within a physical area. [SRV] A computer communications system limited to no more than a few miles and using high-speed connections (2 to 100 megabits per second). A short-haul communications system that connects ADP devices in a building or group of buildings within a few square kilometers, including workstations, front-end processors, controllers, switches, and gateways. [NSAINT] A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables any device to interact with any other on the network. [800-82] A limited distance, high-speed data communication system that links computers into a shared system (two to thousands) and is entirely owned by the user. Cabling typically connects these networks. [IATF] (see also communications, computer, connection, control, gateway, process, system, users, wide-area network, network)

lock-and-key protection system

A protection system that involves matching a key or password with a specific access requirement. [AJP][NCSC/TG004] Protection system that involves matching a key or password with a specific access requirement. [CNSSI] (see also access, access control, assurance, passwords, key, system)

lockout

The action of temporarily revoking network or application access privileges, normally due to repeated unsuccessful logon attempts. [FFIEC] (see also access, access control, application, logon)

logged in

If an end-user has successfully proven to have legitimate access to a system, he is considered to be logged in. [RFC2504] (see also logon, access, automated information system, system, access control)

logging

The recording of user requests made to the firewall. Firewalls typically log all requests they handle, both allowed and rejected. For many firewall designs, logging requires a significant amount of processing overhead, especially when complex rule sets are in use. The type and amount of data logged varies by implementation. Testers may find it desirable to log equivalent data when comparing different DUT/SUTs. Some systems allow logging to take place on systems other than the DUT/SUT. [RFC2647] (see also audit trail, evidence, process, system, test, users, firewall)

logic bombs

(I) Malicious logic that activates when specified conditions are met. Usually intended to cause denial of service or otherwise damage system resources. [RFC2828] A form of sabotage in which a programmer inserts code that causes the program to perform a destructive action when some triggering event occurs, such as terminating the programmer's employment. [GAO] A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. [CNSSI-4009] A program or code fragment triggering an unauthorized, malicious act when some predefined condition occurs. The most common type is the 'time bomb,'which is programmed to trigger an unauthorized or damaging act long after the bomb is set. For example, a logic bomb may check the system date each day until it encounters the specified trigger date and then executes code that carries out its hidden mission. Because of the built-in delay, a logic bomb virus is particularly dangerous because it can infect numerous generations of backup copies of data and software before is existence is discovered. [DSS] A resident computer program that triggers the perpetration of an unauthorized act when particular states of the computer system are realized. [AJP][NCSC/TG004] A resident computer program which, when executed, checks for particular conditions or particular states of the computer system which, when satisfied, triggers the perpetration of an unauthorized act. [AFSEC] A small, malicious program that is activated by a trigger (such as a date or the number of times a file is accessed), usually to destroy data or source code. [CIAO] Also known as a Fork Bomb - A resident computer program which, when executed, checks for a particular condition or particular state of the computer system which, when satisfied, triggers the perpetration of an unauthorized act [NSAINT] Resident computer program triggering an unauthorized act when particular states of an IS are realized. [CNSSI] an instruction in a computer program that triggers a malicious act automatically. [FJC] (see also access, access control, authorized, backup, code, computer, damage, denial-of-service, file, malicious, program, resource, software, system, time bomb, virus, exploit)

logical access

A family of security controls in the technical class dealing with ensuring that logical access controls on the IT system restrict users to authorized transactions and functions. [800-37] (see also authorized, control, function, security, system, users, access)

logical access control

The process of limiting access to IT resources to authorized users, programs, processes, or other IT [NASA] (see also authorized, process, program, resource, users, access, control)

logical co-processing kernel (LOCK)

(see also process)

logical completeness measure

Means for assessing the effectiveness and degree to which a set of security and access control mechanisms meets security specifications. [CNSSI][CNSSI-4009] (see also access, access control, control, security)

logical perimeter

A conceptual perimeter that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system without a reliable human review by an appropriate authority. The location of such a review is commonly referred to as an 'air gap'. [CNSSI-4009] (see also users)

logical system definition

The planning of an automated information system prior to its detailed design. This would include the synthesis of a network of logical elements that perform specific functions. [SRV] (see also function, information, network, automated information system, system)

login

(I) The act of a system entity gaining access to a session in which the entity can use system resources; usually accomplished by providing a user name and password to an access control system that authenticates the user. (C) Derives from 'log' file', a security audit trail that records security events, such as the beginning of sessions, and who initiates them. [RFC2828] (see also logon, S/Key, access, audit, audit trail, backdoor, computer security technical vulnerability reporting program, control, control systems, default account, entity, ethernet sniffing, file, one-time passwords, passwords, repository, resource, secure shell, security-relevant event, single sign-on, system, telnet, tinkerbell program, access control) (includes anonymous and guest login, anonymous login, login prompt, remote login)

login prompt

The characters that are displayed when logging into a system to ask for user name and password. [RFC2504] (see also passwords, system, users, login)

logoff

To terminate authorized access of IT [NASA] (see also access, authorized, logon, access control)

logon

To establish authorized access of IT [NASA] (see also logged in, login, access, authorized, lockout, logoff, secure single sign-on, security-relevant event, access control, authentication) (includes automated logon sequences, console logon, failed logon, local logon, remote logon)

long title

Descriptive title of a COMSEC item. [CNSSI][CNSSI-4009] (see also communications security)

long-haul telecommunications

General purpose and special purpose long-distance facilities and services (including terminal equipment and local circuitry supporting the long-haul service) used to support the electromagnetic and/or optical dissemination, transmission, or reception or information by way of voice, data, video, integrated telecommunications, wire, or radio to or from the post, camp, base, or station switch and/or main distribution frame (except for trunk lines to the first-serving commercial central office for local communications services). That includes networks such as Federal Telecommunications System 2000, Digital Subscriber Network, Defense Data Network, the Automatic Digital Network, dedicated point-to-point service, and the primary inter-exchange carrier service associated with business or tie line to the local exchange carrier (example include Direct Distance Dialing, Foreign Exchange, Wide Area Telephone Service, or 900 service) and contractor-provided telecommunications including the interconnection of various functional Information Systems. [DSS] (see also connection, foreign)

loop

Usually this is the description of a process of computer programming steps or instructions which are designed to repeat until a condition is met. If the condition is nonexistent, processing the steps will be done ad-infinitum, this is then called an infinite loop. [AFSEC] (see also computer, process, program, risk)

loop key generator (LKG)

(see also key)

loophole

An error of omission or oversight in software or hardware that permits circumventing the system security policy. [AJP][NCSC/TG004] (see also policy, security, software, system, threat)

low impact

The loss of confidentiality, integrity, or availability that could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e. 1) causes a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; 2) results in minor damage to organizational assets; 3) results in minor financial loss; or 4) results in minor harm to individuals). [CNSSI-4009] (see also availability, damage, security)

low probability of detection (LPD)

Result of measures used to hide or disguise intentional electromagnetic transmissions. [CNSSI][CNSSI-4009][DSS] (see also risk)

low probability of intercept (LPI)

Result of measures to prevent the intercept of intentional electromagnetic transmissions. [CNSSI][DSS] Result of measures to prevent the intercept of intentional electromagnetic transmissions. The objective is to minimize an adversary's capability of receiving, processing, or replaying an electronic signal. [CNSSI-4009] (see also risk)

low-cost encryption/authentication device (LEAD)

(see also authentication, encryption)

low-impact system

An information system in which all three security objectives (i.e. confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low. [800-53][800-60][SP 800-37; SP 800-53; SP 800-60; FIPS 200] An information system in which all three security properties (i.e. confidentiality, integrity, and availability) are assigned a potential impact value of low. [CNSSI-4009] (see also availability, information, integrity, object, security, system)

lurking

Observing but not participating in; often used when referring to a Internet Service Provider's group. [AFSEC] (see also internet, threat)

MAC algorithm key

A key that controls the operation of a MAC algorithm. [SC27] (see also control, operation, algorithm, key)

machine controller

A control system/motion network that electronically synchronizes drives within a machine system instead of relying on synchronization via mechanical linkage. [800-82] (see also control systems, system, control)

macro virus

A virus that attaches itself to application documents, such as word processing files and spreadsheets, and uses the application's macro programming language to execute and propagate. [800-83] A virus that attaches itself to documents and uses the macro programming capabilities of the document's application to execute and propagate. [800-61][CNSSI-4009] A virus written in a macro language and placed within a document [NASA] (see also application, file, process, program, threat, virus)

magnetic media

Media on which data are stored magnetically, such as magnetic tapes and disks [NASA]

magnetic remanence

A measure of the magnetic flux density remaining after removal of the applied magnetic force. Refers to any data remaining on magnetic storage media after removal of the power. [AJP][NCSC/TG004] Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared. [CNSSI] Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared. See Clearing. [CNSSI-4009] (see also remanence, information, overwrite procedure)

mailbomb

The mail sent to urge others to send massive amounts of email to a single system or person with the intent to crash the recipient's system. Mailbombing is widely regarded as a serious offense. [AFSEC][NSAINT] (see also attack, system, email, threat)

mailbombing

Flooding a site with enough mail to overwhelm its e-mail system. Used to hide or prevent receipt of e-mail during an attack, or as a retaliation against a site. [SRV] (see mailbomb)

mailing list

A service that sends mail to everyone on a list whenever mail is sent to the service, allowing a group of people to exchange mail on a particular topic. [AFSEC] (see also internet)

main mode

Mode used in IPsec phase 1 to negotiate the establishment of an IKE SA through three pairs of messages. [800-77] (see also establishment, internet protocol security, internet security protocol, message)

maintainability

The effort required to locate and fix an error in an operational program or the effort required to modify an operational program (flexibility). [SRV] (see also availability, operation, program)

maintenance

Any act that either prevents the failure or malfunction of equipment or restores its operating capability. [800-82] The process of modifying a software system or component after delivery to correct faults, improve performance or other attributes, or adapt to a changed environment. [IEEE610] (see also fault, function, process, software, system)

maintenance hook

Special instructions (trapdoors) in software allowing easy maintenance and additional feature development. Since maintenance hooks frequently allow entry into the code without the usual checks, they are a serious security risk if they are not removed prior to live implementation. [CNSSI][CNSSI-4009] Special instructions in software to allow easy maintenance and additional feature development. These are not clearly defined during access for design specification. Hooks frequently allow entry into the code at unusual points or without the usual checks, so they are a serious security risk if they are not removed prior to live implementation. Maintenance hooks are special types of trap-doors. [AJP][NCSC/TG004] (see also access, access control, code, development, software, risk)

maintenance key

Key intended only for in-shop use. [CNSSI][CNSSI-4009] (see also key)

major application

A set of information resources (information and information technology) that satisfy a specific set of user requirements and require special attention to security because of the risk and magnitude of the harm that could result from the loss, misuse, unauthorized access to or unauthorized modification of the information within the application [NASA] An application system that requires special attention due to high risk and large magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information in the application. [SRV] An application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All federal applications require some level of protection. Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate. [OMB Circular A-130, App. III] An application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. A breach in a major application might comprise many individual application programs and hardware, software and telecommunications components. Major applications can be either a major software application or a combination of hardware/software where the only purpose of the system is to support a specific mission-related function. [800-37] (see also access, access control, authorized, communications, function, information, management, program, requirements, resource, risk, security, software, system, technology, telecommunications, unauthorized access, users, application)

major information system

An information system that requires special management attention because of its importance to an agency mission; its high development, operating, or maintenance costs; or its significant role in the administration of agency programs, finances, property, or other resources. [OMB Circular A-130, App. III] (see also development, management, program, property, resource, role, information, system)

malicious

harmful and/or unauthorized [misc] (see also Common Criteria for Information Technology Security, IS related risk, IT-related risk, agent, ankle-biter, antivirus tools, attack, attackers, backdoor, blacklist, blended attack, closed security environment, computer abuse, configuration control, cracker, dark-side hacker, data integrity, data integrity service, demon dialer, evasion, false negative, false positive, hackers, infection, information assurance, information assurance product, integrity, letterbomb, logic bombs, malware, man-in-the-middle attack, masquerade, mockingbird, open security, open security environment, payload, replay attacks, risk, rootkit, sandboxed environment, security, social engineering, spyware, threat, time bomb, trojan horse, trusted process, untrusted process, virus, vulnerability, worm) (includes malicious applets, malicious code, malicious code screening, malicious intruder, malicious logic, malicious program)

malicious applets

Small application programs automatically downloaded and executed that perform an unauthorized function on an IS. [CNSSI] Small application programs that are automatically downloaded and executed and that perform an unauthorized function on an information system. [CNSSI-4009] a program that misuses a computer's resources, modifies files on the hard disk, sends fake electronic mail, or steals passwords automatically. pagejacking appropriation of web site descriptions, key words, or links to draw consumers to a particular site which may be designed to facilitate unlawful activity. [FJC] (see also application, authorized, computer, file, function, key, program, resource, malicious, threat)

malicious code

(I) Hardware, software, or firmware that is intentionally included or inserted in a system for a harmful purpose. Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g., a Trojan horse. [OVT] A virus, worm, Trojan horse, or other code-based entity that infects a host. [800-61] Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. [AFSEC][AJP][NCSC/TG004][NSAINT] Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an IS. [CNSSI] Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code. [SP 800-53; CNSSI-4009] Software or firmware that is designed with the intent of having some adverse impact on the Confidentiality, Integrity, or Availability of an Information System. It may be included in hardware, software, firmware or data. Computer Viruses, Worms, Trojan Horses, Trapdoors, and Logic/Time Bombs are all malicious codes. Computer viruses pose the primary threat to Information System because of their reproductive capability. [DSS] Unauthorized subverting of programs or subverting of code that has been introduced into authorized software with the intent to damage to data, applications, or networks. Malicious code includes viruses, time bombs, logic bombs, Trojan horses, and worms. [NASA] (see also application, authorized, availability, damage, entity, integrity, malicious logic, process, program, software, system, code, malicious, threat) (includes backdoor, malware, rootkit, spyware, trojan horse, virus, worm)

malicious code screening

Screening is the process of monitoring for the presence of malicious code. Malicious code occurs in different forms, which may have different methods for screening. Malicious code can arrive through either media that are introduced to Information System or as mobile code that arrives through connections to other systems and networks. [DSS] (see also connection, malicious)

malicious intruder

An individual who intentionally gains access to a computer without authorization. Malicious intruders may be either insiders or outsiders. [NASA] (see also access, access control, authorization, computer, insider, malicious, threat)

malicious logic

(I) Hardware, software, or firmware that is intentionally included or inserted in a system for a harmful purpose. [RFC2828] Hardware, firmware, or software that is intentionally included or inserted in a system for a harmful purpose. [CNSSI-4009] Hardware, software, or firmware capable of performing an unauthorized function on an IS. [CNSSI] Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. [AFSEC][AJP][NCSC/TG004][NSAINT] Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. It is intentionally included in an IS for an unauthorized purpose. [AFSEC] In context of corruption, any hardware, firmware, or software (e.g. a computer virus) intentionally introduced into a system to modify system functions or data. [RFC2828] In context of incapacitation, any hardware, firmware, or software (e.g. logic bomb) intentionally introduced into a system to destroy system functions or resources. [RFC2828] In context of masquerade, any hardware, firmware, or software (e.g. Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic. [RFC2828] In context of misuse, any hardware, software, or firmware intentionally introduced into a system to perform or control execution of an unauthorized function or service. [RFC2828] (see also access, access control, authorized, computer, control, function, malicious code, resource, software, system, unauthorized access, users, virus, malicious, threat consequence)

malicious program

Source code incorporated into an application that directs an IS to perform an unauthorized, often destructive, action. [CIAO] (see also application, authorized, code, malicious, program, threat)

malware

(I) A contraction of 'malicious software'. (D) ISDs SHOULD NOT use this term because it is not listed in most dictionaries and could confuse international readers. [RFC2828] A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system or of otherwise annoying or disrupting the victim. [800-83][800-94][SP 800-83] A virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host. [SP 800-61] See Malicious Code. See also Malicious Applets and Malicious Logic. [SP 800-53; CNSSI-4009] Software designed and operated by an adversary to violate the security of a computer (includes, spyware, virus programs, root kits, Trojan horses) [800-130] Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code [800-82] (see also adversary, antispyware software, antivirus software, application, authorized, availability, blended attack, code, compromise, computer, covert, deny by default, disinfecting, entity, indication, information, integrity, malicious, on-access scanning, on-demand scanning, precursor, process, program, quarantine, quarantining, security, signature, software, spyware, system, virus, virus definitions, worm, malicious code)

man-in-the-middle

(I) A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data in order to masquerade as one or more of the entities involved in a communication association. (C) For example, suppose Alice and Bob try to establish a session key by using the Diffie-Hellman algorithm without data origin authentication service. A 'man in the middle' could (a) block direct communication between Alice and Bob and then (b) masquerade as Alice sending data to Bob, (c) masquerade as Bob sending data to Alice, (d) establish separate session keys with each of them, and (e) function as a clandestine proxy server between them in order to capture or modify sensitive information that Alice and Bob think they are sending only to each other. [RFC2828] An attack in which an attacker insert itself between two parties and pretends to be one of the parties. The best way to thwart this attack is for both parties to prove to each other that they know a secret that is only known to them. This is usually done by a digitally signing a message and sending it to the other party as well as asking the other party to send a digitally signed message. [misc] An attack that occurs when an adversary deceives an SS/MS to appear as a legitimate BS while simultaneously deceiving a BS to appear as a legitimate SS/MS. This may allow an adversary to act as a pass-through for all communications and to inject malicious traffic into the communications stream. [800-127] (see man-in-the-middle attack)

man-in-the-middle attack

(MitM) An attack on the authentication protocol run in which the attacker positions himself in between the claimant and verifier so that he can intercept and alter data traveling between them. [SP 800-63] A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association. [CNSSI-4009] An attack on the authentication protocol run in which the attacker positions himself in between the claimant and verifier so that he can intercept and alter data traveling between them. [800-63] (see also adversary, algorithm, association, attack, authentication, claimant, function, impersonation, information, key, malicious, message, protocols, verifier, attack)

management

Management Act

Title III of the E-Government Act requiring each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. [SP 800-63] (see also security, management)

management client

A configuration of a client node that enables a KMI external operational manager to manage KMI products and services by either 1) accessing a PRSN, or 2) exercising locally provided capabilities. An MGC consists of a client platform and an advanced key processor (AKP). [CNSSI-4009] (see also access, management)

management control processes

The methods and procedures established at GRC to assure that the requirements for a Center-level IT security program are implemented [NASA] (see also IT security, program, requirements, security, control, process)

management controls

Actions taken to manage the development, maintenance, and use of the system, including system-specific policies, procedures and rules of behavior, individual roles and responsibilities, individual accountability, and personnel security decisions. [CNSSI-4009] Controls that address management of the security aspects of the IT system and the management of risk for the system. Management controls include risk management, review of security controls, system lifecycle controls, processing authorization controls, and system security plan controls. [800-37] The security controls (i.e. safeguards or countermeasures) for an information system that focus on the management of risk and the management of information security. [800-82] The security controls (i.e. safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security. [SP 800-37; SP 800-53; SP 800-53A; FIPS 200] (see also authorization, countermeasures, development, information, information security, process, risk, risk management, security, security controls, system, control, management)

management countermeasure

A countermeasure that addresses any concern related to risk, system planning, or security assessment by an organization's management. [800-127] (see also assessment, risk, security)

management engineering plan (MEP)

management information base (MIB)

(see also information, internet)

management message

A message used for maintaining communications between an SS/MS and BS, i.e. establishing communication parameters, exchanging privacy settings, and performing system registration events (initial network entry, handoffs, etc.). These messages are not encrypted and are susceptible to eavesdropping attacks. [800-127] (see also attack, privacy)

management network

A separate network strictly designed for security software management. [800-94] (see also security, software, network)

management security controls

The security controls (i.e. safeguards or countermeasures) for an information system that focus on the management of risk and the management of information systems security. [CNSSI-4009] (see also risk, control, management, security)

management server

A centralized device that receives information from sensors or agents and manages them. Network-Based Intrusion Detection and Prevention System: An intrusion detection and prevention system that monitors network traffic for particular network segments or devices and analyzes the network and application protocol activity to identify and stop suspicious activity. [800-94] (see also application, identify, information, intrusion, intrusion detection, protocols, system)

mandatory access control (MAC)

(I) An access control service that enforces a security policy based on comparing (a) security labels (which indicate how sensitive or critical system resources are) with (b) security clearances (which indicate system entities are eligible to access certain resources). (C) This kind of access control is called 'mandatory' because an entity that has clearance to access a resource may not, just by its own volition, enable another entity to access that resource. (O) 'A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e. clearance) of subjects to access information of such sensitivity.' [RFC2828] A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e. clearance) of subjects to access information of such sensitivity. [AJP][FCv1][NCSC/TG004][TCSEC][TNI] A means of restricting access to objects based on the sensitivity (as represented by a security label) of the information contained in the objects and the formal authorization (i.e. clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity. [CNSSI-4009] A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e. clearance) of users to access information of such sensitivity. [SP 800-44] Access controls (which) are driven by the results of a comparison between the user's trust level or clearance and the sensitivity designation of the information. [FIPS 191] Access controls that cannot be made more permissive by users or subjects. They are based on information sensitivity represented by security labels for clearance and classification is often based on information flow rules. [SRV] Means of restricting access to objects based on the sensitivity of the information contained in the objects and the formal authorization (i.e. clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity. [CNSSI] Policy-based control methods of restricting access to a system's file/objects in which the administrators, not the resource owners, make access decisions that bear on or derive from access control policy. [IATF] (see also non-discretionary access control, authorization, classified, critical, entity, file, flow, information, object, owner, policy, resource, security, subject, system, trust, users, access, control)

mandatory declassification review

Review for declassification of classified information in response to a request for declassification that meets the requirements under sections 3.5 and 3.6 of Executive Order 12958. [DSS] (see also classified, requirements)

mandatory modification (MAN)

Change to a COMSEC end-item that NSA requires to be completed and reported by a specified date. [CNSSI] Change to a COMSEC end-item that NSA requires to be completed and reported by a specified date. See Optional Modification. [CNSSI-4009] (see also communications security)

manipulated variable

In a process that is intended to regulate some condition, a quantity or a condition that the control alters to initiate a change in the value of the regulated condition. [800-82] (see also control, process)

manipulation detection code (MDC)

(D) ISDs SHOULD NOT use this term as a synonym for 'checksum' because the word 'manipulation' implies protection against active attacks, which an ordinary checksum might not provide. Instead, if such protection is intended, use 'protected checksum' or some particular type thereof, depending on that is meant. If such protection is not intended, use 'error detection code' or some specific type of checksum that is not protected. [RFC2828] (see also attack, code)

manipulative communications deception

Alteration or simulation of friendly telecommunications for the purpose of deception. [CNSSI][DSS] (see also telecommunications, communications)

manual cryptosystem

Cryptosystem in which the cryptographic processes are performed without the use of cryptographic equipment or auto-manual devices. [CNSSI][CNSSI-4009] (see also cryptographic, process, cryptographic system, cryptography, system)

manual key distribution

The distribution of cryptographic keys, often in a plaintext form requiring physical protection, but using a non-electronic means, such as a bonded courier. [FIPS140] (see also cryptographic, key management)

manual key entry

The entry of cryptographic keys into a cryptographic module from a printed form, using devices such as buttons, thumb wheels or a keyboard. [FIPS140] (see also cryptographic, module, key management)

manual key transport

A non-automated means of transporting cryptographic keys by physically moving a device, document, or person containing or possessing the key or key component. [SP 800-57 Part 1] A nonelectronic means of transporting cryptographic keys. [FIPS 140-2] (see also key)

manual remote rekeying

Procedure by which a distant cryptographic equipment is rekeyed electrically, with specific actions required by the receiving terminal operator. Synonymous with cooperative remote rekeying. (Also see automatic remote keying.) [CNSSI] Procedure by which a distant cryptographic equipment is rekeyed electronically, with specific actions required by the receiving terminal operator. Synonymous with cooperative remote rekeying. See also Automatic Remote Keying. [CNSSI-4009] (see also key, rekey)

markup language

A system (as HTML or SGML) for marking or tagging a document that indicates its logical structure (as paragraphs) and gives instructions for its layout on the page for electronic transmission and display [CIAO] (see also system, internet, standard generalized markup language)

mask generation function

Function which maps strings of bits to strings of bits of arbitrary specified length, satisfying the following property

it is computationally infeasible to predict, give one part of the output but not the input, another part of the output.

[SC27] (see also property, function)

masquerade

A threat action whereby an unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity. [RFC2828] The pretense by an entity to be a different entity. [SC27] (see also impersonation, access, access control, alias, authorized, entity, malicious, system, threat consequence) (includes DNS spoofing, address spoofing, ip spoofing, masquerade attack, masquerading, mimicking, spoofing, spoofing attack)

masquerade attack

(I) A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity. [RFC2828] (see also entity, identity, system, attack, masquerade)

masquerading

A type of threat action whereby an unauthorized entity gains access to a system or performs a malicious act by illegitimately posing as an authorized entity. [CNSSI-4009] An attack in which an attacker pretends to be some one else. The best way to thwart this attack is to authenticate a principal by challenging it to prove its identity. [misc] Posing as an authorized user, usually in an attempt to gain access to a system. Synonymous with spoofing, mimicking, and impersonation. [AFSEC] See spoofing. [CNSSI] Synonymous with impersonation. [SRV] (see also access, access control, authentication, authorized, entity, identity, impersonation, spoof, system, users, attack, masquerade)

mass mailing worm

A worm that spreads by identifying e-mail addresses, often by searching an infected system, and then sending copies of itself to those addresses, either using the system's e-mail client or a self-contained mailer built into the worm itself. [800-83] (see also identify, system, worm)

mass-market software

Software that is (1) generally available to the public by sale, without restriction, from stock at retail selling points through over-the-counter, telephone, and mail transactions and (2) designed for user installation without substantial supplier support. [AJP] (see also COTS software, users, software, software product)

master control switch

Switch(es) located at the principal exits from an electronic equipment area to disconnect power to all electronic equipment located in the area. These switches are in addition to any emergency shutdown switches for individual units of equipment. [NASA] (see also control)

master crypto-ignition key

Key device with electronic logic and circuits providing the capability for adding more operational CIKs to a keyset. [CNSSI][CNSSI-4009] (see also operation, key)

master crypto-ignition key custodian

Individual at each node in a Community of Interest who is responsible for controlling and maintaining the Master Crypto-Ignition Key and programming the security features of the Secure Terminal Equipment. [DSS] (see also security, key)

master cryptographic ignition key

Key device with electronic logic and circuits providing the capability for adding more operational CIKs to a keyset. [CNSSI][CNSSI-4009] Match/matching - The process of comparing biometric information against a previously stored template(s) and scoring the level of similarity. [FIPS 201; CNSSI-4009] (see also key)

master file

A permanent or semipermanent record of information maintained over an extended period that can be used with transaction files. [SRV] (see also information, automated information system, file)

match

The process of comparing biometric information against a previously stored biometric data and scoring the level of similarity. [GSA] (see also information, process, biometrics)

material

Product or substance on or in which information is embodied. [DSS]

material symbol (MATSYM)

matrix

An 8 by 8 matrix in which each entry is a string of 8 bits in dedicated hash function 7. [SC27] (see also function, hash)

maximum tolerable downtime

The amount of time mission/business processes can be disrupted without causing significant harm to the organization's mission. [SP 800-34]

MD2

(N) A cryptographic hash that produces a 128-bit hash result, was designed by Ron Rivest, and is similar to MD4 and MD5 but slower. [RFC2828] (see also cryptographic, cryptography, hash)

MD4

(N) A cryptographic hash that produces a 128-bit hash result and was designed by Ron Rivest. [RFC2828] (see also cryptographic, cryptography, hash)

MD5

(N) A cryptographic hash that produces a 128-bit hash result and was designed by Ron Rivest to be an improved version of MD4. [RFC2828] (see also cryptographic, cryptography, hash, version)

meaconing, intrusion, jamming, and interference (MIJI)

(see also communications security, intrusion, jamming)

mean

A measure of central tendency that is used primarily with interval-ratio variables following symmetrical distributions; the sum of all the values in a set of observations divided by the number of observations. Also known as the average or arithmetic mean, it indicates the typical value for a set of observations. If five students make the grades 15, 75, 80, 95, and 100, the mean is 73. [SRV]

mean absolute deviation (MAD)

A measure of the difference between the individual items in a population and the mean value. MAD is the average of the total unsigned differences. [SRV]

mean-time-between-failure (MTBF)

(see also failure)

mean-time-between-outages (MTBO)

(see also failure)

mean-time-to-fail (MTTF)

(see also failure)

mean-time-to-repair (MTTR)

(see also failure)

mean-time-to-service-restoral (MTSR)

(see also failure)

measure

The numerical value obtained by either direct or indirect measurement; may also be the input, output, or value of a metric. [SRV]

measurement and signature intelligence

Scientific and technical intelligence obtained by quantitative and qualitative analysis of data (metric, angle, spatial, wavelength, time dependence, modulation, plasma, and hydromagnetic). The data are derived from specific technical sensors for the purpose of identifying any distinctive features associated with the source, emitter, or sender. This facilitates subsequent identification and or measurement of the same. [DSS] (see also analysis, intelligence)

mechanisms

An assessment object that includes specific protection-related items (e.g., hardware, software, or firmware) employed within or at the boundary of an information system. [SP 800-53A] Operating system entry point or separate operating system support program that performs a specific action or related group of actions. [AJP][FCv1] (see also program, software, system)

media

Physical devices or writing surfaces including but not limited to magnetic tapes, optical disks, magnetic disks, Large Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system. [FIPS 200; SP 800-53; CNSSI-4009] Physical objects that store data, such as paper, hard disk drives, tapes, and compact disks (CDs). [FFIEC] Short for storage media: physical objects on which data can be stored, such as hard disks, CD-ROMs, floppy disks, and tape. [CIAO] (see also object)

media access control address

A hardware address that uniquely identifies each component of an IEEE 802-based network. On networks that do not conform to the IEEE 802 standards but do conform to the OSI Reference Model, the node address is called the Data Link Control (DLC) address. [800-53] (see also standard, access, control)

media library

An environmentally controlled area for the storage of magnetic media, such as magnetic tapes and disks [NASA] (see also control)

media protection

A family of security controls in the operations class dealing with the protection of system inputs and outputs from unauthorized exposure. [800-37] (see also authorized, control, exposures, operation, security, system)

media sanitization

A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission, e.g., establishing, operating, and securing a system interconnection. [CNSSI-4009] A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means. [SP 800-88] Memorandum of Understanding/Agreement - (MOU/A) A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission. In this guide, an MOU/A defines the responsibilities of two or more organizations in establishing, operating, and securing a system interconnection. [SP 800-47] The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means. [CNSSI-4009]

median

A measure of central tendency that is used primarily with ordinal variables and asymmetrically distributed interval-ratio variables; the middle measurement when the items are arranged in order of size or, if there is no middle one, then the average of the two middle ones. If five students make the grades 15, 75, 80, 95, and 100, the median is 80. [SRV]

MEI resource elements

As previously discussed, these are the broad categories of resources, all or portions of which constitute the minimal essential infrastructure necessary for a department, agency or organization to conduct its core mission(s). These resource elements are very similar to, but modified somewhat from, the COBIT framework used by ISACF. The definitions have been expanded to incorporate physical infrastructure vulnerability areas. [CIAO] (see also vulnerability, minimum essential infrastructure, resource)

memorandum of agreement

Written agreement among relevant parties that specifies roles, responsibilities, terms, and conditions for each party to reach a common goal. [DSS] (see memorandum of understanding)

memorandum of understanding

A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission. An MOU/MOA defines the responsibilities of two or more organizations in establishing, operating and securing a system interconnection. [800-37] (see also connection, system)

memory

A computer's internal capacity to store data, determined by the microchips installed. [CIAO] (see also computer)

memory component

Memory component is considered to be the Lowest Replaceable Unit in a hardware device. Memory components reside on boards, modules, and subassemblies. A board can be a module or may consist of several modules and subassemblies. [DSS]

memory resident

A virus that stays in the memory of infected systems for an extended period of time. [800-83] (see also system, virus)

memory scavenging

The collection of residual information from data storage. [CNSSI][CNSSI-4009] (see also information, automated information system, threat)

memory space-time

The integral over time of real memory space used during the execution of a job or transaction. [SRV]

merchant

(O) SET usage: 'A seller of goods, services, and/or other information who accepts payment for these items electronically.' A merchant may also provide electronic selling services and/or electronic delivery of items for sale. With SET, the merchant can offer its cardholders secure electronic interactions, but a merchant that accepts payment cards is required to have a relationship with an acquirer. [RFC2828] (see also information, Secure Electronic Transaction)

merchant certificate

(O) SET usage: A public-key certificate issued to a merchant. Sometimes used to refer to a pair of such certificates where one is for digital signature use and the other is for encryption. [RFC2828] (see also digital signature, encryption, key, public-key, signature, Secure Electronic Transaction, certificate)

merchant certification authority (MCA)

(O) SET usage: A CA that issues digital certificates to merchants and is operated on behalf of a payment card brand, an acquirer, or another party according to brand rules. Acquirers verify and approve requests for merchant certificates prior to issuance by the MCA. An MCA does not issue a CRL, but does distribute CRLs issued by root CAs, brand CAs, geopolitical CAs, and payment gateway CAs. [RFC2828] (see also certificate, gateway, Secure Electronic Transaction, authority, certification, public-key infrastructure)

merge access

The ability to combine data from two separate sources [CIAO] (see also access)

mesh PKI

(I) A non-hierarchical PKI architecture in which there are several trusted CAs rather than a single root. Each certificate user bases path validations on the public key of one of the trusted CAs, usually the one that issued that user's own public-key certificate. Rather than having superior-to-subordinate relationships between CAs, the relationships are peer-to-peer, and CAs issue cross-certificates to each other. [RFC2828] (see also certificate, key, trust, users, validation, public-key, public-key infrastructure)

message

message authentication code (MAC)

(MAC) A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. MACs provide authenticity and integrity protection, but not non- repudiation protection. [SP 800-63; FIPS 201] (MAC) A cryptographic checksum that results from passing data through a message authentication algorithm. [FIPS 198] 1. See Checksum. 2. A specific ANSI standard for a checksum. [CNSSI-4009] A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. [800-63] Data associated with an authenticated message allowing a receiver to verify the integrity of the message. [CNSSI] The string of bits that is the output of a MAC algorithm. NOTE - A MAC is sometimes called a cryptographic check value. [SC27] (see also data authentication code, algorithm, cryptographic, cryptography, data authentication code vs. Data Authentication Code, hash function, integrity, key, message integrity code, authentication, code, message) (includes hashed message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code)

message authentication code algorithm

An algorithm for computing a function which maps strings of bits and a secret key to fixed-length strings of bits, satisfying the following two properties:

for any key and any input string the function can be computed efficiently;
for any fixed key, and given no prior knowledge of the key, it is computationally infeasible to compute the function value on any new input string, even given knowledge of the set of input strings and corresponding function values, where the value of the ith input string may have been chosen after observing the value of the first i-1 function values.

NOTE 1 - A MAC algorithm is sometimes called a cryptographic check function. NOTE 2 - Computational feasibility depends on the specific security requirements and environment. [SC27] (see also cryptographic, cryptography, function, key, requirements, algorithm, code, message, message authentication code)

message authentication code vs. Message Authentication Code

(N) Capitalized: '(The) Message Authentication Code' refers to an ANSI standard for a checksum that is computed with a keyed hash that is based on DES. (Also known as the U.S. Government standard Data Authentication Code.) (C) The ANSI standard MAC algorithm is equivalent to cipher block chaining with IV = 0. (D) Not capitalized: ISDs SHOULD NOT use the uncapitalized form 'message authentication code', because this term mixes concepts in potentially misleading way. Instead, use 'checksum', 'error detection code', 'hash', 'keyed hash', 'Message Authentication Code', or 'protected checksum', depending on what is meant. (C) In the uncapitalized form, the word 'message' is misleading because it implies that the mechanism is particularly suitable for or limited to electronic mail, the word 'authentication' is misleading because the mechanism primarily serves a data integrity function rather than an authentication function, and the word 'code' is misleading because it implies that either encoding or encryption is involved or that the term refers to computer software. [RFC2828] (see also algorithm, cipher, computer, cryptography, email, encryption, function, hash, integrity, key, software, standard, code, message, message authentication code)

message authentication key

A key that validates the data authenticity of the key distribution messages sent from the BS to the SS/MS. [800-127] (see also authentication, key)

message digest

(D) ISDs SHOULD NOT use this term as a synonym for 'hash result' because it unnecessarily duplicates the meaning of the other, more general term and mixes concepts in a potentially misleading way. [RFC2828] A cryptographic checksum, typically generated for a file that can be used to detect changes to the file. Synonymous with hash value/result. [CNSSI-4009] A cryptographic checksum, typically generated for a file that can be used to detect changes to the file; Secure Hash Algorithm-1 (SHA-1) is an example of a message digest algorithm. [800-61] A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated. [SP 800-92] The fixed size result of hashing a message. [SRV] The result of applying a hash function to a message. Also known as a 'hash value' or 'hash output'. [SP 800-107] The result of applying a one-way function to a message. Depending on the cryptographic strength of the message digest algorithm, each message will have a reasonably unique digest. Furthermore, the slightest change to original message will result in a different digest. Message digest functions are called 'one-way' because knowing the message digest, one cannot reproduce the original message. Encrypted message digests give rise to integrity-protected messages. [misc] (see also algorithm, cryptographic, file, function, hash, integrity, property, signature, test, message) (includes message digest algorithm 5)

message digest algorithm 5

A message digest algorithm that digests a message of arbitrary size to 128 bits. MD5 is a cryptographic checksum algorithm. [misc] (see also cryptographic, algorithm, message, message digest)

message externals

Information outside of the message text, such as the header, trailer, etc. [CNSSI][CNSSI-4009] (see also information, message)

message handling system (MHS)

(I) A ITU-T/ISO system concept, which encompasses the notion of electronic mail but defines more comprehensive OSI systems and services that enable users to exchange messages on a store-and-forward basis. (The ISO equivalent is 'Message Oriented Text Interchange System'.) [RFC2828] (see also email, users, message, system)

message identifier

A field that may be used to identify a message. Typically, this field is a sequence number. [SRV] (see also identify, message)

message indicator (MI)

(D) ISDs SHOULD NOT use this term as a synonym for 'initialization value' because it mixes concepts in a potentially misleading way. [RFC2828] Sequence of bits transmitted over a communications system for synchronizing cryptographic equipment. [CNSSI-4009] Sequence of bits transmitted over a communications system for synchronizing cryptographic equipment. Some off-line cryptosystems, such as the KL-51 and one-time pad systems, employ message indicators to establish decryption starting points. [CNSSI] (see also communications, cryptographic system, cryptography, system, message)

message integrity check

(see message integrity code)

message integrity code

(D) ISDs SHOULD NOT use these terms because they mix concepts in a potentially misleading way. (The word 'message' is misleading because it suggests that the mechanism is particularly suitable for or limited to electronic mail. The word 'code' is misleading because it suggests that either encoding or encryption is involved, or that the term refers to computer software.) Instead, use 'checksum', 'error detection code', 'hash', 'keyed hash', 'Message Authentication Code', or 'protected checksum', depending on what is meant. [RFC2828] (see also authentication, computer, email, encryption, hash, key, message authentication code, software, code, integrity, message)

message passing

The means by which objects communicate. Individual messages may consist of the name of the message, the name of the target object to which it is being sent, and arguments, if any. When an object receives a message, a method is invoked and performs an operation that exhibits some part of the object's behavior. [SRV] (see also object, operation, target, message)

message representative

Bit string derived as a function of the message and that is combined with the private signature key to yield the signature. [SC27] (see also function, key, signature, message)

Message Security Protocol (MSP)

(N) A secure message handling protocol for use with X.400 and Internet mail protocols. Developed by NSA's SDNS program and used in the U.S. defense message system. [RFC2828] (see also National Security Agency, internet, program, system, message, protocols, security protocol)

meta-language

A language used to define the formal syntax and semantics of another language (generally a new language for computer applications). [800-130] (see also application, computer, semantics)

metadata

(1) Data referring to other data; data (such as data structures, indices, and pointers) that are used to instantiate an abstraction (such as 'process,' 'task,' 'segment,' 'file,' or 'pipe'). (2) A special database, also referred to as a data dictionary, containing descriptions of the elements (e.g. relations, domains, entities, or relationships) of a database. [AJP][TDI] Information used to describe specific characteristics, constraints, acceptable uses, and parameters of another data item (a cryptographic key in this document). [800-130] (see also CKMS, compromise, cryptographic, cryptographic key management system, destroyed compromised state, destroyed state, domain, file, generation, information, key, key output, process, registration, database management system) (includes bound metadata)

metrics

A random variable x representing a quantitative measure accumulated over a period. [NSAINT] An agreed upon quantitative measure of performance. [CIAO] Quantitative means of measuring software development. The definition, algorithm, or mathematical function used to make a quantitative assessment of a product or process. [SRV] Tools designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. [SP 800-55] (see also algorithm, assessment, function, process, random, software, software development)

metropolitan area networks (MAN)

(see also network)

microcode

The elementary computer instructions that correspond to an executable program instruction. [FIPS140] (see also computer, program, code, cryptographic module)

mid-level certification

More stringent than an entry-level certification, this certification level is appropriate for systems engendering moderate levels of concern for confidentiality, integrity, and/or availability. [800-37] (see also availability, confidentiality, integrity, system, certification)

middleware

Software that allows applications running on separate computer systems to communicate and exchange data. [GAO] (see also application, computer, software, system)

million instruction per second (MIPS)

(see also automated information system)

MIME Object Security Services (MOSS)

(I) An Internet protocol that applies end-to-end encryption and digital signature to MIME message content, using symmetric cryptography for encryption and asymmetric cryptography for key distribution and signature. MOSS is based on features and specifications of PEM. [RFC2828] (see also cryptography, digital signature, encryption, key, message, protocols, signature, internet, object, security protocol)

mimicking

See spoofing. [CNSSI] Synonymous with Impersonation, Masquerading or Spoofing. [NSAINT] (see also spoofing, impersonation, spoof, attack, masquerade)

min-entropy

A measure of the difficulty that an attacker has to guess the most commonly chosen password used in a system. In this document, entropy is stated in bits. When a password has n-bits of min-entropy then an attacker requires as many trials to find a user with that password as is needed to guess an n-bit random quantity. The attacker is assumed to know the most commonly used password(s). [800-63] (see also attack, attackers, passwords, random, system, users)

mine warfare

The strategic, operational, and tactical use of mines and mine countermeasures. Mine warfare is divided into two basic subdivisions: the laying of mines to degrade the enemy's capabilities to wage land, air, and maritime warfare; and the countering of enemy- laid mines to permit friendly maneuver or use of selected land or sea areas. [DOD] (see also warfare)

miniature receiver terminal (MRT)

miniature terminal (MINTERM)

minimalist cryptography

Cryptography that can be implemented on devices with very limited memory and computing capabilities, such as RFID tags. [SP 800-98] (see also cryptography)

minimum background investigation

The type of investigation that includes a National Agency Check and Inquiries, a credit record search, a face-toface personal interview between the investigator and the subject, and telephone inquiries to selected employers. A Minimum Background Investigation is typically reserved for public trust positions and/or when there is a break in Federal service. [DSS] (see also subject, trust)

minimum essential emergency communications network (MEECN)

minimum essential infrastructure (MEI)

minimum essential requirements (MER)

(see also requirements)

Minimum Interoperability Specification for PKI Components (MISPC)

(N) A technical description to provide a basis for interoperation between PKI components from different vendors; consists primarily of a profile of certificate and CRL extensions and a set of transactions for PKI operation. [RFC2828] (see also certificate, file, operation, profile, interoperability, public-key infrastructure)

minimum level of protection

The reduction in the Total Risk that results from the impact of in-place safeguards. [CIAO] (see also assurance, risk)

minor application

An application, other than a major application, that requires attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Minor applications are typically included as part of a general support system. [SP 800-18] (see also access, risk, security)

minor derogatory information

Information that, by itself, is not of sufficient importance or magnitude to justify an unfavorable administrative action in a personnel security determination. [DSS] (see also security)

minutiae

Key data points (especially ridge bifurcations and end lines) within an individual's fingerprint that can be extracted and used to match against the same individual's live fingerprint. [GAO] (see also biometrics)

mirroring

A process that duplicates data to another location over a computer network in real time or close to real time. [FFIEC] (see also availability, backup, computer, computer network, process)

misappropriation

A threat action whereby an entity assumes unauthorized logical or physical control of a system resource. [RFC2828] An attack in which the attacker steals or makes unauthorized use of a service. [800-127] (see also attack, authorized, control, entity, resource, system, threat consequence)

misnamed files

A technique used to disguise a file's content by changing the file's name to something innocuous or altering its extension to a different type of file, forcing the examiner to identify the files by file signature versus file extension. [SP 800-72; CNSSI-4009]

MISSI user

(O) MISSI usage: A system entity that is the subject of one or more MISSI X.509 public-key certificates issued under a MISSI certification hierarchy. (C) MISSI users include both end users and the authorities that issue certificates. A MISSI user is usually a person but may be a machine or other automated process. Some machines are required to operate non-stop. To avoid downtime needed to exchange the FORTEZZA cards of machine operators at shift changes, the machines may be issued their own cards, as if they were persons. [RFC2828] (see also Fortezza, X.509, certificate, certification, entity, key, process, public-key, public-key infrastructure, subject, system, multilevel information systems security initiative, users)

mission assurance category

(MAC) A Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) term primarily used to determine the requirements for availability and integrity. [CNSSI-4009] Applicable to Department of Defense information systems, the mission assurance category reflects the importance of information relative to the achievement of Department of Defense goals and objectives, particularly warfighters combat missions. Mission assurance categories are primarily used to determine the requirements for availability and integrity. The Department of Defense has three defined mission assurance categories: Mission Assurance Category I. Systems handling information determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. The consequences of loss of integrity or availability of a Mission Assurance Category I system are unacceptable and could include the immediate and sustained loss of mission effectiveness. Mission Assurance Category I systems require the most stringent protection measures. Mission Assurance Category II. Systems handling information important to the support of deployed and contingency forces. The consequences of loss of integrity are unacceptable. Loss of availability is difficult to deal with and can only be tolerated for a short time. The consequences could include delay or degradation in providing important support services or commodities that may seriously impact mission effectiveness or operational readiness. Mission Assurance Category II systems require additional safeguards beyond best practices to ensure adequate assurance. Mission Assurance Category III. Systems handling information that is necessary for conducting of dayto-day business, but does not materially affect support to deployed or contingency forces in the short-term. The consequences of loss of integrity or availability can be tolerated or overcome without significant impacts on mission effectiveness or operational readiness. The consequences could include the delay or degradation of services or commodities enabling routine activities. Mission Assurance Category III systems require protective measures, techniques or procedures generally commensurate with commercial best practices. [DSS] (see also availability, certification, object, requirements, assurance)

mission critical

Any telecommunications or information system that is defined as a national security system (FISMA) or processes any information the loss, misuse, disclosure, or unauthorized access to or modification of, would have a debilitating impact on the mission of an agency. [800-60] Any telecommunications or information system that is defined as a national security system (Federal Information Security Management Act of 2002 - FISMA) or processes any information the loss, misuse, disclosure, or unauthorized access to or modification of, would have a debilitating impact on the mission of an agency. [SP 800-60] Mission/Business Segment - Elements of organizations describing mission areas, common/shared business services, and organization-wide services. Mission/business segments can be identified with one or more information systems which collectively support a mission/business process. [SP 800-30] Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness and must be absolutely accurate and available on demand (may include classified information in a traditional context, as well as sensitive and unclassified information). [CIAO] (see also access, authorized, classified, communications, information, information security, management, operation, process, security, system, telecommunications, vulnerability, critical)

mission critical system

A system supporting a core business activity or process. [SRV] (see also business process, process, critical, system)

mission essential

That information that is an essential portion of a unit's mandatory wartime capability. [DSS]

mission needs statement (MNS)

Describes the mission need or deficiency; identifies threat and projected threat environment [IATF] (see also threat)

misuse

A threat action that causes a system component to perform a function or service that is detrimental to system security. [RFC2828] (see also function, security, system, threat consequence)

misuse detection model

The system detects intrusions by looking for activity that corresponds to a known intrusion techniques or system vulnerabilities. Also known as Rules Based detection. [NSAINT] (see also intrusion, rules based detection, system, vulnerability, model, security policy model)

mitigation

Ongoing and sustained action to reduce the probability of or lessen the impact of an adverse incident. [NIPP] Pre-planned and coordinated operator reactions to infrastructure warning and/or incidents designed to reduce or minimize impacts; support and complement emergency, investigatory, and crisis management response; and facilitate reconstitution. [CIAO] (see also incident, response, risk management)

mnemonic

A symbol or expression that can help someone remember something. For example, the phrase 'Hello! My name is Bill. I'm 9 years old.' might help an individual remember a secure 10- character password of 'H!MniBI9yo.' [FFIEC]

mobile code

A program (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics. [SP 800-28] Software modules obtained from remote systems, transferred across a network, and then downloaded and executed on local systems without explicit installation or execution by the recipient. [CNSSI][DSS] Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient. [800-53][SP 800-53; SP 800-18] Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient. Note: Some examples of software technologies that provide the mechanisms for the production and use of mobile code include Java, JavaScript, ActiveX, VBScript, etc. [CNSSI-4009] Software that is transmitted from a remote system to a local system, then executed on the local system without the user's explicit instruction; examples of mobile code software are Java, JavaScript, VBScript, and ActiveX. [800-61] Software that is transmitted from a remote system to be executed on a local system, typically without the user's explicit instruction. [800-83] (see also information, module, program, software, system, users, code)

mobile code technologies

Software technologies that provide the mechanisms for the production and use of mobile code (e.g., Java, JavaScript, ActiveX, VBScript). [SP 800-53; SP 800-18] (see also software)

mobile device

Portable cartridge/disk-based, removable storage media (e.g., floppy disks, compact disks, USB flash drives, external hard drives, and other flash memory cards/drives that contain nonvolatile memory). Portable computing and communications device with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices). [SP 800-53]

mobile software agent

Programs that are goal-directed and capable of suspending their execution on one platform and moving to another platform where they resume execution. [SP 800-19] (see also software)

mobile subscribe

As defined in IEEE 802.16e-2005, an SS capable of moving at vehicular speeds and that supports enhanced power management modes of operation. MS devices typically have a small form factor and are self-powered, e.g., laptops, ultra-mobile portable computers, cellular telephones, or other portable electronic devices. [800-127]

mobile subscriber equipment (MSE)

mobile topology

A configuration similar to a cellular network, where multiple BSs collaborate and provide seamless communications over a distributed network to both SSs and MSs. [800-127]

mockingbird

A computer program or process which mimics the legitimate behavior of a normal system feature (or other apparently useful function) but performs malicious activities once invoked by the user. [AFSEC][NSAINT] (see also computer, function, malicious, process, program, system, users, threat)

mode

A measure of central tendency that is used primarily with nominal variables; the most frequent value of a set of numbers. If more students (of a given group) make 75 than any other one grade, then 75 is the mode. [SRV] (see mode of operation)

mode of operation

(I) Encryption usage: A technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application, such as applying a block cipher to a sequence of data blocks or a data stream. (I) System operation usage: A type of security policy that states the range of classification levels of information that a system is permitted to handle and the range of clearances and authorizations of users who are permitted to access the system. [RFC2828] A set of rules for operating on data with a cryptographic algorithm and a key; often includes feeding all or part of the output of the algorithm back into the input of the algorithm, either with or without additional data being processed. Examples are: Cipher Feedback; Output Feedback; Cipher Block Chaining. [800-130] An algorithm for the cryptographic transformation of data that features a symmetric key block cipher algorithm. [SP 800-38C] Description of the conditions under which an IS operates based on the sensitivity of information processed and the clearance levels, formal access approvals, and need-to-know of its users. Four modes of operation are authorized for processing or transmitting information: dedicated mode, system-high mode, compartmented/partitioned mode, and multilevel mode. [CNSSI] Description of the conditions under which an information system operates based on the sensitivity of information processed and the clearance levels, formal access approvals, and need-to-know of its users. Four modes of operation are authorized for processing or transmitting information: dedicated mode, system high mode, compartmented/partitioned mode, and multilevel mode. [CNSSI-4009] (see also access, access control, algorithm, application, authorization, authorized, cipher, classification levels, classified, cryptographic, encryption, information, key, policy, process, security, system, users, operation)

model

A representation of a set of components of a process, system, or subject area. A model is generally developed for understanding, analysis, improvement, and/or replacement of the process. [SRV] A very detailed description or scaled representation of one component of a larger system that can be created, operated, and analyzed to predict actual operational characteristics of the final produced component. [GSA] (see also *-property, CASE tools, OSI architecture, Standards for Interoperable LAN/MAN Security, analysis, client server, credentials, discrete event simulation, domain, energy-efficient computer equipment, finite state machine, formal development methodology, formal top-level specification, formal verification, internet vs. Internet, object, operation, process, prototyping, secure hypertext transfer protocol, security, security policy, simple security condition, simple security property, subject, system, ticket, top-level specification, tranquility, trusted subject, verification, world class organizations) (includes Bell-LaPadula security model, Biba Integrity model, Biba model, Clark Wilson integrity model, Open Systems Interconnection Reference model, TOE security policy model, anomaly detection model, as-is process model, formal model of security policy, formal security policy model, lattice model, misuse detection model, modeling or flowcharting, open system interconnection model, security model, security policy model, simulation modeling, third party trusted host model, to-be-process model)

model experimental development model/exploratory development model (XDM/X)

modeling or flowcharting

A graphic representation of the activities and subprocesses within a process and their interrelationships. [SRV] (see also process, flow, model)

modem

A device used to convert serial digital data from a transmitting terminal to a signal suitable for transmission over a telephone channel to reconvert the transmitted signal to serial digital data for the receiving terminal. [800-82] Acronym for modulator-demodulator. A device or application that permit a computer to transmit data over telephone lines by converting digital data to an analog signal. [CIAO] Device that electronically modulates and demodulates signals, hence the abbreviation 'modem.' [DSS] (see also application, computer)

moderate impact

The loss of confidentiality, integrity, or availability that could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e. 1) causes a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in significant damage to organizational assets; 3) results in significant financial loss; or 4) results in significant harm to individuals that does not involve loss of life or serious life threatening injuries). [CNSSI-4009] (see also availability, damage, security, threat)

moderate-impact system

An information system in which at least one security objective (i.e. confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high. [800-53][SP 800-53; SP 800-60; SP 800-37; FIPS 200] An information system in which at least one security objective (i.e. confidentiality, integrity, or availability) is assigned a potential impact value of moderate and no security objective is assigned a potential impact value of high. [CNSSI-4009] (see also availability, information, integrity, object, security, system)

modes of operation

A description of the conditions under which an AIS functions, based on the sensitivity of data processed and the clearance levels and authorizations of the users. Four modes of operation are authorized: (1a) An AIS is operating in the dedicated mode when the system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specific period of time. (1b) An AIS is operating in the dedicated mode when each user with direct or indirect individual access to the AIS, its peripherals, its remote terminals, or its remote hosts has all of the following: (a) a valid personnel clearance for all information on the system, (b) formal access approval for, and signed nondisclosure agreements for, all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs), and (c) a valid need-to-know for all information contained within the system. (2a) An AIS is operating in the system-high mode when each user with direct or indirect access to the AIS, its peripherals, remote terminals, or remote hosts has all of the following: (a) a valid personnel clearance for all information on the AIS, (b) formal access approval for, and signed nondisclosure agreements for, all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs), and (c) a valid need-to-know for some of the information contained within the AIS. (2b) An AIS is operating in the system-high mode when the system hardware and software are trusted only to provide discretionary protection between users. In this mode, the entire system, to include all components electrically and/or physically connected, must operate with security measures commensurate with the highest classification and sensitivity of the information being processed and/or stored. All system users in this environment must possess clearances and authorization for all information contained in the system. All system output must be clearly marked with the highest classification and all system caveats until the information has been reviewed manually by an authorized individual to ensure appropriate classifications and that caveats have been affixed. (3) An AIS is operating in the compartmented mode when each user with direct or indirect access to the AIS, its peripherals, remote terminals, or remote hosts has all of the following: (a) a valid personnel clearance for the most restricted information processed in the AIS, (b) formal access approval for, and signed nondisclosure agreements for, that information to which he or she is to have access, and (c) a valid need-to-know for that information to which he or she is to have access. (4) An AIS is operating in the multilevel mode when all the following statements are satisfied concerning users with direct or indirect access to the AIS, its peripherals, remote terminals, or remote hosts: (a) some do not have a valid personnel clearance for all the information processed in the AIS, (b) all have the proper clearance and have the appropriate formal access approval for that information to which they are to have access, and (c) all have a valid need-to-know for that information to which they are to have access. [AJP] (see also access, access control, authorization, authorized, classification levels, classified, control, function, information, process, program, security, software, system, trust, users, operation) (includes automated information system, dedicated security mode, multilevel device, multilevel secure, multilevel security mode, multiuser mode of operation, partitioned security mode, protection ring, single-level device, stand-alone, shared system, stand-alone, single-user system, system high, system low, system-high security mode)

modification/configuration control board (MCCB)

(see also control)

modular software

Software in the form of self-contained logical sections, or modules, that carry out well-defined processing actions. [SRV] (see also module, process, software)

modularity

Those attributes of the software that provide a structure of highly independent modules. [SRV] (see also module, software)

module

modulus

(I) The defining constant in modular arithmetic, and usually a part of the public key in asymmetric cryptography that is based on modular arithmetic. [RFC2828] A parameter that is a positive integer and a product of two distinct prime numbers. [SC27] A parameter that is a positive integer and a product of two distinct prime numbers. [ISO/IEC 10118-4: 1998] Integer used as a divisor of an integer dividend in order to obtain an integer remainder. [SC27] Integer used as a divisor of an integer dividend in order to obtain an integer remainder. [SC27] (see also cryptography, key, public-key)

monitor

A trusted third party monitoring the actions and events and is trusted to provide evidence about what was monitored. [SC27] (see also evidence, trust)

monitoring and evaluation

Is a continuous repetitive assessment process to keep a risk management process current and relevant. It includes, among other activities, external peer review, testing, and validation. [GAO] (see also assessment, process, risk, risk management, security testing, test, validation, evaluation)

Monitoring of Evaluations

The procedure by which representatives of the NIAP Oversight Body observe security evaluations in progress in order to gain confidence that a CCTL is carrying out its functions in a proper and professional manner. [NIAP] (see also confidence, function, security, Common Criteria Testing Laboratory, evaluation)

monolithic TCB

A TCB that consists of a single TCB subset. [AJP][TDI] (see also trusted computing base)

morris worm

(I) A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts. [RFC2828] (see also program, worm)

motion control network

The network supporting the control applications that move parts in industrial settings, including sequencing, speed control, point-to-point control, and incremental motion. [800-82] (see also application, control, network)

motion detection sensor

Alarm sensor that detects movement. [DSS]

motivation

The specific technical goal that a potential adversary wants to achieve by an attack, e.g. gain unauthorized access, modify, destroy or prevent authorized access. [IATF] (see also access, access control, adversary, attack, authorized, unauthorized access, security)

multi-hop problem

The security risks resulting from a mobile software agent visiting several platforms. [SP 800-19] (see also risk, security, software)

multi-hop relay topology

A configuration that extends a BS's coverage area by permitting SSs and MSs to relay traffic by acting as RSs. Data destined to an SS/MS outside of the BS's range is relayed through adjacent RSs. [800-127]

multi-releasable

A characteristic of an information domain where access control mechanisms enforce policy-based release of information to authorized users within the information domain. [CNSSI-4009] (see also access, control, users)

multi-security level

Capability to process information of different security classifications or categories by using periods processing or peripheral sharing. [CNSSI] (see also information, process, security)

multicast

A variant of broadcast, where information can be sent to selected recipients instead of all subscribers of a particular communications system. [SRV] (see also communications, information, system)

multifactor authentication

Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator. [SP 800-53] (see also authentication)

multihost based auditing

Audit data from multiple hosts may be used to detect intrusions. [NSAINT] (see also intrusion, audit, automated information system)

multilevel device

A device that is used in a manner that permits it to simultaneously process data of two or more security levels without risk of compromise. To accomplish this, sensitivity labels are normally stored on the same physical medium and in the same form (i.e. machine-readable or human-readable) as the data being processed. [AJP][NCSC/TG004][TCSEC][TNI] Equipment trusted to properly maintain and separate data of different security categories. [CNSSI] Equipment trusted to properly maintain and separate data of different security domains. [CNSSI-4009] (see also compromise, process, risk, security, trust, modes of operation)

multilevel information systems security initiative (MISSI)

(N) multilevel information systems security initiative, an NSA program to encourage development of interoperable, modular products for constructing secure network information systems in support of a wide variety of Government missions. [RFC2828] (see also network, program, National Security Agency, computer security, information, system) (includes MISSI user, SSO PIN, SSO-PIN ORA, certificate, certificate rekey, certification, certification hierarchy, compromised key list, domain, key, key lifetime, key material identifier, no-PIN ORA, organizational certificate, organizational registration authority, personality label, policy approving authority, policy creation authority, root, root registry, slot, subordinate certification authority, user PIN, user-PIN ORA)

multilevel mode

INFOSEC mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: a. some users do not have a valid security clearance for all the information processed in the IS; b. all users have the proper security clearance and appropriate formal access approval for that information to which they have access; and c. all users have a valid need-to-know only for information to which they have access. [CNSSI] Mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: 1) some users do not have a valid security clearance for all the information processed in the information system; 2) all users have the proper security clearance and appropriate formal access approval for that information to which they have access; and 3) all users have a valid need-to-know only for information to which they have access. [CNSSI-4009] (see also access, access control, information, operation, process, security, system, users)

multilevel secure

(I) A class of system that has system resources (particularly stored information) at more than one security level (i.e. has different types of sensitive resources) and that permits concurrent access by users who differ in security clearance and need-to-know, but is able to prevent each user from accessing resources for which the user lacks authorization. [RFC2828] A class of system containing information with different sensitivities that simultaneously permits access by users with different security clearances and needs-to-know, but prevents users from obtaining access to information for which they lack authorization. [AJP][NCSC/TG004][TCSEC][TNI] (see also access, access control, authorization, information, resource, security, system, users, modes of operation)

multilevel security (MLS)

A system that can simultaneously process data communications at different levels of classification while enforcing secure access and authorization. [IATF] Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization. [CNSSI][CNSSI-4009][DSS] (see also access, access control, classification levels, classified, communications, information, process, system, authorization, security) (includes controlled security mode)

multilevel security mode

(I) A mode of operation of an information system, that allows two or more classification levels of information to be processed concurrently within the same system when not all users have a clearance or formal access authorization for all data handled by the system. (C) This mode is defined formally in U.S. Department of Defense policy regarding system accreditation, but the term is also used outside the Defense Department and outside the Government. [RFC2828] The mode of operation that allows two or more classification levels of information to be processed simultaneously within the same system when some users are not cleared for all levels of information present. Compare Dedicated Security Mode, System-High Security Mode. [TNI] (see also access, access control, accreditation, authorization, classification levels, classified, information, operation, policy, process, system, users, modes of operation, security) (includes system-high security mode)

multimedia

A popular term for the integration of information in a single format, for example, an electronic document that may contain text, embedded voice, video, or images. [SRV] (see also information)

multinational warfare

Warfare conducted by forces of two or more nations, usually undertaken within the structure of a coalition or alliance. [DOD] (see also warfare)

multipartite virus

A virus that uses multiple infection methods, typically infecting both files and boot sectors. [800-83] (see also file, virus)

multiple access rights terminal

A terminal that may be used by more than one class of users; e.g. users with different access rights to data. [AJP][NCSC/TG004] (see also users, access)

multiple component incident

A single incident that encompasses two or more incidents. [800-61] (see also incident)

multiple facility organization

Legal entity (single proprietorship, partnership, association, trust, or corporation) composed of two or more facilities. [DSS] (see also trust) multiple input, multiple output technology:

multiple input, multiple output technology:

The use of multiple antennas and advanced signaling techniques to increase wireless network range, resiliency, and speed. [800-127]

multiple security levels

Capability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains. [CNSSI-4009] (see also trust, security)

multiple sources

Two or more source documents, classification guides, or combination of both. [DSS]

multipurpose internet mail extensions (MIME)

(I) An Internet protocol that enhances the basic format of Internet electronic mail messages to be able to use character sets other than US-ASCII for textual headers and text content, and to carry non-textual and multi-part content. [RFC2828] A specification for formatting non-ASCII messages so that they can be sent over the Internet. MIME enables graphics, audio, and video files to be sent and received via the Internet mail system. In addition to email applications, Web browsers also support various MIME types. This enables the browser to display or output files that are not in HTML format. The Internet Engineering Task Force (IETF) defined MIME in 1992. [IATF] (see also application, file, message, protocols, system, email, internet, security protocol) (includes secure multipurpose internet mail extensions)

multiuser mode of operation

A mode of operation designed for systems that process sensitive unclassified information in which users may not have a need-to-know for all information processed in the system. This mode is also for microcomputers processing sensitive unclassified information that cannot meet the requirements of the stand-alone mode of operation. [AJP][NCSC/TG004] (see also classified, computer, information, process, requirements, system, modes of operation, operation, users)

mutation analysis

(NBS) A method to determine test set thoroughness by measuring the extent to which a test set can discriminate the program from slight variants [mutants] of the program. Contrast with error seeding. A method to determine test case suite thoroughness by measuring the extent to which a test case suite can discriminate the program from slight variants (mutants) of the program. [OVT] (see also error seeding, program, test, analysis)

mutation testing

A testing methodology in which two or more program mutations are executed using the same test cases to evaluate the ability of the test cases to detect differences in the mutations. [OVT] (see also program, security testing, test)

mutual authentication

Entity authentication which provides both entities with assurance of each other's identity. [SC27] Occurs when parties at both ends of a communication activity authenticate each other. [SP 800-32] The process of both entities involved in a transaction verifying each other. [CNSSI-4009] (see also mutual entity authentication, assurance, entity, identity, unilateral authentication, authentication)

mutual entity authentication

Entity authentication which provides both entities with assurance of each other's identity. [SC27] (see also mutual authentication, assurance, identity, authentication, entity)

mutual forward secrecy

The property that knowledge of both A's and B's long-term private keys subsequent to a key agreement operation does not enable the opponent to recompute previously derived keys. [SC27] (see also key, operation, property, forward secrecy)

mutual recognition of certificates

Acknowledgment by one Party of the validity of the certificates issued by another Party and acceptance that they hold good in the first Party's country in exactly the same way as certificates issued by the first Party. [NIAP] (see also certificate)

mutual suspicion

(I) The state that exists between two interacting system entities in which neither entity can trust the other to function correctly with regard to some security requirement. [RFC2828] Condition in which two ISs need to rely upon each other to perform a service, yet neither trusts the other to properly protect shared data. [CNSSI] Condition in which two information systems need to rely upon each other to perform a service, yet neither trusts the other to properly protect shared data. [CNSSI-4009] (see also entity, function, system, trust, security)

mutually suspicious

The state that exists between interacting processes (subsystems or programs) in which neither process can expect the other process to function securely with respect to some property. [AJP][NCSC/TG004][OVT] (see also function, process, program, property, system, security)

n-bit block cipher

A block cipher with the property that plaintext blocks and ciphertext blocks are n bits in length. [SC27] (see also property, cipher)

nak attack

A penetration technique that capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts. [AFSEC][NSAINT][SRV] Negative Acknowledgment - A penetration technique that capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts. [NSAINT] (see also penetration, system, attack)

naming authority

An organizational entity responsible for assigning distinguished names (DNs) and for assuring that each DN is meaningful and unique within its domain. [SP 800-32]

narrowband network

A flexible, all purpose, two-way medium that supports transmission rates under 1.5 Mbps. [SRV] (see also network)

national agency check

Personnel security investigation consisting of a records review of certain national agencies including a technical fingerprint search of the files of the Federal Bureau of Investigation. [DSS] (see also security)

national agency check plus written inquiries

Personnel security investigation conducted by the Office of Personnel Management, combining a National Agency Check and written inquiries to law enforcement agencies, former employers and supervisors, references and schools. [DSS] (see also security)

national agency check with local agency checks and credit check

Personnel security investigation covering the past 5 to 7 years and consisting of a National Agency Check, financial review, verification of date and place of birth, and local agency checks. [DSS] (see also security)

National Communications System (NCS)

(see also communications, system)

national computer security assessment program

A program designed to evaluate the interrelationship of empirical data of computer security infractions and critical systems profiles, while comprehensively incorporating information from the CSTVRP (Computer Security Technical Vulnerability Reporting Program). The assessment will build threat and vulnerability scenarios that are based on a collection of facts from relevant reported cases. Such scenarios are a powerful, dramatic, and concise form of representing the value of loss experience analysis. [AJP] A program designed to evaluate the interrelationship of empirical data of computer security infractions and critical systems profiles, while comprehensively incorporating information from the CSTVRP. The assessment will build threat and vulnerability scenarios that are based on a collection of facts from relevant reported cases. Such scenarios are a powerful, dramatic, and concise form of representing the value of loss experience analysis. [NCSC/TG004] (see also analysis, critical, file, information, profile, system, threat, vulnerability, assessment, computer, computer security, program)

National Computer Security Center (NCSC)

(N) A U.S. Department of Defense organization, housed in NSA, that has responsibility for encouraging widespread availability of trusted computer systems throughout the Federal Government. It has established criteria for, and performs evaluations of, computer and network systems that have a trusted computing base. [RFC2828] Originally named the DoD Computer Security Center, the NCSC is responsible for encouraging the widespread availability of Trusted Computer Systems throughout the Federal Government. [AJP][NCSC/TG004] Originally named the DoD Computer Security Center, the NCSC is responsible for encouraging the widespread availability of trusted computer systems throughout the Federal Government. (AF9K_JBC.TXT) (NCSC) With the signing of NSDD-145; the NCSC is responsible for encouraging the widespread availability of trusted computer systems throughout the Federal Government. (NCSC-WA-001-85) [NSAINT] (see also National Security Agency, availability, criteria, evaluation, network, system, trust, computer, computer security) (includes trusted computer system)

National Computer Security Center glossary (NCSC/TG004)

Nat'l Computer Security Center, Trusted Network, Glossary of Computer Security Terms, NCSC-TG-004, Oct. 1988. [NCSC/TG004] (see also network, trust, computer, computer security)

National COMSEC Advisory Memorandum (NACAM)

(see also advisory, communications security)

National COMSEC Information Memorandum (NACSIM)

(see also communications security, information)

National COMSEC Instruction (NACSI)

(see also communications security)

National Cryptologic School (NCS)

(see also cryptography)

National Industrial Security Advisory Committee (NISAC)

(see also advisory, security)

national information assurance partnership (NIAP)

(N) An organization created by NIST and NSA to enhance the quality of commercial products for information security and increase consumer confidence in those products through objective evaluation and testing methods. (C) NIAP is registered, through the U.S. Department of Defense, as National Performance Review Reinvention Laboratory. NIAP functions include the following:

Developing tests, test methods, and other tools that developers and testing laboratories may use to improve and evaluate security products.
Collaborating with industry and others on research and testing programs.
Using the Common Criteria to develop protection profiles and associated test sets for security products and systems.
Cooperating with the NIST National Voluntary Laboratory Accreditation Program to develop a program to accredit private-sector laboratories for the testing of information security products using the Common Criteria.
Working to establish a formal, international mutual recognition scheme for a Common Criteria-based evaluation.

[RFC2828] A U.S. Government initiative designed to meet the security testing needs of both information technology producers and users [NIAP] A joint industry/government initiative, lead by NIST and NSA, to establish commercial testing laboratories where industry product providers can have security products tested to verify their performance against vendor claims. [IATF] Joint initiative between NSA and NIST responsible for security testing needs of both IT consumers and producers and promoting the development of technically sound security requirements for IT products and systems and appropriate measures for evaluating those products and systems. [CNSSI] Joint initiative between the National Security Agency and the National Institute of Standards and Technology responsible for security testing needs of both Information Technology consumers and producers and promoting the development of technically sound security requirements for Information Technology products and systems and appropriate measures for evaluating those products and systems. [DSS] (see also National Security Agency, accreditation, confidence, criteria, file, function, information security, object, profile, program, quality, requirements, security testing, system, technology, test, users, Common Criteria for Information Technology Security, National Institute of Standards and Technology, information, information assurance) (includes Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Evaluation Methodology, NIAP Common Criteria Evaluation and Validation Scheme, NIAP Oversight Body, National Voluntary Laboratory Accreditation Program, accreditation body, approved technologies list, approved test methods list, degausser products list, deliverables list, designated laboratories list, endorsed tools list, evaluated products list, preferred products list, validated products list)

national information infrastructure (NII)

Nationwide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. It includes both public and private networks, the internet, the public switched network, and cable, wireless, and satellite communications. [CNSSI] The nation-wide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. The NII encompasses a wide range of equipment, including cameras, scanners, keyboards, facsimile machines, computers, switches, compact disks, video and audio tape, cable, wire, satellites, fiber-optic transmission lines, networks of all types, monitors, printers and much more. The friendly and adversary personnel who make decisions and handle the transmitted information constitute a critical component of the NII. (Pending approval in JP 1-02) [NSAINT] The nationwide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. It includes both public and private networks, the Internet, the public switched network, and cable, wireless, and satellite communications. [DSS] (see also adversary, communications, computer, connection, critical, internet, key, network, users, information)

National Institute of Standards and Technology (NIST)

(N) A U.S. Department of Commerce agency that promotes U.S. economic growth by working with industry to develop and apply technology, measurements, and standards. Has primary Government responsibility for INFOSEC standards for unclassified but sensitive information. [RFC2828] (see also classified, information, information security, standard, technology) (includes Clipper chip, Common Criteria for Information Technology Security, Computer Security Objects Register, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Criteria Vol. I, Federal Information Processing Standards, Federal Standard 1027, Fortezza, NIAP Common Criteria Evaluation and Validation Scheme, advanced encryption standard, data authentication code, data encryption standard, national information assurance partnership, object identifier, party, validate vs. verify)

national intelligence

Intelligence, regardless of the source and including information gathered within or outside the United States that (a) pertains, as determined consistent with any guidance issued by the President, to more than one U.S. Government agency; and (b) involves: (i) threats to the United States, its people, property, or interest; (ii) the development, proliferation, or use of weapons of mass destruction; or (iii) any other matter bearing on U.S. national or homeland security. [DSS] (see also security, threat, intelligence)

National of the United States

Citizen of the United States or a person who, though not a citizen of the United States, owes permanent allegiance to the United States. [DSS] (see United States national)

national quality award (NQA)

(see also quality)

National Security Agency (NSA)

(N) A U.S. Department of Defense intelligence agency that has primary Government responsibility for INFOSEC for classified information and for unclassified but sensitive information handled by national security systems. [RFC2828] (see also Common Criteria for Information Technology Security, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, Message Security Protocol, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, Secure Data Network System, Type I cryptography, Type II cryptography, classified, information, information security, intelligence, national information assurance partnership, party, system, security) (includes CAPSTONE chip, Clipper chip, Fortezza, Skipjack, degausser, degausser products list, evaluated products list, multilevel information systems security initiative, preferred products list, rainbow series)

National Security Agency/Central Security Service

Director of the National Security Agency/Central Security Service is the authority for promulgating computer security policy, and is also the PA for security accreditation against that policy of all information systems and networks processing, using, storing, or producing cryptologic information. [DSS] (see also security)

National Security Decision Directive 145 (NSDD 145)

Signed by President Reagan on l7 September l984, this directive is entitled 'National Policy on Telecommunications and Automated Information System Security.' It provides initial objectives, policies, and an organizational structure to guide the conduct of national activities toward safeguarding systems that process, store, or communicate sensitive information; establishes a mechanism for policy development; and assigns implementation responsibilities. [NCSC/TG004] Signed by U.S. President Reagan on 17 September l984, this directive is entitled 'National Policy on Telecommunications and Automated Information System Security.' It provides initial objectives, policies, and an organizational structure to guide the conduct of national activities toward safeguarding systems that process, store, or communicate sensitive information; establishes a mechanism for policy development; and assigns implementation responsibilities. In 1990, National Security Directive 42 replaced NSDD 145, except for ongoing telecommunications protection activities mandated by NSDD 145 and Presidential Directive 24. [AJP] (see also communications, computer security, information, policy, process, system, telecommunications, security) (includes object, subcommittee on Automated Information System security, subcommittee on telecommunications security)

National Security Decision Directive (NSDD)

(see also security)

National Security Directive (NSD)

(see also security)

National Security Emergency Preparedness (NSEP)

(see also security)

national security information (NSI)

Information determined, pursuant to Executive Order 12958 or any predecessor order, requiring protection against unauthorized disclosure, and that is designated as such. [DSS] Information that has been determined pursuant to Executive Order 12958 as amended by Executive Order 13292, or any predecessor order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status. [800-53][SP 800-53A; SP 800-60; FIPS 200] Information that has been determined pursuant to Executive Order 12958 or any predecessor order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status. National security information includes Sensitive Compartmented Information (SCI) concerning or derived from intelligence sources, methods, or analytical processes, that is required to be handled within formal access control systems established by the Director of Central Intelligence. [800-37] Information that has been determined, pursuant to Executive Order 12958 (as amended) (Ref b.) or any predecessor order, to require protection against unauthorized disclosure. [CNSSI] (see also access, access control, authorized, classified, control, control systems, intelligence, process, system, information, security)

national security system

Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency.(i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. [44 U.S.C., SEC. 3542] [FIPS 200; SP 800-37; SP 800-53; SP 800-53A; SP 800-60] Any information system (including any telecommunications system) used or operated by an agency or by a contractor of any agency, or other organization on behalf of an agency, the function, operation, or use of which: I. involves intelligence activities; II. involves cryptologic activities related to national security; III. Involves command and control of military forces; IV. involves equipment that is an integral part of a weapon or weapon system; or V. subject to subparagraph (B), is critical to the direct fulfillment of military or intelligence missions; or is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. Subparagraph (B). Does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications). (Title 44 U.S. Code Section 3542, Federal Information Security Management Act of 2002.) [CNSSI-4009] Any information system (including any telecommunications system) used or operated by an agency or by a contractor of any agency, or other organization on behalf of an agency, the function, operation, or use of which: I. involves intelligence activities; II. involves cryptologic activities related to national security; III. involves command and control of military forces; IV. involves equipment that is an integral part of a weapon or weapon system; or V. subject to subparagraph (B), is critical to the direct fulfillment of military or intelligence missions; or is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (B). Does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications). (Title 44 U.S. Code Section 3542, Federal Information Security Management Act of 2002.) [CNSSI] Any information system (including any telecommunications system) used or operated by an agency or by a contractor on behalf of an agency, or any other organization on behalf of an agency ' (i) the function, operation, or use of which: involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapon system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. [800-60] IT system operated by the U.S. Government, its contractors, or agents that contains classified information or, as set forth in 10 U.S.C. Section 2315, that involve: intelligence activities or cryptologic activities related to national security, command and control of military forces, equipment that is an integral part of a weapon or weapon system, or equipment that is critical to the direct fulfillment of military or intelligence missions. [800-37] (see also application, authorized, classified, code, communications, control, criteria, critical, cryptography, foreign, function, information, information security, intelligence, management, operation, policy, subject, telecommunications, security, system)

National Security Telecommunications Advisory Committee (NSTAC)

National Security Telecommunications and Information Systems Security Advisory/Information Memorandum (NSTISSAM)

National Security Telecommunications and Information Systems Security Committee (NSTISSC)

The NSTISSC is composed of members from 21 U.S. Government executive branch departments and agencies, as well as observers representing 9 additional agencies. The NSTISSC provides a forum for discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems through the NSTISSC issuance system. More information can be found at http://www.nstissc.gov/. [CIAO] (see also operation, policy, communications, computer security, information, system, telecommunications)

National Security Telecommunications and Information Systems Security Directive (NSTISSD)

National Security Telecommunications and Information Systems Security Instruction (NSTISSI)

National Security Telecommunications and Information Systems Security Policy (NSTISSP)

national security-related information

Unclassified information related to national, national defense, or foreign relations of the United States. [DSS] (see also classified, foreign, security)

National Telecommunications and Information Administration (NTIA)

national telecommunications and information system security directives (NTISSD)

NTISS Directives establish national-level decisions relating to NTISS policies, plans, programs, systems, or organizational delegations of authority. NTISSDs are promulgated by the Executive Agent of the Government for Telecommunications and Information Systems Security, or by the Chairman of the NTISSC when so delegated by the Executive Agent. NTISSDs are binding upon all federal departments and agencies. [NCSC/TG004] Under NSDD 145, NTISS Directives established national-level decisions relating to NTISS policies, plans, programs, systems, or organizational delegations of authority. NTISSDs were promulgated by the Executive Agent of the U.S. Government for Telecommunications and Information Systems Security, or by the chairman of the NTISSC when so delegated by the executive agent. NTISSDs were binding upon all federal departments and agencies. [AJP] (see also authority, backup, program, communications, computer security, information, system, telecommunications)

National Telecommunications and Information Systems Security Advisory Memoranda/Instructions (NTISSAM)

NTISS Advisory Memoranda and Instructions provide advice, assistance, or information of general interest on telecommunications and systems security to all applicable federal departments and agencies. NTISSAMs/NTISSIs are promulgated by the U.S. National Manager for Telecommunications and Automated Information System Security and are recommendatory. [NCSC/TG004] Under NSDD (National Security Decision Directive) 145, NTISS Advisory Memoranda and Instructions provided advice, assistance, or information of general interest on telecommunications and systems security to all applicable U.S. federal departments and agencies. NTISSAMs/NTISSIs were promulgated by the U.S. National Manager for Telecommunications and Automated Information System Security. [AJP] (see also advisory, communications, computer security, information, system, telecommunications)

National Telecommunications and Information Systems Security Directive (NTISSD)

National Telecommunications and Information Systems Security Instruction (NTISSI)

National Telecommunications and Information Systems Security Policy (NTISSP)

National Voluntary Laboratory Accreditation Program (NVLAP)

The U.S. accreditation authority for commercial IT security evaluation facilities operating within the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also IT security, authority, computer security, criteria, evaluation, security, validation, accreditation, national information assurance partnership, program)

national vulnerability database

(NVD) The U.S. Government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g., FISMA). [http://nvd'nist'gov/] (see also management, security, vulnerability)

nations

Nations use cyber tools as part of their information- gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power--impacts that could affect the daily lives of U.S. citizens across the country. [GAO] (see also United States citizen, communications, cyberspace, entity, information, program, threat)

natural benchmark

A benchmark consisting of programs and data taken from an existing user workload. [SRV] (see also program, users)

natural disaster

A physical capability with the ability to destroy or incapacitate critical infrastructures. Natural disasters differ from threats due to the absence of intent. [CIAO] Any 'act of God' (e.g. fire, flood, earthquake, lightning, or wind) that disables a system component. [RFC2828] Any 'act of God' (e.g. power surge caused by lightning) that alters system functions or data. [RFC2828] (see also critical, critical infrastructures, function, system, threat consequence)

naval coastal warfare

Coastal sea control, harbor defense, and port security, executed both in coastal areas outside the United States in support of national policy and in the United States as part of this Nation's defense. [DOD] (see also control, policy, security, warfare)

naval expeditionary warfare

Military operations mounted from the sea, usually on short notice, consisting of forward deployed, or rapidly deployable, self-sustaining naval forces tailored to achieve a clearly stated objective. [DOD] (see also object, warfare)

naval nuclear propulsion information

Information, classified or unclassified, concerning design, arrangement, development, manufacture, testing, operation, administration, training, maintenance, and repair of propulsion plants of naval nuclear-powered ships and prototypes, including the associated nuclear support facilities. Information concerning equipment, components, or technology applicable to both naval nuclear and conventional propulsion plants is not considered Naval Nuclear Propulsion information when used in reference to conventional applications only, provided no association with naval nuclear propulsion can be directly identified from the information in question. [DSS] (see also classified)

naval special warfare

A designated naval warfare specialty that conducts operations in the coastal, riverine, and maritime environments. Naval special warfare emphasizes small, flexible, mobile units operating under, on, and from the sea. These operations are characterized by stealth, speed, and precise, violent application of force. [DOD] (see also application, warfare)

need for access

Determination that an employee requires access to a particular level of classified information to perform or assist in a lawful and authorized governmental function. [DSS] (see also authorized, classified, access)

need-to-know

(1) Access to, knowledge of, or possession of specific information required to carry out official duties. (2) The necessity for access to, knowledge of, or possession of specific information required to carry out official duties. [AJP] (I) The necessity for access to, knowledge of, or possession of specific information required to carry out official duties. (C) This criterion is used in security procedures that require a custodian of sensitive information, prior to disclosing the information to someone else, to establish that the intended recipient has proper authorization to access the information. [RFC2828] A method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. The terms 'need-to-know' and 'least privilege' express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes. [CNSSI-4009] Access to, knowledge of, or possession of specific information required to carry out official duties. [FCv1] Determination by an authorized holder of classified or proprietary information about whether a prospective recipient requires access to specific information to perform or assist in a lawful and authorized governmental function. [DSS] Necessity for access to, or knowledge or possession of, specific official information required to carry out official duties. [CNSSI] The necessity for access to, knowledge of, or possession of specific information required to carry out official duties. [800-37][NCSC/TG004] (see also access, authorized, classified, information, access control, least privilege) (includes need-to-know determination)

need-to-know determination

Decision made by an authorized holder of official information that a prospective recipient requires access to specific official information to carry out official duties. [CNSSI][CNSSI-4009] (see also access, authorized, information, authorization, need-to-know)

negative acknowledgment (NAK)

negative tests

Tests aimed at showing that software does not work (also called dirty testing); e.g., most effective tests. [OVT] (see also security testing, software, test)

negotiated acquisition

The method of contracting in which vendors submit proposals in response to a solicitation. The proposals are evaluated and terms negotiated prior to award. [SRV] (see also response)

net control station (NCS)

(see also control)

net present value (NPV)

net-centric architecture

A complex system of systems composed of subsystems and services that are part of a continuously evolving, complex community of people, devices, information and services interconnected by a network that enhances information sharing and collaboration. Subsystems and services may or may not be developed or owned by the same entity, and, in general, will not be continually present during the full lifecycle of the system of systems. Examples of this architecture include service-oriented architectures and cloud computing architectures. [SP 800-37]

network

A composition of a communications media and components attached to that medium whose responsibility is the transfer of information. Such components may include automated information systems, packet switches, telecommunications controllers, distribution centers, technical management, and control devices. It is a set of devices such as computers, terminals, and printers that are physically connected by a transmission medium so that they can communicate with each other. [SRV] A group of components that share information or interact with each other in order to perform a function. Normalize. In the context of the NIPP, the process of transforming risk-related data into comparable units. [NIPP] An open communications medium, typically the Internet, that is used to transport messages between the claimant and other parties. Unless otherwise stated no assumptions are made about the security of the network; it is assumed to be open and subject to active (e.g., impersonation, man-in-the-middle, session hijacking'¦) and passive (e.g., eavesdropping) attack at any point between the parties ( claimant, verifier, CSP or relying party). [800-63] Computing environment with more than one independent processor interconnected to permit communications and sharing of resources. Can be local area network or wide area network. [DSS] IS implemented with a collection of interconnected nodes. [CNSSI] IT system implemented with a collection of interconnected network nodes. [800-37] Information system implemented with a collection of interconnected nodes. [CIAO] Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices. [SP 800-53; CNSSI-4009] Two or more machines interconnected for communications. [NSAINT] (see also Chernobyl packet, Common Criteria for Information Technology Security, Defense Information Infrastructure, Estelle, Extensible Authentication Protocol, Guidelines and Recommendations for Security Incident Processing, IEEE 802.10, IP address, IP splicing/hijacking, Internet Assigned Numbers Authority, Internet Protocol Security Option, Internet worm, Java, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, NTCB partition, National Computer Security Center, National Computer Security Center glossary, National Telecommunications and Information Administration, OSI architecture, Open Systems Interconnection Reference model, Red book, SATAN, SOCKS, Secure Data Exchange, Secure Electronic Transaction, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, acceptable level of risk, acceptable use policy, access control, accreditation, accreditation range, address spoofing, alarm reporting, alarm surveillance, alert, application program interface, asynchronous transfer mode, attack, auditing tool, authenticate, authentication service, automated key distribution, automated security incident measurement, bandwidth, bastion host, brand, break, brouters, cascading, cellular transmission, checksum, circuit switching, class hierarchy, communication channel, component, computer, computer emergency response team, computer oracle and password system, computing security methods, confidentiality, connection, control, data source, datagram, designated approving authority, digital signature, diplomatic telecommunications service, distributed data, distributed database, distributed processing, downgrade, dual-homed gateway firewall, electronic benefit transfer, email security software, encrypt for transmission only, end system, end-to-end encryption, end-user, ethernet meltdown, evaluation assurance level, extranet, fault, file transfer, file transfer access management, file transfer protocol, filtering router, firewall, future narrow band digital terminal, gateway, global command and control system, global telecommunications service, goodput, gopher, government emergency telecommunications service, guard, hackers, hacking, homed, host, host-based firewall, hypertext transfer protocol, impersonation, information, initial transformation, insider attack, international telecommunication union, internet, internet control message protocol, internet protocol, internet vs. Internet, intranet, intrusion detection, intrusion detection systems, ip spoofing, kerberos, killer packets, language of temporal ordering specification, level of protection, link, link encryption, logical system definition, message, multilevel information systems security initiative, national information infrastructure, non-technical countermeasure, object, octet, on-line transaction processing, open system environment, open system interconnection model, open systems interconnection, open systems security, overt channel, packet, packet filtering, packet sniffer, packet switching, packet transfer mode, passive, password sniffing, passwords, perimeter-based security, phreaking, point-to-point tunneling protocol, pretty good privacy, private branch exchange, private decipherment transformation, proprietary protocol, protocol suite, protocols, proxy, purge, queuing theory, remote access software, remote authentication dial-in user service, remote login, residual risk, rootkit, router, router-based firewall, routing control, ruleset, sanitization, screened subnet firewall, screening router, secure profile inspector, secure shell, secure socket layer, security architecture, security gateway, security incident, security kernel, security management, security net control station, security range, security situation, security-compliant channel, server, signaling, signaling system 7, single sign-on, smurf, smurfing, sniffer, start-up KEK, state transition diagram, stealth probe, subject, superuser, synchronous flood, synchronous transmission, system, tcpwrapper, technical countermeasures, technology area, telecommunications, telnet, threat, tinkerbell program, topology, trace packet, traffic load, transaction file, transfer device, transfer time, transmission, transmission control protocol, transmission medium, transmission security, trusted identification forwarding, trusted process, tunnel, tunneled VPN, tunneling, tunneling router, user data protocol, users, vulnerability, web browser cache, web of trust, web vs. Web, wiretapping, worm, automated information system) (includes ARPANET, Advanced Research Projects Agency Network, Defense Information System Network, Defense Information Systems Network, Defense Information Systems Network Designated Approving Authority, Integrated services digital network, Network File System, Network Layer Security Protocol, Secure Data Network System, Trusted Network Interpretation Environment Guideline, ad hoc network, advanced intelligence network, advanced intelligent network, automatic digital network, bot-network operators, broadband network, centrally-administered network, communications, computer network, computer network attack, computer network defense, computer network exploitation, computer network operations, control network, defense switched network, encrypted network, external network, financial crimes enforcement network, global network information environment, ground wave emergency network, information system and network security, interconnected network , internal network, internetwork, internetwork private line interface, joint task force-computer network defense, limited network analyzer, local-area network, management network, metropolitan area networks, minimum essential emergency communications network, motion control network, narrowband network, network access, network access control, network address translation, network administrator, network analyzer, network architecture, network based, network behavior analysis system, network component, network configuration, network connection, network device, network discovery, network front-end, network information services, network interface card, network layer security, network level firewall, network management, network management architecture, network management protocol, network management software, network manager, network protocol stack, network reference monitor, network security, network security architecture, network security architecture and design, network security officer, network service worm, network services, network size, network sniffing, network sponsor, network system, network tap, network topology, network trusted computing base, network weaving, network worm, network-based intrusion prevention system, networking features of software, personal communications network, physically isolated network, protected network, robust security network, secure network server, security policy automation network, simple network management protocol, subnetwork, trusted network interpretation, unclassified internet protocol router network, unified network, unlimited network analyzer, unprotected network, value-added network, virtual network perimeter, virtual private network, wide-area network, wireless local area network)

network access

Access to an organizational information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet). [SP 800-53; CNSSI-4009] (see also access, network)

network access control

A feature provided by some firewalls that allows access based on a user's credentials and the results of health checks performed on the telework client device. [SP 800-41] (see also access, control, network)

network address translation (NAT)

A mechanism for mapping addresses on one network to addresses on another network, typically private addresses to public addresses. [800-77] A method of mapping one or more private, reserved IP addresses to one or more public IP addresses. In the interest of conserving the IPv4 address space, RFC 1918 proposed the use of certain private (reserved) blocks of IP addresses. Connections to public networks are made by use of a device that translates one or more RFC 1918 addresses to one or more public addresses--a network address translator (NAT). The use of private addressing also introduces a security benefit in that RFC 1918 addresses are not visible to hosts on the public Internet. Some NAT implementations are computationally intensive, and may affect bit forwarding rate. [RFC2647] (see also connection, internet, security, firewall, network)

network administrator

The individual responsible for the installation, management, and control of a network. [FFIEC] (see also control, network)

network analyzer

A hardware/software utility designed to capture, observe, and analyze traffic on the network. This activity is usually performed by disassembling packets on the network and retrieving protocol-specified fields or control commands. Contrast with limited network analyzer. [NASA] (see also control, protocols, software, network)

network architecture

The philosophy and organizational concept for enabling communications among data processing equipment at multiple locations. The network architecture specifies the processors and terminals, and defines the protocols and software that must be used to accomplish accurate data communications. [SRV] The set of layers and protocols (including formats and standards that different hardware and software must comply with to achieve stated objectives) which define a network. [AJP][TNI] (see also communications, process, protocols, software, standard, network, security architecture) (includes network component, object)

network based

Network traffic data along with audit data from the hosts used to detect intrusions. [NSAINT] (see also audit, intrusion, network)

network behavior analysis system

An intrusion detection and prevention system that examines network traffic to identify and stop threats that generate unusual traffic flows. [800-94] (see also flow, identify, intrusion, intrusion detection, threat, analysis, network, system)

network component

(1) A physical unit that does not provide a complete set of end-user services. A network component may support all or part of MDIA (mandatory access control, identification and authentication, and audit). This definition is used with the Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria Environments Guideline (TNIEG). (2) A network subsystem that is evaluatable for compliance with the trusted network interpretations, relative to that policy induced on the component by the overall network policy. Note: this definition is used with the Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria (TNI). [AJP] A network subsystem that is evaluatable for compliance with the trusted network interpretations, relative to that policy induced on the component by the overall network policy. [TNI] (see also access, access control, audit, authentication, computer, control, criteria, evaluation, identification, policy, system, trust, trusted computer system, users, component, network, network architecture) (includes network front-end, network reference monitor)

network configuration

A specific set of network resources that form a communications network at any given point in time, the operating characteristics of these network resources, and the physical and logical connections that have been defined between them. [SRV] (see also communications, connection, resource, network)

network connection

A network connection is any logical or physical path from one host to another that makes possible the transmission of information from one host to the other. An example is a TCP (Transmission Control Protocol) connection. But also, when a host transmits an IP (Internet Protocol) datagram using only the services of its 'connectionless' Internet Protocol interpreter, there is considered to be a connection between the source and the destination hosts for this transaction. [AJP] A network connection is any logical or physical path from one host to another that makes possible the transmission of information from one host to the other. An example is a TCP connection. But also, when a host transmits an IP datagram employing only the services of its 'connectionless' Internet Protocol interpreter, there is considered to be a connection between the source and the destination hosts for this transaction. [TNI] (see also control, information, internet, protocols, connection, network)

network device

A device that is part of and can send or receive electronic transmissions across a communications network. Network devices include: end-system devices such as computers, terminals, or printers; intermediary devices such as bridges and routers that connect different parts of the communications network; and link devices or transmission media. [SRV] (see also communications, computer, router, system, network)

network discovery

The process of discovering active and responding hosts on a network, identifying weaknesses, and learning how the network operates. [800-115] (see also process, network)

Network File System

NFS is an application and protocol suite that provides a way of sharing files between clients and servers. There are other protocols which provide file access over networks. These provide similar functionality, but do not interoperate with each other. [RFC2504] (see also access, access control, application, function, protocols, file, network, system)

network front-end

A device that implements the necessary network protocols, including security-related protocols, to allow a computer system to be attached to a network. [AJP][NCSC/TG004] Device implementing protocols that allow attachment of a computer system to a network. [CNSSI][CNSSI-4009] (see also computer, protocols, security, system, network, network component)

network information services

A naming service that allows resources to be easily added, deleted, or relocated [NASA] (see also resource, information, network)

network interface card (NIC)

(see also interface, network)

network layer security

Protecting network communications at the layer of the TCP/IP model that is responsible for routing packets across networks. [800-77] (see also communications, network, security)

Network Layer Security Protocol (NLSP)

An OSI protocol (IS0 11577) for end-to-end encryption services at the top of OSI layer 3. NLSP is derived from an SDNS protocol, SP3, but is much more complex. [RFC2828] (see also encryption, network, protocols, security protocol)

network level firewall

A firewall in which traffic is examined at the network protocol (IP) packet level. [NSAINT] (see also protocols, firewall, network)

network management

The discipline that describes how to monitor and control the managed network to ensure its operation and integrity and to ensure that communications services are provided in an efficient manner. Network management consists of fault management, configuration management, performance management, security management, and accounting management. [SRV] (see also communications, control, fault, integrity, operation, security, network)

network management architecture

The distribution of responsibility for management of different parts of the communications network among different manager software products. It describes the organization of the management of a network. The three types of network management architectures are the centralized, distributed, and distributed hierarchical network management architectures. [SRV] (see also communications, software, network)

network management protocol

A protocol whose purpose is to convey information pertaining to the management of the communications network, including management operations from managers as well as responses to polling operations, notifications, and alarms from agents. [SRV] (see also communications, information, operation, response, network, protocols)

network management software

Software to provide the capabilities for network and security monitoring and managing the network infrastructure, allowing systems personnel to administer the network effectively from a central location. [SRV] (see also security, system, network, software)

network manager

Individual with supervisory or management responsibility for an organization, activity, or functional area that owns or operates a network. [DSS] (see also network)

network protocol stack

Software package that provides general purpose networking services to application software, independent of the particular type of data link being used. [OVT] (see also application, software, network, protocols)

network reference monitor

An access-control concept that refers to an abstract machine that mediates all access to objects within the network by subjects within the network. [AJP][TNI] See reference monitor. [CNSSI] (see also access, control, access control, network, network component, reference monitor) (includes object, subject)

network security

Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Network security includes providing for data integrity. [NSAINT] Security procedures and controls that protect a network from: (a) unauthorized access, modification, and information disclosure; and (b) physical impairment or destruction. [CIAO] See information systems security. [CNSSI] The protection of networks and their services from all natural and human-made hazards. Includes protection against unauthorized access, modification, or destruction of data; denial of service; or theft. [SRV] The protection of networks and their services from unauthorized modification, destruction, or disclosure. Providing an assurance that the network performs its critical functions correctly and there are no harmful side-effects. Includes providing for information accuracy. [AJP][TNI] (see also access, access control, assurance, authorized, control, critical, function, information, integrity, system, unauthorized access, communications security, information systems security, network)

network security architecture

A subset of network architecture specifically addressing security-relevant issues. [AJP][TNI] (see also communications security, network)

network security architecture and design (NSAD)

(see also communications security, network)

network security officer (NSO)

Individual formally appointed by a Designated Approving Authority to ensure provisions of applicable directives are implemented throughout the lifecycle of an information systems network. [DSS] Individual formally appointed by a designated approving authority to ensure that the provisions of all applicable directives are implemented throughout the lifecycle of an automated information system network. [NSAINT] See information systems security officer. [CNSSI] (see also authority, information, information assurance officer, system, communications security, information systems security officer, network, officer)

network service worm

A worm that spreads by taking advantage of a vulnerability in a network service associated with an operating system or an application. [800-83] (see also application, system, vulnerability, network, worm)

network services

Services which are not provided on the local computer system the end-user is working on but on a server located in the network. [RFC2504] (see also computer, system, users, network)

network size

The total number of network devices that must be managed within the network and all its subcomponents. [SRV] (see also network)

network sniffing

A passive technique that monitors network communication, decodes protocols, and examines headers and payloads for information of interest. Network sniffing is both a review technique and a target identification and analysis technique. [800-115] (see also analysis, code, identification, information, protocols, target, threat, network)

network sponsor

Individual or organization responsible for stating the security policy enforced by the network, designing the network security architecture to properly enforce that policy, and ensuring that the network is implemented in such a way that the policy is enforced. [CNSSI][CNSSI-4009] The individual or organization that is responsible for stating the security policy enforced by the network, for designing the network security architecture to properly enforce that policy, and for ensuring that the network is implemented in such a way that the policy is enforced. For commercial, off-the-shelf systems, the network sponsor will normally be the vendor. For a fielded network system, the sponsor will normally be the project manager or system administrator. [AJP][TNI] (see also communications security, policy, security, system, network) (includes functional proponent)

network system

A system that is implemented with a collection of interconnected network components. A network system is based on a coherent security architecture and design. [AJP][TNI] System implemented with a collection of interconnected components. A network system is based on a coherent security architecture and design. [CNSSI][CNSSI-4009] System implemented with a collection of interconnected network components. A network system is based on a coherent security architecture and design. [DSS] (see also security, network, system)

network tap

A direct connection between a sensor and the physical network media itself, such as a fiber optic cable. [800-94] (see also connection, network)

network topology

The architectural layout of a network. Common topologies include bus (nodes connected to a single backbone cable), ring (nodes connected serially in a closed loop), and star (nodes connected to a central hub). [CIAO] The term has two meanings: (1) the structure, interconnectivity, and geographic layout of a group of networks forming a larger network, and (2) the structure and layout of an individual network within a confined location or across a geographic area. [SRV] (see also network)

network trusted computing base (NTCB)

The totality of protection mechanisms within a network system - including hardware, firmware, and software - the combination of that is responsible for enforcing a security policy. [AJP][TNI] (see also policy, security, software, system, network, trusted computing base) (includes NTCB partition)

network weaving

Another name for "Leapfrogging" [NSAINT] Penetration technique in which different communication networks are linked to access an IS to avoid detection and trace-back. [CNSSI] Penetration technique in which different communication networks are linked to access an information system to avoid detection and trace- back. [CNSSI-4009] (see also access, access control, communications, penetration, network)

network worm

A worm that copies itself to another system by using common network facilities and causes execution of the copy program on that system. [SRV] (see also internet, program, system, network, worm)

network-based intrusion prevention system

A program that performs packet sniffing and analyzes network traffic to identify and stop suspicious activity. [800-83] (see also identify, program, intrusion, network, system)

networking features of software

Some software has features which make use of the network to retrieve or share data. It may not be obvious that software has networking features. [RFC2504] (see also network, software)

newly discovered records

Records inadvertently not reviewed before effective date of automatic declassification because the Agency's declassification authority was unaware of their existence. [DSS]

NIAP Common Criteria Evaluation and Validation Scheme

The scheme developed by NIST and NSA as part of the U.S. National Information Assurance Partnership (NIAP) establishing an organizational and technical framework to evaluate the trustworthiness of IT products. [NIAP] (see also National Security Agency, information, trust, National Institute of Standards and Technology, criteria, national information assurance partnership, validation)

NIAP Oversight Body

A governmental organization responsible for carrying out validation and for overseeing the day-to-day operation of the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also criteria, evaluation, operation, validation, national information assurance partnership)

nibble

Block of four consecutive bits (half an octet). [SC27] (see also automated information system)

nicknames

Combination of two separate unclassified words assigned to represent a specific Special Access Program or portion thereof. [DSS] (see also access, classified)

no prior relationship

No prior business relationship exists between originater of a digital signature transaction/document and the receiver [misc] (see also digital signature, signature)

no-lone zone (NLZ)

(I) A room or other space to which no person may have unaccompanied access and that, when occupied, is required to be occupied by two or more appropriately authorized persons. [RFC2828] Area, room, or space that, when staffed, must be occupied by two or more appropriately cleared individuals who remain within sight of each other. [CNSSI] Area, room, or space that, when staffed, must be occupied by two or more appropriately cleared individuals who remain within sight of each other. See Two-Person Integrity. [CNSSI-4009] (see also access, access control, authorized, security)

no-PIN ORA (NORA)

(O) MISSI usage: An organizational RA that operates in a mode in which the ORA performs no card management functions and, therefore, does not require knowledge of either the SSO PIN or user PIN for an end user's FORTEZZA PC card. [RFC2828] (see also Fortezza, function, users, multilevel information systems security initiative)

node

An individually addressable computer capable of supporting one or more user sessions [NASA] (see also computer, users)

nominal variable

A quantitative variable, the attributes of which have no inherent order. [SRV]

non-conductive section

Material (such as, canvas or rubber) installed in ducts, vents, or pipes, and unable to carry audio or radio frequency emanations. [DSS]

non-disclosure agreement

An official authorized contract between an individual and the U.S. Government signed by an individual as a condition of access to classified national intelligence. It specifies the security requirements for access and details the penalties for noncompliance. [DSS] (see also access, authorized, classified, intelligence, requirements, security)

non-discretionary access control

A means of restricting access to objects based largely on administrative actions. [AJP][FCv1] (see also mandatory access control, discretionary access control, non-discretionary security, object, access, control)

non-discretionary security

The aspect of DOD security policy which restricts access on the basis of security levels. A security level is composed of a read level and a category set restriction. For read-access to an item of information, a user must have a clearance level greater then or equal to the classification of the information and also have a category clearance which includes all of the access categories specified for the information. [NSAINT] (see also access, access control, classification levels, classified, information, non-discretionary access control, policy, users, security)

non-discussion area

Clearly defined area within a Special Access Program Facility where classified discussions are not authorized because of inadequate sound attenuation. [DSS] (see also access, authorized, classified)

non-line-of-sight signal propagation

Electromagnetic signaling that uses advanced modulation techniques to compensate for signal obstacles and allows indirect communications between transmitting stations. [800-127]

non-local maintenance

Maintenance activities conducted by individuals communicating through a network; either an external network (e.g., the Internet) or an internal network. [SP 800-53]

non-organizational user

A user who is not an organizational user (including public users). [SP 800-53] (see also users)

non-record material

Certain documentary materials are specifically excluded by law (section 3301, title 44 of the United States Code) from the records of the Federal Government. Such materials are called 'non-record.' Any one or more of these three factors may determine whether something is a record or non-record: (1) the nature of the material; (2) the relationship to records; and (3) the use of the material. [DSS]

non-recoverable part

Part of the message stored and transmitted along with the signature; empty when message recovery is total. [SC27] (see also message, recovery, signature)

non-repudiation

A cryptographic service that legally prevents the originator of a message from denying authorship at a later date. [CIAO] A security service by which evidence is maintained so that the sender of data and recipient of data cannot deny having participated in the communication. [IATF] A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key (i.e. the signatory). [FIPS 186] An authentication that with high assurance can be asserted to be genuine and that cannot subsequently be refuted. It is the security service by which the entities involved in communication cannot deny having participated. This service provides proof of the integrity and origin of data that can be verified by a third party. non-repudiation of origin is protection against a sender of a message later denying transmission. [SRV] Assurance that the sender is provided with proof of delivery and that the recipient is provided with proof of the sender's identity so that neither can later deny having processed the data. Technical non-repudiation refers to the assurance a relying party has that if a public key is used to validate a digital signature, that signature had to have been made by the corresponding private signature key. Legal non-repudiation refers to how well possession or control of the private signature key can be established. [GSA] Assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so that neither can later deny having processed the data. Digital signatures are the current non-repudiation technique of choice for the National Information Infrastructure. [DSS] Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the information. [800-60][CNSSI-4009][SP 800-60] Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data. [800-37][CNSSI] Ensuring that a transferred message has been sent and received by the parties claiming to have sent and received the message. Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. [FFIEC] Is the security service by which the entities involved in a communication cannot deny having participated. Specifically, the sending entity cannot deny having sent a message (non-repudiation with proof of origin), and the receiving entity cannot deny having received a message (non-repudiation with proof of delivery). [FIPS 191] Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data. [NSAINT] Protection against an individual falsely denying having performed a particular action. Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. [SP 800-18][SP 800-53] The ability to prove an action or event has taken place, so that this event or action cannot be repudiated later. [SC27] (see also repudiation, Generic Security Service Application Program Interface, IT security, NRD token, NRO token, NRS token, NRT token, accountability, assurance, authentication, control, cryptographic, cryptography, defense-wide information assurance program, digital signature, distinguishing identifier, entity, evidence, identity, information, information assurance, integrity, invalidity date, key, message, notarization token, originator, process, proof, public-key, recipient, sandboxed environment, secure single sign-on, security, signature, validate, certification authority, quality of protection) (includes non-repudiation exchange, non-repudiation information, non-repudiation of creation, non-repudiation of delivery, non-repudiation of knowledge, non-repudiation of origin, non-repudiation of receipt, non-repudiation of sending, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation)

non-repudiation exchange

A sequence of one or more transfers of non-repudiation information (NRI) for the purpose of non-repudiation. [SC27] (see also information, non-repudiation)

non-repudiation information

A set of information that may consist of the information about an event or action for which evidence is to be generated and validated, the evidence itself, and the non-repudiation policy in effect. [SC27] (see also evidence, policy, validate, information, non-repudiation)

non-repudiation of creation

Protection against an entity's false denial of having created the content of a message (i.e. being responsible for the content of a message). [SC27] This service is intended to protect against an entity's false denial of having created the content of a message (i.e. being responsible for the content of a message). [SC27] This service is intended to protect against an entity's false denial of having created the content of a message (i.e. being responsible for the content of a message). [ISO/IEC WD 13888-1 (11/2001)] Protection against an entity's false denial of having created the content of a message (i.e. being responsible for the content of a message). [SC27] (see also entity, message, non-repudiation)

non-repudiation of delivery

This service is intended to protect against a recipient's false denial of having received the message and recognised the content of a message. [SC27] (see also message, non-repudiation) (includes NRD token)

non-repudiation of knowledge

This service is intended to protect against a recipient's false denial of having taken notice of the content of a received message. [SC27] (see also message, non-repudiation)

non-repudiation of origin

This service is intended to protect against the originator's false denial of having approved the content of a message and of having sent a message. [SC27] (see also message, non-repudiation) (includes NRO token)

non-repudiation of receipt

This service is intended to protect against a recipient's false denial of having received a message. [SC27] (see also message, non-repudiation)

non-repudiation of sending

This service is intended to protect against the sender's false denial of having sent a message. [SC27] (see also message, non-repudiation)

non-repudiation of submission

This service is intended to provide evidence that a delivery authority has accepted the message for transmission. [SC27] (see also authority, evidence, message, non-repudiation) (includes NRS token)

non-repudiation of transport

This service is intended to provide evidence for the message originator that a delivery authority has delivered the message to the intended recipient. [SC27] (see also authority, evidence, message, non-repudiation) (includes NRT token)

non-repudiation policy

A set of criteria for the provision of non-repudiation services. More specifically, a set of rules to be applied for the generation and verification of evidence and for adjudication. [SC27] (see also criteria, evidence, verification, non-repudiation, policy)

non-repudiation service

(I) A security service that provide protection against false denial of involvement in a communication. (C) Non-repudiation service does not and cannot prevent an entity from repudiating a communication. Instead, the service provides evidence that can be stored and later presented to a third party to resolve disputes that arise if and when a communication is repudiated by one of the entities involved. There are two basic kinds of non-repudiation service:

'Non-repudiation with proof of origin' provides the recipient of data with evidence that proves the origin of the data, and thus protects the recipient against an attempt by the originator to falsely deny sending the data. This service can be viewed as a stronger version of an data origin authentication service, in that it proves authenticity to a third party.
'Non-repudiation with proof of receipt' provides the originator of data with evidence that proves the data was received as addressed, and thus protects the originator against an attempt by the recipient to falsely deny receiving the data.

(C) Phases of a Non-Repudiation Service: Ford uses the term 'critical action' to refer to the act of communication that is the subject of the service:


--------   --------   --------   --------   --------   . --------
Phase 1:   Phase 2:   Phase 3:   Phase 4:   Phase 5:   . Phase 6:
Request    Generate   Transfer   Verify     Retain     . Resolve
Service    Evidence   Evidence   Evidence   Evidence   . Dispute
--------   --------   --------   --------   --------   . --------
Service    Critical   Evidence   Evidence   Archive    . Evidence
Request => Action  => Stored  => Is      => Evidence   . Is
Is Made    Occurs     For Later  Tested     In Case    . Verified
           and        Use |          ^      Critical   .    ^
           Evidence       v          |      Action Is  .    |
           Is         +-------------------+ Repudiated .    |
           Generated  |Verifiable Evidence|------> ... . ----+
                      +-------------------+
Phase / Explanation
-------------------

Before the critical action, the service requester asks, either implicitly or explicitly, to have evidence of the action be generated.
When the critical action occurs, evidence is generated by a process involving the potential repudiator and possibly also a trusted third party.
The evidence is transferred to the requester, or stored by a third party, for later use if needed.
The entity that holds the evidence tests to be sure that it will suffice if a dispute arises.
The evidence is retained for possible future retrieval and use.
In this phase, which occurs only if the critical action is repudiated, the evidence is retrieved from storage, presented, and verified to resolve the dispute.

[RFC2828] (see also archive, authentication, critical, entity, evidence, process, retrieval, security, subject, test, trust, version, non-repudiation)

non-repudiation token

A special type of security token as defined in ISO/IEC 10181-1 consisting of a set of evidence, and, optionally, of additional data. [SC27] (see also evidence, security, non-repudiation, tokens) (includes NRD token, NRO token, NRS token, NRT token)

non-technical countermeasure

A security measure, that is not directly part of the network information security processing system, taken to help prevent system vulnerabilities. Non-technical countermeasures encompass a broad range of personnel measures, procedures, and physical facilities that can deter an adversary from exploiting a system. [IATF] (see also adversary, exploit, information, information security, network, process, system, vulnerability, countermeasures, security)

non-volatile random access memory

Type of memory retaining its contents when power is turned off. One type of Non-Volatile Random Access Memory is Static Random Access Memory that is made non-volatile by connecting it to a constant power source such as a battery. Another type of Non-Volatile Random Access Memory uses Electrically Erasable Programmable Read-only Memory chips to save its contents when power us turned off. In this case, Non-Volatile Random Access Memory is composed of a combination of Static Random Access Memory and Electrically Erasable Programmable Read-only Memory chips. [DSS] (see also access)

nonce

(I) A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of guaranteeing liveness and thus detecting and protecting against replay attacks. [RFC2828] A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of guaranteeing the transmittal of live data rather than replayed data, thus detecting and protecting against replay attacks. [CNSSI-4009] A value used in security protocols that is never repeated with the same key. For example, challenges used in challenge-response authentication protocols generally must not be repeated until authentication keys are changed, or there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable. [800-63] A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge- response authentication protocols generally must not be repeated until authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable. [SP 800-63] (see also attack, authentication, key, protocols, random, response, security)

noncomputing security methods

Non-computing methods are security safeguards which do not use the hardware, software, and firmware of the IT. Non-computing methods include physical security (controlling physical access to computing resources), personnel security, and procedural security. [800-33] Noncomputing methods are security safeguards that do not use the hardware, software, and firmware of the IS. Traditional methods include physical security (controlling physical access to computing resources), personnel security, and procedural security. [SRV] (see also access, access control, control, resource, software, security)

nonkernel security related (NKSR)

(see also security)

nonvolatile memory components

Memory components that retain data when power sources are disconnected. [DSS]

normal operation

Process of using a system. [AJP][FCv1] (see also process, system, operation)

north atlantic treaty organization classified information

Classified information, military, political, and economic circulated within the North Atlantic Treaty Organization, whether such information originated in it or is received from member nations or from international organizations. [DSS] (see also classified)

notarization

(I) Registration of data under the authority or in the care of a trusted third party, thus making it possible to provide subsequent assurance of the accuracy of characteristics claimed for the data, such as content, origin, time, and delivery. [RFC2828] The provision of evidence by a notary about the properties of the entities involved in an action or event, and of the data stored or communicated. [SC27] (see also assurance, authority, evidence, registration, trust)

notarization token

A non-repudiation token generated by a notary. [SC27] (see also non-repudiation, tokens)

notary

A trusted third party trusted to provide evidence about the properties of the entities involved and of the data stored or communicated, or to extend the lifetime of an existing token beyond its expiry or beyond subsequent revocation. [SC27] (see also evidence, revocation, tokens, trust)

NRD token

Non-repudiation of delivery token. A data item which allows the originator to establish non-repudiation of delivery for a message. [SC27] (see also message, non-repudiation, non-repudiation of delivery, non-repudiation token, tokens)

NRO token

Non-repudiation of origin token. A data item which allows recipients to establish non-repudiation of origin for a message. [SC27] (see also message, non-repudiation, non-repudiation of origin, non-repudiation token, tokens)

NRS token

Non-repudiation of submission token. A data item which allows either the originator (sender) or the delivery authority to establish non-repudiation of submission for a message having been submitted for transmission. [SC27] (see also authority, message, non-repudiation, non-repudiation of submission, non-repudiation token, tokens)

NRT token

Non-repudiation of transport token. A data item which allows either the originator or the delivery authority to establish non-repudiation of transport for a message. [SC27] (see also authority, message, non-repudiation, non-repudiation of transport, non-repudiation token, tokens)

NSA-approved cryptography

Cryptography that consists of: (i) an approved algorithm; (ii) an implementation that has been approved for the protection of classified information in a particular environment; and (iii) a supporting key management infrastructure. [SP 800-53] (see also management, cryptography)

NTCB partition

The totality of mechanisms within a single network component for enforcing the network policy, as allocated to that component; the part of the NTCB within a single network component. [AJP][TNI] (see also network, policy, network trusted computing base, trusted computing base)

nuclear command and control document (NCCD)

(see also command and control, control)

nuclear warfare

Warfare involving the employment of nuclear weapons. [DOD] (see also warfare)

null

Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes. [CNSSI][CNSSI-4009] (see also code, message, security)

NULL encryption algorithm

(I) An algorithm that does nothing to transform plaintext data; i.e. a no-op. It originated because of IPsec ESP, which always specifies the use of an encryption algorithm to provide confidentiality. The NULL encryption algorithm is a convenient way to represent the option of not applying encryption in ESP (or in any other context where this is needed). [RFC2828] (see also confidentiality, internet protocol security, internet security protocol, algorithm, encryption)

OAKLEY

(I) A key establishment protocol (proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP. (C) OAKLEY establishes a shared key with an assigned identifier and associated authenticated identities for parties. i.e. OAKLEY provides authentication service to ensure the entities of each other's identity, even if the Diffie-Hellman exchange is threatened by active wiretapping. Also, provides public-key forward secrecy for the shared key and supports key updates, incorporation of keys distributed by out-of-band mechanisms, and user-defined abstract group structures for use with Diffie-Hellman. [RFC2828] (see also algorithm, authentication, entity, establishment, identity, internet protocol security, internet security protocol, key, protocols, public-key, threat, update, users)

obfuscation technique

A way of constructing a virus to make it more difficult to detect. [800-83] (see also virus)

object

(1) A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc. (2) A controlled entity that precisely gives or receives information in response to access attempts by another (active) entity. [AJP] (I) Trusted computer system modeling usage: A system element that contains or receives information. [RFC2828] A passive entity that contains or receives information. [ITSEC][SP 800-27] A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc. [NCSC/TG004][TCSEC][TDI][TNI] A passive entity that contains or receives information. Note that access to an object potentially implies access to the information it contains. [800-33] A state, behavior, and identity; the terms instance and object are interchangeable. A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. It is the basic unit of computation. It has a set of operations and a state that remembers the effect of the operations. Classes define object types. Typically, objects are defined to represent the behavioral and structural aspects of real world entities. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, and network nodes. [SRV] An entity within the TSC that contains or receives information and upon which subjects perform operations. [CC2][CC21][SC27] Controlled entity that precisely gives or receives information in response to access attempts by another (active) entity. Note: Access to an object implies access to the information contained in that object. Examples of objects include: subjects, records, blocks, pages, segments, files, directories, directory trees and programs, as well as bits, bytes, words, fields, processors, I/O devices, video displays, keyboards, clocks, printers, network nodes, etc. [FCv1] Passive entity containing or receiving information. Access to an object implies access to the information it contains. [CNSSI] Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See Subject. [SP 800-53] Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object implies access to the information it contains. [CNSSI-4009] (see subject) (see also Abstract Syntax Notation One, Biba Integrity model, Biba model, British Standard 7799, Internet Corporation for Assigned Names and Numbers, JTC1 Registration Authority, SOCKS, X.500 Directory, access control lists, access level, access mode, access profile, access type, acquisition strategy, areas of control, assurance, attribute, audit, audit plan, authenticate, authentication, camouflage, certificate policy, certification path, checksum, class, classification, classification levels, code, common name, competition, compiler, component, compromise, computer, concept of operations, confidentiality, confinement property, construction of TOE requirements, control, controlled information, countermeasures, credentials, critical information, cyberspace operations, deliberate compromise of classified information, deliverable, dependency, digital certificate, digital document, digital signature, directory service, discretionary access control, distinguished name, dynamic binding, encapsulation, entity, exploit, extensible markup language, family, file, general controls, hash function, high-impact system, hybrid threat, hydroscope, hyperlink, hypermedia, identity, identity token, identity-based security policy, imagery, imagery intelligence, information, information assurance, information warfare, inheritance, instance, integrity, intent, key, key management infrastructure, keyed hash, low-impact system, mandatory access control, media, message passing, mission assurance category, model, moderate-impact system, national information assurance partnership, naval expeditionary warfare, network, non-discretionary access control, operation, payload, polymorphism, process, program, protected checksum, protection profile, protocols, psychological operations, questions on controls, response, risk identification, rule-based security policy, seal, security audit, security domain, security goals, security level, security purpose, security testing, sensitive label, sign, signer, software performance engineering, source code, spam, special activity, special program review group, static binding, subject, system, system entity, target, test case, test item, threat, tokens, topical areas, uniform resource identifier, uniform resource locator, vulnerability, work program, wrap, Bell-LaPadula security model, National Security Decision Directive 145, TCB subset, TOE security policy, acceptance procedure, access, accountability, availability, candidate TCB subset, capability, category, component reference monitor, computer architecture, configuration control, default classification, dominated by, environment, functional component, granularity, granularity of a requirement, information flow control, isolation, list-oriented, network architecture, network reference monitor, owner, package, passive, permissions, product rationale, protection philosophy, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource, scavenging, scope of a requirement, secure state, secure subsystem, security attribute, security enforcing, security function policy, security functions, security label, security policy, sensitivity label, shall, should, simple security condition, simple security property, software requirement, subject security level, technical policy, technical security policy, ticket-oriented, tranquility, trusted subject, verification, write, write access) (includes Computer Security Objects Register, IT security objective, MIME Object Security Services, TOE security functions, class object, computer security object, control objectives, control objectives for information and related technology, domain, object code, object identifier, object reuse, object-oriented programming, recovery point objectives, recovery time objectives, security information object, security information object class, security objectives, storage object, top-level security objectives)

object code

Instructions in machine-readable language, produced by a compiler or assembler from source code. [SRV] (see also automated information system, code, object)

object identifier (OID)

(I) An official, globally unique name for a thing, written as a sequence of integers (which are formed and assigned as defined in the ASN.1 standard) and used to reference the thing in abstract specifications and during negotiation of security services in a protocol. (O) 'A value (distinguishable from all other such values) that is associated with an object.' (C) Objects named by OIDs are leaves of the object identifier tree (that is similar to but different from the X.500 Directory Information Tree). Each arc (i.e. each branch of the tree) is labeled with a non-negative integer. An OID is the sequence of integers on the path leading from the root of the tree to a named object. (C) The OID tree has three arcs immediately below the root: {0} for use by ITU-T, {1} for use by ISO, and {2} for use by both jointly. Below ITU-T are four arcs, where {0 0} is for ITU-T recommendations. Below {0 0} are 26 arcs, one for each series of recommendations starting with the letters A to Z, and below these are arcs for each recommendation. Thus, the OID for ITU-T Recommendation X.509 is {0 0 24 509}. Below ISO are four arcs, where {1 0 }is for ISO standards, and below these are arcs for each ISO standard. Thus, the OID for ISO/IEC 9594-8 (the ISO number for X.509) is {1 0 9594 8}. (C) The following are additional examples: ANSI registers organization names below the branch {joint-iso-ccitt(2) country(16) US(840) organization(1)}. The NIST CSOR records PKI objects below the branch {joint-iso-ccitt(2) country(16) us(840) gov(101) csor(3) pki(4)}. The U.S. Department of Defense registers INFOSEC objects below the branch {joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1)}. The OID for the PKIX private extension is defined in an arc below the arc for the PKIX name space, as {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) 1 1}. [RFC2828] A specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the federal government PKI, they are used to uniquely identify each of the four policies and cryptographic algorithms supported. [SP 800-32] (see also X.509, information, internet, protocols, public-key infrastructure, security, standard, Abstract Syntax Notation One, National Institute of Standards and Technology, object)

object reuse

(N) 'The reassignment and reuse of a storage medium (e.g. page frame, disk sector, magnetic tape) that once contained one or more objects. To be securely reused and assigned to a new subject, storage media must contain no residual data (magnetic remanence) from the object(s) previously contained in the media.' [RFC2828] Reassignment and reuse of a storage medium containing one or more objects after ensuring no residual data remains on the storage medium. [CNSSI][CNSSI-4009] Reassignment to some subject of a medium (for example, page frames, disk sectors, or magnetic tapes) containing one or more objects. To be securely reassigned, such media must contain no residual data from the previously contained object. [DSS] The reassignment and reuse of a storage medium (e.g. page frame, disk sector, magnetic tape) that once contained one or more objects. To be securely reused and assigned to a new subject, storage media must contain no residual data (magnetic remanence) from the object(s) previously contained in the media. [AJP][NCSC/TG004][SRV] The reassignment of a medium (e.g. page frame, disk sector, magnetic tape) that contained one or more objects to some subject. To be securely reassigned, such media must contain no residual data from the previously contained object(s). [TNI] The reassignment to some subject of a medium (e.g. page frame, disk sector, magnetic tape) that contained one or more objects. To be securely reassigned, such media must contain no residual data from the previously contained object(s). [TCSEC] (see also object) (includes subject)

object-oriented programming (OOP)

observables

Action that reveals indicators exploitable by adversaries. [DSS]

observation reports

A report issued by a CCTL to the NIAP Oversight Body identifying specific problems or issues related to the conduct of an IT security evaluation. [NIAP] (see also IT security, computer security, evaluation, identify, security, Common Criteria Testing Laboratory)

obstruction

A threat action that interrupts delivery of system services by hindering system operations. [RFC2828] (see also operation, system, threat consequence)

octet

(I) A data unit of eight bits. (c) This term is used in networking (especially in OSI standards) in preference to 'byte', because some systems use 'byte' for data storage units of a size other than eight. [RFC2828] String of eight bits. [SC27] (see also network, standard, system)

oersted

Unit of measure of a magnetic field. [DSS]

off-card

Refers to data that is not stored within the PIV card or computation that is not done by the Integrated Circuit Chip (ICC) of the PIV card. [FIPS 201]

off-line attack

An attack where the attacker obtains some data (typically by eavesdropping on an authentication protocol run, or by penetrating a system and stealing security files) that he/she is able to analyze in a system of his/her own choosing. [800-63][SP 800-63] (see also authentication, file, protocols, system, attack)

off-line cryptosystem

Cryptographic system in which encryption and decryption are performed independently of the transmission and reception functions. [CNSSI-4009] Cryptosystem in which encryption and decryption are performed independently of the transmission and reception functions. [CNSSI] (see also encryption, function, cryptographic system, system)

office information system

A special purpose Automated Information System oriented to word processing, electronic mail (e-mail), and other similar office functions. An Office Information System normally comprises one or more central processing units, control units, storage devices, user terminals, and interfaces to connect these components. [DSS] (see also users)

Office of Foreign Assets Control (OFAC)

The Office of Foreign Assets Control, within the U.S. Department of the Treasury, administers and enforces economic and trade sanctions against targeted foreign countries, terrorism-sponsoring organizations, and international narcotics traffickers based on U.S. foreign policy and national security goals. [FFIEC] (see also policy, security, target, control, foreign)

office of management and budget

The Federal agency that facilitates budget, policy, legislative, regulatory, and management issues on behalf of the President. The Office of Information and Regulatory Affairs within the Office of Management and Budget develops policies to improve government statistics and information management, including statistical standards related to the collection of race and ethnicity data in the Federal Government. [DSS]

office of personnel management

One of the successor agencies to the Civil Service Commission. The Office of Personnel Management conducts National Agency Check with Inquiries and Access National Agency Check and Inquiries on Department of Defense civilians and a broad range of personnel security investigations for other Federal agencies. [DSS] (see also access, security)

officer

Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for ensuring that the appropriate operational security posture is maintained for an information system or program. [SP 800-18] Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program. [800-60][SP 800-39][SP 800-53A; SP 800-60] (see also binding, evaluator, management, security, tiger team, users) (includes chief information agency officer, chief information officer, cryptographic officer, information assurance officer, information system security officer, information systems security officer, network security officer, security officer, system security officer)

official department of defense information

Information in the custody and control of the Department of Defense, relates to information in the custody and control of the Department, or was acquired by Department of Defense employees as part of their official duties or because of their official status within the Department. [DSS]

official information

All information in the custody and control of a U.S. Government department or agency that was acquired by U.S. Government employees as a part of their official duties or because of their official status and has not been cleared for public release. [CNSSI][CNSSI-4009] (see also control, information)

ohnosecond

(C) That minuscule fraction of time in which you realize that your private key has been compromised. [RFC2828] (see also compromise, key)

on ramp

A popular term for a digital broadband connection linking a subscriber with the information superhighway. [SRV] (see also connection, information)

on-access scanning

Configuring a security tool to perform real-time scans of each file for malware as the file is downloaded, opened, or executed. [800-83] (see also file, malware, security, access)

on-card

Refers to data that is stored within the PIV card or computation that is done by the ICC of the PIV card. [FIPS 201]

on-demand scanning

Allowing users to launch security tool scans for malware on a computer as desired. [800-83] (see also computer, malware, security, users)

on-line cryptosystem

Cryptographic system in which encryption and decryption are performed in association with the transmitting and receiving functions. [CNSSI-4009] Cryptosystem in which encryption and decryption are performed in association with the transmitting and receiving functions. [CNSSI] (see also association, encryption, function, cryptographic system, system)

on-line system

A system with a direct interface between application programs stored in the computer and terminals for data entry and output. [SRV] (see also application, computer, interface, program, system)

on-line transaction processing

Recording of online transactions as they are processing. [SRV] (see also network, process)

one-part code

Code in which plain text elements and their accompanying code groups are arranged in alphabetical, numerical, or other systematic order, so one listing serves for both encoding and decoding. One-part codes are normally small codes used to pass small volumes of low-sensitivity information. [CNSSI][CNSSI-4009] (see also information, system, code)

one-time access

Access granted on a one-time basis to information classified one level higher than that of the current personnel security clearance. [DSS] (see also classified, security, access)

one-time cryptosystem

Cryptosystem employing key used only once. [CNSSI][CNSSI-4009] (see also key, cryptographic system, system)

one-time pad (OTP)

(I) An encryption algorithm in which the key is a random sequence of symbols and each symbol is used for encryption only one time--to encrypt only one plaintext symbol to produce only one ciphertext symbol--and a copy of the key is used similarly for decryption. (C) To ensure one-time use, the copy of the key used for encryption is destroyed after use, as is the copy used for decryption. This is the only encryption algorithm that is truly unbreakable, even given unlimited resources for cryptanalysis, but key management costs and synchronization problems make it impractical except in special situations. [RFC2828] Manual one-time cryptosystem produced in pad form. [CNSSI][CNSSI-4009] (see also algorithm, analysis, cipher, cryptographic system, cryptography, destruction, encryption, key, key management, random, resource, system)

one-time passwords (OTP)

Instead of using the same password over and over again, a different password is used on each subsequent login. [RFC2504] Not capitalized: A 'one-time password' is a simple authentication technique in which each password is used only once as authentication information that verifies an identity. This technique counters the threat of a replay attack that uses passwords captured by wiretapping. Capitalized: 'One-Time Password' is an Internet protocol that is based on S/KEY and uses a cryptographic hash function to generate one-time passwords for use as authentication information in system login and in other processes that need protection against replay attacks. [RFC2828] (see also attack, authentication, cryptographic, cryptography, entity, function, hash, identity, information, internet, key, login, process, protocols, system, threat, passwords)

one-time tape (OTT)

Punched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems. [CNSSI][CNSSI-4009] (see also cryptographic system, cryptography, key, system)

one-way encryption

(I) Irreversible transformation of plaintext to ciphertext, such that the plaintext cannot be recovered from the ciphertext by other than exhaustive procedures even if the cryptographic key is known. [RFC2828] (see also cipher, cryptographic, key, encryption)

one-way function

(I) 'A (mathematical) function, f, that is easy to compute, but which for a general value y in the range, it is computationally difficult to find a value x in the domain such that f(x) = y. There may be a few values of y for which finding x is not computationally difficult.' (D) ISDs SHOULD NOT use this term as a synonym for 'cryptographic hash'. [RFC2828] A function with the property that it is easy to compute the output for a given input but it is computationally infeasible to find for a given output, an input which maps to this output. [SC27] (see also cryptographic, cryptography, domain, hash, property, function)

one-way hash algorithm

Hash algorithms which map arbitrarily long inputs into a fixed-size output such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the same output. Such algorithms are an essential part of the process of producing fixed-size digital signatures that can both authenticate the signer and provide for data integrity checking (detection of input modification after signature). [SP 800-49; CNSSI-4009]

online attack

An attack against an authentication protocol where the attacker either assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. The goal of the attack may be to gain authenticated access or learn authentication secrets. [800-63][SP 800-63] (see also access, authentication, protocols, role, attack)

online certificate status protocol (OCSP)

(I) An Internet protocol used by a client to obtain from a server the validity status and other information concerning a digital certificate. (C) In some applications, such as those involving high-value commercial transactions, it may be necessary to obtain certificate revocation status that is more timely than is possible with CRLs or to obtain other kinds of status information. OCSP may be used to determine the current revocation status of a digital certificate, in lieu of or as a supplement to checking against a periodic CRL. An OCSP client issues a status request to an OCSP server and suspends acceptance of the certificate in question until the server provides a response. [RFC2828] A communications protocol that is used to determine whether a public key certificate is still valid or has been revoked or suspended. [GAO] (see also application, communications, information, internet, key, public-key, response, revocation, revoked state, certificate, protocols, security protocol)

online guessing attack

An attack in which an attacker performs repeated logon trials by guessing possible values of the token authenticator. [800-63] (see also attack)

open security

Environment that does not provide environment sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system. [NSAINT] (see also application, assurance, malicious, operation, system, security)

open security environment

(O) U.S. Department of Defense usage: A system environment that meets at least one of the following conditions: (a) Application developers (including maintainers) do not have sufficient clearance or authorization to provide an acceptable presumption that they have not introduced malicious logic. (b) Configuration control does not provide sufficient assurance that applications and the equipment are protected against the introduction of malicious logic prior to and during the operation of system applications. [RFC2828] An environment which includes those systems in which at least one of the following conditions holds true: (1) Application developers (including maintainers) do not have sufficient clearance or authorization to provide an acceptable presumption that they have not introduced malicious logic and (2) configuration control does not provide sufficient assurance that applications are protected against the introduction of malicious logic prior to and during the operation of system applications. [AJP][NCSC/TG004] (see also application, assurance, authorization, control, malicious, operation, system, security)

open source intelligence

Information of potential intelligence value available to the general public. [DSS] (see also intelligence)

open storage

Any storage of classified national security information outside of approved containers. This includes classified information that is resident on information systems media and outside of an approved storage container, regardless of whether or not that media is in use (i.e. unattended operations). [CNSSI-4009] Storage of classified information within an accredited facility, but not in General Services Administration approved secure containers, while the facility is unoccupied by authorized personnel. [CNSSI] (see also authorized, classified, information, security)

open storage area

Storage of Special Access Program material within a Special Access Program Facility in any configuration other than within General Services Administration approved security containers [DSS] (see also access, security)

open system environment (OSE)

A set of standard relationships between different platforms and vendors that enable networked users, workgroups, departments, and enterprises to work together. When fully implemented, these systems can offer major benefits, such as portability, scalability, and interoperability. [SRV] (see also interoperability, network, scalability, standard, users, system)

open system interconnection (OSI)

(see also connection, system)

open system interconnection model

A reference model of how messages should be transmitted between any two endpoints of a telecommunication network. The process of communication is divided into seven layers, with each layer adding its own set of special, related functions. The seven layers are the application layer, presentation, session, transport, network, data, and physical layer. Most telecommunication products tend to describe themselves in relation to the OSI model. The OSI model is a single reference view of communication that provides a common ground for education and discussion. [IATF] (see also application, communications, function, message, network, process, Open Systems Interconnection Reference model, connection, model, security, system)

open systems

Open systems allow interoperability among products from different vendors. [SRV] Open systems are vendor-independent systems that are designed to connect readily with other vendors' products. An open system should conform to a set of standards determined from a consensus of interested participants, rather than just one or two vendors. [SRV] (see also interoperability, standard, system)

open systems interconnection (OSI)

A set of internationally accepted and openly developed standards that meet the needs of network resource administration and integrated network utility. [NSAINT] A seven-layer network architecture used for the definition of network protocol standards to enable any OSI-compliant system or device to communicate with any other OSI-compliant system or device for a meaningful exchange of information. [SRV] (see also information, network, protocols, resource, standard, Open Systems Interconnection Reference model, connection, system)

Open Systems Interconnection Reference model (OSIRM)

(N) A joint ISO/ITU-T standard [I7498 Part 1] for a seven-layer, architectural communication framework for interconnection of computers in networks. (C) OSI-based standards include communication protocols that are mostly incompatible with the Internet Protocol Suite, but also include security models, such as X.509, that are used in the Internet. (C) The OSIRM layers, from highest to lowest, are (7) Application, (6) Presentation, (5) Session, (4) Transport, (3) Network, (2) Data Link, and (1) Physical. In this Glossary, these layers are referred to by number to avoid confusing them with Internet Protocol Suite layers, which are referred to by name. (C) Some unknown person described how the OSI layers correspond to the seven deadly sins:

Wrath: Application is always angry at the mess it sees below itself. (Hey! Who is it to be pointing fingers?)
Sloth: Presentation is too lazy to do anything productive by itself.
Lust: Session is always craving and demanding what truly belongs to Application's functionality.
Avarice: Transport wants all of the end-to-end functionality. (Of course, it deserves it, but life isn't fair.)
Gluttony: (Connection-Oriented) Network is overweight and overbearing after trying too often to eat Transport's lunch.
Envy: Poor Data Link is always starved for attention. (With Asynchronous Transfer Mode, maybe now it is feeling less neglected.)
Pride: Physical has managed to avoid much of the controversy, and nearly all of the embarrassment, suffered by the others.

Doc: Application acts as if it is in charge, but sometimes muddles its syntax.
Sleepy: Presentation is indolent, being guilty of the sin of Sloth.
Dopey: Session is confused because its charter is not very clear.
Grumpy: Transport is irritated because Network has encroached on Transport's turf.
Happy: Network smiles for the same reason that Transport is irritated.
Sneezy: Data Link makes loud noises in the hope of attracting attention.
Bashful: Physical quietly does its work, unnoticed by the others.

open systems security

Provision of tools for the secure internetworking of open systems. [NSAINT] (see also internet, network, security, system)

operating procedure

A set of rules defining correct use of a Target of Evaluation. [AJP][ITSEC] (see also target, target of evaluation)

operating system

A master control program or set of programs that manages the basic operations of a computer system. [SRV] An integrated collection of service routines for supervising the sequencing of programs by a computer. An operating system may perform the functions of input/output control, resource scheduling, and data management. It provides application programs with the fundamental commands for controlling the computer. [800-82] Software required by every computer that: a) enables it to perform basic tasks such as controlling disks, drives, and peripheral devices; and b) provides a platform on which applications can run. [CIAO] Software that controls the execution of computer programs and provides services such as scheduling and input/output control. The central control program that governs a computer's operations. [SRV] (see also application, computer, control, function, operation, program, resource, software, system)

operating system fingerprinting

Analyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identify the operating system in use on the target. [800-115] (see also target, threat, system)

operation

The process of using a Target of Evaluation. [AJP][ITSEC] (see also Automated Information System security, Bell-LaPadula security model, COMSEC aid, COMSEC profile, COMSEC survey, Common Criteria for Information Technology Security, Diffie-Hellman, IA architecture, IS related risk, IT security, IT-related risk, Internet Standard, MAC algorithm key, Minimum Interoperability Specification for PKI Components, NIAP Oversight Body, National Security Telecommunications and Information Systems Security Committee, PKIX, Skipjack, TSF data, Wassenaar Arrangement, acceptable level of risk, access mode, accreditation, accreditation disapproval, accreditation range, add-on security, adequate security, administrator, alarm surveillance, anomaly, approval/accreditation, archive, asset, asymmetric keys, attack, audit, audit trail, authorize processing, authorized user, authorizing official, automated information system, banking and finance, benchmarking, binding, block cipher, block cipher key, broadband network, business areas, certificate, certification, certification package, certification practice statement, challenge-response protocol, chief information agency officer, cleartext, closed security environment, command and control, command and control warfare, compartmented mode, compensating security controls, component, computer fraud, computer network attack, configuration control, configuration management, contingency key, contingency plan, contingency planning, continuous process, continuous process improvement, control class, control information, controlled security mode, controlling authority, corruption, cost/benefit analysis, countermeasures, critical financial markets, critical infrastructures, criticality assessment, criticality/sensitivity, cryptanalysis, crypto-alarm, crypto-ancillary equipment, cryptographic key, cryptographic key component, cryptographic strength, dedicated mode, dedicated security mode, defense-in-depth, denial-of-service, designated approving authority, development assurance, digital signature, disaster recovery, disaster recovery plan, disruption, distributed processing, documentation, domain name system, dual signature, economy of mechanism, effectiveness, electronic warfare support, emanation, emergency response, encryption, end-user, enterprise, environment, error, exception, executive state, exploitation, fail safe, failure, fault tolerance, firewall, flexibility, formal security policy model, forward secrecy with respect to A, forward secrecy with respect to both A and B individually, functional testing, gateway, general controls, handle, hardware and system software maintenance, hardware or software error, incapacitation, incident response capability, information assurance, information owner, information processing standard, information protection policy, information system security officer, information systems security officer, information warfare, initialization vector, input preparation cycle, instrument, instrumentation, intelligent threat, interface control document, interference, interim accreditation action plan, interim approval to test, iteration, key, key recovery, least privilege, legacy systems, lines of business, link encryption, maintainability, master crypto-ignition key, media protection, message passing, mission critical, model, multilevel mode, multilevel security mode, mutual forward secrecy, national security system, network management, network management protocol, object, obstruction, open security, open security environment, operating system, organisational security policy, out-of-band, outage, output transformation, overload, partitioned security mode, partnership, password system, periods processing, personnel security, physical and environmental protection, physical destruction, polling, polymorphism, post-accreditation phase, potential impact, privilege, procedural security, process, protection ring, protection-critical portions of the TCB, proxy, public-key cryptography standards, public-key forward secrecy, queuing theory, rating, read, read access, real-time processing, recovery point objectives, recovery site, reference validation mechanism, reliability, repair action, requirements for procedures and standards, residue, retrieval, revocation, risk, risk assessment, risk management, risk plane, root, secret, secure hypertext transfer protocol, security, security audit trail, security awareness, training, and education, security category, security controls, security environment, security evaluation, security event, security policy, security situation, security strength, security test & evaluation, security test and evaluation, security threat, security-critical mechanisms, segregation of duties, session key, signaling, simple network management protocol, simulation modeling, site accreditation, site certification, sniffer, software build, software engineering, software lifecycle, software system test and evaluation process, special access program, starting variable, status information, store, sub-function, subject, subversion, superencryption, supervisory control and data acquisition, support software, survivability, symmetric key, system, system accreditation, system administrator, system and data integrity, system high mode, system integrity, system interconnection, system low, system owner, system security authorization agreement, system software, system-high security mode, systems engineering, tamper, target, test procedure, thrashing, threat, threat agent, threat analysis, time-compliance date, timing attacks, token backup, token copy, token management, token restore, traceroute, trusted channel, trusted identification forwarding, trusted platform module chip, trustworthy system, type accreditation, untrusted process, user data, user representative, utility programs, verification procedure refinements, vulnerability, wedged, write, target of evaluation) (includes Defensive Information Operations, backup operations, centralized operations, component operations, computer operations, audit, and security technology, concept of operations, continuity of operations, continuity of operations plan, continuity of services and operations, information operations, mode of operation, modes of operation, multiuser mode of operation, normal operation, operational controls, operational data security, operational documentation, operational environment, operational integrity, operational key, operational risk, operational risk exposure, operational risk loss, operational testing, operational vulnerability information, operational waiver, operations code, operations manager, operations security, psychological operations, software operation, special information operations, synchronous crypto-operation)

operational controls

Controls that address security mechanisms primarily implemented and executed by people (as opposed to systems) [800-37] The security controls (i.e. safeguards or countermeasures) for an information system that are primarily implemented and executed by people (as opposed to systems). [800-82][CNSSI-4009][FIPS 200][SP 800-37][SP 800-53][SP 800-53A] (see also countermeasures, information, security, security controls, system, control, operation)

operational countermeasure

A countermeasure that includes controls that are executed by people, e.g., physical environment protection, configuration management, and incident response. [800-127]

operational data security

The protection of data from either accidental or unauthorized, intentional modification, destruction, or disclosure during input, processing, or output operations. [NSAINT] (see also authorized, process, operation, security)

operational documentation

The information produced by the developer of a Target of Evaluation to specify and explain how customers should use it. [AJP][ITSEC] (see also information, target, operation, target of evaluation)

operational environment

The organizational measures, procedures, and standards to be used while operating a Target of Evaluation. [AJP][ITSEC] (see also standard, target, operation, target of evaluation)

operational integrity

(I) A synonym for 'system integrity'; emphasizes the actual performance of system functions rather than just the ability to perform them. [RFC2828] (see also function, system, integrity, operation)

operational key

Key intended for use over-the-air for protection of operational information or for the production or secure electrical transmission of key streams. [CNSSI][CNSSI-4009] (see also information, key, operation)

operational risk

The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. The definition includes legal risk, that is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes the exposure to litigation from all aspects of an institution's activities. The definition does not include strategic or reputational risks1. [2003-53c] (see also process, standard, system, operation, risk) (includes operational risk exposure, operational risk loss)

operational risk exposure

An estimate of the potential operational losses that the banking institution faces at a soundness standard consistent with a 99.9 per cent [2003-53c] (see also standard, operation, operational risk)

operational risk loss

The financial impact associated with an operational event that is recorded in the institution's financial statements consistent with Generally Accepted Accounting Principles (GAAP). Financial impact includes all out-of- pocket expenses associated with an operational event but does not include opportunity costs, foregone revenue, or costs related to investment programs implemented to prevent subsequent operational risk losses. Operational risk losses are characterized by seven event factors. [2003-53c] (see also program, operation, operational risk) (includes business disruption and system failures, clients, products, and business practices, damage to physical assets, employment practices and workplace safety, execution, delivery, and process management, external fraud, internal fraud)

operational testing

Testing conducted to evaluate a system or component in its operational environment. [OVT] (see also system, operation, security testing, test)

operational vulnerability information

Information that describes the presence of a vulnerability within a specific operational setting or network. [CNSSI] (see also information, operation, vulnerability)

operational waiver

Authority for continued use of unmodified COMSEC end-items pending the completion of a mandatory modification. [CNSSI][CNSSI-4009] (see also authority, operation)

operations and support

Special Access Program established to protect the planning for, execution of, and support to especially sensitive military operations. An operations and support Special Access Program may protect organizations, property, operational concepts, plans, or activities. [DSS] (see also access)

operations code (OPCODE)

Code composed largely of words and phrases suitable for general communications use. [CNSSI][CNSSI-4009] (see also communications, code, operation)

operations manager

Oversees the security operations and administration of the IT system to include performing backups, holding training classes, managing cryptographic keys, keeping up with user administration and access privileges, and updating security software. [800-37] (see also access, access control, backup, cryptographic, cryptography, key, security, software, system, users, operation)

operations security (OPSEC)

(I) A process to identify, control, and protect evidence of the planning and execution of sensitive activities and operations, and thereby prevent potential adversaries from gaining knowledge of capabilities and intentions. [RFC2828] A process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to: a. Identify those actions that can be observed by adversary intelligence systems. b. Determine indicators hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries. c. Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation. (JP 1-02) [NSAINT] An analytical process by which the U.S. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of the planning and execution of sensitive activities and operations. [AJP][NCSC/TG004] Analytic process used to deny a adversary information- generally unclassified-concerning intentions and capabilities by identifying, planning processes or operations. Operations Security does not replace other security disciplines-it supplements them. The Operations Security process includes the following five steps: (1) identify critical information, (2) identify the threat, (3) assess vulnerabilities, (4) analyze the risk, (5) develop and apply counter measures. [DSS] Definition 1) The process of denying adversaries information about friendly capabilities and intentions by identifying, controlling, and protecting indicators associated with planning and conducting military operations and other activities. Definition 2) An analytical process by with the U.S. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of the planning and execution of sensitive activities and operations. [NSAINT] Systematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures. [CNSSI][CNSSI-4009] (see also adversary, analysis, application, assessment, classified, control, countermeasures, critical, evidence, exploit, identification, identify, information, intelligence, process, risk, system, threat, vulnerability, operation, security)

operations security assessment

Thorough evaluation of the effectiveness of a customer's implementation of Operations Security methodology, resources, and tools. Assessments: Are used to evaluate the effectiveness of the customer's corporate level Operations Security program. Can be used at the program level to determine whether or not a program is a viable candidate for an Operations Security survey. [DSS] (see also evaluation, assessment, security)

operations security indicator

Detectable activity and/or information that, when looked at by itself or in conjunction with something else, allows an adversary to obtain critical or sensitive information. [DSS] (see also adversary, critical, security)

operations security plan

Strategy that analyzes an operation or activity and includes specific operations security measures. [DSS] (see also security)

operations security process

Analytical process that involves five components: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures. [DSS] (see also analysis, assessment, countermeasures, critical, risk, threat, vulnerability, security)

operations security program

Vehicle by which the principles and practices of Operations Security are employed within an organization. [DSS] (see also security)

operations security survey

Application of Operations Security methodology at the program level. It is a detailed analysis of activities associated with a specific operation, project, or program to determine what exploitable evidence of classified or sensitive activity could be acquired in light of the known collection capabilities of potential adversaries. [DSS] (see also analysis, classified, evidence, security)

operations security working group

Designated body representing a broad range of line and staff activities within an organization that provides Operations Security advice and support to leadership and all elements of the organization. [DSS] (see also security)

operator

an individual accessing a cryptographic module, either directly or indirectly via a process operating on his or her behalf, regardless of the specific role the individual assumes. [FIPS140] (see also access, access control, cryptographic, module, process, role, cryptographic module)

opportunity cost

The value of opportunities forgone. [GAO] (see also risk management)

optical character recognition (OCR)

optical fiber

A light-guide for electromagnetic waves traveling in the infrared and visible light spectrum. An optical fiber consists of two different types of glass, core and cladding, surrounded by a protective coating. The core is the light-guided region of the fiber, while the cladding ensures that the light pulses remain within the core. [SRV]

optical scanner

A peripheral device that can read printed text or illustrations and translate them into a digitized image (bit map) that can be stored, displayed, and manipulated on a computer. [CIAO] (see also computer)

optical storage media

Optical mass storage, including compact disks, optical disks, and magneto-optical disks. [DSS]

optional modification

NSA-approved modification not required for universal implementation by all holders of a COMSEC end-item. This class of modification requires all of the engineering/doctrinal control of mandatory modification but is usually not related to security, safety, TEMPEST, or reliability. [CNSSI] NSA-approved modification not required for universal implementation by all holders of a COMSEC end-item. This class of modification requires all of the engineering/doctrinal control of mandatory modification but is usually not related to security, safety, TEMPEST, or reliability. See Mandatory Modification. [CNSSI-4009] (see also TEMPEST, communications security, control, security)

oracle

A mechanism to produce the predicted outcomes to compare with the actual outcomes of the software under test. (after Adrion) Any (often automated) means that provides information about the (correct) expected behavior of a component (HOWD86). Without qualification, this term is often used synonymously with input/outcome oracle. [OVT] (see also information, software, test)

oral/visual disclosure

To brief orally, to expose to view, or to permit use under U.S. supervision to permit the transfer of knowledge or information, but not to physically transfer documents, material, or equipment to a foreign government or its representatives. [DSS] (see also foreign)

Orange book

(D) ISDs SHOULD NOT use this term as a synonym for 'Trusted Computer System Evaluation Criteria' [CSC001, DOD1]. Instead, use the full, proper name of the document or, in subsequent references, the abbreviation 'TCSEC'. [RFC2828] Alternate name for DoD (US Department of Defense) Trusted Computer Security Evaluation Criteria. [AJP] Alternate name for DoD Trusted Computer Security Evaluation Criteria. [NCSC/TG004] (see also computer, computer security, criteria, evaluation, security, system, trust, rainbow series) (includes C2-protect)

order of an element in a finite commutative group

If a⁰ = e, and aⁿ+1 = a*aⁿ (for n ³ 0), is defined recursively, the order of a Î J is the least positive integer n such that aⁿ = e. [SC27] If a⁰ = e, and aⁿ+1 = a*aⁿ (for n ³ 0), is defined recursively, the order of a Î J is the least positive integer n such that aⁿ = e. [SC27]

ordinal variable

A quantitative variable, the attributes of which are ordered but for which the numerical differences between adjacent attributes are not necessarily interpreted as equal. [SRV]

organisational security policies

One or more security rules, procedures, practices, or guidelines imposed by an organisation upon its operations. [CC2][CC21][SC27] (see organisational security policy) (see also security)

organisational security policy

The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. [AJP][FCv1][NCSC/TG004][NSAINT][TCSEC][TDI][TNI] (see also information, operation, policy, security policy)

organization

A federal agency, or, as appropriate, any of its operational elements. [FIPS 200] An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency, or, as appropriate, any of its operational elements). [SP 800-53; SP 800-53A; SP 800-37]

organization computer security representative

That individual designated by a member of the GRC senior staff as responsible for executing the GRC IT Security Program in that organization [NASA] (see also IT security, program, computer, security)

organizational certificate

(O) MISSI usage: A type of MISSI X.509 public-key certificate that is issued to support organizational message handling for the U.S. Government's defense message system. [RFC2828] (see also X.509, key, message, public-key, system, certificate, multilevel information systems security initiative)

organizational maintenance

Limited maintenance performed by a user organization. [CNSSI][CNSSI-4009] (see also users)

organizational registration authority (ORA)

(I) General usage: An RA for an organization. (O) MISSI usage: The MISSI implementation of RA. A MISSI end entity that (a) assists a PCA, CA, or SCA to register other end entities, by gathering, verifying, and entering data and forwarding it to the signing authority and (b) may also assist with card management functions. An ORA is a local administrative authority, and the term refers both to the office or role, and to the person who fills that office. An ORA does not sign certificates, CRLs, or CKLs. [RFC2828] Entity within the PKI that authenticates the identity and the organizational affiliation of the users. [CNSSI] (see also certificate, entity, function, identity, role, users, authority, multilevel information systems security initiative, registration)

organizational user

An organizational employee or an individual the organization deems to have equivalent status of an employee (e.g., contractor, guest researcher, individual detailed from another organization, individual from allied nation). [SP 800-53]

organizational-level commander/commanding officer

Individual, regardless of rank, appointed as the officer in command of a physical organization. [DSS]

origin authenticity

(D) ISDs SHOULD NOT use these terms because they look like careless use of an internationally standardized term. Instead, use 'data origin authentication' or 'peer entity authentication', depending that is meant. [RFC2828] (see also authentication, entity, standard)

original classification

Initial determination that information requires, in the interest of national security, protection against unauthorized disclosure. [DSS] (see also authorized, security)

original classification authority

Individual authorized in writing, either by the President, by agency heads, or other officials designated by the President, to classify information in the first instance. [DSS] (see also authorized)

originating agency determination required

Discontinued practice that was declassification guidance for classified materials. Any material flagged Originating Agency Determination Required requires that the agency that originally classified the material determine whether the information can be declassified. This was a popular declassification guidance during the Cold War. Use of Originating Agency Determination Required was halted in 1998 by President Clinton. All documents with Originating Agency Determination Required guidance needed to have new guidance, or be declassified. Because of the non-existence of many originating agencies, many Department of Energy nuclear secrets were almost declassified, until the order was modified. [DSS] (see also classified)

originating agency's determination required (OADR)

originator

The entity that sends a message to the recipient or makes available a message for which non-repudiation services are to be provided. [SC27] (see also entity, message, non-repudiation)

OSI architecture

The International Organization for Standardization (ISO) provides a framework for defining the communications process between systems. This framework includes a network architecture, consisting of seven layers. The architecture is referred to as the Open Systems Interconnection (OSI) Model or Reference Model. Services and the protocols to implement it for the different layers of the model are defined by international standards. From a systems viewpoint, the bottom three layers support the components of the network necessary to transmit a message, the next three layers generally pertain to the characteristics of the communicating end systems, and the top layer supports the end-users. The seven layers are: (1) Physical Layer, (2) Link Layer, (3) Network Layer, (4) Transport Layer, (5) Session Layer, (6) Presentation Layer, and (7) Application Layer. [AJP] The International Organization for Standardization (ISO) provides a framework for defining the communications process between systems. This framework includes a network architecture, consisting of seven layers. The architecture is referred to as the Open Systems Interconnection (OSI) model or Reference Model. Services and the protocols to implement them for the different layers of the model are defined by international standards. From a systems viewpoint, the bottom three layers support the components of the network necessary to transmit a message, the next three layers generally pertain to the characteristics of the communicating end systems, and the top layer supports the end-users. The seven layers are: 1. Physical Layer: Includes the functions to activate, maintain, and deactivate the physical connection. It defines the functional and procedural characteristics of the interface to the physical circuit: the electrical and mechanical specifications are considered to be part of the medium itself. 2. Data Link Layer: Formats the messages. Covers synchronization and error control for the information transmitted over the physical link, regardless of the content. 'Point-to point error checking' is one way to describe this layer. 3. Network Layer: Selects the appropriate facilities. Includes routing communications through network resources to the system where the communicating application is: segmentation and reassembly of data units (packets) ; and some error correction. 4. Transport Layer: Includes such functions as multiplexing several independent message streams over a single connection, and segmenting data into appropriately sized packets for processing by the Network Layer. Provides end-to-end control of data reliability. 5. Session Layer: Selects the type of service. Manages and synchronizes conversations between two application processes. Two main types of dialogue are provided: two-way simultaneous (fullduplex), or two-way alternating (half-duplex). Provides control functions similar to the control language in computer system. 6. Presentation Layer: Ensures that information is delivered in a form that the receiving system can understand and use. Communicating parties determine the format and language (syntax) of messages: translates if required, preserving the meaning (semantics). 7. Application Layer: Supports distributed applications by manipulating information. Provides resource management for file transfer, virtual file and virtual terminal emulation, distributed processes and other applications. [TNI] (see also application, communications, connection, message, model, network, process, protocols, standard, system, users, Open Systems Interconnection Reference model)

out-of-band

(I) Transfer of information using a channel that is outside (i.e. separate from) the channel that is normally used. (C) Out-of-band mechanisms are often used to distribute shared secrets (e.g. a symmetric key) or other sensitive information items (e.g. a root key) that are needed to initialize or otherwise enable the operation of cryptography or other security mechanisms.$ output feedback (OFB) (N) A block cipher mode that modifies electronic codebook mode to operate on plaintext segments of variable length less than or equal to the block length. (C) This mode operates by directly using the algorithm's previously generated output block as the algorithm's next input block (i.e. by 'feeding back' the output block) and combining (exclusive OR-ing) the output block with the next plaintext segment (of block length or less) to form the next ciphertext segment. [RFC2828] Communication between parties using a means or method that differs from the current method of communication (e.g., one party uses U.S. Postal Service mail to communicate with another party where current communication is occurring online). [GSA] (see also algorithm, cipher, code, cryptography, information, key, operation, security, shared secret)

outage

The period of time for which a communication service or an operation is unavailable. [SRV] (see also communications, failure, operation)

outcome

The ultimate, long-term, resulting effects-both expected and unexpected-of the customer's use or application of the organization's outputs. [SRV] (see also application)

outlier

An extremely large or small observation that applies to ordinal, interval, and ratio variables. [SRV]

output

Data/information produced by computer processing of transactions. The type of output could be a hard copy, a display on a terminal, or a computer file. [SRV] Information that has been exported by a TCB. [AJP][TCSEC] (see also computer, file, information, process, trusted computing base)

output data

information that is to be output from a cryptographic module that has resulted from a transformation or computation in the module. [FIPS140] (see also cryptographic, information, module, cryptographic module)

output feedback (OFB)

output transformation

A function that is applied at the end of the MAC algorithm, before the truncation operation. [SC27] A function that is applied at the end of the MAC algorithm, before the truncation operation. [ISO/IEC 9797-1: 1999] A transformation or mapping of the output of the iteration stage to obtain the hash-code. [SC27] A transformation or mapping of the output of the iteration stage to obtain the hash-code. [SC27] (see also algorithm, code, function, hash, operation)

outside threat

An unauthorized entity from outside the domain perimeter that has the potential to harm an Information System through destruction, disclosure, modification of data, and/or denial of service. [SP 800-32] (see also threat)

outside(r) threat

An unauthorized entity outside the security domain that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. [CNSSI-4009] (see also security, threat)

outsourced information technology based process

For Department of Defense Information Assurance purposes, an outsourced Information Technologybased process is a general term used to refer to outsourced business processes supported by private sector information systems, outsourced information technologies, or outsourced information services. An outsourced Information Technology-based process performs clearly defined functions for which there are readily identifiable security considerations and needs that are addressed in both acquisition and operations. [DSS] (see also assurance, security)

outsourcing

The practice of contracting with another entity to perform services that might otherwise be conducted in-house. [FFIEC] (see also entity)

over-the-air key distribution (OTAD)

Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation. [CNSSI][CNSSI-4009] (see also rekey, key)

over-the-air key transfer (OTAT)

Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished. [CNSSI][CNSSI-4009] (see also communications, encryption, key)

over-the-air rekeying (OTAR)

Changing traffic encryption key or transmission security key in remote cryptographic equipment by sending new key directly to the remote cryptographic equipment over the communications path it secures. [CNSSI][CNSSI-4009] (see also communications, encryption, security, key, rekey)

overload

Hindrance of system operation by placing excess burden on the performance capabilities of a system component. [RFC2828] (see also operation, system, threat consequence)

overseas security policy board

Board established by the President to consider, develop, coordinate and promote policies, standards and agreements on overseas security operations, programs and projects that affect all U.S. Government agencies under the authority of a Chief of Mission. [DSS] (see also security)

overt channel

A path within a system or network that is designed for the authorized transfer of data. Compare covert channel. [NCSC/TG004] An overt channel is a path within a network that is designed for the authorized transfer of data. [TNI] Communications path within a computer system or network designed for the authorized transfer of data. [CNSSI] Communications path within a computer system or network designed for the authorized transfer of data. See Covert Channel. [CNSSI-4009] Communications path within a system or network that is designed for the authorized transfer of data. [AJP][FCv1] (see also covert channel, authorized, communications, computer, covert, network, system, channel)

overt collection

Acquisition of information by way of the public domain. [DSS]

overt operation

For purposes of downgrading in limited cases. Operation conducted openly, without concealment. [DSS] (see also clandestine operation)

overt testing

Security testing performed with the knowledge and consent of the organization's IT staff. [SP 800-115] (see also security, test)

overwrite procedure

A software process that replaces data previously stored on storage media with a predetermined set of meaningless data or random patterns. [CNSSI-4009] A stimulation to change the state of a bit followed by a known pattern. [AJP][NCSC/TG004] Process of writing patterns of data on top of the data stored on a magnetic medium. [CNSSI] Process that removes or destroys data recorded on an Information Systems storage medium by writing patterns of data over, or on top of, data stored on the medium. [DSS] (see also process, security, software, erasure) (includes magnetic remanence, remanence)

overwrite verification

Re-recording. Approved procedure for reviewing, displaying, or checking the success of an overwrite procedure. The successful testing and documentation through hardware and random hardcopy readout of the actual overwritten memory sectors. [DSS]

overwriting

Software process that replaces the data previously stored on magnetic storage media with a predetermined set of meaningless data. Overwriting is an acceptable method for clearing for release to environments of equal classification (TOP SECRET/Special Access Program to TOP SECRET/Special Access Program, TOP SECRET/Special Access Program to TOP SECRET/ Sensitive Compartmented Information). However, the effectiveness of the overwrite procedure may be reduced by several factors: ineffectiveness of the overwrite procedures, equipment failure (for example, misalignment of read/write heads), or inability to overwrite bad sectors or tracks or information in inter-record gaps. Software overwrite routines may be corrupted by the hostile computer viruses. Overwriting is not an acceptable method of declassifying media. [DSS] The obliteration of recorded data by recording different data on the same storage surface. [SRV] (see also access, virus)

owner

User-granted privileges with respect to security attributes and privileges affecting specific subjects and objects. [AJP][FCv1] (see also IT default file protection parameters, Identification Protocol, Secure Electronic Transaction, accountability, asymmetric cryptography, attribute certificate, browse access protection, certificate, certification, certify, commercial software, computer emergency response team, data custodian, default file protection, digital watermarking, discretionary access control, formal access approval, information system security officer, interim accreditation action plan, key pair, mandatory access control, pretty good privacy, privacy enhanced mail, public-key certificate, reconstitution, response, security, sensitive, sensitivity, settlement, skimming, smartcards, system security officer, technical vulnerability, users, vulnerability) (includes certificate owner, data owner, information owner, key owner, object, process owner, subject, system owner)

owners/operators

Those entities responsible for day-to-day operation and investment in a particular asset or system. [NIPP]

package

A reusable set of either functional or assurance components (e.g. an EAL), combined together to satisfy a set of identified security objectives. [CC2][CC21][SC27] A reusable set of either functional or assurance components combined together to satisfy a set of identified security objectives. [SC27] A reusable set of either functional or assurance components combined together to satisfy a set of identified security objectives. [ISO/IEC 15292: 2001] A reusable set of either functional or assurance components (e.g. an EAL), combined together to satisfy a set of identified security objectives. [SC27] (see also assurance, function, security) (includes object)

packet

A block of data sent over the network transmitting the identities of the sending and receiving stations, error-control information, and message. [NSAINT] (see also control, information, message, network)

packet assembly and disassembly (PAD)

(see also internet)

packet filter

A routing device that provides access control functionality for host addresses and communication sessions. [SP 800-41] A type of firewall in which each IP packet is examined and either allowed to pass through or rejected. Normally packet filtering is a first line of defense and is typically combined with application proxies for more security. [misc] A type of firewall that examines each packet and accepts or rejects it based on the security policy programmed into it in the form of rules. [CIAO] Inspects each packet for user defined content, such as an IP address but does not track the state of sessions. This is one of the least secure types of firewall. [NSAINT] Specifies which types of traffic should be permitted or denied and how permitted traffic should be protected, if at all. [800-77] (see also access, application, control, filtering router, packet filtering, policy, program, security, users, firewall)

packet filtering

A feature incorporated into routers and bridges to limit the flow of information based on pre-determined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol specific traffic to one network segment, isolate email domains, and perform many other traffic control functions. [NSAINT] The process of controlling access by examining packets based on the content of packet headers. Packet-filtering devices forward or deny packets based on information in each packet's header, such as IP address or TCP port number. A packet-filtering firewall uses a rule set to determine which traffic should be forwarded and which should be blocked. [RFC2647] (see also access, access control, communications, control, domain, flow, function, information, network, packet filter, process, protocols, proxy, router, firewall) (includes stateful packet filtering)

packet filtering firewall

A router to block or filter protocols and addresses. [SRV] (see also protocols, router, firewall)

packet sniffer

A device or program that monitors the data traveling between computers on a network [NSAINT] Software that observes and records network traffic. [800-61][CNSSI-4009] (see also computer, ethernet sniffing, network, program, promiscuous mode, software, sniffer)

packet switching

A message-delivery technique in which small units of information (packets) are relayed through stations in a computer network along the best route currently available between the source and the destination. A packet-switching network handles information in small units, breaking long messages into multiple packets before routing. Although each packet may travel along a different path, and the packets composing a message may arrive at different times or out of sequence, the receiving computer reassembles the original message. Packet-switching networks are considered to be fast and efficient. To manage the tasks of routing traffic and assembling or disassembling packets, such networks require some intelligence from the computers and software that control delivery. [SRV] (see also computer, computer network, control, information, intelligence, message, network, software)

packet transfer mode (PTM)

(see also network)

padding

Appending extra bits to a data string. [SC27]

pagejacking

(I) A contraction of 'Web page hijacking'. A masquerade attack in which the attacker copies (steals) a home page or other material from the target server, rehosts the page on a server the attacker controls, and causes the rehosted page to be indexed by the major Web search services, thereby diverting browsers from the target server to the attacker's server. (D) ISDs SHOULD NOT use this term without including a definition, because the term is not listed in most dictionaries and could confuse international readers. [RFC2828] (see also control, hijack attack, target, world wide web, attack)

parameters

A number that describes a population; a measure such as mean, median, standard deviation, or proportion that is calculated or defined by using every item in the population. A value that is given to a variable. [SRV] Specific variables and their values used with a cryptographic algorithm to compute outputs useful to achieve specific security goals. [800-130] (see also algorithm, cryptographic, security, standard)

parent corporation

Corporation that owns at least a majority of another corporation's voting securities. [DSS]

pareto diagram

Pareto diagram focuses on vital few areas instead of trivial many. [SRV]

parity

Bit(s) used to determine whether a block of data has been altered. [CNSSI][CNSSI-4009][IATF] (see also security)

partial order

A relation that is symmetric (a is related to a), transitive (if a is related to b and b is related to c, then a is related to c), and antisymmetric (if a is related to b and b is related to a, then a and b are identical). [AJP][TDI]

partition rule base access control (PRBAC)

(see also access, control)

partitioned security mode

(N) A mode of operation of an information system, wherein all users have the clearance, but not necessarily formal access authorization and need-to-know, for all information handled by the system. This mode is defined in U.S. Department of Defense policy regarding system accreditation. [RFC2828] A mode of operation wherein all personnel have the clearance but not necessarily formal access approval and need-to-know for all information contained in the system. Not to be confused with compartmented security mode. [AJP][NCSC/TG004] IS security mode of operation wherein all personnel have the clearance, but not necessarily formal access approval and need-to-know, for all information handled by an IS. [CNSSI] Information systems security mode of operation wherein all personnel have the clearance, but not necessarily formal access approval and need-to-know, for all information handled by an information system. [CNSSI-4009] (see also access, access control, accreditation, authorization, computer security, information, operation, policy, system, users, modes of operation, security)

partnership

A relationship between two or more entities wherein each accepts responsibility to contribute a specified, but not necessarily equal, level of effort to the achievement of a common goal. The public and private sector contributing their relative strengths to protect and assure the continued operation of critical infrastructures. [CIAO] (see also critical, critical infrastructures, operation)

party

NIST or NSA in its capacity as a member of the NIAP Oversight Body and as a signatory to the agreement on the mutual recognition of certificates in the field of IT security. [NIAP] (see also IT security, National Security Agency, certificate, computer security, security, National Institute of Standards and Technology)

pass/fail

Declassification technique that regards information at the full document or folder level. Any exemptible portion of a document or folder may result in exemption (failure) of the entire documents or folders. Documents or folders that contain no exemptible information are passed and therefore declassified. Documents within exempt folders are exempt from automatic declassification. Declassified documents may be subject to Freedom of Information Act exemptions other than the security exemption and the requirements placed by legal authorities governing Presidential records and materials. [DSS] (see also classified, requirements, security, subject)

passive

(1) A property of an object or network object that it lacks logical or computational capability and is unable to change the information it contains. (2) Those threats to the confidentiality of data which, if realized, would not result in any unauthorized change in the state of the intercommunicating systems (e.g. monitoring and/or recording of data). [AJP][TNI] (see also authorized, confidentiality, information, network, property, system, threat) (includes object)

passive attack

An attack against an authentication protocol where the attacker intercepts data traveling along the network between the claimant and verifier, but does not alter the data (i.e. eavesdropping). [800-63][SP 800-63] An attack that does not alter systems or data. [CNSSI-4009] Attack which does not result in an unauthorized state change, such as an attack that only monitors and/or records data. [AFSEC][NSAINT] (see also authentication, authorized, protocols, attack)

passive fingerprinting

Analyzing packet headers for certain unusual characteristics or combinations of characteristics that are exhibited by particular operating systems or applications. [800-94] (see also application, system)

passive security testing

Nonintrusive security testing primarily involving reviews of documents such as policies, procedures, security requirements, software code, system configurations, and system logs. [800-115] Security testing that does not involve any direct interaction with the targets, such as sending packets to a target. [SP 800-115] (see also code, requirements, software, system, target, security testing, test)

passive sensor

A sensor that is deployed so that it monitors a copy of the actual network traffic. [800-94]

passive threat

The threat of unauthorized disclosure of information without changing the state of the computer system. A type of threat that involves the interception, not the alteration, of information. [AFSEC][NSAINT] (see also authorized, computer, information, system, threat)

passive wiretapping

The monitoring and/or recording of data while the data is being transmitted over a communications link. [SRV] The monitoring or recording of data while it is being transmitted over a communications link, without altering or affecting the data. [CNSSI-4009] (see also communications, wiretapping)

passphrase

A passphrase is a long password. It is often composed of several words and symbols to make it harder to guess. [RFC2504] A sequence of characters, longer than the acceptable length of a password, that is transformed by a password system into a virtual password of acceptable length. [SRV] Sequence of characters, longer than the acceptable length of a password that is transformed by a password system into a virtual password of acceptable length. [DSS] (see also system, passwords)

Password Authentication Protocol (PAP)

(I) A simple authentication mechanism in PPP. In PAP, a user identifier and password are transmitted in cleartext. [RFC2828] (see also passwords, users, authentication, protocols, security protocol)

password cracker

An application that tests for passwords that can be easily guessed, such as words in the dictionary or simple strings of characters (e.g., 'abcdefgh' or 'qwertyuiop'). [CIAO] a software program that can guess passwords. [FJC] (see also application, dictionary attack, program, software, test, threat)

password cracking

The process of recovering secret passwords stored in a computer system or transmitted over a network. [800-115][SP 800-115] (see also computer, process, system, passwords)

password protected

The ability to protect a file using a password access control, protecting the data contents from being viewed with the appropriate viewer unless the proper password is entered. [SP 800-72] The ability to protect the contents of a file or device from being accessed until the correct password is entered. [SP 800-124] (see also access, control)

password shadowing

Ability with operating system to physically store the password and/or encrypted password results in a mass storage area of the system other than in the actual password file itself. This feature prevents the theft of passwords by hackers. Usually a UNIX feature. [DSS] (see also theft)

password sniffing

(I) Passive wiretapping, usually on a local area network, to gain knowledge of passwords. [RFC2828] Sniffers are programs that monitor all traffic on a network, collecting a certain number of bytes from the beginning of each session, usually the part where the password is typed unencrypted on certain common Internet services such as FTP and Telnet. [AFSEC] (see also internet, network, passwords, program, sniffing)

password system

A system that uses a password or passphrase to authenticate a person's identity or to authorize a person's access to data and that consists of a means for performing one or more of the following password operations: generation, distribution, entry, storage, authentication, replacement, encryption and/or decryption of passwords. [SRV] (see also access, access control, authentication, encryption, entity, identity, operation, system)

password-locked screensaver

A screen saver obscures the normal display of a monitor. A password-locked screensaver can only be deactivated if the end-user's password is supplied. This prevents a logged-in system from being abused and hides the work currently being done from passers-by. [RFC2504] (see also passwords, system, users)

passwords

(I) A secret data value, usually a alphanumeric string, that is used as authentication information. (C) A password is usually matched with a user identifier that is explicitly presented in the authentication process, but in some cases the identity may be implicit. (C) Using a password as authentication information assumes that the password is known only by the system entity whose identity is being authenticated. Therefore, in a network environment where wiretapping is possible, simple authentication that relies on transmission of static (i.e. repetitively used) passwords as cleartext is inadequate. [RFC2828] A protected character string used to authenticate the identity of a computer system user or to authorize access to system resources. [FIPS 181] A protected or private alphanumeric string used to authenticate an entity. [SRV] A protected/private alphanumeric string that is used to authenticate an entity. [TCSEC] A protected/private alphanumeric string used to authenticate an entity or to authorize access to data. [AJP][FCv1] A protected/private alphanumeric string used to authenticate an entity. [NCSC/TG004] A protected/private string of letters, numbers, and/or special characters used to authenticate an identity or to authorize access to data. [CNSSI-4009] A secret sequence of characters that is used as a means of authentication. [FFIEC] A secret that a claimant memorizes and uses to authenticate his or her identity. Passwords are typically character strings. [800-63][SP 800-63] A string of alphanumeric characters known only to a single user to authenticate the identity of that user [NASA] A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. [800-82][FIPS 140-2] A string of characters containing letters, numbers, and other keyboard symbols that is used to authenticate a user's identity or authorize access to data. A password is generally known only to the authorized user who originated it. [CIAO] A string of characters used to authenticate an entity or to verify access authorization. [FIPS140] Protected/private alphanumeric string used to authenticate an entity or to authorize access to data. [IATF] Protected/private character string used to authenticate an identity or to authorize access to data. [DSS] Protected/private string of letters, numbers, and special characters used to authenticate an identity or to authorize access to data. [CNSSI] (see also 3-factor authentication, Extensible Authentication Protocol, Green book, Password Authentication Protocol, Terminal Access Controller Access Control System, access, access control, anonymous login, auditing tool, authentication, authorization, authorized, check_password, community string, computer oracle and password system, crack, critical security parameters, default account, dictionary attack, domain controller, encrypted key, entity, ethernet sniffing, guessing entropy, identity, information, kerberos, key, key logger, leapfrog attack, lock-and-key protection system, login, login prompt, min-entropy, network, password sniffing, password-locked screensaver, personal identification number, print suppression, process, proof of possession protocol, public-key forward secrecy, rootkit, salt, secret, security-relevant event, shared secret, simple authentication, simple network management protocol, smartcards, sniffer, social engineering, system, target vulnerability validation techniques, third party trusted host model, ticket, tokens, user identifier, users) (includes one-time passwords, passphrase, password cracking, secure single sign-on, time-dependent password, tunneled password protocol, virtual password, zero-knowledge password protocol)

patch

1) A quick modification of a program, that is sometimes a temporary fix until the problem can be solved more thoroughly. 2) A modification to software that fixes an error in an application already installed on an IS, generally supplied by the vendor of the software. [CIAO] An update to an operating system, application, or other software issued specifically to correct particular problems with the software. [SP 800-123] See 'Fixes, Patches and installing them' [RFC2504] Software code that replaces or updates other code. Frequently patches are used to correct security flaws. [FFIEC] (see also application, code, program, security, software, update)

patch management

The process of acquiring, testing, and distributing patches to the appropriate administrators and users throughout the organization. [800-61] The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs. [CNSSI-4009] (see also process, security testing, software, test, users, management)

path coverage

Metric applied to all path-testing strategies: in a hierarchy by path length, where length is measured by the number of graph links traversed by the path or path segment; e.g. coverage with respect to path segments two links long, three links long, etc. Unqualified, this term usually means coverage with respect to the set of entry/exit paths. Often used erroneously as synonym for statement coverage. [OVT] (see also security testing, test)

path discovery

(I) For a digital certificate, the process of finding a set of public-key certificates that comprise a certification path from a trusted key to that specific certificate. [RFC2828] (see also certificate, certification, key, process, public-key, trust, public-key infrastructure)

path histories

Maintaining an authenticatable record of the prior platforms visited by a mobile software agent, so that a newly visited platform can determine whether to process the agent and what resource constraints to apply. [SP 800-19] (see also software)

path validation

(I) The process of validating (a) all of the digital certificates in a certification path and (b) the required relationships between those certificates, thus validating the contents of the last certificate on the path. [RFC2828] (see also certificate, certification, process, public-key infrastructure, validation)

payload

The input data to the CCM generation-encryption process that is both authenticated and encrypted. [SP 800-38C] The portion of a virus that contains the code for the virus's objective, which may range from the relatively benign (e.g., annoying people, stating personal opinions) to the highly malicious (e.g., forwarding personal information to others, wiping out systems). [800-83] (see also code, information, malicious, object, system, virus)

payment

A transfer of value. [FFIEC]

payment card

(N) SET usage: Collectively refers 'to credit cards, debit cards, charge cards, and bank cards issued by a financial institution and which reflects a relationship between the cardholder and the financial institution.' [RFC2828] (see also Secure Electronic Transaction)

payment gateway

(O) SET usage: A system operated by an acquirer, or a third party designated by an acquirer, for the purpose of providing electronic commerce services to the merchants in support of the acquirer, and which interfaces to the acquirer to support the authorization, capture, and processing of merchant payment messages, including payment instructions from cardholders. [RFC2828] (see also authorization, interface, message, process, system, Secure Electronic Transaction, gateway)

payment gateway certification authority

(O) SET usage: A CA that issues digital certificates to payment gateways and is operated on behalf of a payment card brand, an acquirer, or another party according to brand rules. A SET PCA issues a CRL for compromised payment gateway certificates. [RFC2828] (see also certificate, compromise, Secure Electronic Transaction, authority, certification, gateway, public-key infrastructure)

PC card

(N) A type of credit card-sized, plug-in peripheral device that was originally developed to provide memory expansion for portable computers, but is also used for other kinds of functional expansion. (C) The international PC Card Standard defines a non-proprietary form factor in three standard sizes--Types I, II and III--each of which have a 68-pin interface between the card and the socket into which it plugs. All three types have the same length and width, roughly the size of a credit card, but differ in their thickness from 3.3 to 10.5 mm. Examples include storage modules, modems, device interface adapters, and cryptographic modules. [RFC2828] (see also computer, cryptographic, cryptography, function, interface, module, standard)

PCA

(D) ISDs SHOULD NOT use this acronym without a qualifying adjective because that would be ambiguous. [RFC2828]

PCMCIA

(N) personal computer memory card international association, a group of manufacturers, developers, and vendors, founded in 1989 to standardize plug-in peripheral memory cards for personal computers and now extended to deal with any technology that works in the PC card form factor. [RFC2828] (see also association, automated information system, computer, standard, technology)

peer access approval (PAAP)

(see also access)

peer access enforcement (PAE)

(see also access)

peer entity authentication

(I) 'The corroboration that a peer entity in an association is the one claimed.' [RFC2828] The process of verifying that a peer entity in an association is as claimed. [CNSSI-4009] (see also association, authentication, entity)

peer entity authentication service

(I) A security service that verifies an identity claimed by or for system entity in an association. (C) This service is used at the establishment of, or at times during, an association to confirm the identity of one entity to another, thus protecting against a masquerade by the first entity. However, unlike data origin authentication service, this service requires an association to exist between the two entities, and the corroboration provided by the service is valid only at the current time that the service is provided. [RFC2828] (see also association, establishment, identity, system, authentication, entity)

peer-to-peer communication (P2P)

the communications that travel from one user's computer to another user's computer without being stored for later access on a server. E-mail is not a P2P communication since it travels from the sender to a server, and is retrieved by the recipient from the server. online chat, however, is a P2P communication since messages travel directly from one user to another. [FFIEC] (see also access, access control, communications, computer, internet, message, users)

penetration

(I) Successful, repeatable, unauthorized access to a protected system resource. [RFC2828] (I) Successful, repeatable, unauthorized access to a protected system resource. The successful unauthorized access to an automated system. The successful act of bypassing the security mechanisms of a system. [OVT] Gaining unauthorized logical access to sensitive data by circumventing a system's protections. [RFC2828] See intrusion. [CNSSI] The successful act of bypassing the security mechanisms of a system. [AJP][NCSC/TG004][SRV] The successful act of bypassing the security mechanisms; the unauthorized access to an automated system. [AFSEC] The successful unauthorized access to an automated system. [NSAINT] The successful violation of a protected system. [TNI] (see also access, access control, authorized, breach, computer security intrusion, confidentiality, entrapment, flaw hypothesis methodology, incomplete parameter checking, nak attack, network weaving, phreaking, protective packaging, protective technologies, real-time reaction, resource, security certification level, security testing, security violation, system, unauthorized access, attack, intrusion, threat consequence) (includes penetration signature, penetration study, penetration test, penetration testing)

penetration signature

The characteristics or identifying marks that may be produced by a penetration. [NCSC/TG004][SRV] The description of a situation or set of conditions in which a penetration could occur or of system events which in conjunction can indicate the occurrence of a penetration in progress. [AFSEC][NSAINT] (see also identify, system, penetration, signature)

penetration study

A study to determine the feasibility and methods for defeating controls of a system. [AJP][NCSC/TG004][SRV] (see also control, system, penetration, risk management)

penetration test

(I) A system test, often part of system certification, in which evaluators attempt to circumvent the security features of the computer system. (C) Penetration testing may be performed under various constraints and conditions. However, for a TCSEC evaluation, testers are assumed to have all system design and implementation documentation, including source code, manuals, and circuit diagrams, and to work under no greater constraints than those applied to ordinary users. [RFC2828] A type of testing in which testers attempt to circumvent the security features of an IT system to identify security weaknesses [NASA] The process of using approved, qualified personnel to conduct real-world attacks against a system so as to identify and correct security weaknesses before they are discovered and exploited by others. [FFIEC] (see also penetration testing, certification, code, computer, evaluation, identify, process, security, security testing, system, users, penetration, test)

penetration testing

(1) Security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation. (2) Tests performed by an evaluator on the Target of Evaluation to confirm whether known vulnerabilities are actually exploitable in practice. (3) The portion of security testing in which the evaluators or penetrators attempt to circumvent the security features of a system. The evaluators or penetrators may be assumed to use all system design and implementation documentation, that may include listings of system source code, manuals, and circuit diagrams. The evaluators or penetrators work under no constraints other than those that would be applied to ordinary users or implementers of untrusted portions of the component. [AJP] A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system. [SP 800-53; CNSSI-4009] A type of security testing in which testers attempt to circumvent the security features of a system in an effort to identify system weaknesses. [AFSEC] Security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation. [CNSSI][FCv1] Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability. [SP 800-115] Security testing in which evaluators mimic real-world attacks to attempt to identify methods for circumventing the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the common tools and techniques used by attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through any single vulnerability. [800-115] Tests performed by an evaluator on the Target of Evaluation to confirm whether or not known vulnerabilities are actually exploitable in practice. [ITSEC] The portion of security testing in which the evaluators attempt to circumvent the security features of a computer system. The evaluators may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams. The evaluators work under the same constraints applied to ordinary users. [SRV] The portion of security testing in which the evaluators attempt to circumvent the security features of a system. The evaluators may be assumed to use all system design and implementation documentation, that may include listings of system source code, manuals, and circuit diagrams. The evaluators work under the same constraints applied to ordinary users. [NCSC/TG004][NSAINT] The portion of security testing in which the evaluators attempt to circumvent the security features of a system. The evaluators may be assumed to use all system design and implementation documentation, that may include listings of system source code, manuals, and circuit diagrams. The evaluators work under the same constraints applied to ordinary users. (C) Penetration testing may be performed under various constraints and conditions. However, for a TCSEC evaluation, testers are assumed to have all system design and implementation documentation, including source code, manuals, and circuit diagrams, and to work under no greater constraints than those applied to ordinary users. [OVT] The portion of security testing in which the penetrators attempt to circumvent the security features of a system. The penetrators may be assumed to use all system design and implementation documentation, that may include listings of system source code, manuals, and circuit diagrams. The penetrators work under no constraints other than those that would be applied to ordinary users or implementors of untrusted portions of the component. [TNI] The portion of security testing in which the penetrators attempt to circumvent the security features of a system. The penetrators may be assumed to use all system design and implementation documentation, that may include listings of system source code, manuals, and circuit diagrams. The penetrators work under no constraints other than those that would be applied to ordinary users. [TCSEC] (see also penetration test, access, application, code, computer, exploit, identify, system, target, trust, users, vulnerability, penetration, security testing, target of evaluation, test)

people

Staff, management, and executives necessary to plan, organize, acquire, deliver, support, and monitor mission related services, information systems, and facilities. This includes groups and individuals external to the organization involved in the fulfillment of the organization's mission. Security management personnel should also be included. [CIAO] (see also information, security, system)

per-call key

Unique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. [CNSSI] Unique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. See Cooperative Key Generation. [CNSSI-4009] (see also communications, encryption, system, telecommunications, key)

perceived collection threat

Estimate of the present and future resource allocations and capabilities of an adversary to gain information. Synonymous with potential threat. [DSS] (see also adversary, threat)

perfect forward secrecy

An option available during quick mode that causes a new shared secret to be created through a Diffie-Hellman exchange for each IPsec SA. [800-77] (see forward secrecy)

performance gap

The gap between what customers and stakeholders expect and what each process and related subprocesses produce in terms of quality, quantity, time, and cost of services and products. [SRV] (see also process, quality)

performance measurement

The process of developing measurable indicators that can be systematically tracked to assess progress made in achieving predetermined goals and using such indicators to assess progress in achieving these goals. [SRV] (see also process, system)

performance reference model

(PRM) Framework for performance measurement providing common output measurements throughout the federal government. It allows agencies to better manage the business of government at a strategic level by providing a means for using an agency's EA to measure the success of information systems investments and their impact on strategic outcomes. [CNSSI-4009]

perimeter

(C&A) Encompasses all those components of the system that are to be accredited by the DAA, and excludes separately accredited systems to which the system is connected. (Authorization) Encompasses all those components of the system or network for which a Body of Evidence is provided in support of a formal approval to operate. [CNSSI-4009] Encompasses all those components of the system that are to be accredited by the DAA, and excludes separately accredited systems to which the system is connected. [CNSSI] Perimeter of an Automated Information System or network is the extent of the system that is to be accredited as a single system. [DSS] (see security perimeter)

perimeter-based security

The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters. [NSAINT] The technique of securing a network by controlling accesses to all entry and exit points of the network. [IATF] (see also access, control, network, security perimeter)

periodic reinvestigation

Investigation conducted every 5 years for updating a previously completed background or special background investigation. The scope consists of a personal interview, National Agency Check, Local Agency Check, credit bureau checks, employment records, employment references and developed character references and normally not exceed the most recent 5-year period. [DSS]

periods processing

(I) A mode of system operation in which information of different sensitivities is processed at distinctly different times by the same system, with the system being properly purged or sanitized between periods. [RFC2828] Processing of various levels of classified and unclassified information at distinctly different times. Under the concept of periods processing, the system must be purged of all information from one processing period before transitioning to the next. [CNSSI] Processing various levels of classified and unclassified information at distinctly different times. Under the concept of periods processing, the system must be cleared of information from one processing period before transitioning to the next. A system is said to operate in a 'periods processing' environment if the system is appropriately sanitized between operations in differing Protection Level periods, or with differing user communities or data. Provided the sanitization procedures between each Protection Level segment have been approved by the Designated Approving Authority based on guidelines from the Program Manager or responsible official, the system need meet only the security requirements of each processing period, while in that period. If the Designated Approving Authority approves the sanitization procedures for use between periods, the security requirements for a given period are considered in isolation, without consideration of other processing periods. Such sanitization procedures shall be detailed in the System Security Plans/System Security Authorization Agreement. [DSS] The processing of various levels of classified and unclassified information at distinctly different times. Under the concept of periods processing, the system must be purged of all information from one processing period before transitioning to the next. [CNSSI-4009] The processing of various levels of sensitive information at distinctly different times. Under periods processing, the system must be purged of all information from one processing period before transitioning to the next, when there are different users with differing authorizations. [AJP][NCSC/TG004] (see also authorization, classified, information, operation, requirements, security, system, users, process)

peripheral

Devices that are part of an Information System, such as printers, hard and floppy disk drives, and video display terminals. [DSS]

peripheral devices

Device attached to the network that can store, print, display, or enhance data (for example, disk and/or tape, printer and/or plotter, an optical scanner, a video camera, a punched-card reader, a monitor, or card punch). [DSS]

peripheral equipment

Any external device attached to a computer, including monitors, keyboards, mice, printers, optical scanners, and the like. [CIAO] (see also computer, key)

perishable data

Information whose value can decrease substantially during a specified time. A significant decrease in value occurs when the operational circumstances change to the extent that the information is no longer useful. [CNSSI-4009]

permanent records

Federal record that has been determined by the National Archives and Records Administration to have sufficient value to warrant its preservation in the National Archives of the United States. Permanent records include records accessioned by the National Archives and Records Administration into the National Archives of the United States and later increments of the same records, and those for which the disposition is permanent on Standard Form 115s, Request for Records Disposition Authority, approved by the National Archives and Records Administration on or after 14 May 1973. [DSS] (see also access)

permanent resident alien

Alien lawfully admitted into the United States under an immigration visa for permanent residence. [DSS]

permissions

(I) A synonym for 'authorization', but 'authorization' is preferred in the PKI context. [RFC2828] A description of the type of authorized interactions a subject can have with an object. Examples include read, write, execute, add, modify, and delete. [AJP][NCSC/TG004] Another word for the access controls that are used to control the access to files and other resources. [RFC2504] (see also access, access control, authorized, control, file, public-key infrastructure, resource, authorization) (includes object, subject)

permissive action link (PAL)

permuter

Device used in cryptographic equipment to change the order in which the contents of a shift register are used in various nonlinear combining circuits. [CNSSI][CNSSI-4009] (see also cryptography)

perpetrator

The entity from the external environment that is taken to be the cause of a risk. An entity in the external environment that performs an attack, i.e. hacker. [NSAINT] The entity from the external environment that is taken to be the cause of a risk. An entity in the external environment that performs an attack. [AFSEC] (see also entity, attack)

persistent cookie

A cookie stored on a computer indefinitely so that a Web site can identify the user during subsequent visits. [800-83] (see also computer, identify, users)

personal communications network

Advanced cellular communications and the internetworking of both wire and wireless networks that are expected to offer new communications services via very small portable handsets. The network will rely on micro-cellular technology- many low power, small coverage, cells- and a common channel signaling technology, to provide a wide variety of features in addition to the basic two-way telephone services. [SRV] Advanced cellular telephone communications and the interworking of both wired and wireless networks that will offer new communications services via very small, portable handsets. The network will rely on microcellular technology - many low-power, small-coverage cells - and a common channel-signaling technology, such as that used in the telephone system, to provide a wide variety of features in addition to the basic two-way calling service. [AJP] (see also internet, system, technology, communications, network)

personal computer (PC)

personal computer memory card international association (PCMCIA)

personal computer system

System based on a microprocessor and comprised of internal memory (Read-Only Memory and Random Access Memory), input and/or output, and associated circuitry. It typically includes one or more read/write devices for removable magnetic storage media (for example, floppy diskettes, tape cassettes, or hard disk cartridges), a keyboard, Cathode Ray Tube or plasma display, and a printer. It is easily transported and is primarily used on desktops for word processing, database management, or engineering analysis applications. [DSS] (see also access, analysis)

personal digital assistant (PDA)

A pocket-sized, special-purpose personal computer that lacks a conventional keyboard. [FFIEC] (see also automated information system, computer, key)

personal financial statement

Form used as part of a personnel security investigation to provide a summary of a person's total monthly income, debt payments, expenses, and the net remainder of income. [DSS] (see also security)

personal firewall

A software application residing on a client device that increases device security by offering some protection against unwanted network connections initiated by other hosts. Personal firewalls may be client managed or centrally managed. [800-127] A utility on a computer that monitors network activity and blocks communications that are unauthorized. [SP 800-69] (see also authorized, communications, computer, connection, security)

personal identification number (PIN)

(I) A alphanumeric string used as a password to gain access to a system resource. (C) Despite the words 'identification' and 'number', a PIN seldom serves as a user identifier, and a PIN's characters are not necessarily all numeric. A better name for this concept would have been 'personal authentication system string (PASS)'. (C) Retail banking applications commonly use 4-digit PINs. FORTEZZA PC card's use up to 12 characters for user or SSO PINs. [RFC2828] (PIN) A password consisting only of decimal digits. [SP 800-63] (PIN) A secret that a claimant memorizes and uses to authenticate his or her identity. PINs are generally only decimal digits. [FIPS 201] (PIN) An alphanumeric code or password used to authenticate an identity. [FIPS 140-2] A 4 to 12 character alphanumeric code or password used to authenticate an entity, commonly used in banking applications. [FIPS140][SRV] A private series of numbers that a user knows that are used to increase confidence in a user's professed identity. [GSA] A short numeric code used to confirm identity. [CNSSI-4009] (see also 3-factor authentication, Fortezza, access, access control, application, code, entity, identity, passwords, personal identity verification, resource, shared secret, system, users, identification)

personal identity verification (PIV)

(PIV) The process of creating and using a governmentwide secure and reliable form of identification for federal employees and contractors, in support of HSPD 12, Policy for a Common Identification Standard for Federal Employees and Contractors. [CNSSI-4009] A physical artifact (e.g., identity card, 'smart' card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable). [GSA] (see also 3-factor authentication, computer, cryptographic, identification, key, personal identification number, process, entity, identity, verification) (includes PIV issuer, PIV registrar, PIV sponsor, personal identity verification card)

personal identity verification card

(PIV Card) Physical artifact (e.g., identity card, 'smart' card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation, etc.) such that a claimed identity of the cardholder may be verified against the stored credentials by another person (human-readable and verifiable) or an automated process (computer-readable and verifiable). [FIPS 201; CNSSI-4009] A smart card that contains stored identity credentials (such as a photograph, digital certificate and cryptographic keys, or digitized fingerprint representations) that is issued to an individual so that the claimed identity of the cardholder can be verified against the stored credentials by another person or through an automated process. [GAO] (see also certificate, cryptographic, key, process, entity, personal identity verification, smartcards, tokens, verification)

personal security environment (PSE)

Secure local storage for an entity's private key, the directly trusted CA key and possibly other data. Depending on the security policy of the entity or the system requirements this may be e. g. a cryptographically protected file or a tamper resistant hardware token. [SC27] (see also cryptographic, cryptography, entity, file, key, personalization service, policy, public-key infrastructure, requirements, system, tamper, tokens, trust, security)

personality

(see personality label)

personality label

(O) MISSI usage: A set of MISSI X.509 public-key certificates that have the same subject DN, together with their associated private keys and usage specifications, that is stored on a FORTEZZA PC card to support a role played by the card's user. (C) When a card's user selects a personality to use in a FORTEZZA-aware application, the data determines behavior traits (the personality) of the application. A card's user may have multiple personalities on the card. Each has a 'personality label', a user-friendly alphanumeric string that applications can display to the user for selecting or changing the personality to be used. For example, a military user's card might contain three personalities: GENERAL HALFTRACK, COMMANDER FORT SWAMPY, and NEW YEAR'S EVE PARTY CHAIRMAN. Each personality includes one or more certificates of different types (such as DSA versus RSA), for different purposes (such as digital signature versus encryption), or with different authorizations. [RFC2828] (see also Fortezza, X.509, application, authorization, certificate, digital signature, encryption, key, public-key, role, signature, subject, users, multilevel information systems security initiative, public-key infrastructure)

personalization service

The service of storing cryptographic information (especially private keys) to a PSE. NOTE - The organizational and physical security measures for a service like this are not in the scope of this document. For organizational measures refer to ITU-T Rec. X.842 | ISO/IEC TR 14516 Guidelines for the use and management of Trusted Third Parties. [SC27] (see also cryptographic, cryptography, information, key, personal security environment, security, trust)

personally identifiable information

(PII) Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc., alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc. [CNSSI-4009] Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. [SP 800-122] (see also identity, security)

personnel registration manager

The management role that is responsible for registering human users, i.e. users that are people. [CNSSI-4009] (see also management, users)

personnel security - issue information

Information that could adversely affect a person's eligibility for classified information. There are two types of issue information: (1) Minor Issue Information: Information that meets a threshold of concern set out in 'Adjudicative Guidelines for Determining Eligibility for Access to Classified Information,' but for which adjudication determines that adequate mitigation, as provided by the Guidelines exist. Minor issue information does not provide the basis for waiver or condition. (2) Substantial Issue Information: Any information of aggregate of information that raises a significant question about the prudence of granting access eligibility. Substantial issue information constitutes the basis for granting access eligibility with waiver or condition, or for denying or revoking access eligibility. [DSS] (see also access, classified, security) (includes substantial issue information)

personnel security

(I) Procedures to ensure that persons who access a system have proper clearance, authorization, and need-to-know as required by the systems security policy. [RFC2828] A family of security controls in the operations class dealing with background screenings, appropriate access privileges, etc. [800-37] Security discipline assessing the loyalty, reliability and trustworthiness of individuals for initial and continued eligibility for access to classified information. [DSS] The procedures established to ensure that all personnel who have access to any classified information have the required authorizations as well as the appropriate clearances. [NSAINT] The procedures established to ensure that all personnel who have access to sensitive information have the required authority as well as appropriate clearances. [AJP][NCSC/TG004][SRV] (see also access, access control, authority, authorization, classified, control, information, operation, personnel security exceptions, policy, system, trust, security)

personnel security clearance

Administrative determination that an individual is eligible, from a security viewpoint, for access to classified information at the same or lower category as the level of the personnel clearance being granted. [DSS] (see also access, classified, security)

personnel security determination

Discretionary security decision by appropriately trained adjudicative personnel of all available personal and professional information that bears on the individual's loyalty to the United States, strength of character, trustworthiness, honesty, reliability, discretion and sound judgment, as well as freedom from conflicting allegiances and potential for coercion, and the willingness and ability to abide by regulations governing the use, handling and protection of classified information and/or the execution of responsibilities of a sensitive position. [DSS] (see also classified, trust, security)

personnel security exceptions

Adjudicative decision to grant or continue access eligibility despite a failure to meet all adjudicative or investigative standards. The head of the agency concerned or designee will make such decisions. (Exceptions with regard to eligibility for Sensitive Compartmented Information will be processed according to procedures established by the Director of National Intelligence). For purposes of reciprocity, the presence of an exception permits the gaining organization or program to review the case before assuming security sponsorship and to accept or decline sponsorship based on that review. When accepting sponsorship the gaining organization or program will ensure that the exception remains a matter of record. There are three types of exceptions: conditions, deviations, and waivers. (1) Conditions: Access eligibility granted or continued with the provision that additional security measures shall be required. Such measures include, but are not limited to, additional security monitoring, access, restrictions, submission of periodic financial statements, and attendance at counseling sessions. (2) Deviations: Access eligibility granted or continued despite either a significant gap in coverage or scope in the investigation or an out-of-date investigation. 'Significant gap' for this purpose means either complete lack of coverage for a period of 6 months or longer within the most recent 5 years investigated or the lack of a Federal Bureau of Investigations name check or technical check or the lack of one or more relevant investigative scope components (for example, employment checks, financial review, or a subject interview) in its entirety. (3) Waivers: Access eligibility granted or continued despite the presence of substantial issue information that would normally preclude access. Agency heads or designees approve waivers only when the benefit of access clearly outweighs any security concern raised by the shortcoming. A waiver may require prescribed limitations on access such as additional security monitoring. Interview conducted with an application for or holder of a security clearance to discuss areas of security relevance. The term is also used to describe interviews with references in personnel security investigations. [DSS] (see also access, deviation, intelligence, personnel security, subject, security)

personnel security interview

Investigation required for determining the eligibility of Department of Defense military and civilian personnel, contractor employees, consultants, and other persons affiliated with the Department of Defense, for access to classified information, acceptance or retention in the Armed Forces, assignment or retention in sensitive duties, or other designated duties requiring such investigation. [DSS] (see also access, classified, security)

personnel security investigation

Personnel Security Investigations include investigations of affiliations with subversive organizations, suitability information, or hostage situations, conducted for the purpose of making personnel security determinations. They also include investigations of allegations that arise subsequent to adjudicative action and require resolution to determine an individual's current eligibility for access to classified information or assignment or retention in a sensitive position. [DSS] (see also access, classified, security)

personnel security program

Department of Defense program established to ensure that only loyal, reliable, and trustworthy people are granted access to classified information or allowed to perform sensitive duties. [DSS] (see also access, classified, trust, security)

personnel security questionnaire

Security forms, whether paper or electronic, completed by a subject as part of a personnel security investigation. There are three versions of the Personnel Security Questionnaire: the Standard Form 85 for non-sensitive positions, the Standard Form 85P for public trust positions, and the Standard Form 86 for national security positions. [DSS] (see also questionnaire for national security positions, subject, trust, security)

phage

A program that modifies other programs or databases in unauthorized ways; especially one that propagates a virus or Trojan horse. [NSAINT] (see also authorized, program, virus, threat)

pharming

An attack in which an attacker corrupts an infrastructure service such as DNS (Domain Name Service) causing the subscriber to be misdirected to a forged verifier/relying party, and revealing sensitive information, downloading harmful software or contributing to a fraudulent act. [800-63] (see also attack, domain, fraud, information, software)

phased periodic reinvestigation

In September 2005, the Office of Personnel Management made the Phased Periodic Reinvestigation available as a less comprehensive and less expensive alternative to the Single Scope Background Investigation-Periodic Reinvestigation. The investigation includes a National Agency Check with Local Agency Checks and Credit Check, Personal Subject Interview, and limited reference interviews and record reviews. [DSS] (see also subject)

PHF

Phone book file demonstration program that hackers use to gain access to a computer system and potentially read and capture password files. [NSAINT] (see also access, computer, file, program, system, threat)

PHF hack

A well-known and vulnerable CGI script which does not filter out special characters (such as a new line) input by a user. [NSAINT] (see also users, threat)

phishers

Individuals, or small groups, execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware/malware to accomplish their objectives. [GAO] (see also information, threat)

phishing

A digital form of social engineering that uses authentic-looking but phony emails to request information from users or direct them to a fake web site that requests information. [800-115][SP 800-115] An attack in which the subscriber is lured (usually through an email) to interact with a counterfeit verifier, and tricked into revealing information that can be used to masquerade as that subscriber to the real verifier. [800-63] Deceiving individuals into disclosing sensitive personal information through deceptive computer-based means. [CNSSI-4009] The creation and use of e-mails and Web sites--designed to look like those of well-known legitimate businesses, financial institutions, and government agencies--in order to deceive Internet users into disclosing their personal data, such as bank and financial account information and passwords. The phishers then use that information for criminal purposes, such as identity theft and fraud. [GAO] Tricking individuals into disclosing sensitive personal information through deceptive computer-based means (e.g., internet web sites). [800-82] Tricking individuals into disclosing sensitive personal information through deceptive computer-based means. [800-83][SP 800-83] deceptive e-mails, fake (spoofed) Web sites, or both that deceive consumers into providing fraudsters with their user names, passwords, and perhaps account numbers. [FTC] (see also computer, criminal, entity, fraud, identity, identity theft, information, internet, spoof, theft, users, vishing, exploit, social engineering)

photo eye

A light sensitive sensor utilizing photoelectric control that converts a light signal into an electrical signal, ultimately producing a binary signal based on an interruption of a light beam. [800-82] (see also control)

Photuris

(I) A UDP-based, key establishment protocol for session keys, designed for use with the IPsec protocols AH and ESP. Superseded by IKE. [RFC2828] (see also establishment, internet protocol security, internet security protocol, key, protocols)

phracker

An individual who combines phone phreaking with computer hacking. [NSAINT] Individual who combines phone phreaking with computer hacking. [AFSEC] (see also computer, threat)

phreaker

An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another. [NSAINT] (see also system, threat)

phreaking

(I) A contraction of 'telephone breaking'. An attack on or penetration of a telephone system or, by extension, any other communication or information system. (D) ISDs SHOULD NOT use this term because it is not listed in most dictionaries and could confuse international readers. [RFC2828] The act of employing technology to attack the public telephone system. The art and science of cracking the phone network. [AFSEC] The art and science of cracking the phone network. [NSAINT] (see also information, network, penetration, system, technology, attack)

physical access control

Refers to an automated system that controls an individual's ability to access to a physical location such as a building, parking lot, office, or other designated physical space. A physical access control system requires validation of an individual's identity through some mechanism such as a PIN, card, biometric, or other token prior to providing access. It has the capability to assign different access privileges to different persons depending on their roles and responsibilities in an organization. [GSA] (see also control systems, entity, identity, role, system, validation, access, control)

physical and environmental protection

A family of security controls in the operations class dealing with the protection of an IT system and its environment from threats related to the facility in which it is housed. Physical and environmental protection procedures include securing the facility perimeter from unauthorized access, to protection from faulty plumbing lines, to protecting against environmental threats such as hurricane or fire. [800-37] (see also access, access control, authorized, control, operation, security, system, threat, unauthorized access)

physical controls

Those controls provided by the facility in which the system runs [NASA] (see also system, control)

physical destruction

Deliberate destruction of a system component to interrupt or prevent system operation. [RFC2828] (see also operation, system, threat consequence)

physical protection

The safeguarding of a cryptographic module or of cryptographic keys or other critical security parameters using physical means. [FIPS140] (see also assurance, critical, cryptographic, key, module, security, cryptographic boundary)

physical security

(I) Tangible means of preventing unauthorized physical access to a system. e.g. fences, walls, and other barriers; locks, safes, and vaults; dogs and armed guards; sensors and alarm bells. [RFC2828] Actions taken for the purpose of restricting and limiting unauthorized access, specifically, reducing the probability that a threat will succeed in exploiting critical infrastructure vulnerabilities including protection against direct physical attacks, e.g., through use of conventional or unconventional weapons. [CIAO] Application of physical barriers and control procedures as countermeasures against threats to resources and sensitive information. The security discipline concerned with physical measures designed to safeguard personnel; prevent unauthorized access to equipment, installations, material, and documents; and to safeguard them against espionage, sabotage, damage, and theft. [DSS] The application of physical barriers and control procedures as preventive measures or countermeasures against threats to resources and sensitive information. [AJP][NCSC/TG004][SRV] The measures used to provide physical protection of resources against deliberate and accidental threats. [NSAINT] (see also access, access control, application, attack, authorized, control, countermeasures, critical, damage, information, resource, system, theft, threat, unauthorized access, vulnerability, Automated Information System security)

physical security waiver

Exemption from specific standards for physical security for Sensitive Compartmented Information Facilities as outlined in Intelligence Community Directive. [DSS] (see also intelligence, security)

physically isolated network

A network that is not connected to entities or systems outside a physically controlled space. [SP 800-32] (see also control, network)

piconet

A small Bluetooth network created on an ad hoc basis that includes two or more devices. [SP 800-121]

piggyback

Gaining unauthorized access to a system via another user's legitimate connection. [AJP][NCSC/TG004] The gaining of unauthorized access to a system via another user's legitimate connection. [NSAINT] (see also access, access control, authorized, connection, system, unauthorized access, users, between-the-lines-entry)

piggyback attack

(I) A form of active wiretapping in which the attacker gains access to a system via intervals of inactivity in another user's legitimate communication connection. Sometimes called a 'between-the-lines' attack. [RFC2828] (see also access, access control, connection, system, users, attack)

piggyback entry

Unauthorized access that is gained to a computer facility or system via another user's legitimate connection. [SRV] Unauthorized access that is gained to a computer system via another user's legitimate connection. [SRV] (see also access, access control, authorized, computer, connection, system, unauthorized access, users, threat)

pii confidentiality impact level

The PII confidentiality impact level.low, moderate, or high. indicates the potential harm that could result to the subject individuals and/or the organization if PII were inappropriately accessed, used, or disclosed. [SP 800-122] (see also access)

pilot testing

Using a limited version of software under restricted conditions to discover if the programs operate as intended. [SRV] (see also program, software, version, security testing, test)

ping of death

(I) An attack that sends an improperly large ICMP echo request packet (a 'ping') with the intent of overflowing the input buffers of the destination machine and causing it to crash. [RFC2828] The use of Ping with a packet size higher than 65,507. This will cause a denial of service. [NSAINT] The use of Ping with an address number higher than 65,507. This will cause a SYN flood, and cause a denial of service. RFC-791 says IP packets can be up to 65,535, with the IP header of 20 bytes, and ICMP header of 8 octets (65535-20-8 =65507). Sending a bigger packet greater than 65507 octets causes the originating system to fragment the packet. [AFSEC] (see also denial-of-service, flow, system, attack)

ping sweep

(I) An attack that sends ICMP echo requests ('pings') to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities. [RFC2828] (see also vulnerability, attack)

PIV issuer

An accredited and certified organization that procures FIPS 201 compliant blank smart cards, initializes them with appropriate software and data elements for the requested identity verification and access control application, personalizes the cards with the identity credentials of the authorized cardholders, and delivers the personalized cards to the authorized cardholders along with appropriate instructions for protection and use. [GAO] An authorized identity card creator that procures FIPS- approved blank identity cards, initializes them with appropriate software and data elements for the requested identity verification and access control application, personalizes the cards with the identity credentials of the authorized subjects, and delivers the personalized cards to the authorized subjects along with appropriate instructions for protection and use. [GSA] (see also PIV registrar, access, access control, application, authorized, certification authority, control, entity, identity credential issuer, software, subject, verification, personal identity verification, smartcards)

PIV registrar

An entity that authenticates an individual's identity applying for a PIV card by checking the applicant's identity source documents through an identity proofing process, and to ensures that a proper background check was completed before the credential and the PIV card is issued to the individual. [GAO] An entity that establishes and vouches for the identity of an Applicant to a PIV Issuer. The PIV Registrar authenticates the Applicant's identity by checking identity source documents and identity proofing, and ensures a proper background check has been completed, before the credential is issued. [GSA] (see also PIV issuer, certification, entity, process, personal identity verification)

PIV sponsor

An individual who can act on behalf of a department or agency to request a PIV Card for an Applicant. [GSA] (see also personal identity verification)

PKCS #10

(N) A standard from the PKCS series; defines a syntax for requests for public-key certificates. (C) A PKCS #10 request contains a DN and a public key, and may contain other attributes, and is signed by the entity making the request. The request is sent to a CA, who converts it to an X.509 public-key certificate (or some other form) and returns it, possibly in PKCS #7 format. [RFC2828] (see also X.509, certificate, entity, key, public-key, standard, public-key cryptography standards, public-key infrastructure)

PKCS #11

(N) A standard from the PKCS series; defines a software CAPI called Cryptoki (pronounced 'crypto-key'; short for 'cryptographic token interface') for devices that hold cryptographic information and perform cryptographic functions. [RFC2828] (see also cryptographic, function, information, interface, key, software, standard, tokens, public-key cryptography standards)

PKCS #7

(N) A standard [PKC07, R2315] from the PKCS series; defines a syntax for data that may have cryptography applied to it, such as for digital signatures and digital envelopes. [RFC2828] (see also digital signature, signature, standard, public-key cryptography standards)

PKIX

(I) (1.) A contraction of 'Public-Key Infrastructure (X.509)', the name of the IETF working group that is specifying an architecture and set of protocols needed to support an X.509-based PKI for the Internet. (2.) A collective name for that architecture and set of protocols. (C) The goal of PKIX is to facilitate the use of X.509 public-key certificates in multiple Internet applications and to promote interoperability between different implementations that use those certificates. The resulting PKI is intended to provide a framework that supports a range of trust and hierarchy environments and a range of usage environments. PKIX specifies (a) profiles of the v3 X.509 public-key certificate standards and the v2 X.509 CRL standards for the Internet; (b) operational protocols used by relying parties to obtain information such as certificates or certificate status; (c) management protocols used by system entities to exchange information needed for proper management of the PKI; and (d) information about certificate policies and CPSs, covering the areas of PKI security not directly addressed in the rest of PKIX. [RFC2828] (see also X.509, application, certificate, file, information, interoperability, key, operation, profile, protocols, public-key, security, standard, system, trust, internet, public-key infrastructure)

PKIX private extension

(I) PKIX defines a private extension to identify an online verification service supporting the issuing CA. [RFC2828] (see also identify, verification, public-key infrastructure)

plain text

(I) Data that is input to and transformed by an encryption process, or that is output by a decryption process. (C) Usually, the plaintext input to an encryption operation is cleartext. But in some cases, the input is ciphertext that was output from another encryption operation. [RFC2828] Data input to the Cipher or output from the Inverse Cipher. [FIPS 197] Intelligible data that has meaning and can be understood without the application of decryption. [SP 800-21] Plain, unencrypted text or data. [SRV] Unenciphered information. [SC27] Unencrypted (unciphered) data [SRV] Unencrypted data. [NSAINT] Unencrypted information. [CNSSI][CNSSI-4009] (see cleartext)

plaintext key

An unencrypted cryptographic key that is used in its current form. [FIPS140] An unencrypted cryptographic key. [FIPS 140-2] (see also cryptographic, key, key recovery)

plan of action and milestones

(POA&M) A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones. [SP 800-53; SP 800-53A; SP 800-37; SP 800-64; CNSSI-]

plan of actions and milestones

A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones. [800-115] (see also resource)

plan, do, check, act (PDCA)

platform

A combination of hardware and the most prevalent operating system for that hardware. [SRV] The hardware and systems software on which applications software is developed and operated. [SRV] The hardware, software, and communications required to provide the processing environments to support one or more application software systems. [SRV] (see also application, communications, process, software, system)

platform it interconnection

For Department of Defense Information Assurance purposes, platform Information Technology interconnection refers to network access to platform Information Technology. Platform Information Technology interconnection has readily identifiable security considerations and needs that must be addressed in both acquisition, and operations. Platform Information Technology refers to computer resources, both hardware and software, that are physically part of, dedicated to, or essential in real time to the mission performance of special purpose systems such as weapons, training simulators, diagnostic test and maintenance equipment, calibration equipment, equipment used in the research and development of weapons systems, medical technologies, transport vehicles, buildings, and utility distribution systems such as water and electric. Examples of platform Information Technology interconnections that impose security considerations include communications interfaces for data exchanges with enclaves for mission planning or execution, remote administration, and remote upgrade or reconfiguration. [DSS] (see also access, assurance, security, connection)

plug-in

A set of dynamically linked libraries which are used to augment the functionality of a host system, such as a WWW browser. They are usually used to allow a WWW browser to display and manipulate data in proprietary formats, or to add new features to the display or manipulation of a standard format. [SRV] (see also function, standard, system)

plug-in modules

Software components that integrate into other software (such as web browsers) to provide additional features. [RFC2504] (see also software, world wide web, module)

point estimate

An estimate of a population parameter that is a single numerical value. [SRV]

point of control and observation (PCO)

A place (point) within a testing environment where the occurrence of test events is to be controlled and observed as defined by the particular abstract test method used. [OVT] (see also security testing, test, control)

point-of-sale (POS)

point-to-point key establishment

The direct establishment of keys between entities, without involving a third party. [SC27] (see also establishment, key)

point-to-point protocol (PPP)

(I) An Internet Standard protocol for encapsulation and full-duplex transportation of network layer (mainly OSI layer 3) protocol data packets over a link between two peers, and for multiplexing different network layer protocols over the same link. Includes optional negotiation to select and use a peer entity authentication protocol to authenticate the peers to each other before they exchange network layer data. [RFC2828] The point-to-point protocol, defined in RFC 1661, provides a method for transmitting packets over serial point-to-point links. There are many other RFCs which define extensions to the basic protocol. [RFC1983] (see also authentication, internet, protocols) (includes point-to-point tunneling protocol)

point-to-point tunneling protocol (PPTP)

(I) An Internet client-server protocol (originally developed by Ascend and Microsoft) that enables a dial-up user to create a virtual extension of the dial-up link across a network by tunneling PPP over IP. (C) PPP can encapsulate any Internet Protocol Suite network layer protocol (or OSI layer 3 protocol). Therefore, PPTP does not specify security services; it depends on protocols above and below it to provide any needed security. PPTP makes it possible to divorce the location of the initial dial-up server (i.e. the PPTP Access Concentrator, the client, which runs on a special-purpose host) from the location at which the dial-up protocol (PPP) connection is terminated and access to the network is provided (i.e. the PPTP Network Server, which runs on a general-purpose host). [RFC2828] PPTP is combination of data and control packets. Data packets are PPP packets encapsulated using the Internet Generic Routing Encapsulation Protocol Version 2. Control packets perform PPTP service and maintenance functions. [MSC] (see also access, access control, connection, control, function, internet, network, users, version, point-to-point protocol, protocols, security protocol, tunnel, virtual private network) (includes private communication technology)

policy

(D) ISDs SHOULD NOT use this word as an abbreviation for either 'security policy' or 'certificate policy'. Instead, to avoid misunderstanding, use the fully qualified term, at least at the point of first usage. [RFC2828] A document defining acceptable access to protected, DMZ, and unprotected networks. Security policies generally do not spell out specific configurations for firewalls; rather, they set general guidelines for what is and is not acceptable network access. The actual mechanism for controlling access is usually the rule set implemented in the DUT/SUT. [RFC2647] mapping of user credentials with authority to act. [misc] (see also Bell-LaPadula security model, CKMS component, NTCB partition, National Security Decision Directive 145, National Security Telecommunications and Information Systems Security Committee, Office of Foreign Assets Control, SET qualifier, TCB subset, TOE security functions, abuse of privilege, access, access control, access control center, access control service, access mediation, accountability, assurance, attack, audit, authority, autonomous system, certificate, certificate domain, certification hierarchy, certification practice statement, classified, common security, component operations, compromise, confidence, consumers, control, controlled security mode, covert channel, covert channel analysis, covert timing channel, data encryption standard, dedicated security mode, demilitarized zone, discretionary access control, domain, domain parameter, dominated by, economy of mechanism, enclave, end entity, evaluation, exploitable channel, exploitation, extension, filtering router, firewall, formal method, formal top-level specification, formal verification, front-end security filter, functionality class, general controls, global information grid, guideline, identification data, information systems security equipment modification, information type, internal fraud, key management, loophole, mandatory access control, mode of operation, multilevel security mode, national security system, naval coastal warfare, network component, network sponsor, network trusted computing base, non-discretionary security, non-repudiation information, packet filter, partitioned security mode, personal security environment, personnel security, privacy, privacy impact assessment, private data, product rationale, proof, protected network, protection philosophy, rainbow series, risk management, root, root registry, ruleset, secure configuration management, security, security association, security audit, security authority, security clearance, security domain, security filter, security functions, security incident, security inspection, security label, security management infrastructure, security net control station, security perimeter, security program manager, security requirements, security violation, security-compliant channel, security-critical mechanisms, security-relevant event, sensitive information, source selection, system administrator, system security officer, system-high security mode, systems security steering group, trust, trusted channel, trusted computing base, trusted functionality, trusted path, trusted process, trusted subject, unprotected network, untrusted process, users, verification, vulnerability) (includes IT security policy, Internet Policy Registration Authority, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Policy, TOE security policy, TOE security policy model, acceptable use policy, certificate policy, certificate policy qualifier, certification policy, corporate security policy, cryptographic module security policy, designation policy, formal model of security policy, formal security policy, formal security policy model, identity-based security policy, informal security policy, information protection policy, information security policy, integrity policy, non-repudiation policy, organisational security policy, policy approving authority, policy certification authority, policy creation authority, policy management authority, policy mapping, public-key infrastructure, rule-based security policy, secrecy policy, security function policy, security policy, security policy information file, security policy model, system security policy, technical policy, technical security policy, term rule-based security policy, usage security policy)

policy approving authority (PAA)

(O) MISSI usage: The top-level signing authority of a MISSI certification hierarchy. The term refers both to that authoritative office or role and to the person who plays that role. (C) A PAA registers MISSI PCAs and signs their X.509 public-key certificates. A PAA issues CRLs but does not issue a CKL. A PAA may issue cross-certificates to other PAAs. [RFC2828] First level of the PKI Certification Management Authority that approves the security policy of each PCA. [CNSSI] (see also X.509, certificate, certification, key, public-key, role, authority, multilevel information systems security initiative, policy, public-key infrastructure)

policy certification authority (PCA)

(I) An X.509-compliant CA at the second level of the Internet certification hierarchy, under the Internet Policy Registration Authority (IPRA). Each PCA operates in accordance with its published security policy and within constraints established by the IPRA for all PCAs.. [RFC2828] (PCA) Second level of the PKI Certification Management Authority that formulates the security policy under which it and its subordinate CAs will issue public key certificates. [CNSSI-4009] Second level of the PKI Certification Management Authority that formulates the security policy under which it and its subordinate CAs will issue public key certificates. [CNSSI] (see also X.509, certificate, internet, key, management, public-key, registration, security, authority, certification, policy, public-key infrastructure)

policy creation authority

(O) MISSI usage: The second level of a MISSI certification hierarchy; the administrative root of a security policy domain of MISSI users and other, subsidiary authorities. The term refers both to that authoritative office or role and to the person who fills that office. (C) A MISSI PCA's certificate is issued by a policy approving authority. The PCA registers the CAs in its domain, defines their configurations, and issues their X.509 public-key certificates. (The PCA may also issue certificates for SCAs, ORAs, and other end entities, but a PCA does not usually do this.) The PCA periodically issues CRLs and CKLs for its domain. [RFC2828] (see also X.509, certificate, certification, domain, key, public-key, role, users, authority, multilevel information systems security initiative, policy, public-key infrastructure)

policy management authority

(N) Canadian usage: An organization responsible for PKI oversight and policy management in the Government of Canada. [RFC2828] (PMA) Body established to oversee the creation and update of Certificate Policies, review Certification Practice Statements, review the results of CA audits for policy compliance, evaluate non-domain policies for acceptance within the domain, and generally oversee and manage the PKI certificate policies. For the FBCA, the PMA is the Federal PKI Policy Authority. [SP 800-32] (see also audit, certification, authority, management, policy, public-key infrastructure)

policy mapping

(I) 'Recognizing that, when a CA in one domain certifies a CA in another domain, a particular certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but not necessarily identical in all respects) to a particular certificate policy in the first domain.' [RFC2828] Recognizing that, when a CA in one domain certifies a CA in another domain, a particular certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but not necessarily identical in all respects) to a particular certificate policy in the first domain. [SP 800-15] (see also authority, certificate, domain, public-key infrastructure, policy)

policy-based access control

(PBAC) A form of access control that uses an authorization policy that is flexible in the types of evaluated parameters (e.g., identity, role, clearance, operational need, risk, and heuristics). [CNSSI-4009] (see also authorization, identity, risk, access, control)

polling

The process of sending messages to individual managed devices to determine their operational status. [SRV] (see also message, operation, process)

polymorphism

A concept in type theory, according to which a name may denote objects of many different classes that are related by some common superclass. [SRV] Polymorphism refers to being able to apply a generic operation to data of different types. For each type, a different piece of code is defined to execute the operation. In the context of object systems, polymorphism means that an object's response to a message is determined by the class to which it belongs. [SRV] (see also code, message, object, operation, response, system)

pop-up box

A dialog box that automatically appears when a person accesses a webpage. [FFIEC] (see also access, access control, internet, world wide web)

POP3 APOP

(I) A POP3 'command' (better described as a transaction type, or a protocol-within-a-protocol) by which a POP3 client optionally uses keyed hash (based on MD5) to authenticate itself to a POP3 server and, depending on the server implementation, to protect against replay attacks. (C) The server includes a unique timestamp in its greeting to the client. The subsequent APOP command sent by the client to the server contains the client's name and the hash result of applying MD5 to a string formed from both the timestamp and a shared secret that is known only to the client and the server. APOP was designed to provide as an alternative to using POP3's USER and PASS (i.e. password) command pair, in which the client sends a cleartext password to the server. [RFC2828] (see also attack, authentication, hash, key, protocols, shared secret, users)

POP3 AUTH (AUTH)

(I) A 'command' (better described as a transaction type, or a protocol-within-a-protocol) in POP3, by which a POP3 client optionally proposes a mechanism to a POP3 server to authenticate the client to the server and provide other security services. (C) If the server accepts the proposal, the command is followed by performing a challenge-response authentication protocol and, optionally, negotiating a protection mechanism for subsequent POP3 interactions. The security mechanisms used by POP3 AUTH are those used by IMAP4. [RFC2828] (see also authentication, challenge/response, protocols, response, security, internet)

population

A set of persons, things, or events about which there are questions; all the numbers of a group to be studied as defined by the auditor; the total collection of individuals or items from which a sample is selected. Population is also called a universe. [SRV] (see also audit)

port

A functional unit of a cryptographic module through which data or signals can enter or exit the module. Physically separate ports do not share the same physical pin or wire. [FIPS140] A physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire). [FIPS 140-2] Either an endpoint to a logical connection, or a physical connection to a computer. [FFIEC] The entry or exit point from a computer for connecting communications or peripheral devices. [800-82] (see also access, communications, computer, connection, cryptographic, cryptography, function, module, internet)

port protection device (PPD)

(see also assurance)

port scan

(I) An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service. [RFC2828] (see also exploit, vulnerability, attack)

port scanner

A program that can remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports). [800-115] (see also connection, program, system, threat)

port scanning

Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports). [800-61][800-82][CNSSI-4009] (see also connection, internet, program, system)

portability

The ability of application software source code and data to be transported without significant modification to more than one type of computer platform or more than one type of operating system. An indirect effect of portability combined with interoperability provides a basis for user portability, i.e. that users are able to move among applications and transfer skills learned in one operating environment to another. [SRV] The ability of application software source code and data to be transported, without significant modification, to more than one type of computer platform or more than one type of operating system. It is the degree to which a computer program can be transferred from one hardware configuration and/or software environment to another. [SRV] The extent to which a module originally developed on one computer or operating system can be used on another computer or operating system. It is the degree to which a computer program can be transferred from one hardware configuration and/or software environment to another. [SRV] (see also application, code, computer, interoperability, module, program, software, system, users)

portable computer system

Computer system specifically designed for portability and to be hand carried by an individual. Examples include grids, laptops, cellular telephones, two-way pagers, palmsized computing devices, two-way radios with functions including audio/video/data recording and/or playback featured, personal digital assistants, palm tops, notebooks, data diaries, and watches with communications software and synchronization hardware. [DSS] (includes laptop)

portable electronic devices

Any nonstationary electronic apparatus with singular or multiple capabilities of recording, storing, and/or transmitting data, voice, video, or photo images. This includes but is not limited to laptops, personal digital assistants, pocket personal computers, palmtops, MP3 players, cellular telephones, thumb drives, video cameras, and pagers. [CNSSI-4009] Electronic devices that can store, record, and/or transmit text, images/video, or audio data. Examples of such devices include pagers, laptops, cellular telephones, radios, compact discs, cassette player/recorders, portable digital assistants, audio devices, watches with input capability, and reminder recorders. [DSS]

portal

A high-level remote access architecture that is based on a server that offers teleworkers access to one or more applications through a single centralized interface. [SP 800-46] (see also access)

portfolio

Aggregate of Information Technology investments for Department of Defense information systems, infrastructure and related technical activities that are linked to mission goals, strategies, and architectures, using various assessment and analysis tools to permit information and Information Technology decisions to be based on their contribution to the effectiveness and efficiency of military missions and supporting business functions. Portfolios enable the Department of Defense to manage Information Technology resources and align strategies and programs with Defense, functional, and organizational goals and measures. [DSS] (see also analysis, assessment)

portfolio management

The management of IT projects as investments similar to other investments in the organization, such as building a new plant, acquiring a new company, or developing a new product. [SRV]

positive control material

Generic term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material, or devices. [CNSSI][CNSSI-4009] (see also code, system, control)

positive enable system (PES)

(see also system)

POSIX

(N) Portable Operating System Interface for Computer Environments, standard [FP151, IS9945-1] (originally IEEE Standard P1003.1) that defines an operating system interface and environment to support application portability at the source code level. It is intended to be used by both application developers and system implementers. (C) P1003.1 supports security functionality like those on most UNIX systems, including discretionary access control and privilege. IEEE Draft Standard P1003.6.1 specifies additional functionality not provided in the base standard, including (a) discretionary access control, (b) audit trail mechanisms, (c) privilege mechanisms, (d) mandatory access control, and (e) information label mechanisms. [RFC2828] (see also access, access control, application, audit, code, computer, control, function, information, interface, security, standard, system)

Post Office Protocol, version 3 (POP3)

(I) An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client. (C) POP3 has mechanisms for optionally authenticating a client to server and providing other security services. [RFC2828] (see also access, authentication, message, security, standard, internet, protocols, version)

post-accreditation phase

The post-accreditation phase is the last and ongoing phase of the certification and accreditation process. Its purpose is to monitor the status of the IT system to determine if there are any significant changes to the system configuration, (i.e. modifications to the system hardware, software, or firmware), or to the operational/threat environment that might effect the confidentiality, integrity, and/or availability of the information processed, stored, or transmitted by the system. The monitoring activity is necessary to ensure an acceptable level of residual risk is preserved for the system. When changes to the system or to the system's operational/threat environment are deemed significant to the security of the IT system, reaccreditation activities are initiated. [800-37] (see also availability, confidentiality, information, integrity, operation, process, risk, security, software, system, threat, accreditation)

post-nuclear event key (PNEK)

(see also key)

potential impact

The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect; a serious adverse effect, or a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. [FIPS 200] The loss of confidentiality, integrity, or availability could be expected to have: (i) a limited adverse effect (FIPS 199 low); (ii) a serious adverse effect (FIPS 199 moderate); or (iii) a severe or catastrophic adverse effect (FIPS 199 high) on organizational operations, organizational assets, or individuals. [800-60] The loss of confidentiality, integrity, or availability could be expected to have: 1) a limited adverse effect (FIPS 199 low); 2) a serious adverse effect (FIPS 199 moderate); or 3) a severe or catastrophic adverse effect (FIPS 199 high) on organizational operations, organizational assets, or individuals. [SP 800-53; SP 800-60; SP 800-37; FIPS 199] The loss of confidentiality, integrity, or availability that could be expected to have a limited (low) adverse effect, a serious (moderate) adverse effect, or a severe or catastrophic (high) adverse effect on organizational operations, organizational assets, or individuals. [CNSSI-4009] (see also availability, integrity, operation)

practice statement

A formal statement of the practices followed by an authentication entity (e.g., RA, CSP, of verifier). It usually describes the policies and practices of the parties and can become legally binding. [SP 800-63] A formal statement of the practices followed by an authentication entity (e.g., RA, CSP, or verifier); typically the specific steps taken to register and verify identities, issue credentials and authenticate claimants. [800-63] (see also authentication, entity)

practices dangerous to security (PDS)

(see also security)

pre-activation state

A key lifecycle state in which a key has not yet been authorized for use. [800-130] (see also authorized, key, lifecycle, key lifecycle state)

pre-authorization

(I) A capability of a CAW that enables certification requests to be automatically validated against data provided in advance to the CA by an authorizing entity. [RFC2828] (see also certification, entity, public-key infrastructure, validate, authorization)

pre-certification phase

The pre-certification phase is the first phase of the certification and accreditation process. Its purpose is to prepare for the verification activities that will take place during the certification phase. The pre-certification phase consists of six tasks: system identification; initiation and scope determination; security plan validation; initial risk assessment; security control validation and identification; and negotiation. [800-37] (see also accreditation, assessment, control, identification, process, risk, security, system, validation, verification, certification)

pre-shared key

Single key used by IPsec endpoints to authenticate endpoints to each other. [800-77] (see also internet protocol security, internet security protocol, key)

pre-signature

A value computed in the signature process that is a function of the randomizer but is independent of the message. [SC27] A value computed in the signature process that is a function of the randomizer but is independent of the message. [ISO/IEC 9796-3: 2000] A value computed in the signature process that is a function of the randomizer but that is independent of the message. [SC27] A value computed in the signature process that is a function of the randomizer but that is independent of the message. [SC27] (see also digital signature, function, message, process, random, signature)

precision

precondition

Environmental and state conditions which must be fulfilled before the component can be executed with a particular input value. [OVT]

precursor

A sign that a malware attack may occur in the future. [800-83] A sign that an attacker may be preparing to cause an incident. [800-61][SP 800-61] A sign that an attacker may be preparing to cause an incident. See Indicator. [CNSSI-4009] (see also attack, incident, malware)

prediction resistance

Prediction resistance is provided relative to time T if there is assurance that an adversary who has knowledge of the internal state of the DRBG at some time prior to T would be unable to distinguish between observations of ideal random bitstrings and bitstrings output by the DRBG at or subsequent to time T. The complementary assurance is called Backtracking Resistance. [SP 800-90A] (see also assurance)

predisposing condition

A condition that exists within an organization, a mission/business process, enterprise architecture, or information system including its environment of operation, which contributes to (i.e. increases or decreases) the likelihood that one or more threat events, once initiated, will result in undesirable consequences or adverse impact to organizational operations and assets, individuals, other organizations, or the nation. [SP 800-30] (see also threat)

preferred products list (PPL)

A list of commercially produced equipment that meets TEMPEST and other requirements prescribed by the U.S. National Security Agency. This list is included in the NSA Information Systems Security Products and Services Catalogue, issued quarterly and available through the Government Printing Office. [AJP][NCSC/TG004] (see also computer security, information, requirements, system, Information Systems Security products and services catalogue, National Security Agency, national information assurance partnership) (includes TEMPEST)

prefix free representation

A representation of a data element for which concatenation with any other data does not produce a valid representation. [SC27]

preliminary design review (PDR)

preparedness

Activities necessary to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents. Preparedness is a continuous process involving efforts at all levels of government and between government and the private sector and nongovernmental organizations to identify threats, determine vulnerabilities, and identify required resources to prevent, respond to, and recover from major incidents. [NIPP]

preproduction model

Version of INFOSEC equipment employing standard parts and suitable for complete evaluation of form, design, and performance. Preproduction models are often referred to as beta models. [CNSSI][CNSSI-4009] (see also evaluation, standard, version)

presidential historical materials and records

Papers or records of former Presidents under the legal control of the Archivist pursuant to sections 2107, 2111, 2111note, or 2203 of title 44, United States Code, as sections 2111, 2111 note, and 2001. [DSS]

pressure regulator

A device used to control the pressure of a gas or liquid. [800-82] (see also control)

pressure sensor

A sensor system that produces an electrical signal related to the pressure acting on it by its surrounding medium. Pressure sensors can also use differential pressure to obtain level and flow measurements. [800-82] (see also flow, system)

pretty good privacy (PGP)

(O) Trademarks of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet. (C) PGP encrypts messages with IDEA in CFB mode, distributes the IDEA keys by encrypting them with RSA, and creates digital signatures on messages with MD5 and RSA. To establish ownership of public keys, PGP depends on the web of trust. [RFC2828] A cryptographic software application for the protection of computer files and electronic mail. It combines the convenience of the Rivest-Shamir-Adleman (RSA) public key algorithm with the speed of the secret-key IDEA algorithm, digital signature, and key management. [SRV] A freeware program primarily for secure electronic mail. [NSAINT] A program, developed by Phil Zimmerman, which cryptographically protects files and electronic mail from being read by others. It may also be used to digitally sign a document or message, thus authenticating the creator. [RFC1983] A standard program for securing e-mail and file encryption on the Internet. Its public-key cryptography system allows for the secure transmission of messages and guarantees authenticity by adding digital signatures to messages. [IATF] (see also algorithm, application, authentication, computer, cryptographic, cryptography, digital signature, email, file, message, network, owner, program, protocols, public-key, signature, software, standard, system, email security software, encryption, internet, key, privacy, security protocol, web of trust) (includes certificate)

prevention

Actions taken and measures put in place for the continual assessment and readiness of necessary actions to reduce the risk of threats and vulnerabilities, to intervene and stop an occurrence, or to mitigate effects. [NIPP]

primary account number (PAN)

(O) SET usage: 'The assigned number that identifies the card issuer and cardholder. This account number is composed of an issuer identification number, an individual account number identification, and an accompanying check digit as defined by ISO 7812-1985.' [SET2, IS7812] (C) The PAN is embossed, encoded, or both on a magnetic-strip-based credit card. The PAN identifies the issuer to which a transaction is to be routed and the account to which it is to be applied unless specific instructions indicate otherwise. The authority that assigns the bank identification number part of the PAN is the American Bankers Association. [RFC2828] (see also association, authority, code, cryptography, identification, Secure Electronic Transaction)

primary services node (prsn)

A Key Management Infrastructure core node that provides the users. central point of access to KMI products, services, and information. [CNSSI-4009] (see also access, management, users)

prime contract

Contract let by a Government Contracting Activity to a contractor for a legitimate Government purpose. [DSS]

prime contractor

Contractor who receives a prime contract from a Government Contracting Activity. [DSS]

primitive

An ordering relation between TCB subsets based on dependency a chain of TCB subsets from A to B exists such that each element of the chain directly depends on its successor in the chain. [TDI] Orderly relation between TCB subsets based on dependency. Note: A TCB subset B is more primitive than a second TCB subset A (and A is less primitive than B) if A directly depends on B or a chain of TCB subsets from A to B exists such that each element of the chain directly depends on its successor in the chain. [AJP][FCv1] (see also trusted computing base)

principal

An entity whose identity can be authenticated. [FIPS 196][SC27] (see also entity, identity)

principal accrediting authority

(PAA) Senior official with authority and responsibility for all intelligence systems within an agency. [CNSSI-4009] Senior official with authority and responsibility for all intelligence systems within an agency. [CNSSI] Senior official with the authority and responsibility for Information Systems within an agency. [DSS] (see also intelligence, system, authority)

principal certification authority

(CA) The Principal Certification Authority is a CA designated by an agency to interoperate with the FBCA. An agency may designate multiple Principal CAs to interoperate with the FBCA. [SP 800-32] (see also certification)

principal disclosure authority

Principal Disclosure Authority that oversees compliance with Department of Navy disclosure policy and is the only Department of Navy official other than the Secretary or Under Secretary of the Navy authorized to deal directly with the Secretary or Under Secretary of Defense regarding such matters as Department of Navy requests for exceptions to the National Disclosure Policy. The Principal Disclosure Authority for the Department of Navy is the Assistant Secretary of the Navy for Research. [DSS] (see also authorized)

print suppression

Eliminating the display of characters in order to preserve their secrecy. [CNSSI][CNSSI-4009] Eliminating the display of characters to preserve their secrecy; e.g. not displaying the characters of a password as it is keyed at the input terminal. [AJP][NCSC/TG004] (see also key, passwords, security)

printer

A device that converts digital data to human-readable text on a paper medium. [800-82]

prioritization

In the context of the NIPP, prioritization is the process of using risk assessment results to identify where risk-reduction or -mitigation efforts are most needed and subsequently determine which protective actions should be instituted in order to have the greatest effect. [NIPP]

privacy

(1) The ability of an individual or organization to control the collection, storage, sharing, and dissemination of personal and organizational information. (2) The right to insist on adequate security of, and to define authorized users of, information or systems. Note: The concept of privacy cannot be very precise, and its use should be avoided in specifications except as a means to require security, because privacy relates to 'rights' that depend on legislation. [AJP] (1) The right of an individual to self-determination as to the degree to which the individual is willing to share with others information about himself that may be compromised by unauthorized exchange of such information among other individuals or organizations. (2) The right of individuals and organizations to control the collection, storage, and dissemination of their information or information about themselves. [SRV] (1) The right of individuals to self-determination as to the degree to which they are willing to share with others information about themselves that may be compromised by unauthorized exchange of such information among other individuals or organizations. (2) The right of individuals and organizations to control the collection, storage, and dissemination of their information or information about themselves. [SRV] (1) the ability of an individual or organization to control the collection, storage, sharing, and dissemination of personal and organizational information. (2) The right to insist on adequate security of, and to define authorized users of, information or systems. Note: The concept of privacy cannot be very precise and its use should be avoided in specifications except as a means to require security, because privacy relates to 'rights' that depend on legislation. [TNI] (I) The right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others. (O) 'The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.' (D) ISDs SHOULD NOT use this term as a synonym for 'data confidentiality' or 'data confidentiality service', which are different concepts. Privacy is a reason for security rather than a kind of security. For example, a system that stores personal data needs to protect the data to prevent harm, embarrassment, inconvenience, or unfairness to any person about whom data is maintained, and to protect the person's privacy. For that reason, the system may need to provide data confidentiality service. [RFC2828] Not Security. Rights of an individual or organizations to determine for themselves when, how, and to what extent information about them is transmitted to others. [DSS] Restricting access to subscriber or relying party information in accordance with federal law and agency policy. [GSA][SP 800-32] The ability of an individual to control when and on what terms his or her personal information is collected, used, or disclosed. [GAO] (see also Diffie-Hellman, Generic Security Service Application Program Interface, S-box, Samurai, Sensitive Information Computer Security Act of 1987, access, access control, anonymous, authorized, compromise, control, cookies, cryptography, entity, formal access approval, individuals, information, information type, kerberos, key management/exchange, management message, policy, private communication technology, private key, public law 100-235, sandboxed environment, secret seed, secure hypertext transfer protocol, secure single sign-on, secure socket layer, security, sensitive information, simple key management for IP, spyware, system, system security plan, trusted channel, unclassified sensitive, users, quality of protection) (includes confidentiality, data privacy, pretty good privacy, privacy enhanced mail, privacy impact assessment, privacy programs, privacy protection, privacy system, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, virtual private network, wired equivalent privacy)

privacy enhanced mail (PEM)

(I) An Internet protocol to provide data confidentiality, data integrity, and data origin authentication for electronic mail. [R1421, R1422]. (C) PEM encrypts messages with DES in CBC mode, provides key distribution of DES keys by encrypting them with RSA, and signs messages with RSA over either MD2 or MD5. To establish ownership of public keys, PEM uses a certification hierarchy, with X.509 public-key certificates and X.509 CRLs that are signed with RSA and MD2. (C) PEM is designed to be compatible with a wide range of key management methods, but is limited to specifying security services only for text messages and, like MOSS, has not been widely implemented in the Internet. [RFC2828] An IETF standard for secure electronic mail exchange. [NSAINT] Internet email which provides confidentiality, authentication, and message integrity using various encryption methods. [RFC1983] (see also X.509, authentication, certification, confidentiality, integrity, internet, key, key management, message, owner, protocols, public-key, public-key infrastructure, standard, email, privacy, security protocol) (includes certificate, encryption)

privacy impact assessment

An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. [800-60] An analysis of how information is handled: 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. [SP 800-53; SP 800-18; SP 800-122; CNSSI-4009; OMB] (see also analysis, information, policy, process, requirements, risk, system, assessment, privacy)

privacy programs

Another term for encryption software that highlights the use of this software to protect the confidentiality and therefore privacy of the end-users that make use of it. [RFC2504] (see also confidentiality, encryption, software, users, privacy, program)

privacy protection

The establishment of appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of data records to protect both security and confidentiality against any anticipated threats or hazards that could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual about whom such information is maintained. [SRV] (see also assurance, confidentiality, establishment, information, security, threat, privacy)

privacy system

Commercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack. [CNSSI] (see also attack, communications, encryption, telecommunications, privacy, system)

privacy, authentication, integrity, identification, non-repudiation (PAIIN)

privacy, authentication, integrity, non-repudiation (PAIN)

private accreditation exponent

Value known only to the accreditation authority, and that is used in the production of claimants' private accreditation information. This value shall be kept secret. This value is related to the public accreditation verification exponent. [SC27] (see also authority, information, verification, accreditation)

private accreditation information

Private information provided to a claimant by an accreditation authority, and of which a claimant proves knowledge, thereby establishing the claimant's identity. [SC27] (see also authority, entity, identity, accreditation, information)

private branch exchange (PBX)

A private automatic exchange either unattended or attendant-operated, serving extensions in an organization and providing transmission of calls to and from the public telephone network. [SRV] A private telephone exchange connected to the public telephone network. It transmits calls to and from the public telephone network. [SRV] (see also network)

private communication technology (PCT)

A standard by Microsoft Corporation for establishing a secure communication link using a public key system. [MSC] (see also key, privacy, public-key, standard, system, communications, point-to-point tunneling protocol, technology)

private component

(I) A synonym for 'private key'. (D) In most cases, ISDs SHOULD NOT use this term; to avoid confusing readers, use 'private key' instead. However, the term MAY be used when specifically discussing a key pair; e.g. 'A key pair has a public component and a private component.' [RFC2828] (see also key)

private data

Information that must be restricted from public distribution because of provisions of law, Federal regulation, or Agency policy. [NASA] (see also information, policy)

private decipherment key

Private key which defines the private decipherment transformation. [SC27] (see also cipher, key)

private decipherment transformation

Decipherment transformation determined by an asymmetric encipherment system and the private key of an asymmetric key pair. [SC27] (see also encipherment, key, network, system, cipher)

private extension

(see extension)

private key

(I) The secret component of a pair of cryptographic keys used for asymmetric cryptography. (O) '(In a public key cryptosystem) that key of a user's key pair that is known only by that user.' [RFC2828] A cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and not made public. [FIPS140] A cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and not made public. In an asymmetric (public) key cryptosystem, the key of an entity's key pair that is known only by that entity. A private key may be used to: (1) compute the corresponding public key, (2) make a digital signature that may be verified by the corresponding public signature, (3) decrypt data encrypted by the corresponding public key, or (4) compute a piece of common shared secret information together with other information. The private key is used to generate a digital signature. This key is mathematically linked with a corresponding public key. [SRV] A cryptographic key used with a public key cryptographic algorithm, which is uniquely associated with an entity, and not made public; it is used to generate a digital signature; this key is mathematically linked with a corresponding public key. [FIPS 196] A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public. [FIPS 140-2] A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key is associated with a public key. Depending on the algorithm, the private key may be used, for example, to: 1) Compute the corresponding public key, 2) Compute a digital signature that may be verified by the corresponding public key, 3) Decrypt keys that were encrypted by the corresponding public key, or 4) Compute a shared secret during a key-agreement transaction. [SP 800-57 Part 1] In an asymmetric cryptography scheme, the private or secret key of a key pair which must be kept confidential and is used to decrypt messages encrypted with the public key or to digitally sign messages, which can then be validated with the public key. [CNSSI-4009] That key of an entity's asymmetric key pair which can only be used by that entity. NOTE - In the case of an asymmetric signature system the private key defines the signature transformation. In the case of an asymmetric encipherment system the private key defines the decipherment transformation. [SC27] That key of an entity's asymmetric key pair which should only be used by that entity. [SC27] That key of an entity's asymmetric key pair which should only be used by that entity. NOTE - A private key shall not normally be disclosed. [SC27] That key of an entity's asymmetric key pair which should only be used by that entity. NOTE - A private key shall not normally be disclosed. [ISO/IEC 11770-1: 1996, ISO/IEC WD 18033-1 (12/2001)] That key of an entity's asymmetric key pair which should only be used by that entity. NOTE - In the case of an asymmetric signature system the private key defines the signature transformation. In the case of an asymmetric encipherment system the private key defines the decipherment transformation. [ISO/IEC 9798-1: 1997, ISO/IEC FDIS 15946-3 (02/2001)] That key of an entity's asymmetric key pair which can only be used by that entity. NOTE - In the case of an asymmetric signature system the private key defines the signature transformation. In the case of an asymmetric encipherment system the private key defines the decipherment transformation. [ISO/IEC 11770-3: 1999, ISO/IEC WD 13888-1 (11/2001)] That key of an entity's asymmetric key pair which should only be used by that entity. [SC27] That key of an entity's asymmetric key pair which should only be used by that entity. NOTE - In the case of an asymmetric signature system the private key defines the signature transformation. In the case of an asymmetric encipherment system the private key defines the decipherment transformation. [SC27] The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data. [800-63][SP 800-63] The undisclosed key in a matched key pair - private key and public key - that each party safeguards for public key cryptography. [AJP] The undisclosed key in a matched key pair- private key and public key- used in public key cryptographic systems. [SRV] (see also algorithm, cipher, cryptographic, cryptographic system, cryptography, encipherment, entity, information, privacy, public-key, secret, signature, system, users, asymmetric algorithm, key, public-key infrastructure)

private signature key

Private key which defines the private signature transformation. [SC27] Private key which defines the private signature transformation. NOTE - This is sometimes referred to as a secret signature key. [SC27] Private key which defines the private signature transformation. NOTE - This is sometimes referred to as a secret signature key. [ISO/IEC 9798-1: 1997] Private key which defines the private signature transformation. [SC27] (see also digital signature, key, signature)

private-key cryptography

An encryption methodology in which the encryptor and decryptor use the same key, which must be kept secret. This methodology is usually only used by a small group. [NSAINT] (see secret-key cryptography) (see also cryptography, key)

privilege

(I) An authorization or set of authorizations to perform security-relevant functions, especially in the context of a computer operating system. [RFC2828] A right granted to an individual, a program, or a process. [CNSSI-4009] Special authorization that is granted to particular users to perform security-relevant operations. [AJP][FCv1] (see also computer, function, operation, security, system, authorization) (includes least privilege)

privilege management

The definition and management of policies and processes that define the ways in which the user is provided access rights to enterprise systems. It governs the management of the data that constitutes the user's privileges and other attributes, including the storage, organization and access to information in directories. [NISTIR 7657] (see also access, management)

privilege management infrastructure

(N) 'The complete set of processes required to provide an authorization service', i.e. processes concerned with attribute certificates. (D) ISDs SHOULD NOT use this term and its definition because the definition is vague, and there is no consensus on an alternate definition. [RFC2828] (see also authorization, certificate, process)

privileged

A user or program that can alter, circumvent, override, or bypass the operating system or system security measures [NASA] (see also backdoor, category, console logon, discretionary access control, executive state, program, protection ring, system, vulnerability, access control) (includes privileged access, privileged instructions, privileged process, privileged user)

privileged access

Explicitly authorized access of a specific user, process, or computer to a computer resource(s). [ANSI] (see also authorized, computer, process, resource, users, access, privileged)

privileged accounts

An information system account with approved authorizations of a privileged user. [CNSSI-4009] An information system account with authorizations of a privileged user. [SP 800-53] Individuals who have access to set 'access rights' for users on a given system. Sometimes referred to as system or network administrative accounts. [SP 800-12] (see also access, authorization, users)

privileged command

A human-initiated command executed on an information system involving the control, monitoring, or administration of the system including security functions and associated security-relevant information. [SP 800-53; CNSSI-4009] (see also control, security)

privileged instructions

A set of instructions (e.g. interrupt handling or special computer instructions) to control features (such as storage protection features) that are generally executable only when the automated system is operating in the executive state. [AJP][NCSC/TG004] (see also computer, control, system, executive state, privileged)

privileged process

(I) An computer process that is authorized (and, therefore, trusted) to perform some security-relevant functions that ordinary processes are not. [RFC2828] A computer process that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary processes are not authorized to perform. [CNSSI-4009] (see also authorized, computer, function, security, trust, privileged, process)

privileged user

A user that is authorized (and, therefore, trusted) to perform security- relevant functions that ordinary users are not authorized to perform. [SP 800-53; CNSSI-4009] Individual who has access to system control, monitoring, or administration functions (e.g., system administrator, system ISSO, maintainers, system programmers, etc.) [CNSSI] User of an Information System with more authority and access than a general user (for example, root access, help desk support, system administrator, Information Assurance Manager/Information Assurance Officer). [DSS] (see also access, assurance, control, function, program, security, system, trust, privileged, users)

probability-proportional-to-size (PPS)

probe

A device programmed to gather information about an IS or its users. [CIAO] Any effort to gather information about a machine or its users for the apparent purpose of gaining unauthorized access to the system at a later date. [AFSEC][NSAINT] Type of incident involving an attempt to gather information about an IS for the apparent purpose of circumventing its security controls. [CNSSI] (see also access, access control, authorized, control, information, program, security, system, unauthorized access, users, incident)

problem

Often used interchangeably with anomaly, although problem has a more negative connotation and implies that an error, fault, failure, or defect does exist. [SRV] (see also anomaly, failure, fault)

procedural controls

Controls that IT system managers impose through personnel actions rather than as a result of electronic means; also called administrative controls [NASA] (see also system, control)

procedural security

(D) ISDs SHOULD NOT use this term as a synonym for 'administrative security'. Any type of security may involve procedures; therefore, the term may be misleading. Instead, use 'administrative security', 'communication security', 'computer security', 'emanations security', 'personnel security', 'physical security', or whatever specific type is meant. [RFC2828] (see also access, access control, authorized, communications security, computer, computer security, control, emanation, emanations security, operation, system, unauthorized access, security)

procedure

A written description of a course of action to be taken to perform a given task. [IEEE610]

process

A program in execution. It is completely characterized by a single current execution point (represented by the machine state) and address space. [AJP][TCSEC][TNI] A sequence of steps performed for a given purpose; e.g. the software development process. [IEEE610] A set of activities that produce products and services for customers. [SRV] An organised set of activities which uses resources to transform inputs to outputs. [SC27] Any specific combination of machines, tools, methods, materials, and/or people employed to attain specific qualities in a product or service. [SRV] (see also 2-factor authentication, 3-factor authentication, BLACK, Bell-LaPadula security model, CAPSTONE chip, COMSEC demilitarization, COMSEC equipment, CPU time, Clipper chip, Defense Information Infrastructure, Defensive Information Operations, Digital Signature Standard, Generic Security Service Application Program Interface, Green book, Gypsy verification environment, IT security database, International organization for standardization, Internet Engineering Steering Group, Internet Protocol Security Option, Internet Society Copyright, Internet Standard, Internet Standards document, MISSI user, National Security Decision Directive 145, OSI architecture, PIV registrar, RED, Rivest-Shamir-Adleman algorithm, Trusted Computer System Evaluation Criteria, Type III cryptography, X.500 Directory, abend, acceptance procedure, access, access category, access control, access control lists, access mediation, access mode, access with limited privileges, accountability, accreditation, accreditation phase, accreditation range, acquirer, activity analysis, add-on security, alert, algorithm transition, alignment, analysis of alternatives, applicant assertion, application, application controls, application data backup/recovery, application level gateway, application software, application system, application-level firewall, approval/accreditation, architectural design, assessment, assurance, assurance element, assure, assured software, asynchronous transfer mode, audit trail, authentication, authentication code, authentication protocol, authentication system, authenticity, authority, authorization, authorized, automated security monitoring, availability, backup, banner grabbing, baselining, batch mode, benchmark, benchmarking, best practices, bias, binding, block cipher, brand CRL identifier, brute force attack, buffer overflow, business case, business impact analysis, card initialization, centralized operations, certificate, certificate creation, certificate management, certificate reactivation, certificate rekey, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification and accreditation, certification path, certification phase, challenge/response, change management, chief information agency officer, ciphony, cleartext, client, client server, color change, communications security, comparisons, compartmented mode, compromised state, compromising emanations, computer abuse, computer architecture, computer cryptography, computer security, concept of operations, confidentiality, configuration control, configuration item, configuration management, conformance testing, construction, content filtering, contingency plan, continuity of operations, control center, control loop, control network, control zone, cost/benefit analysis, cost/benefit estimate, counter, covert channel, covert storage channel, covert timing channel, critical, criticality/sensitivity, cross-certification, cryptanalysis, cryptographic algorithm, cryptographic hash function, cryptographic key, cryptographic logic, cryptographic module, cryptographic synchronization, cryptographic system, cryptoperiod, cryptosynchronization, cryptosystem analysis, cryptosystem evaluation, cyberspace, cycle time, daemon, data, data architecture, data confidentiality, data contamination, data driven attack, data encryption standard, data historian, data input, data integrity, data key, data reengineering, database, deactivated state, deadlock, deadly embrace, decomposition, decryption, dedicated mode, dedicated security mode, default classification, degauss, deliverable, delivery, designation policy, detailed design, development assurance, development assurance requirements, digital signature, direct data feed, disaster recovery, disaster recovery plan, discretionary access control, distinguishing identifier, distributed control system, distributed database, download, dual control, dynamic analysis, egress filtering, electronic authentication, emanation, encryption, encryption algorithm, enrollment service, enterprise, entry control, erasure, error, error seeding, evaluation, executive steering committee, extensible markup language, external security controls, facilities, fail safe, fail soft, failure control, fallback procedures, fault, fault tolerance, fedwire, feedback buffer, fetch protection, file encryption, file infector virus, file protection, file transfer, firewall, flooding, fork bomb, formal access approval, formal proof, formal top-level specification, formal verification, format, forward engineering, front-end security filter, full accreditation, full disk encryption, function, gas and oil production, storage and transportation, global command and control system, global information grid, global network information environment, guard, handle, hardening, hardware, hash result, hierarchical development methodology, hierarchy management, identification, identification authentication, identification data, identity management systems, identity proofing, identity verification, identity-based security policy, implementation, incident, information, information and communications, information category, information environment, information owner, information security, information security testing, information superiority, information system, information systems security, information systems security engineering, information technology, information warfare, ingress filtering, initialization value, initialization vector, initializing value, input preparation cycle, inspectable space, integration test, integrity, intelligence, intelligent electronic device, interface, interim accreditation, interim approval to operate, internal subject, internal system exposure, internet control message protocol, internet protocol security, intrusion detection, intrusion detection and prevention, intrusion detection systems, intrusion prevention, key agreement, key center, key distribution, key entry, key establishment, key exchange, key generation, key management, key management infrastructure, key output, key recovery, key state transition, key stream, key transport, key updating, key-escrow, key-escrow system, lifecycle management, light tower, line managers, local-area network, logging, logical access control, loop, macro virus, maintenance, malicious code, malware, management controls, manipulated variable, manual cryptosystem, match, metadata, metrics, mirroring, mission critical, mission critical system, mockingbird, mode of operation, model, modeling or flowcharting, modes of operation, modular software, monitoring and evaluation, multi-security level, multilevel device, multilevel mode, multilevel security, multilevel security mode, multiuser mode of operation, mutually suspicious, national security information, network architecture, network discovery, non-repudiation, non-repudiation service, non-technical countermeasure, normal operation, object, one-time passwords, open system interconnection model, operation, operational data security, operational risk, operations security, operator, output, overwrite procedure, packet filtering, password cracking, passwords, patch management, path discovery, path validation, payment gateway, penetration test, performance gap, performance measurement, personal identity verification, personal identity verification card, platform, polling, post-accreditation phase, pre-certification phase, pre-signature, privacy impact assessment, privilege management infrastructure, privileged access, production, program, programmable logic controller, proprietary information, protection ring, protective technologies, protocols, proxy server, pseudo-random number generator, public law 100-235, public-key cryptography, public-key infrastructure, purge, quality, quality control, random number generator, randomizer, read-only memory, real-time, real-time system, reciprocal agreement, recovery procedures, recovery site, recovery time objectives, registration, registration authority, rekey, release, relying party, renewal, requirements, residue, resource, resource encapsulation, resource starvation, response, response time, reverse engineering, reverse software engineering, revocation, risk analysis, risk assessment, risk evaluation, risk identification, risk index, risk management, risk treatment, role-based access control, routing, routing control, safeguarding statement, salami technique, salt, sandboxed environment, sanitize, screen scraping, security architecture, security audit trail, security certification level, security clearance, security evaluation, security management, security management infrastructure, security mechanism, security parameters index, security policy, security program manager, security requirements, security service, security test & evaluation, security testing, seed key, sensitive compartmented information, sensitive compartmented information facility, sensitivity analysis, separation of duties, server, settlement, signaling, signature, signature function, signature generation, signature key, signature verification, significant change, simple authentication, simulation modeling, single loop controller, single-level device, smartcards, social engineering, software, software development, software quality assurance, software reengineering, source data automation, source selection, special information operations, spoofing, stateful packet filtering, stateful protocol analysis, static analysis, stream cipher, stretch goal, strong authentication, superencryption, superuser, supervisory control and data acquisition, symmetric encryption algorithm, system entity, system high mode, system low, system retention/backup, system-high security mode, systems engineering, systems software, technical countermeasures, technical security policy, technical vulnerability, technology, telecommunications, test, test execution, test facility, test plan, testing, threat assessment, time-stamp verifier, timing attacks, token management, tokens, total quality management, traceability, tranquility, transaction file, transport, trojan horse, trust, trusted agent, trusted computer system, trusted path, two-person control, type 1 products, type 2 product, type certification, update, updating, upload, user id revalidation, user identifier, user representative, users, validate, validate vs. verify, validation, value-added, vaulting, verification, verification and validation, verification function, verification key, verification techniques, version scanning, vulnerability, vulnerability assessment, vulnerability audit, web risk assessment, web server, website hosting, work product, workflow, workstation, world class organizations, worm, subject) (includes Automated Information System security, DoD Information Technology Security Certification and Accreditation Process, Federal Information Processing Standards, Federal Information Processing Standards Publication 140, Guidelines and Recommendations for Security Incident Processing, as-is process model, authorization to process, authorize processing, automated data processing system, automated information system, batch process, batch processing, business process, business process improvement, business process reengineering, bypass label processing, central processing unit, centralized data processing, continuous process, continuous process improvement, core or key process, data processing, development process, discrete process, distributed dataprocessing, distributed processing, execution, delivery, and process management, front-end processor, hierarchical input process output, information processing standard, key processor, local management device/key processor, logical co-processing kernel, management control processes, on-line transaction processing, periods processing, privileged process, process assurance, process controller, process management approach, process owner, real-time processing, signature process, software system test and evaluation process, statistical process control, subprocess, teleprocessing, to-be-process model, trusted process, untrusted process, verification process)

process assurance

Assurance derived from an assessment of activities of a process. [SC27] (see also assessment, assurance, process)

process controller

A proprietary computer system, typically rack-mounted, that processes sensor input, executes control algorithms, and computes actuator outputs. [800-82] (see also algorithm, computer, system, control, process)

process management approach

Approaches, such as continuous process improvement, business process redesign, and reengineering, which can be used together or separately to improve processes and subprocesses. [SRV] (see also business process, quality, process)

process owner

An individual held accountable and responsible for the workings and improvement of one of the organization's defined processes and its related subprocesses. [SRV] (see also owner, process)

producers

Providers of IT product security (e.g. product vendors, product developers, security analysts, and value-added resellers). [AJP][FCv1] (see also security)

product

(1) A Package of IT software and/or hardware, providing functionality designed for use or incorporation within a multiplicity of systems. (2) A Package of IT software and/or hardware designed to perform a specific function either stand alone or once incorporated into an IT system. [AJP] A package of IT hardware, software, and/or firmware providing functionality designed for use or incorporation within a multiplicity of systems. [NIAP] A package of IT software and/or hardware designed to perform a specific function either stand alone or once incorporated into an IT system. [FCv1] A package of IT software and/or hardware, providing functionality designed for use or incorporation within a multiplicity of systems. [ITSEC][JTC1/SC27] A package of IT software, firmware and/or hardware, providing functionality designed for use or incorporation within a multiplicity of systems. [CC2][CC21][SC27] (see also function, software, system) (includes software product)

product rationale

(1) A description of the security capabilities of a product, giving the necessary information for a prospective purchaser to decide whether it will help to satisfy his system security objectives. (2) Overall justification - including anticipated threats, objectives for product functionality and assurance, technical security policy, and assumptions about the environments and uses of conforming products - for the protection profile and its resulting IT product. [AJP] A description of the security capabilities of a product, giving the necessary information for a prospective purchaser to decide whether it will help to satisfy his system security objectives. [ITSEC] Overall justification; including anticipated threats, objectives for product functionality and assurance, technical security policy, and assumptions about the environments and uses of conforming products; for the protection profile and its resulting IT product. [FCv1] (see also assurance, file, function, information, policy, profile, security, system, threat, protection profile) (includes object)

product source node

The Key Management Infrastructure core node that provides central generation of cryptographic key material. [CNSSI-4009] (see also management)

production

The process whereby copies of the Target of Evaluation are generated for distribution to customers. [AJP][ITSEC] (see also process, target, target of evaluation)

production model

INFOSEC equipment in its final mechanical and electrical form. [CNSSI][CNSSI-4009]

profile

Collection and/or display (for example, a written or graphical description) of the signatures and patterns of an individual or organization. [DSS] Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an IT product or AIS. [AJP][FCv1] Patterns of a user's activity which can detect changes in normal routines. [NSAINT] (see also Federal Criteria Vol. I, Minimum Interoperability Specification for PKI Components, PKIX, assignment, attack signature recognition, component, cookies, correctness, decomposition, deliverable, development assurance requirements, effectiveness, evaluation, evaluation assurance requirements, external security controls, functional protection requirements, national computer security assessment program, national information assurance partnership, product rationale, refinement, security, security target, stateful protocol analysis, tracking cookie, users, file) (includes CKMS profile, COMSEC profile, access profile, assurance profile, communications profile, profile assurance, protection profile, protection profile family, secure profile inspector, system profile, user profile)

profile assurance

Measure of confidence in the technical soundness of a protection profile. [AJP][FCv1] (see also confidence, assurance, file, profile)

profiling

Measuring the characteristics of expected activity so that changes to it can be more easily identified. [800-61][SP 800-61; CNSSI-4009]

program

A set of instructions in code that, when executed, causes a computer to perform a task. [CIAO] Explains proper rules of behavior for the use of agency information systems and information. The program communicates IT security policies and procedures that need to be followed (i.e. NSTISSD 501, NIST SP 800-50). [CNSSI-4009] (see also CASE tools, Common Criteria Testing Laboratory, GRC senior staff, Green book, Gypsy verification environment, IT security database, Internet Protocol Security Option, Internet worm, Java, Message Security Protocol, PHF, Rexd, SATAN, Secure Data Network System, TOE security functions interface, abend, abort, access category, access control, access control lists, access type, active content, agent, alternative work site, ankle-biter, antispyware software, antivirus software, applet, application, application controls, application generator, application software, application system, assure, audit software, authorization, automated logon sequences, backdoor, backup, backup procedures, bebugging, benchmark, black-box testing, branch coverage, browser, brute force attack, bug, certificate, change control and lifecycle management, check_password, client, client server, code, coding, common criteria, common gateway interface, compiled viruses, compiler, compliance-based, computer, computer architecture, computer cryptography, computer emergency response teams' coordination center, computer fraud, computer oracle and password system, computer-assisted audit technique, configuration item, confinement, console, contingency plan, controller, correctness, cost/benefit, covert channel analysis, data dictionary, data processing, data transfer device, dedicated mode, delete access, demon dialer, digital signature, domain, domain name system, dongle, dynamic analysis, encapsulation, enhanced hierarchical development methodology, ensure, error, error seeding, exception, executable code, execute access, exercised, exhaustive testing, exploit, extensible, extensible markup language, fail safe, failure, fault, fault injection, fetch protection, file infector virus, firmware, flexibility, flow, formal development methodology, formal language, formal proof, formal top-level specification, formal verification, gateway, general controls, graphical-user interface, hackers, handler, handshaking procedures, hard copy key, hardware, hierarchical development methodology, host-based intrusion prevention system, information system security officer, information systems security manager, information systems security officer, instrumentation, integration test, intelligence community, interface, interim accreditation action plan, internal security controls, interoperability standards/protocols, key logger, key-escrow system, legacy systems, logic bombs, logical access control, loop, macro virus, maintainability, major application, major information system, malicious applets, malicious code, malware, management control processes, mechanisms, microcode, mobile code, mockingbird, modes of operation, morris worm, multilevel information systems security initiative, mutation analysis, mutation testing, mutually suspicious, national information assurance partnership, national telecommunications and information system security directives, nations, natural benchmark, network worm, network-based intrusion prevention system, object, on-line system, operating system, operational risk loss, organization computer security representative, packet filter, packet sniffer, password cracker, password sniffing, patch, phage, pilot testing, port scanner, port scanning, portability, pretty good privacy, privileged, privileged user, probe, process, proprietary information, protection ring, proxy, pseudo-flaw, read access, records, regression testing, reliability, remote administration tool, replicator, requirements traceability matrix, restart, reusability, reverse engineering, risk management, run, sandboxed environment, scan, scope of a requirement, script bunny, security, security policy, sensitive information, sensitivity analysis, server, set point, silver bullet, simulation modeling, smurf, sniffer, software, software development methodologies, software product, software reliability, software security, source code, spam, spam filtering software, spyware detection and removal utility, stakeholder, static analysis, stress testing, structural testing, supervisory control, symbolic execution, synthetic benchmarks, system high mode, system resources, system security authorization agreement, system security officer, system software, systems software, test bed, test case, test generator, testability, tester, time bomb, tokens, trapdoor, trigger, trojan horse, unit, update access, user data protocol, users, utility, vaccines, validation, virus, virus scanner, vulnerability, waiver, war dialer, war dialing, web content filtering software, white-box testing, workstation, worm, zombie) (includes COMSEC Resources Program, COMSEC Utility Program, COMSEC control program, Commercial COMSEC Endorsement Program, Commercial COMSEC Evaluation Program, Common Criteria Testing Program, Cryptographic Application Program Interface, Generic Security Service Application Program Interface, National Voluntary Laboratory Accreditation Program, Programmable key storage device, TEMPEST Endorsement Program, Trusted Products Evaluation Program, application program interface, application programming interface, audit program, authorized vendor program, computer security technical vulnerability reporting program, cryptographic application programming interface, defense-wide information assurance program, delegated development program, malicious program, national computer security assessment program, object-oriented programming, privacy programs, program automated information system security incident support team, program evaluation and review technique, program manager, programmable logic controller, programmable read-only memory, programming languages and compilers, rating maintenance program, security program manager, security support programming interface, source program, special access program, special access program facility, tinkerbell program, traditional INFOSEC program, user partnership program, utility programs, work program)

program access request

Formal request used to nominate an individual for access to a specific program. [DSS] (see also access)

program automated information system security incident support team (ASSIST)

program channels or program security channels

Method or means expressly authorized for the handling or transmission of classified or unclassified Special Access Program information whereby the information is provided to indoctrinated persons. [DSS] (see also access, authorized, classified, security)

program evaluation and review technique (PERT)

(see also evaluation, program)

program executive agent

Highest ranking military or civilian individual charged with direct responsibility for the program and usually appoints the Government Program Manager. [DSS]

program executive office, enterprise information systems

Responsible office for developing, acquiring, and deploying tactical and non-tactical Information Technology systems and communications for the Army (examples include transportation, medical, personnel, and supply automated tracking and communications systems). [DSS]

program manager

The individual responsible for the IT system during initial development and acquisition. The program manager is concerned with cost, schedule, and performance issues for the system as well as security issues. [800-37] (see also security, system, program)

program material

Program material and information describing services provided, the capabilities developed, or the items produced under the Special Access Program. [DSS] (see also access)

program office

Office that manages, executes, and controls a Special Access Program in a Department of Defense Component. [DSS] (see also access)

program protection plan

Comprehensive protection and technology control management tool established for each Defense acquisition program to identify and protect classified and other sensitive information from foreign intelligence collection or unauthorized disclosure. [DSS] (see also authorized, classified, foreign, intelligence)

program security officer

Government official who administers the security policies for the Special Access Program. [DSS] (see also access, security)

program sensitive information

Unclassified information associated with a specific program. Material or information that, while not directly describing the program or aspects of it, could indirectly disclose the actual nature of the Program to a nonprogram-briefed individual. [DSS] (see also classified)

Programmable key storage device (PKSD)

(see also key, program)

programmable logic controller

A solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions such as I/O control, logic, timing, counting, three mode (PID) control, communication, arithmetic, and data and file processing. [800-82] (see also control systems, file, function, process, system, users, control, program)

programmable read-only memory (PROM)

Memory chip to which data can be written only once. Once a program is written onto a Programmable Read-Only Memory, it remains there forever. Unlike Random Access Memory, Programmable Read-Only Memory retains their contents when the computer is turned off. The difference between a Programmable Read-Only Memory and a Read-Only Memory is that a Programmable Read-Only is manufactured as blank memory, whereas a Read-Only Memory is programmed during the manufacturing process. To write data onto a Programmable Read-Only Memory chip, you need a special device called a Programmable Read-Only Memory programmer or Programmable Read-Only Memory burner. The process of programming a Programmable Read-Only Memory is sometimes called burning the Programmable Read-Only Memory. An Erasable Programmable Read-Only Memory is a special type of Programmable Read-Only Memory that can be erased by exposing it to ultraviolet light. Once it is erased, it can be rewritten. [DSS] (see also access, program)

programming languages and compilers

The tools used within the development environment in the construction of the software and/or firmware of a Target of Evaluation. [AJP][ITSEC] (see also target, program, software, target of evaluation)

project/program manager

Individual responsible for a project or program and who manages day-to-day aspects of the project or program. [DSS]

promiscuous mode

A configuration setting for a network interface card that causes it to accept all incoming packets that it sees, regardless of their intended destinations. [800-94][SP 800-94] Normally an Ethernet interface reads all address information and accepts follow-on packets only destined for itself, but when the interface is in promiscuous mode, it reads all information (sniffer), regardless of its destination. [NSAINT] (see also ethernet sniffing, information, interface, packet sniffer, threat)

proof

The corroboration that evidence is valid in accordance with the non-repudiation policy in force. NOTE - Proof is evidence that serves to prove truth or existence of something. [SC27] (see also evidence, non-repudiation, policy)

proof of possession protocol

A protocol where a claimant proves to a verifier that he/she possesses and controls a token (e.g., a key or password). [800-63] (see also 3-factor authentication, authentication, control, key, passwords, protocols)

property

proprietary

(I) Refers to information (or other property) that is owned by an individual or organization and for which the use is restricted by that entity. [RFC2828] (I) Refers to information (or other property) that is owned by an individual or organization and for which the use is restricted by that entity. [OVT] (see also entity, information, property)

proprietary information (PROPIN)

Information that is owned by a private enterprise and whose use and/or distribution is restricted by that enterprise. Note: Proprietary information may be related to the company's products, business, or activities, including but not limited to financial information, data, or statements; trade secrets; product research and development information; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and trade secrets or other company confidential information. [AJP][FCv1] Material and information relating to or associated with a company's products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that has been clearly identified and properly marked by the company as proprietary information, trade secrets, or company confidential information. The information must have been developed by the company and not be available to the government or to the public without restriction from another source. [CNSSI][CNSSI-4009] Material and information relating to, or associated with, a company's products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that have been clearly identified and properly marked by the company as proprietary information, trade secrets, or company confidential information. The information must have been developed by the company and not be available to the government or to the public without restriction from another source. [DSS] (see also computer, development, process, program, information)

proprietary protocol

A protocol, network management protocol, or suite of protocols developed by a private company to manage network resources manufactured by that company. [SRV] (see also network, resource, protocols)

protected channel

A session wherein messages between two participants are encrypted and integrity is protected using a set of shared secrets; A participant is said to be authenticated if the other participant can link possession of the session keys by the first participant to a long term cryptographic token and verify the identity associated with that token. [800-63] (see also cryptographic, entity, identity, integrity, key, message)

protected checksum

(I) A checksum that is computed for a data object by means that protect against active attacks that would attempt to change the checksum to make it match changes made to the data object. checksum. [RFC2828] (see also attack, object)

protected communications

Telecommunications delivering their protection through use of type 2 products or data encryption standard equipment. [ANSI] (see also encryption, standard, telecommunications, communications)

protected communications zone (PCZ)

(see also communications)

Protected Critical Infrastructure Information (PCII)

PCII refers to all critical infrastructure information, including categorical inclusion PCII, that has undergone the validation process and that the PCII Program Office has determined qualifies for protection under the CII Act. All information submitted to the PCII Program Office or Designee with an express statement is presumed to be PCII until the PCII Program Office determines otherwise. [NIPP] (see also critical)

protected distribution systems (PDS)

(I) A wireline or fiber-optic system which includes sufficient safeguards (acoustic, electric, electromagnetic, and physical) to permit its use for unencrypted transmission of (cleartext) data. [RFC2828] Wire line or fiber optic distribution system used to transmit unencrypted classified national security information through an area of lesser classification or control. [CNSSI] Wireline or fiberoptic telecommunications system that includes terminals and adequate acoustic, electrical, electromagnetic, and physical safeguards to permit its use for the unencrypted transmission of classified information. [DSS] (see also classified, control, encryption, information, security, system)

protected information

Sensitive, critical, and/or classified information. [DSS] (see also classified, critical)

protected network

A network segment or segments to which access is controlled by the DUT/SUT. Firewalls are intended to prevent unauthorized access either to or from the protected network. Depending on the configuration specified by the policy and rule set, the DUT/SUT may allow hosts on the protected segment to act as clients for servers on either the DMZ or the unprotected network, or both. Protected networks are often called 'internal networks.' That term is not used here because firewalls increasingly are deployed within an organization, where all segments are by definition internal. [RFC2647] (see also unprotected network, access, access control, authorized, control, policy, ruleset, unauthorized access, demilitarized zone, firewall, network)

protected services list (PSL)

protected wireline distribution system (PWDS)

(see also system)

protection

Actions or measures taken to cover or shield from exposure, injury, or destruction. In the context of the NIPP, protection includes actions to deter the threat, mitigate the vulnerabilities, or minimize the consequences associated with a terrorist attack or other incident. Protection can include a wide range of activities, such as hardening facilities, building resiliency and redundancy, incorporating hazard resistance into initial facility design, initiating active or passive countermeasures, installing security systems, promoting workforce surety, training and exercises, and implementing cybersecurity measures, among various others. [NIPP]

protection needs elicitation (PNE)

Discovering the customer's prioritized requirements for the protection of information. [IATF] (see also assurance, information, requirements, security)

protection philosophy

(1) An informal description of the overall design of a system that delineates each of the protection mechanisms used. A combination (appropriate to the evaluation class) of formal and informal techniques is used to show that the mechanisms are adequate to enforce the security policy. (2) Informal description of the overall design of an IT product that shows how each of the supported control objectives is dealt with. [AJP] An informal description of the overall design of a system that delineates each of the protection mechanisms employed. A combination (appropriate to the evaluation class) of formal and informal techniques is used to show that the mechanisms are adequate to enforce the security policy. [NCSC/TG004][TCSEC][TNI] Informal description of the overall design of an IS delineating each of the protection mechanisms employed. Combination of formal and informal techniques, appropriate to the evaluation class, used to show the mechanisms are adequate to enforce the security policy. [CNSSI] Informal description of the overall design of an IT product that shows how each of the supported control objectives is dealt with. [FCv1] Informal description of the overall design of an information system delineating each of the protection mechanisms employed. Combination of formal and informal techniques, appropriate to the evaluation class, used to show the mechanisms are adequate to enforce the security policy. [CNSSI-4009] (see also assurance, control, evaluation, policy, security, system) (includes object)

protection profile (PP)

(1) An implementation-independent specification of the security requirements to be met by any of a set of possible products or systems. It is a high-level abstraction of the security target, and principally includes rationale, functional requirements, and assurance requirements. (2) Statement of security criteria shared by IT product producers, consumers, and evaluators - built from functional, development assurance, and evaluation assurance requirements to meet identified security needs through the development of conforming IT products. [AJP] A protection profile defines an implementation-independent set of IT security requirements and objectives for a category of Target of Evaluations. PPs are intended to meet common consumer needs for IT security. A rationale for the selected functional and assurance components is provided. [CC1] An implementation-independent set of security requirements for a category of IT products or systems that meet specific consumer needs. [SC27] An implementation-independent set of security requirements for a category of IT products or systems that meet specific consumer needs. [ISO/IEC 15292: 2001] An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs. [SC27] An implementation-independent set of security requirements for a category of TOEs [Target of Testing] that meet specific consumer needs. [OVT] An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs. [CC2][CC21][IATF][SC27] An implementation-independent set of security requirements for a category of products which meet similar consumer needs. [NIAP] Common Criteria specification that represents an implementation-independent set of security requirements for a category of Target of Evaluations (TOE) that meets specific consumer needs. [CNSSI][CNSSI-4009] Statement of security criteria; shared by IT product producers, consumers, and evaluators; built from functional, development assurance, and evaluation assurance requirements; to meet identified security needs through the development of conforming IT products. [FCv1] (see also IT security, assurance, computer security, criteria, function, object, security, security target, security testing, system, target, test, Common Criteria for Information Technology Security Evaluation, Federal Criteria Vol. I, file, profile, requirements) (includes assignment, decomposition, external security controls, functional protection requirements, product rationale, protection profile family, refinement, trusted computing base)

protection profile family

Two or more protection profiles with similar functional requirements and rationale sections but with different assurance requirements. [AJP][FCv1] (see also assurance, function, file, profile, protection profile)

protection ring

(I) One of a hierarchy of privileged operation modes of a system that gives certain access rights to processes authorized to operate in that mode. [RFC2828] One of a hierarchy of privileged modes of a system that gives certain access rights to user programs and processes authorized to operate in a given mode. [AJP][NCSC/TG004] One of a hierarchy of privileged modes of an IS that gives certain access rights to user programs and processes that are authorized to operate in a given mode. [CNSSI] (see also access, access control, assurance, authorized, operation, privileged, process, program, system, users, modes of operation)

protection suite

Set of parameters that are mandatory for IPsec phase 1 negotiations (encryption algorithm, integrity protection algorithm, authentication method, and Diffie-Hellman group). [800-77] (see also algorithm, authentication, encryption, integrity, internet protocol security, internet security protocol)

protection-critical portions of the TCB

Those portions of the TCB whose normal function is to deal with the control of access between subjects and objects. [TCSEC][TNI] Those portions of the TCB whose normal function is to deal with the control of access between subjects and objects. Their correct operation is essential to the protection of the data on the system. [AJP][NCSC/TG004] (see also access, access control, assurance, control, function, operation, system, critical, trusted computing base) (includes object, subject)

protective distribution system

Wire line or fiber optic system that includes adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of unencrypted information. [800-53][SP 800-53] (see also countermeasures, information, system)

protective measures

Actions, procedures, or designs implemented to safeguard protected information. [DSS]

protective packaging

Packaging techniques for COMSEC material that discourage penetration, reveal a penetration has occurred or was attempted, or inhibit viewing or copying of keying material prior to the time it is exposed for use. [CNSSI][CNSSI-4009] (see also communications security, key, penetration)

protective security service

Transportation protective service by a cleared commercial carrier qualified by the Military Traffic Management Command to transport shipments of SECRET material. The carrier must provide continuous attendance and surveillance of the shipment by qualified carrier representatives and maintain a signature and tally record. In the case of air movement, however, observation of the shipment is not required during the period it is stored in the carrier's aircraft in connection with flight, provided the shipment is loaded into a compartment that is not accessible to an unauthorized person aboard. [DSS] (see also access, authorized, connection, security)

protective technologies

Special tamper-evident features and materials employed for the purpose of detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material. [CNSSI][CNSSI-4009] (see also compromise, incident, information, key, penetration, process, tamper)

protocol analyzer

A device or software application that enables the user to analyze the performance of network data so as to ensure that the network and its associated hardware/software are operating within network specifications. [800-82] (see also application, software, users, protocols)

protocol converter

A device used to translate information between networks [NASA] (see also information, protocols)

protocol data unit (PDU)

A PDU is a message of a given protocol comprising payload and protocol-specific control information, typically contained in a header. PDUs pass over the protocol interfaces which exist between the layers of protocols (per OSI model). [OVT] A unit of data specified in a protocol and consisting of protocol information and, possibly, user data. [FIPS 188] (see also control, information, interface, message, protocols)

protocol entity

Entity that follows a set of rules and formats (semantic and syntactic) that determines the communication behavior of other entities. [FIPS 188]

protocol run

(see also authentication, message, protocols)

protocol suite

(I) A complementary collection of communication protocols used in computer network. [RFC2828] (see also communications, computer, computer network, network, protocols)

protocols

(I) A set of rules (i.e. formats and procedures) to implement and control some type of association (e.g. communication) between systems. (C) In particular, a series of ordered steps involving computing and communication that are performed by two or more system entities to achieve a joint objective. [RFC2828] A format for transmitting data between devices. [FFIEC] A set of conventions that govern the interaction of processes, devices, and other components within a system. (ISO) A set of semantic and syntactic rules that determines the behavior of functional units in achieving communication. (I) A set of rules (i.e. formats and procedures) to implement and control some type of association (e.g., communication) between systems. Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. If they use the same protocols, products from different vendors should be able to communicate on the same network. A set of rules and formats, semantic, and syntactic, that permits entities to exchange information. Code of correct conduct: 'safety protocols'; 'academic protocol'. Forms of ceremony and etiquette observed by diplomats and heads of state. [OVT] A set of rules (i.e. formats and procedures) to implement and control some type of association (e.g., communication) between systems. [800-82] A set of rules and formats, semantic, and syntactic, that allow one IS to exchange information with another. [CIAO] A set of rules and formats, semantic, and syntactic, that permits entities to exchange information. [AJP][NCSC/TG004] Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. If they use the same protocols, products from different vendors should be able to communicate on the same network. [NSAINT] Set of rules and formats, semantic and syntactic, permitting information systems to exchange information. [CNSSI-4009] Set of rules and formats, semantic, and syntactic, permiting ISs to exchange information. [CNSSI] Set of rules and formats, semantic, and syntactic, that permits entities to exchanged information. [DSS] (see also Abstract Syntax Notation One, Diffie-Hellman, Distributed Authentication Security Service, Estelle, FIREFLY, Generic Security Service Application Program Interface, ICMP flood, IMAP4 AUTHENTICATE, IP address, IPsec Key Exchange, ITU-T, Internet Architecture Board, Internet Assigned Numbers Authority, Internet Corporation for Assigned Names and Numbers, Internet Engineering Task Force, Internet Standard, MIME Object Security Services, Network File System, OAKLEY, OSI architecture, Open Systems Interconnection Reference model, PKIX, POP3 APOP, POP3 AUTH, Photuris, SOCKS, SYN flood, Secure Data Exchange, Secure Data Network System, Secure Electronic Transaction, Secure/MIME, Simple Authentication and Security Layer, Standards for Interoperable LAN/MAN Security, Terminal Access Controller Access Control System, active attack, anonymous and guest login, anonymous login, application gateway firewall, application proxy, application-level firewall, association, authentication header, automated key distribution, backdoor, bastion host, bridge, brouters, certification, claimant, code, common security, communications, computer, computer architecture, connection, connection establishment, connection establishment time, connection maintenance, connection teardown, connection teardown time, control, countermeasures, cyclic redundancy check, domain name service server, domain name system, eavesdropping attack, egress filtering, encapsulating security payload, encapsulation, end system, extensibility, fieldbus, file transfer, firewall, function, gateway, goodput, gopher, hackers, host, https, implementation under test, information, internet, internet vs. Internet, internetwork, kerberos, key confirmation, key distribution center, key recovery, key translation center, language of temporal ordering specification, man-in-the-middle attack, management server, multipurpose internet mail extensions, network, network analyzer, network architecture, network connection, network front-end, network level firewall, network sniffing, nonce, object, object identifier, off-line attack, one-time passwords, online attack, open systems interconnection, packet filtering, packet filtering firewall, passive attack, pretty good privacy, privacy enhanced mail, process, proxy, proxy server, public-key forward secrecy, remote authentication dial-in user service, router, scheme, secure multipurpose internet mail extensions, secure shell, secure socket layer, security association, security association identifier, security certificate, security gateway, security parameters index, signaling system 7, simple key management for IP, software, stealth probe, subnetwork, system, telnet, token authenticator, tokens, transport layer security, transport mode vs. tunnel mode, tunnel, tunneling, uniform resource identifier, uniform resource locator, verifier, verifier impersonation attack, vishing, vulnerability, wireless intrusion detection and prevention system, world wide web) (includes Challenge Handshake Authentication Protocol, Directory Access Protocol, Extensible Authentication Protocol, Identification Protocol, Internet Message Access Protocol, version 4, Internet Protocol Security Option, Internet Security Association and Key Management Protocol, Key Management Protocol, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Lightweight Directory Access Protocol, Message Security Protocol, Network Layer Security Protocol, Password Authentication Protocol, Post Office Protocol, version 3, Security Protocol 3, Security Protocol 4, Simple Key-management for Internet Protocols, Transport Layer Security Protocol, authentication header protocol, authentication protocol, challenge-response protocol, communications protocol, encapsulating security payload protocol, file transfer protocol, host to front-end protocol, hypertext transfer protocol, internet control message protocol, internet key exchange protocol, internet protocol, internet protocol security, interoperability standards/protocols, ip payload compression protocol, key management protocol data unit, network management protocol, network protocol stack, online certificate status protocol, point-to-point protocol, point-to-point tunneling protocol, proof of possession protocol, proprietary protocol, protocol analyzer, protocol converter, protocol data unit, protocol run, protocol suite, secure hypertext transfer protocol, security protocol, simple mail transfer protocol, simple network management protocol, stateful protocol analysis, transmission control protocol, transmission control protocol/internet protocol, tunneled password protocol, user data protocol, wireless application protocol, zero-knowledge password protocol)

prototyping

Creating a demonstration model of a new computer application system. [SRV] (see also application, computer, model, system)

prove a correspondence

Provide a formal correspondence, using a formal reasoning system (e.g. typed lambda calculus), between the levels of abstraction. Note: this involves proving that required properties continue to hold under the interpretation given in the formal correspondence. [AJP][FCv1] (see also system)

provider

Contractor or Government support organization (or both) providing the process on behalf of the customer. [DSS]

prowler

A daemon that is run periodically to seek out and erase core files, truncate administrative logfiles, nuke lost+found directories, and otherwise clean up. [NSAINT] (see also file, threat)

proximity

Refers to a technology used to provide physical access control. This technology uses a contactless interface with a card reader. An antenna is embedded in the card, which emits a unique radio frequency when in close proximity to the electronic field of the card reader. [GSA] (see also access, access control, control, interface, technology)

proximity sensor

A non-contact sensor with the ability to detect the presence of a target within a specified range. [800-82] (see also target)

proxy

A firewall mechanism that replaces the IP address of a host on the internal (protected) network with its own IP address for all traffic passing through it. A software agent that acts on behalf of a user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination. [NSAINT] A program that receives a request from a client, and then sends a request on the client's behalf to the desired destination. [800-83] A proxy is an application that 'breaks' the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. This effectively closes the straight path between the internal and external networks making it more difficult for an attacker to obtain internal addresses and other details of the organization's internal network. Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email. [SP 800-44] A request for a connection made on behalf of a host. Proxy-based firewalls do not allow direct connections between hosts. Instead, two connections are established: one between the client host and the DUT/SUT, and another between the DUT/SUT and server host. As with packet-filtering firewalls, proxy-based devices use a rule set to determine which traffic should be forwarded and which should be rejected. There are two types of proxies: application proxies and circuit proxies. [RFC2647] A software agent that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination. [IATF] An application or device acting on behalf of another in responding to protocol requests. [CIAO] An application that 'breaks' the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. Note: This effectively closes the straight path between the internal and external networks, making it more difficult for an attacker to obtain internal addresses and other details of the organization's internal network. Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email. [CNSSI-4009] Software agent that performs a function or operation on behalf of another application or system while hiding the details involved. [CNSSI] Software agent that performs a function or operation on behalf of another application or system while hiding the details involved. Typical proxies accept a connection from a user, decide about whether the user or client network address is authorized to use the requested service, optionally perform additional authentication, and then complete a connection on behalf of the user to a remote destination. [DSS] (see also access, application, attack, authentication, authorized, connection, function, network, operation, packet filtering, program, protocols, software, stateful packet filtering, system, users, firewall) (includes application proxy, circuit proxy, proxy server)

proxy agent

A software application running on a firewall or on a dedicated proxy server that is capable of filtering a protocol and routing it between the interfaces of the device. [CNSSI-4009] (see also software)

proxy server

(I) A computer process--often used as, or as part of, a firewall--that relays a protocol between client and server computer systems, by appearing to the client to be the server and appearing to the server to be the client. (C) In a firewall, a proxy server usually runs on a bastion host, which may support proxies for several protocols (e.g. FTP, HTTP, and TELNET). Instead of a client in the protected enclave connecting directly to an external server, the internal client connects to the proxy server which in turn connects to the external server. The proxy server waits for a request from inside the firewall, forwards the request to the remote server outside the firewall, gets the response, then sends the response back to the client. The proxy may be transparent to the clients, or they may need to connect first to the proxy server, and then use that association to also initiate a connection to the real server. (C) Proxies are generally preferred over SOCKS for their ability to perform caching, high-level logging, and access control. A proxy can provide security service beyond that which is normally part of the relayed protocol, such as access control based on peer entity authentication of clients, or peer entity authentication of servers when clients do not have that capability. A proxy at OSI layer 7 can also provide finer-grained security service than can a filtering router at OSI layer 3. For example, an FTP proxy could permit transfers out of, but not into, a protected network. [RFC2828] A server that runs a proxy version of an application, such as email, and filters messages according to a set of rules for that application. [CIAO] A server that services the requests of its clients by forwarding those requests to other servers. [CNSSI-4009] A software agent that acts on behalf of something or someone else; decides whether or not the user has permission to use the proxy, perhaps does additional authentication, then connects to a remote destination on behalf of the user. [misc] An Internet server that controls client computers' access to the Internet. Using a proxy server, a company can stop employees from accessing undesirable websites, improve performance by storing webpages locally, and hide the internal network's identity so monitoring is difficult for external users. [FFIEC] (see also access, access control, application, association, authentication, computer, connection, control, entity, identity, message, process, protocols, response, router, security, software, system, users, version, world wide web, internet, proxy)

pseudo-flaw

An apparent loophole deliberately implanted in an operating system program as a trap for intruders. [AJP][NCSC/TG004] (see also program, system, risk management, threat)

pseudo-random

(I) A sequence of values that appears to be random (i.e. unpredictable) but is actually generated by a deterministic algorithm. [RFC2828] (see also algorithm, random)

pseudo-random number generator

(I) A process used to deterministically generate a series of numbers (usually integers) that appear to be random according to certain statistical tests, but actually are pseudo-random. (C) Pseudo-random number generators are usually implemented in software. [RFC2828] (PRNG) An algorithm that produces a sequence of bits that are uniquely determined from an initial value called a seed. The output of the PRNG 'appears' to be random, i.e. the output is statistically indistinguishable from random values. A cryptographic PRNG has the additional property that the output is unpredictable, given that the seed is not known. [CNSSI-4009] (see also process, software, test, random)

pseudonym

1. A subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing. 2. An assigned identity that is used to protect an individual's true identity. [CNSSI-4009] A false name. [SP 800-63] A subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing. [800-63] (see also entity, identity)

psychological operations (PSYOP)

Planned operations for conveying selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and, ultimately, the behavior of foreign governments, organizations, groups, and individuals. The purpose of Psychological Operations is to induce or reinforce foreign attitudes and behavior favorable to the originator's objectives. [DSS] Planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals. The purpose of psychological operations is to induce or reinforce foreign attitudes and behavior favorable to the originator's objectives. (JP 1-02) [NSAINT] (see also foreign, information, object, operation, threat)

public accreditation verification exponent

Value agreed by all members of a group of entities, and which, in conjunction with the modulus, determines the value of the private accreditation exponent. [SC27] (see also accreditation, verification)

public component

(I) A synonym for 'public key'. (D) In most cases, ISDs SHOULD NOT use this term; to avoid confusing readers, use 'private key' instead. However, the term MAY be used when specifically discussing a key pair; e.g. 'A key pair has a public component and a private component.' [RFC2828] (see also key, public-key)

public confidence

Trust bestowed by citizens based on demonstrations and expectations of their government's ability to provide for their common defense and economic security and behave consistent with the interests of society; and their critical infrastructures' ability to provide products and services at expected levels and to behave consistent with their customers' best interests. [CIAO] (see also critical, security, confidence)

public domain

In open view; before the public at large and not in private or employing secrecy or other protective measures. [DSS]

public domain software

All software not subject to a vendor's license agreement and available to the general public [NASA] Software not protected by copyright laws of any nation that carries no warranties or liabilities, and may be freely used without permission of or payment to the creator. [DSS] Software not protected by copyright laws of any nation that may be freely used without permission of, or payment to, the creator, and that carries no warranties from, or liabilities to the creator. [CNSSI][CNSSI-4009] (see also subject, domain, software)

public encipherment key

Public key which defines the public encipherment transformation. [SC27] (see also public-key, cipher, encipherment, key, public-key infrastructure)

public encipherment transformation

Encipherment transformation determined by an asymmetric encipherment system and the public key of an asymmetric key pair. [SC27] (see also key, public-key, system, cipher, encipherment, public-key infrastructure)

public information

Any information, regardless of form or format that an agency discloses, disseminates, or makes available to the public. [800-60] Official Department of Defense information that has been reviewed and approved for public release by the information owner. [DSS] (see also information)

public key enabling

The incorporation of the use of certificates for security services such as authentication, confidentiality, data integrity, and non-repudiation. [CNSSI-4009] (see also authentication, security, key)

public law 100-235

Also known as the Computer Security Act of 1987. This U.S. law creates a means for establishing minimum acceptable security practices for improving the security and privacy of sensitive information in federal computer systems. This law assigns to the U.S. National Institute of Standards and Technology responsibility for developing standards and guidelines for federal computer systems processing unclassified data. The law also requires establishment of security plans by all operators of federal computer systems that contain sensitive information. [AJP][NCSC/TG004] (see also classified, computer, computer security, establishment, information, privacy, process, security, standard, system, technology)

public seed

A starting value for a pseudorandom number generator. The value produced by the random number generator may be made public. The public seed is often called a 'salt'. [CNSSI-4009]

public verification key

Public key which defines the public verification transformation. [SC27] (see also public-key, key, public-key infrastructure, verification)

public-key

(I) The publicly-disclosable component of a pair of cryptographic keys used for asymmetric cryptography. (O) '(In a public key cryptosystem) that key of a user's key pair that is publicly known.' [RFC2828] A cryptographic key that may be widely published and is used to enable the operation of an asymmetric cryptography scheme. This key is mathematically linked with a corresponding private key. Typically, a public key can be used to encrypt, but not decrypt, or to validate a signature, but not to sign. [CNSSI-4009] A cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity and that may be made public. [FIPS 140-2] A cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and that may be made public. In an asymmetric (public) key cryptosystem that key of an entity's key pair that may be publicly known. A public key may be used to (1) verify a digital signature that is signed by the corresponding private key, (2) encrypt data that may be decrypted by the corresponding private key, and (3) compute a piece of shared information by other parties. The public key is used to verify a digital signature. This key is mathematically linked with a corresponding private key. [SRV] A cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and which may be made public; it is used to verify a digital signature; this key is mathematically linked with a corresponding private key. [FIPS 196] A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and may be made public. In an asymmetric (public) cryptosystem, the public key is associated with a private key. The public key may be known by anyone and, depending on the algorithm, may be used, for example, to: 1) Verify a digital signature that is signed by the corresponding private key, 2) Encrypt keys that can be decrypted by the corresponding private key, or 3) Compute a shared secret during a key-agreement transaction. [SP 800-57 Part 1] That key of an entity's asymmetric key pair which can be made public. [SC27] That key of an entity's asymmetric key pair which can be made public. NOTE - In the case of an asymmetric signature system the public key defines the verification transformation. In the case of an asymmetric encipherment system the public key defines the encipherment transformation. A key that is 'publicly known' is not necessarily globally available. The key may only be available to all members of a pre-specified group. [SC27] That key of an entity's asymmetric key pair which can be made public. [ISO/IEC FDIS 9796-2 (12/2001), ISO/IEC 11770-1: 1996, ISO/IEC WD 18033-1 (12/2001)] That key of an entity's asymmetric key pair which can be made public. NOTE - In the case of an asymmetric signature system the public key defines the verification transformation. In the case of an asymmetric encipherment system the public key defines the encipherment transformation. A key that is 'publicly known' is not necessarily globally available. The key may only be available to all members of a pre-specified group. [SC27] The key in a matched key pair - private key and public key - that may be published, e.g. posted in a directory, for public key cryptography. [AJP] The key in a matched key pair-private key and public key - that is made public; for example, posted in a public directory for public key cryptography. [SRV] The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data. [800-63][FIPS 201; SP 800-63] (see also CA certificate, Diffie-Hellman, FIREFLY, IEEE P1363, MISSI user, OAKLEY, PKCS #10, PKIX, RSA algorithm, Rivest-Shamir-Adleman algorithm, The Exponential Encryption System, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, account authority digital signature, algorithm, archive, asymmetric cryptographic technique, asymmetric cryptography, asymmetric key pair, asymmetric keys, attribute certificate, authority revocation list, bind, binding, certificate, certificate directory, certificate domain, certificate policy, certificate policy qualifier, certificate rekey, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification authority digital signature, certification hierarchy, certification path, certification request, certify, challenge-response protocol, cipher, common name, cross-certification, cryptographic, cryptographic system, cryptography, cryptoperiod, data origin authentication service, digital certificate, digital certification, digital envelope, digital id, digital signature, digital signature algorithm, directly trusted CA, directly trusted CA key, distinguished name, distribution point, domain name system, elliptic curve cryptosystem, encipherment, encryption certificate, end entity, entity, ephemeral key, extension, fingerprint, hierarchy management, information, internet protocol security, key agreement, key exchange, key lifetime, key management infrastructure, key management/exchange, key material identifier, key pair, key transport, key validation, key-escrow system, merchant certificate, modulus, non-repudiation, online certificate status protocol, organizational certificate, path discovery, personality label, policy approving authority, policy certification authority, policy creation authority, pretty good privacy, privacy enhanced mail, private communication technology, private key, public component, public encipherment key, public encipherment transformation, public verification key, registration, registration authority, repository, root, root certificate, root key, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure socket layer, self-signed certificate, signature, signature certificate, signature verification, strong authentication, subject, subordinate certification authority, symmetric cryptography, system, tokens, trust anchor, trust-file PKI, trusted certificate, trusted key, tunneled password protocol, unforgeable, users, v1 certificate, v2 certificate, v3 certificate, validate, validate vs. verify, validity period, verification, virtual private network, web of trust, asymmetric algorithm, key) (includes Federal Public-key Infrastructure, Simple Public-Key Infrastructure, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, X.509 public-key certificate, mesh PKI, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key derivation function, public-key forward secrecy, public-key information, public-key system)

public-key algorithm (PKA)

(see also algorithm, key, public-key)

public-key certificate

(I) A digital certificate that binds a system entity's identity to public key value, and possibly to additional data items; a digitally-signed data structure that attests to the ownership of a public key. (C) The digital signature on a public-key certificate is unforgeable. Thus, the certificate can be published, such as by posting it in a directory, without the directory having to protect the certificate's data integrity. (O) 'The public key of a user, together with some other information, rendered unforgeable by encipherment with the private key of the certification authority that issued it.' [RFC2828] A digital document issued and digitally signed by the private key of a Certificate authority that binds the name of a subscriber to a public key. The certificate indicates that the Subscriber identified in the certificate has sole control and access to the private key. [SP 800-63] A digital document issued and digitally signed by the private key of a Certification Authority that binds the name of a subscriber to a public key. The certificate indicates that the subscriber identified in the certificate has sole control and access to the private key. [800-63] A set of data that unambiguously identifies an entity, contains the entity's public key, and is digitally signed by a trusted third party (certification authority). [FIPS 196] A set of data that uniquely identifies an entity, contains the entity's public key, and is digitally signed by a trusted party, thereby binding the public key to the entity. [FIPS 140-2] Contains the name of a user, the public key component of the user, and the name of the issuer who vouches that the public key component is bound to the named user. [CNSSI] The public key information of an entity signed by the certification authority and thereby rendered unforgeable. [SC27] The public key information of an entity signed by the certification authority and thereby rendered unforgeable. NOTE - In the context of this part of ISO/IEC 9796 the public key information contains the information about the verification key and the domain parameters. [SC27] The public key information of an entity signed by the certification authority and thereby rendered unforgeable. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-1: 1996, ISO/IEC 11770-3: 1999, ISO/IEC WD 13888-1 (11/2001)] The public key information of an entity signed by the certification authority and thereby rendered unforgeable. NOTE - In the context of this part of ISO/IEC 9796 the public key information contains the information about the verification key and the domain parameters. [SC27] (see also access, authority, certification, cipher, control, digital signature, domain, encipherment, entity, identity, information, integrity, owner, signature, system, test, trust, users, verification, certificate, key, public-key)

public-key cryptography (PKC)

(I) The popular synonym for 'asymmetric cryptography'. [RFC2828] Cryptography that uses separate keys for encryption and decryption; also known as asymmetric cryptography. [800-77] Cryptography using two matched keys (or asymmetric cryptography) in which a single private key is not shared by a pair of users. Instead, each user has a key pair. Each key pair consists of a private key that is kept secret by the user and a public key that is posted in a public directory. Public key cryptography is used to perform: (1) digital signature, (2) secure transmission or exchange of secret keys, and/or (3) encryption and decryption. [SRV] Cryptography using two matched keys (or asymmetric cryptography) in which a single private key is not shared by a pair of users. Instead, users have their own key pairs. Each key pair consists of a matched private and public key. Public key cryptography can perform (1) digital signature, (2) secure transmission or exchange of secret keys, and/or (3) encryption and decryption. Examples of public key cryptography are DSS (Digital Signature Standard) and RSA (Rivest, Shamir, and Adleman). [AJP] Encryption system that uses a public-private key pair for encryption and/or digital signature. [CNSSI-4009] Encryption system using a linked pair of keys. What one key encrypts, the other key decrypts. [CNSSI] Type of cryptography in which the encryption process is publicly available and unprotected, but in which a part of the decryption key is protected so that only a party with knowledge of both parts of the decryption process can decrypt the cipher text. [NSAINT] (see also cipher, encryption, process, public-key infrastructure, signature, standard, system, users, cryptography, key, public-key) (includes Rivest-Shamir-Adleman algorithm)

public-key cryptography standards (PKCS)

(I) A series of specifications published by RSA Laboratories for data structures and algorithm usage for basic applications of asymmetric cryptography. (C) The PKCS were begun in 1991 in cooperation with industry and academia, originally including Apple, Digital, Lotus, Microsoft, Northern Telecom, Sun, and MIT. Today, the specifications are widely used, but they are not sanctioned by an official standards organization, such as ANSI, ITU-T, or IETF. RSA Laboratories retains sole decision-making authority over the PKCS. [RFC2828] A set of standards proposed by RSA Data Security Inc. for a public-key based system. [misc] (see also algorithm, application, authority, operation, public-key infrastructure, security, system, Rivest-Shamir-Adleman algorithm, asymmetric algorithm, cryptography, key, public-key, standard) (includes PKCS #10, PKCS #11, PKCS #7)

public-key derivation function

A domain parameter, whose function is to map strings of bits into positive integers. NOTE 1 - This function is used to transform an entity's identification data into the entity's verification key, and satisfies the following two properties.

It is computationally infeasible to find any two distinct inputs which map to the same output.
Either the probability that a randomly chosen value Y is in the range of the function is negligibly small, or for a given output it is computationally infeasible to find for a given output, an input which maps to this output.

[SC27] A domain parameter, whose function is to map strings of bits into positive integers. NOTE 1 - This function is used to transform an entity's identification data into the entity's verification key, and satisfies the following two properties.

It is computationally infeasible to find any two distinct inputs which map to the same output.
Either the probability that a randomly chosen value Y is in the range of the function is negligibly small, or for a given output it is computationally infeasible to find for a given output, an input which maps to this output.

NOTE 2 - Negligibility and computational infeasibility depend on the specific security requirements and environment. [SC27] (see also domain, entity, identification, random, requirements, security, verification, asymmetric cryptography, function, key, public-key, public-key infrastructure)

public-key forward secrecy

(I) For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future. (C) Some existing RFCs use the term 'perfect forward secrecy' but either do not define it or do not define it precisely. While preparing this Glossary, we tried to find a good definition for that term, but found this to be a muddled area. Experts did not agree. For all practical purposes, the literature defines 'perfect forward secrecy' by stating the Diffie-Hellman algorithm. The term 'public-key forward secrecy' (suggested by Hilarie Orman) and the 'I' definition stated for it here were crafted to be compatible with current Internet documents, yet be narrow and leave room for improved terminology. (C) Challenge to the Internet security community: We need a taxonomy--a family of mutually exclusive and collectively exhaustive terms and definitions to cover the basic properties discussed here--for the full range of cryptographic algorithms and protocols used in Internet Standards: (C) Involvement of session keys vs. long-term keys: Experts disagree about the basic ideas involved.

One concept of 'forward secrecy' is that, given observations of the operation of a key establishment protocol up to time t, and given some of the session keys derived from those protocol runs, you cannot derive unknown past session keys or future session keys.
A related property is that, given observations of the protocol and knowledge of the derived session keys, you cannot derive one or more of the long-term private keys.
The 'I' definition presented above involves a third concept of 'forward secrecy' that refers to the effect of the compromise of long-term keys.
All three concepts involve the idea that a compromise of 'this' encryption key is not supposed to compromise the 'next' one. There also is the idea that compromise of a single key will compromise only the data protected by the single key. In Internet literature, the focus has been on protection against decryption of back traffic in the event of a compromise of secret key material held by one or both parties to a communication.

(C) Forward vs. backward: Experts are unhappy with the word 'forward', because compromise of 'this' encryption key also is not supposed to compromise the 'previous' one, that is 'backward' rather than forward. In S/KEY, if the key used at time t is compromised, then all keys used prior to that are compromised. If the 'long-term' key (i.e. the base of the hashing scheme) is compromised, then all keys past and future are compromised; thus, you could say that S/KEY has neither forward nor backward secrecy. (C) Asymmetric cryptography vs. symmetric: Experts disagree about forward secrecy in the context of symmetric cryptographic systems. In the absence of asymmetric cryptography, compromise of any longterm key seems to compromise any session key derived from the long-term key. For example, Kerberos isn't forward secret, because compromising a client's password (thus compromising the key shared by the client and the authentication server) compromises future session keys shared by the client and the ticket-granting server. (C) Ordinary forward secrecy vs. 'perfect' forward secret: Experts disagree about the difference between these two. Some say there is no difference, and some say that the initial naming was unfortunate and suggest dropping the word 'perfect'. Some suggest using 'forward secrecy' for the case where one long-term private key is compromised, and adding 'perfect' for when both private keys (or, when the protocol is multi-party, all private keys) are compromised. (C) Acknowledgments: Bill Burr, Burt Kaliski, Steve Kent, Paul Van Oorschot, Michael Wiener, and, especially, Hilarie Orman contributed ideas to this discussion. [RFC2828] (see also algorithm, authentication, compromise, cryptographic, cryptography, encryption, establishment, hash, internet, operation, passwords, property, protocols, security, standard, system, forward secrecy, key, public-key)

public-key information

Information containing at least the entity's distinguishing identifier and public key. The public key information is limited to data regarding one entity, and one public key for this entity. There may be other static information regarding the certification authority, the entity, the public key, restrictions on key usage, the validity period, or the involved algorithms, included in the public key information. [SC27] Information specific to a single entity and which contains at least the entity's distinguishing identifier and at least one public key for this entity. There may be other information regarding the certification authority, the entity, and the public key included in the public key information, such as the validity period of the public key, the validity period of the associated private key, or the identifier of the involved algorithms. [SC27] Information specific to a single entity and which contains at least the entity's distinguishing identifier and at least one public key for this entity. There may be other information regarding the certification authority, the entity, and the public key included in the public key information, such as the validity period of the public key, the validity period of the associated private key, or the identifier of the involved algorithms. [ISO/IEC 9798-1: 1997] Information specific to a single entity which contains at least the entity's distinguishing identifier and at least one public key for this entity. There may be other information regarding the certification authority, the entity, and the public key included in the public key information, such as the validity period of the public key, the validity period of the associated private key, or the identifier of the involved algorithms. [ISO/IEC 11770-1: 1996] Information containing at least the entity's distinguishing identifier and public key. The public key information is limited to data regarding one entity, and one public key for this entity. There may be other static information regarding the certification authority, the entity, the public key, restrictions on key usage, the validity period, or the involved algorithms, included in the public key information. [SC27] Information specific to a single entity which contains at least the entity's distinguishing identifier and at least one public key for this entity. There may be other information regarding the certification authority, the entity, and the public key included in the public key information, such as the validity period of the public key, the validity period of the associated private key, or the identifier of the involved algorithms. [SC27] (see also algorithm, authority, certification, entity, asymmetric cryptography, information, key, public-key, public-key infrastructure)

public-key infrastructure (PKI)

(I) A system of CAs (and, optionally, RAs and other supporting servers and agents) that perform some set of certificate management, archive management, key management, and token management functions for a community of users in an application of asymmetric cryptography. (O) PKIX usage: The set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. (C) The core PKI functions are (a) to register users and issue their public-key certificates, (b) to revoke certificates when required, and (c) to archive data needed to validate certificates at a much later time. Key pairs for data confidentiality may be generated (and perhaps escrowed) by CAs or RAs, but requiring a PKI client to generate its own digital signature key pair helps maintain system integrity of the cryptographic system, because then only the client ever possesses the private key it uses. Also, an authority may be established to approve or coordinate CPSs, which are security policies under which components of a PKI operate. (C) A number of other servers and agents may support the core PKI, and PKI clients may obtain services from them. The full range of such services is not yet fully understood and is evolving, but supporting roles may include archive agent, certified delivery agent, confirmation agent, digital notary, directory, key escrow agent, key generation agent, naming agent who ensures that issuers and subjects have unique identifiers within the PKI, repository, ticket-granting agent, and time stamp agent. [RFC2828] A Framework that is established to issue, maintain, and revoke public key certificates. [FIPS 186] A set of policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates. [SP 800-32; SP 800-63] A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and storage of sensitive verification system data within identity cards and the verification system. [FIPS 201] A system of hardware, software, policies, and people that, when fully and properly implemented, can provide a suite of information security (PKI) assurances (including confidentiality, data integrity, authentication, and non-repudiation) that are important in protecting sensitive communications and transactions. [GAO] An architecture that is used to bind public keys to entities, enable other entities to verify public key bindings, revoke such bindings, and provide other services critical to managing public keys. [FIPS 196][SRV] Framework established to issue, maintain, and revoke public key certificates accommodating a variety of security technologies, including the use of software. [CIAO][CNSSI] Public and private keys, digital certificates, certification authorities, certificate revocation lists, and the standards that govern the use and validity of these elements make up an infrastructure where principals can engage in private and non-repudiable transactions. This combination is called the Public Key Infrastructure. [IATF][misc] The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates. Components include the personnel, policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and revoke public key certificates. [CNSSI-4009] The system consisting of TTPs, together with the services they make available to support the application (including generation and validation) of digital signatures, and of the persons or technical components, who use these services. NOTE - Sometimes the persons and the technical components participating in a PKI by using the services of TTPs, but not being TTPs themselves, are referred as end entities. An example of a technical equipment used by an end entity is a smart card which may be used as a storage and or processing device. [SC27] The use of public key cryptography in which each customer has a key pair (i.e. a unique electronic value called a public key and a mathematically-related private key). The private key is used to encrypt (sign) a message that can only be decrypted by the corresponding public key or to decrypt a message previously encrypted with the public key. The public key is used to decrypt a message previously encrypted (signed) using an individual's private key or to encrypt a message so that it can only be decrypted (read) using the intended recipient's private key. [FFIEC] (see also Abstract Syntax Notation One, Cryptographic Message Syntax, Internet Policy Registration Authority, MISSI user, Open Systems Interconnection Reference model, X.500 Directory, application, archive, assurance, authenticate, authentication, authority, backup, bind, capability, certificate, certificate chain, certificate chain validation, certificate domain parameters, certificate expiration, certificate management services, certification, certification policy, certify, common security, communications, confidentiality, control, critical, cryptographic, cryptography, cryptoperiod, directory service, directory vs. Directory, domain, end entity, end-user, entity, escrow, function, geopolitical certificate authority, identity, information, information security, integrity, issue, issuer, key lifetime, key material identifier, message, object identifier, permissions, personal security environment, policy mapping, pre-authorization, privacy enhanced mail, process, public-key cryptography, public-key cryptography standards, registration, registration service, relying party, repository, revocation, role, secure hypertext transfer protocol, security, security event, signature, slot, software, standard, strong authentication, subject, system, tokens, trust, trust chain, trust hierarchy, trusted key, trusted third party, tunnel, unforgeable, users, valid signature, validate, validate vs. verify, validation, web of trust, key, policy) (includes Federal Public-key Infrastructure, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, PKIX private extension, RA domains, SET private extension, SET qualifier, Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure, X.509, X.509 authority revocation list, X.509 certificate revocation list, account authority digital signature, attribute authority, bilateral trust, brand CRL identifier, brand certification authority, cardholder certification authority, certificate creation, certificate directory, certificate management, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate status responder, certificate update, certificate validation, certification authority, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification practice statement, certification request, certification service, certificaton authority, class 2, 3, 4, or 5, common name, compromised key list, delta CRL, digital id, digital signature, directly trusted CA, directly trusted CA key, distinguished name, distribution point, extension, hierarchical PKI, hierarchy management, hierarchy of trust, indirect certificate revocation list, invalidity date, merchant certification authority, mesh PKI, path discovery, path validation, payment gateway certification authority, personality label, policy approving authority, policy certification authority, policy creation authority, policy management authority, private key, public encipherment key, public encipherment transformation, public verification key, public-key derivation function, public-key information, public-key system, registration authority, revocation date, root, subordinate certification authority, top CA, trust-file PKI, v1 CRL, v2 CRL, validity period)

public-key system

Cryptographic scheme consisting of three functions:

Key production, a method for generating a key pair made up of a private signature key and a public verification key,
Signature production, a method for generating a signature S from a message representative F and a private signature key, and
Signature opening, a method for obtaining the recovered message representative F* from a signature S and a public verification key. The output of this function also contains an indication as to whether the signature opening procedure succeeded or failed.

purge

Rendering sanitized data unrecoverable by laboratory attack methods. [SP 800-88; CNSSI-4009] The removal of sensitive data from an AIS, AIS storage device, or peripheral device with storage capacity, at the end of a processing period. This action is performed in such a way that there is assurance proportional to the sensitivity of the data that the data may not be reconstructed. An AIS must be disconnected from any external network before a purge. After a purge, the medium can be declassified by observing the review procedures of the respective agency. [AJP][NCSC/TG004] To render stored applications, files, and other information on a system unrecoverable. [CIAO] (see also application, assurance, attack, classified, file, information, network, process, risk, system)

purging

(1) The orderly review of storage and removal of inactive or obsolete data files. (2) The removal of obsolete data by erasure, by overwriting of storage, or by resetting registers. [SRV] Removal of data from an Information System, its storage devices, or other peripheral devices with storage capacity in such a way that the data may not be reconstructed. An Information System must be disconnected from any external network before a purge. [DSS] Rendering stored information unrecoverable. [CNSSI] (see also file, information, sanitization)

push technology

Technology that allows users to sign up for automatic downloads of online content, such as virus signature file updates, patches, news, and Web site updates, to their email boxes or other designated directories on their computers. [CIAO] (see also computer, file, signature, update, users, virus, world wide web, technology)

quadrant

Short name referring to technology that provides tamper-resistant protection to cryptographic equipment. [CNSSI][CNSSI-4009] (see also cryptography, tamper, technology)

qualitative assessment

Use of a set of methods, principles, or rules for assessing risk based on nonnumeric categories or levels. [SP 800-30] (see also risk)

qualitative risk assessment

A risk assessment methodology that permits system personnel to use their knowledge and experience to assign values on a sliding scale for threat vulnerability and threat impact. [NASA] (see also system, threat, vulnerability, assessment, risk)

quality

(1) The degree to which a system, component, or process meets specified requirements. (2) The degree to which a system, component, or process meets customer or user needs or expectations. [IEEE610] (see also Forum of Incident Response and Security Teams, accountability, assurance level, attribute, benchmarking, business process reengineering, centralized operations, data integrity, electronic messaging services, evaluation, evaluation authority, integrity, national information assurance partnership, performance gap, process, process management approach, requirements, security, standard, statistical process control, stretch goal, system, system integrity, users, validation, value analysis) (includes European quality award, business process improvement, continuous process improvement, national quality award, quality assurance, quality assurance/control, quality attributes, quality control, quality function deployment, quality of protection, software quality assurance, total quality management)

quality assurance (QA)

A planned and systematic pattern of all actions necessary to provide confidence that adequate technical requirements are established, that products and services conform to established technical requirements, and that satisfactory performance is achieved. [SRV] (see also confidence, requirements, system, assurance, quality)

quality assurance/control (QA/QC)

(see also assurance, control, quality)

quality attributes

Requirements that software must meet, such as usability, efficiency, reliability, maintainability, and portability. [SRV] (see also requirements, software, quality)

quality control (QC)

The system or procedure used to check on product quality throughout the acquisition process. [SRV] (see also process, system, control, quality)

quality function deployment (QFD)

A system for translating consumer/customer requirements into appropriate company requirements at each stage, from research and product development, to engineering and manufacturing, to marketing/sales and distribution (ASI). [SRV] (see also requirements, system, function, quality)

quality of protection (QOP)

Quality of protection refers to the set of security functions that are applied to what needs to be protected. The QOP can consist of any combination of authentication, privacy, integrity, and non-repudiation. [misc] (see also assurance, function, security, evaluation, quality) (includes authentication, encryption strength, integrity, non-repudiation, privacy)

quality of service

A categorization of different types of network traffic to prioritize latency- sensitive data over non-latency-sensitive data. [800-127] The measurable end-to-end performance properties of a network service, which can be guaranteed in advance by a Service-Level Agreement between a user and a service provider, so as to satisfy specific customer application requirements. Note: These properties may include throughput (bandwidth), transit delay (latency), error rates, priority, security, packet loss, packet jitter, etc. [CNSSI-4009] (see also requirements, security)

quantitative assessment

Use of a set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and proportionality of values are maintained inside and outside the context of the assessment. [SP 800-30] (see also risk)

quarantine

Store files containing malware in isolation for future disinfection or examination. [SP 800-69] (see also file, malware)

quarantining

Storing files containing malware in isolation for future disinfection or examination. [800-83] (see also file, malware, security)

questionnaire for national security positions

Standard Form 86 developed by the Office of Personnel Management for background investigations and reinvestigations. Completed by the applicant, the Questionnaire for National Security Positions provides details on various aspects of the individual's personal and professional background. [DSS] (see also personnel security questionnaire, security)

questions on controls

The policies and procedures and practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. [CIAO] (see also assurance, object, security controls, control)

queuing theory

An area of operations research that describes the behavior of networks of queues and servers using algebra. [SRV] (see also network, operation)

quick mode

Mode used in IPsec phase 2 to negotiate the establishment of an IPsec SA. [800-77] (see also establishment, internet protocol security, internet security protocol)

RA domains

(I) A capability of a CAW that allows a CA to divide the responsibility for certification requests among multiple RAs. (C) This capability might be used to restrict access to private authorization data that is provided with a certification request, and to distribute the responsibility to review and approve certification requests in high volume environments. RA domains might segregate certification requests according to an attribute of the certificate subject, such as an organizational unit. [RFC2828] (see also access, access control, authorization, certificate, certification, subject, domain, public-key infrastructure)

radio frequency identification

(RFID) A form of automatic identification and data capture (AIDC) that uses electric or magnetic fields at radio frequencies to transmit information. [SP 800-98] (see also information, identification)

radio frequency jamming

A threat in which an adversary introduces a powerful RF signal to overwhelm the spectrum being used by the system, thus denying service to all wireless nodes within range of the interference. RF jamming is classified as a DoS attack. [800-127] (see also adversary, attack, classified, threat, jamming)

radix

Base of a geometric progression. [SC27]

rainbow series

(O) A set of more than 30 technical and policy documents with colored covers, issued by the NCSC, that discuss in detail the TCSEC and provide guidance for meeting and applying the criteria. [RFC2828] (see also criteria, policy, National Security Agency, Trusted Computer System Evaluation Criteria) (includes Green book, Orange book, Red book, Yellow book)

random

(I) General usage: In mathematics, random means 'unpredictable'. A sequence of values is called random if each successive value is obtained merely by chance and does not depend on the preceding values of the sequence, and a selected individual value is called random if each of the values in the total population of possibilities has equal probability of being selected. (I) Security usage: In cryptography and other security applications, random means not only unpredictable, but also 'unguessable'. When selecting data values to use for cryptographic keys, 'the requirement is for data that an adversary has a very low probability of guessing or determining.' It is not sufficient to use data that 'only meets traditional statistical tests for randomness or that is based on limited range sources, such as clocks. Frequently such random quantities are determinable [i.e. guessable] by an adversary searching through an embarrassingly small space of possibilities.' [RFC2828] (see also Challenge Handshake Authentication Protocol, Internet Engineering Task Force, Rivest-Shamir-Adleman algorithm, adversary, application, challenge, challenge-response protocol, cluster sample, confidence level, cooperative key generation, cryptographic, cryptographic functions, cryptographic key, cryptographic service, cryptographic token, cryptography, degrees of freedom, deterministic, guessing entropy, hash function, key, key generator, key transport, metrics, min-entropy, nonce, one-time pad, pre-signature, public-key derivation function, replay attacks, salt, secure hash standard, security, session key, signature function, stream cipher, test, time variant parameter, trapdoor) (includes cryptographic randomization, pseudo-random, pseudo-random number generator, random access memory, random number, random number generator, random number sampling, random selection, randomized, randomizer, simple random sample, stratified random sample, systematic selection with a random start)

random access memory (RAM)

random bit generator

A device or algorithm that outputs a sequence of binary bits that appears to be statistically independent and unbiased. An RBG is either a DRBG or an NRBG. [SP 800-90A]

random number

A time variant parameter whose value is unpredictable. [SC27] (see also random)

random number generator

(I) A process used to generate an unpredictable, uniformly distributed series of numbers (usually integers). (C) True random number generators are hardware-based devices that depend on the output of a 'noisy diode' or other physical phenomena. [RFC2828] (RNG) A process used to generate an unpredictable series of numbers. Each individual value is called random if each of the values in the total population of values has an equal probability of being selected. [CNSSI-4009] (RNG) Random Number Generators (RNGs) used for cryptographic applications typically produce a sequence of zero and one bits that may be combined into sub-sequences or blocks of random numbers. There are two basic classes: deterministic and nondeterministic. A deterministic RNG consists of an algorithm that produces a sequence of bits from an initial value called a seed. A nondeterministic RNG produces output that is dependent on some unpredictable physical source that is outside human control. [FIPS 140-2] (see also control, process, FIPS PUB 140-1, random)

random number sampling

A sampling method in which combinations of random digits, within the range of the number of items in a population, are selected by using one of the random number generation methods until a given sample size is obtained. For example, if a sample of 60 items is required from a population numbered 1 through 2,000, then 60 random numbers between 1 and 2,000 are selected. [SRV] (see also random)

random procurement

Method of acquiring, from existing local off-theshelf stock, by TOP SECRET-cleared U.S. citizens, materials for use in new construction or modification to an existing Sensitive Compartmented Information Facility or secure work area. Procurement of material is unannounced, made without referral, and immediately transported by the procurer to a Secure Storage Area. Random procurement may also be used for acquiring equipment, material, or supplies to be used in a Sensitive Compartmented Information Facility or secure area. [DSS] (see also United States citizen)

random selection

A selection method that uses an acceptable method of generating random numbers in a standard manner. The method minimizes the influence of nonchance factors in selecting the sample items. [SRV] Process of selecting a portion of building materials from a bulk shipment, procured for non-specific general construction use. Not authorized for Sensitive Compartmented Information Facilities or Secure Work Areas. [DSS] (see also authorized, standard, random)

randomized

Dependent on a randomizer. [SC27] (see also random)

randomizer

A secret data item produced by the signing entity in the pre-signature production process, and not predictable by other entities. [SC27] Analog or digital source of unpredictable, unbiased, and usually independent bits. Randomizers can be used for several different functions, including key generation or to provide a starting state for a key generator. [CNSSI][CNSSI-4009] (see also entity, function, key, process, signature, random)

range

The distance (or difference) between the highest and lowest values. This is a quick measure of the dispersion (spread) of the distribution. It is a statistic used primarily with interval-ratio variables. [SRV]

rapid application development (RAD)

A methodology for developing software that relies on prototyping techniques and extensive user interaction. [SRV] (see also software, users, application)

rapid automatic cryptographic equipment (RACE)

(see also cryptographic)

rating

A measure for the assurance that may be held in a Target of Evaluation, consisting of a reference to its security target, an evaluation level established by assessment of the correctness of its implementation and consideration of its effectiveness in the context of actual or proposed operational use, and a confirmed rating of the minimum strength of its security mechanisms. [AJP][ITSEC] (see also assessment, operation, security target, target, assurance)

rating maintenance program (RAMP)

(see also program)

ratio estimate

An estimate of a population parameter that is obtained by multiplying the known population total for another variable by a ratio of appropriate sample values of the two variables. [SRV]

ratio variable

A quantitative variable, the attributes of which are ordered, spaced equally, and with a true zero point. [SRV]

read

A fundamental operation that results only in the flow of information from an object to a subject. [AJP][NCSC/TG004][TCSEC][TNI] Fundamental operation in an IS that results only in the flow of information from an object to a subject. [CNSSI] (see also flow, information, operation) (includes object, subject)

read access

(1) Permission to read information. (2) A fundamental operation that results only in the flow of information from an object to a subject. [AJP] Permission to read information in an IS. [CNSSI] Permission to read information in an information system. [CNSSI-4009] Permission to read information. [NCSC/TG004][TCSEC][TNI] The ability to look at and copy data or a software program. [CIAO] (see also flow, information, operation, program, software, access) (includes object, subject)

read-only memory (ROM)

A storage area in which the contents can be read but not altered during normal computer processing. [AJP][TCSEC] (see also automated information system, computer, process)

real-time

Pertaining to the performance of a computation during the actual time that the related physical process transpires so that the results of the computation can be used to guide the physical process. [800-82] The actual time in which something, such as the communication of information, takes place. [AJP] (see also information, process)

real-time processing

Operations performed on a computer simultaneously with a physical process or activity, so that the answers obtained through the computer operations can affect the process or activity. [SRV] (see also computer, operation, process)

real-time reaction

Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access. [CNSSI][CNSSI-4009] (see also access, access control, penetration, response)

real-time system

An interactive system that updates computer files as transactions are processed. [SRV] (see also computer, file, process, update, system)

realm

(O) Kerberos usage: The domain of authority of a Kerberos server (consisting of an authentication server and a ticket-granting server), including the Kerberized clients and the Kerberized application servers [RFC2828] (see also application, authentication, authority, domain)

recipient

The entity that gets (receives or fetches) a message for which non-repudiation services are to be provided. [SC27] (see also entity, message, non-repudiation)

recipient usage period

The period of time during the cryptoperiod of a symmetric key when protected information is processed. [SP 800-57 Part 1]

reciprocal agreement

An agreement whereby two organizations with similar computer systems agree to provide computer processing time for the other in the event one of the systems is rendered inoperable. Processing time may be provided on a 'best effort' or 'as time available' basis. [FFIEC] (see also computer, process, system)

reciprocity

Mutual agreement among participating enterprises to accept each other's security assessments in order to reuse information system resources and/or to accept each other's assessed security posture in order to share information. [CNSSI-4009] Mutual agreement among participating organizations to accept each other's security assessments in order to reuse information system resources and/or to accept each other's assessed security posture in order to share information. [SP 800-37; SP 800-53; SP 800-53A; SP 800-39] Recognition and acceptance, without further processing of: (1) security background investigations and clearance eligibility determinations. (2) accreditations of information systems; and (3) facility accreditations. Reciprocity is obligatory in the Intelligence Community when there are no waivers, conditions, or deviations to the Director of National Intelligence. [DSS] (see also intelligence, security)

recommended practices

Generally accepted principles, procedures, and methods to assure commonality, efficiency, and interoperability. [CIAO] (see also best practices, interoperability, risk management)

reconstitution

Owner/operator directed restoration of critical assets and/or infrastructure. [CIAO] (see also critical, disaster recovery, owner)

records

A group of related data fields or elements. [SRV] All books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the United States government under federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the government or because of the informational value of the data in them. [44 U.S.C. SEC. 3301] [FIPS 200] Records of an agency and Presidential papers or Presidential records, as those terms are defined in title 44 of the United States Code, including those created or maintained by a Government contractor, licensee, certificate holder, or grantee that are subject to the sponsoring agency's control under the terms of the contract, license, certificate, or grant. [DSS] The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e. groups of data fields that can be accessed by a program and that contain the complete set of information on particular items). [SP 800-53; SP 800-53A; CNSSI-4009] The recordings of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e. groups of data fields that can be accessed by a program and that contain the complete set of information on particular items). [800-53] (see also access, access control, evidence, information, program, subject, system, test)

records having permanent historical value

Presidential papers or Presidential records and the records of an agency that the Archivist has determined should be maintained permanently in accordance with title 44 of the United States Code. [DSS]

records management

The planning, controlling, directing, organizing, training, promoting, and other managerial activities involved with respect to records creation, records maintenance and use, and records disposition in order to achieve adequate and proper documentation of the policies and transactions of the Federal Government and effective and economical management of agency operations. [DSS] The process for tagging information for records-keeping requirements as mandated in the Federal Records Act and the National Archival and Records Requirements. [CNSSI-4009] (see also requirements, management)

recover

To reconstruct a damaged or destroyed key after an accident or abnormal circumstance or to obtain an electronic cryptographic key from a trusted third party after satisfying the rules for retrieval. [800-130] (see also cryptographic, damage, destruction, key, retrieval, trust)

recoverable part

Part of the message conveyed in the signature. [SC27] (see also message, signature)

recovery

The development, coordination, and execution of service- and site-restoration plans for affected communities and the reconstitution of government operations and services through individual, private sector, nongovernmental, and public assistance programs that identify needs and define resources; provide housing and promote restoration; address long-term care and treatment of affected persons; implement additional measures for community restoration; incorporate mitigation measures and techniques, as feasible; evaluate the incident to identify lessons learned; and develop initiatives to mitigate the effects of future incidents. [NIPP] (see also accountability, contingency plan, contingency planning, continuity of services and operations, emergency services, failure control, general controls, laboratory attack, non-recoverable part, run manual, sanitize, security management infrastructure, system testing, vaulting, zeroization, zeroize, availability) (includes archive, backup, backup procedures, disaster recovery, disaster recovery plan, key recovery, recovery point objectives, recovery procedures, recovery site, recovery time objectives, recovery vendors, trusted recovery)

recovery point objectives

The amount of data that can be lost without severely impacting the recovery of operations. [FFIEC] The point in time to which data must be recovered after an outage. [SP 800-34] (see also operation, object, recovery)

recovery procedures

Actions necessary to restore data files of an IS and computational capability after a system failure. [CNSSI] Actions necessary to restore data files of an information system and computational capability after a system failure. [CNSSI-4009] The actions necessary to restore a system's computational and processing capability and data files after a system failure. [SRV] The actions necessary to restore a system's computational capability and data files after a system failure. [AJP][NCSC/TG004] (see also failure, file, process, system, contingency plan, recovery)

recovery site

An alternate location for processing information (and possibly conducting business) in an emergency. Usually distinguished as 'hot' sites that are fully configured centers with compatible computer equipment and 'cold' sites that are operational computer centers without the computer equipment. [FFIEC] (see also business process, computer, information, operation, process, recovery)

recovery time objectives

The overall length of time an information system's components can be in the recovery phase before negatively impacting the organization's mission or mission/business functions. [SP 800-34] The period of time that a process can be inoperable. [FFIEC] (see also process, object, recovery)

recovery vendors

Organizations that provide recovery sites and support services for a fee. [FFIEC] (see also recovery)

recycled

End state for Information System storage devices processed in such a way as to make them ready for reuse to adapt them to a new use, or to reclaim constituent materials of value (that is, smelting). [DSS]

RED

(I) Designation for information system equipment or facilities that handle (and for data that contains) only plaintext (or, depending on the context, classified information), and for such data itself. This term derives from U.S. Government COMSEC terminology. [RFC2828] Designation applied to an IS, and associated areas, circuits, components, and equipment in which unencrypted national security information is being processed. [CNSSI] Designation applied to telecommunications and Information System, plus associated areas, circuits, components, and equipment which, when classified plain text signals are being processed therein, require protection during electrical transmission. [DSS] In cryptographic systems, refers to information or messages that contain sensitive or classified information that is not encrypted. See also BLACK. [CNSSI-4009] (see also RED/BLACK concept, classified, communications security, information, process, security, system)

Red book

(D) ISDs SHOULD NOT use this term as a synonym for 'Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria'. Instead, use the full proper name of the document or, in subsequent references, a more conventional abbreviation. [RFC2828] (see also computer, criteria, evaluation, network, system, trust, rainbow series)

RED signal

Any electronic emission (e.g., plain text, key, key stream, subkey stream, initial fill, or control signal) that would divulge national security information if recovered. [CNSSI][CNSSI-4009] (see also emanation, RED/BLACK concept, control, emissions security, information, key, security, threat)

RED team

A group of people authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's security posture. The Red Team's objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e. the Blue Team) in an operational environment. [CNSSI-4009] A test team that performs testing using covert methods and without the knowledge of the organization's IT staff, but with full knowledge and permission of upper management. Red team security testing takes an adversarial approach to assessing an organization's security posture. [800-115] Independent and focused threat-based effort by an interdisciplinary, simulated adversary to expose and exploit vulnerabilities as a means to improve the security posture of information systems. [CIAO] Interdisciplinary group of individuals authorized to conduct an independent and focused threat-based effort as a simulated adversary to expose and exploit system vulnerabilities for the purpose of improving the security posture of information systems. [CNSSI] (see also RED/BLACK concept, adversary, assurance, attack, authorized, covert, information, security, security testing, system, test, threat, vulnerability)

RED team exercise

An exercise, reflecting real-world conditions, that is conducted as a simulated adversarial attempt to compromise organizational missions and/or business processes to provide a comprehensive assessment of the security capability of the information system and organization. [SP 800-53] Red/Black Concept - Separation of electrical and electronic circuits, components, equipment, and systems that handle unencrypted information (Red), in electronic form, from those that handle encrypted information (Black) in the same form. [CNSSI-4009] (see also security)

RED/BLACK concept

Separation of electrical and electronic circuits, components, equipment, and systems that handle classified plain text (RED) information, in electrical signal form from those handling unclassified (BLACK) information in the same form. [DSS] Separation of electrical and electronic circuits, components, equipment, and systems that handle national security information (RED), in electronic form, from those that handle non-national security information (BLACK) in the same form. [CNSSI] (see also BLACK, RED, RED signal, RED team, RED/BLACK separation, classified, information, security, system)

RED/BLACK separation

(I) An architectural concept for cryptographic systems that strictly separates the parts of a system that handle plaintext (i.e. RED information) from the parts that handle ciphertext (i.e. BLACK information). This term derives from U.S. Government COMSEC terminology. [RFC2828] (see also RED/BLACK concept, cipher, communications security, cryptographic, cryptography, information, system)

redaction

Removal of exempted information from copies of a document. [DSS]

reduction-function

A function RED that is applied to the block H_q of length L_f to generate the hash-code H of length L_p. [SC27] A function RED that is applied to the block H_q of length L_f to generate the hash-code H of length L_p. [SC27] (see also code, hash, function)

redundancy

Any information that is known and can be checked. [SC27] Duplication of system components (e.g., hard drives), information (e.g., backup tapes, archived files), or personnel intended to increase the reliability of service and/or decrease the risk of information loss. [CIAO] (see also archive, backup, file, information, risk, system, contingency plan)

redundant array of inexpensive disks (RAID)

redundant control server

A backup to the control server that maintains the current state of the control server at all times. [800-82] (see also availability, backup, control)

redundant identity

Sequence of data items obtained from an entity's identification data by adding redundancy using techniques specified in ISO/IEC 9796. [SC27] (see also identification, entity, identity)

reference material

Documentary material over which the Government Contracting Activity, who lets the classified contract, does not have classification jurisdiction, and did not have classification jurisdiction at the time the material was originated. Most material made available to contractors by the Defense Technical Information Center and the other secondary distribution agencies is reference material as thus defined. [DSS] (see also classified)

reference monitor

(I) 'An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects.' (C) A reference monitor should be (a) complete (i.e. it mediates every access), (b) isolated (i.e. it cannot be modified by other system entities), and (c) verifiable (i.e. small enough to be subjected to analysis and tests to ensure that it is correct). [RFC2828] A security control concept in which an abstract machine mediates accesses to objects by subjects. In principle, a reference monitor should be complete (in that it mediates every access), isolated from modification by system entities, and verifiable. A security kernel is an implementation of a reference monitor for a given hardware base. [NSAINT] A system component that enforces access controls on an object. It is a design concept for an operating system to ensure secrecy and integrity. [SRV] Access mediation concept that refers to an abstract machine that mediates all accesses to objects by subjects. [FCv1] Concept of an abstract machine that enforces Target of Evaluation (TOE) access control policies. [CNSSI][CNSSI-4009] The concept of an abstract machine that enforces TOE access control policies. [CC2][CC21][SC27] The security engineering term for IT functionality that (1) controls all access, (2) cannot be by-passed, (3) is tamper-resistant, and (4) provides confidence that the other three items are true. [800-33] The security engineering term for IT functionality that. 1) controls all access, 2) cannot be bypassed, 3) is tamper-resistant, and 4) provides confidence that the other three items are true. [SP 800-33] (see also access, access control, analysis, confidence, control, function, integrity, security, system, tamper, target, test, reference monitor concept, target of evaluation) (includes network reference monitor, object, subject)

reference monitor concept

An access-control concept that refers to an abstract machine that mediates all accesses to objects by subjects. [NCSC/TG004][TCSEC][TDI][TNI] (see also access, access control, control) (includes object, reference monitor, security kernel, subject)

reference validation mechanism

An implementation of the reference monitor concept that possesses the following properties: it is tamperproof, always invoked, and simple enough to be subjected to thorough analysis and testing. [CC2][CC21][SC27] The portion of a Trusted Computing Base, the normal function of that is to mediate access between subjects and objects, and the correct operation of that is essential to the protection of data in the system. Note: this is the implementation of reference monitor. [FCv1] (see also access, access control, analysis, function, operation, security testing, system, tamper, test, trusted computing base, validation) (includes object, subject)

references

Documents or information used to verify a Subject's identity before issuing a credential. [800-103] Person other than the subject of a background investigation, identified as having knowledge of the subject. References are characterized by source and type. There are two sources: listed (meaning the subject of the investigation identified the reference on the Personnel Security Questionnaire) and developed (meaning an investigator, in the course of pursuing leads, identified the reference as someone knowledgeable of the subject). There are six types: education (a faculty member or school administrator at a school attended by the subject who had knowledge of the subject when a student), employment/ supervisor (a person with management responsibilities for the subject), co-worker (a colleague with knowledge of the subject's on-the-job behavior), neighborhood (a person living in the subject's neighborhood who has knowledge of the subject), friend/associate (a person knowing the subject socially, preferably away from both work and home), knowledgeable person (a person who knows the subject in some other context; for example, a banker or attorney or real estate agent who conducts business on behalf of the subject; or a clerk in a store where the subject shops frequently). A specific reference can be categorized as more than one type: for example, someone who is both an office mate and fellow member of a softball team may be both be a co-worker reference and a friend/associate reference. [DSS] (see also entity, identity, information, security, subject)

refinement

Requirement in a protection profile taken to a lower level of abstraction than the component on which it is based. Note: The refinement of a component requirement is necessary when multiple environment-specific requirements must be assigned to a single component requirement. [AJP][FCv1] The addition of details to a component. [CC2][CC21][SC27] (see also file, profile, protection profile)

reflection attack

(I) A type of replay attack in which transmitted data is sent back to its originator. [RFC2828] A masquerade which involves sending a previously transmitted message back to its originator. [SC27] (see also message, attack)

register

A set of files (electronic, or a combination of electronic and paper) containing entry labels and their associated definitions and related information. [SC27] (see also file, information, registration)

register entry

The information within a register relating to a specific PP or package. [SC27] (see also information)

registration

(I) An administrative act or process whereby an entity's name and other attributes are established for the first time at a CA, prior to the CA issuing a digital certificate that has the entity's name as the subject. (C) Registration may be accomplished either directly, by the CA, or indirectly, by a separate RA. An entity is presented to the CA or RA, and the authority either records the name(s) claimed for the entity or assigns the entity's name(s). The authority also determines and records other attributes of the entity that are to be bound to a certificate (such as a public key or authorizations) or maintained in the authority's database (such as street address and telephone number). The authority is responsible, possibly assisted by an RA, for authenticating the entity's identity and verifying the correctness of the other attributes, in accordance with the CA's CPS. (C) Among the registration issues that a CPS may address are the following:

How a claimed identity and other attributes are verified.
How organization affiliation or representation is verified.
What forms of names are permitted, such as X.500 DN, domain name, or IP address.
Whether names are required to be meaningful or unique, and within what domain.
How naming disputes are resolved, including the role of trademarks.
Whether certificates are issued to entities that are not persons.
Whether a person is required to appear before the CA or RA, or can instead be represented by an agent.
Whether and how an entity proves possession of the private key matching a public key.

[RFC2828] The collection of procedures performed by a registration agent for verifying the identity and authorizations of a security entity (individual, group, device, system, organization, enterprise) and binding the entity's identifier to keys and metadata in a CKMS. [800-130] The process of assigning a register entry. [SC27] The process through which a party applies to become a subscriber of a CSP and an RA validates the identity of that party on behalf of the CSP. [800-63] The process through which a party applies to become a subscriber of a Credentials Service Provider (CSP) and a Registration Authority validates the identity of that party on behalf of the CSP. [CNSSI-4009] The process through which an Applicant applies to become a Subscriber of a CSP and an RA validates the identity of the Applicant on behalf of the CSP. [SP 800-63] (see also Computer Security Objects Register, Internet Assigned Numbers Authority, applicant assertion, authentication, authority, authorization, backup, binding, biometrics, certificate, certificate management services, certification hierarchy, credentials service provider, domain, entity, identity, identity proofing, key, key management, metadata, notarization, policy certification authority, process, public-key, public-key infrastructure, register, role, security, security management infrastructure, subject, system, trusted agent, validate) (includes Internet Policy Registration Authority, JTC1 Registration Authority, organizational registration authority, registration authority, registration service, sub-registration authority)

registration authority (RA)

(I) An optional PKI entity (separate from the CAs) that does not sign either digital certificates or CRLs but has responsibility for recording or verifying some or all of the information (particularly the identities of subjects) needed by a CA to issue certificates and CRLs and to perform other certificate management functions. (C) Sometimes, a CA may perform all certificate management functions for all end users for which the CA signs certificates. Other times, such as in a large or geographically dispersed community, it may be necessary or desirable to offload secondary CA functions and delegate them to an assistant, while the CA retains the primary functions (signing certificates and CRLs). The tasks that are delegated to an RA by a CA may include personal authentication, name assignment, token distribution, revocation reporting, key generation, and archiving. An RA is an optional PKI component, separate from the CA, that is assigned secondary functions. The duties assigned to RAs vary from case to case but may include the following:

Verifying a subject's identity, i.e. performing personal authentication functions.
Assigning a name to a subject.
Verifying that a subject is entitled to have the attributes requested for a certificate.
Verifying that a subject possesses the private key that matches the public key requested for a certificate.
Performing functions beyond mere registration, such as generating key pairs, distributing tokens, and handling revocation reports. (Such functions may be assigned to a PKI element that is separate from both the CA and the RA.)

(I) PKIX usage: An optional PKI component, separate from the CA(s). The functions that the RA performs will vary from case to case but may include identity authentication and name assignment, key generation and archiving of key pairs, token distribution, and revocation reporting. (O) SET usage: 'An independent third-party organization that processes payment card applications for multiple payment card brands and forwards applications to the appropriate financial institutions.' [RFC2828] (RA) Organization responsible for assignment of unique identifiers to registered objects. [FIPS 188] A trusted entity that establishes and vouches for the identity of a subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s). [800-63][SP 800-63; CNSSI-4009] An entity that registers applicants for keys and certificates, verifies user requests for a digital certificate, and tells the certificate authority it may issue a certificate. [800-103] An entity who is responsible for identification and authentication of subjects of certificates, but is not a CA or an AA, and hence does not sign or issue certificates. An RA may assist in the certificate application process, revocation process, or both. [SC27] An entity who is responsible for identification and authentication of subjects of certificates, but is not a CA or an AA, and hence does not sign or issue certificates. An RA may assist in the certificate application process, revocation process, or both. [ISO/IEC TR 14516: 2000] Authority entitled and trusted to perform the registration service as described below. [SC27] Authority entitled and trusted to perform the registration service as described below. [SC27] (see also application, authentication, certificate, entity, function, identification, identity, information, key, process, public-key, revocation, subject, tokens, trust, users, Secure Electronic Transaction, authority, public-key infrastructure, registration)

registration service

The service of identifying entities and registering them in a way that allows the secure assignment of certificates to these entities. [SC27] (see also certificate, identify, public-key infrastructure, registration)

regrade

(I) Deliberately change the classification level of information in an authorized manner. [RFC2828] To raise or lower the classification assigned to an item of information. [DSS] (see also authorized, classification levels, classified, information, authorization)

regression testing

A method to ensure that changes to one part of the software do not adversely impact other areas. [SRV] Retesting of a previously tested program following modification to ensure that faults have not been introduced or uncovered as a result of the changes made. [OVT] (see also program, software, security testing, test)

reimbursable suitability investigation sabotage

Focused investigation for providing additional specific information to resolve developed issues. Willful destruction of Government property with the intent to cause injury, destruction, defective production of national defense, or war materials by either an act of commission or omission. [DSS]

reinstatement

Process whereby a person whose access authorization has been terminated or revoked is permitted to again have access to classified information. [DSS] (see also access, authorization, classified)

rejected traffic

Packets dropped as a result of the rule set of the DUT/SUT. For purposes of benchmarking firewall performance, it is expected that firewalls will reject all traffic not explicitly permitted in the rule set. Dropped packets must not be included in calculating the bit forwarding rate or maximum bit forwarding rate of the DUT/SUT. [RFC2647] (see also illegal traffic, bit forwarding rate, ruleset, firewall)

rekey (a certificate)

To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key. [SP 800-32] (see also key)

rekey

(I) Change the value of a cryptographic key that is being used in an application of a cryptographic system. (C) For example, rekey is required at the end of a cryptoperiod or key lifetime. [RFC2828] The process used to replace a previously active key with a new key that was created completely independently of the old key. [800-130] To change the value of a cryptographic key that is being used in a cryptographic system/application. [CNSSI-4009] (see also application, certificate management, certificate renewal, certificate update, cryptographic, cryptography, cryptoperiod, over-the-air key distribution, process, security event, security management infrastructure, session key, system, key) (includes area interswitch rekeying key, automatic key distribution/rekeying control unit, automatic remote rekeying, certificate rekey, common interswitch rekeying key, cooperative remote rekeying, interarea interswitch rekeying key, interswitch rekeying key, manual remote rekeying, over-the-air rekeying, remote rekeying, unique interswitch rekeying key)

relay

An electromechanical device that completes or interrupts an electrical circuit by physically moving conductive contacts. The resultant motion can be coupled to another mechanism such as a valve or breaker. [800-82]

relay station

An SS that is configured to forward traffic to other stations in a multi-hop Security Zone. [800-127] (see also security)

release

Providing classified information in writing, or any other medium, for retention. [DSS] The process of moving a baseline configuration item between organizations, such as from software vendor to customer. [SRV] (see also baseline, classified, disclosure, process, software)

release prefix

Prefix appended to the short title of U.S.-produced keying material to indicate its foreign releasability. 'A' designates material that is releasable to specific allied nations and 'U.S.' designates material intended exclusively for U. S. use. [CNSSI][CNSSI-4009] (see also foreign, key)

reliability

(1) The extent to which a system can be expected to perform its intended function with required precision. (2) The probability of a given system performing its mission adequately for a specified period of time under the expected operating conditions. [AJP] (I) The ability of a system to perform a required function under stated conditions for a specified period of time. [RFC2828] Extent to which a program can be expected to perform its intended function, with the required precision, on a consistent basis. [SRV] The capability of a computer, or information or telecommunications system, to perform consistently and precisely according to its specifications and design requirements, and to do so with high confidence. [CIAO] The extent to which a computer program can be expected to perform its intended function, with the required precision, on a consistent basis. [SRV] The extent to which a system can be expected to perform its intended function with required precision. [TNI] The probability of a given system performing its mission adequately for a specified period of time under the expected operating conditions. [NCSC/TG004][SRV] The probability of a given system performing its mission adequately for a specified period of time under the expected operating conditions. Software reliability is the probability that software will provide failure-free operation in a fixed environment for a fixed interval of time. Probability of failure is the probability that the software will fail on the next input selected. Software reliability is typically measured per some unit of time, whereas probability of failure is generally time independent. These two measures can be easily related if you know the frequency with which inputs are executed per unit of time. Mean-time-to-failure is the average interval of time between failures; this is also sometimes referred to as Mean-time-before-failure. [OVT] The property of consistent intended behavior and results. [SC27] (see also availability, communications, computer, confidence, function, information, operation, program, property, requirements, software, system, telecommunications, risk management) (includes software reliability)

reliability qualification tests (RQT)

(see also test)

relying party

(N) A synonym for 'certificate user'. Used in a legal context to mean a recipient of a certificate who acts in reliance on that certificate. [RFC2828] A recipient who acts in reliance on a certificate and digital signature. [800-103] An entity that relies upon the Subscriber's credentials, typically to process a transaction or grant access to information or a system. [800-63] An entity that relies upon the Subscriber's token and credentials or a verifier's assertion of a claimant's identity, typically to process a transaction or grant access to information or a system. [SP 800-63] An entity that relies upon the subscriber's credentials, typically to process a transaction or grant access to information or a system. [CNSSI-4009] Anyone (or any application) that relies on someone's identity as represented by their credential [GSA] (see also access, application, certificate, entity, federation, identification, identity, information, process, public-key infrastructure, signature, system, users)

remanence

Residual information remaining on storage media after clearing. [CNSSI] Residual information remaining on storage media after clearing. See Magnetic Remanence and Clearing. [CNSSI-4009] The residual magnetism that remains on magnetic storage media after degaussing. [SRV] (see also magnetic remanence, information, overwrite procedure)

remediation

Deliberate precautionary measures undertaken to improve the reliability, availability, survivability, etc., of critical assets and/or infrastructures, e.g., emergency planning for load shedding, graceful degradation, and priority restoration; increased awareness, training, and education; changes in business practices or operating procedures, asset hardening or design improvements, and system-level changes such as physical diversity, deception, redundancy, and backups. [CIAO] The act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application. [SP 800-40] The act of mitigating a vulnerability or a threat. [CNSSI-4009] (see also availability, backup, business process, critical, software, system, threat, vulnerability, risk management)

remediation plan

A plan to perform the remediation of one or more threats or vulnerabilities facing an organization's systems. The plan typically includes options to remove threats and vulnerabilities and priorities for performing the remediation. [SP 800-40] (see also threat)

remote access

Access by users (or information systems) communicating external to an information system security perimeter. [800-82][SP 800-18] Access by users (or information systems) communicating external to an information system security perimeter. Remote Maintenance Maintenance activities conducted by individuals communicating external to an information system security perimeter. [800-53] Access for authorized users external to an enclave established through a controlled access point at the enclave boundary. [CNSSI] Access to an organization's nonpublic information system by an authorized user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). [CNSSI-4009] Access to an organizational information system by a user (or an information system acting on behalf of a user) communicating through an external network (e.g., the Internet). [SP 800-53] Dial-up access by users to a modem for access to the PBX or computer data. Pertaining to communications over a common carrier facility or other external data link. [SRV] Remote Diagnostics/Maintenance - Maintenance activities conducted by authorized individuals communicating through an external network (e.g., the Internet). [CNSSI-4009] The ability for an organization's users to access its nonpublic computing resources from external locations other than the organization's facilities. [SP 800-46] Use of a modem and communications software to connect to a computer network from a distant location via a telephone line or wireless connection. [CIAO] (see also authorized, boundary, communications, computer, computer network, connection, control, information, remote login, security, security perimeter, software, system, users, access)

remote access software

This software allows a computer to use a modem to connect to another system. It also allows a computer to 'listen' for calls on a modem (this computer provides 'remote access service'.) Remote access software may provide access to a single computer or to a network. [RFC2504] (see also computer, network, remote login, secure socket layer, system, telnet, access, software)

remote administration tool

A program installed on a system that allows remote attackers to gain access to the system as needed. [800-83] (see also access, access control, attack, program, system)

remote authentication dial-in user service (RADIUS)

(I) An Internet protocol for carrying dial-in users' authentication information and configuration information between a shared, centralized authentication server (the RADIUS server) and network access server (the RADIUS client) that needs to authenticate the users of its network access ports. (C) A user of the RADIUS client presents authentication information to the client, and the client passes that information to the RADIUS server. The server authenticates the client using a shared secret value, then checks the user's authentication information, and finally returns to the client all authorization and configuration information needed by the client to deliver service to the user. [RFC2828] A centralized Authentication, Authorization, and Accounting (AAA) protocol currently defined in RFC 2865. [800-127] (see also access, access control, authorization, information, internet, network, protocols, shared secret, Simple Authentication and Security Layer, security protocol, security software, users)

remote diagnostics

Diagnostics activities conducted by individuals communicating external to an information system security perimeter. [800-82] (see also information, security, security perimeter, system)

remote job entry (RJE)

(see also automated information system)

remote login

If an end-user uses a network to login to a system, this act is known as remote login. [RFC2504] (see also remote logon, access, network, remote access, remote access software, system, users, login)

remote logon

The state wherein a user who has been authenticated and is logged onto IT may log onto a second IT without invoking a second authentication [NASA] (see also remote login, dial-up capability, users, logon, risk)

remote maintenance

Maintenance activities conducted by individuals communicating external to an information system security perimeter. [SP 800-18] Maintenance activities conducted by individuals communicating through an external network (e.g., the Internet). [SP 800-53] Operational procedure involving connection of a system to an external (that is, outside of the facility securing the system) remote service for analysis or maintenance. [DSS] (see also analysis, connection, security)

remote procedure call (RPC)

(see also automated information system)

remote rekeying

Procedure by which a distant cryptographic equipment is rekeyed electrically. [CNSSI] Procedure by which a distant cryptographic equipment is rekeyed electrically. See Automatic Remote Rekeying and Manual Remote Rekeying. [CNSSI-4009] (see also key, rekey)

remote terminal

Device for communication with an automated information system from a location not within the central computer facility. [DSS]

remote terminal emulation

A benchmarking technique in which a driver computer system, external to and independent of the computer system under test, connects to it through communications device interfaces. [SRV] (see also communications, computer, interface, system, test, automated information system)

remote terminal unit

A computer with radio interfacing used in remote situations where communications via wire is unavailable. Usually used to communicate with remote field equipment. PLCs with radio communication capabilities are also used in place of RTUs. [800-82] (see also communications, computer)

removable hard disk

Hard disk in a removable cartridge-type casing. [DSS]

removable media

Portable electronic storage media such as magnetic, optical, and Solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information. Examples include hard disks, floppy disks, zip drives, compact disks, thumb drives, pen drives, and similar USB storage devices. [SP 800-53] Portable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information. Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage devices. [CNSSI-4009]

renew (a certificate)

The act or process of extending the validity of the data binding asserted by a public key certificate by issuing a new certificate. [SP 800-32]

renew

(see certificate renewal)

renewal

The process used to extend the validity period of a key so that it can be used for an additional time period. [800-130] (see also certificate update, key, process, security event) (includes certificate renewal)

repair action

NSA-approved change to a COMSEC end-item that does not affect the original characteristics of the end-item and is provided for optional application by holders. Repair actions are limited to minor electrical and/or mechanical improvements to enhance operation, maintenance, or reliability. They do not require an identification label, marking, or control but must be fully documented by changes to the maintenance manual. [CNSSI][CNSSI-4009] (see also application, communications security, control, identification, operation)

replay attacks

(I) An attack in which a valid data transmission is maliciously or fraudulently repeated, either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack. [RFC2828] A masquerade which involves use of previously transmitted messages. [SC27] An attack in which an attacker captures a messages and at a later time communicates that message to a principal. Though the attacker cannot decrypt the message, it may benefit by receiving a service from the principal to whom it is replaying the message. The best way to thwart a replay attack is by challenging the freshness of the message. This is done by embedding a time stamp, a sequence number, or a random number in the message. [misc] An attack in which the attacker is able to replay previously captured messages (between a legitimate claimant and a verifier) to masquerade as a claimant to the verifier or vice versa. [800-63] An attack that involves the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access. [CNSSI-4009] The interception of communications, such as an authentication communication, and subsequently impersonation of the sender by retransmitting the intercepted communication. [FFIEC] (see also access, adversary, authentication, communications, control, fraud, impersonation, malicious, message, random, attack)

replicator

Any program that acts to produce copies of itself examples include; a program, a worm, a fork bomb or virus. It is even claimed by some that UNIX and C are the symbiotic halves of an extremely successful replicator. [NSAINT] (see also program, virus, worm)

report of investigation

Personnel Security Investigations and results from criminal and counterintelligence agencies. [DSS] (see also criminal, intelligence, security)

repository

(I) A system for storing and distributing digital certificates and related information (including CRLs, CPSs, and certificate policies) to certificate users. (O) 'A trustworthy system for storing and retrieving certificates or other information relevant to certificates.' (C) A certificate is published to those who might need it by putting it in a repository. The repository usually is a publicly accessible, online server. In the Federal Public-key Infrastructure, for example, the expected repository is a directory that uses LDAP, but also may be the X.500 Directory that uses DAP, or an HTTP server, or an FTP server that permits anonymous login. [RFC2828] A database containing information and data relating to certificates as specified in a CP; may also be referred to as a directory. [SP 800-32] A database containing information and data relating to certificates as specified in this CP; may also be referred to as a directory. [GSA] (see also access, access control, certificate, information, key, login, public-key, public-key infrastructure, system, trust, users)

representative of a foreign interest

Citizen or national of the United States acting as a representative of a foreign government, an agency of a foreign government, or a representative of a foreign government. [DSS] (see also foreign)

repudiation

(I) Denial by a system entity that was involved in an association (especially an association that transfers information) of having participated in the relationship. (O) 'Denial by one of the entities involved in a communication of having participated in all or part of the communication.' [RFC2828] A threat action whereby an entity deceives another by falsely denying responsibility for an act. [RFC2828] The denial by one of the parties to a transaction of participation in all or part of that transaction or of the content of the communication. [FFIEC] (see also non-repudiation, association, entity, information, internet, system, threat consequence)

Request for Comment (RFC)

(I) One of the documents in the archival series that is the official channel for ISDs and other publications of the Internet Engineering Steering Group, the Internet Architecture Board, and the Internet community in general. [R2026, R2223] (C) This term is *not* a synonym for 'Internet Standard'. [RFC2828] (see also Internet Standard, internet, standard, Internet Society) (includes Internet Standards document, draft RFC)

request for information (RFI)

(see also information)

request for proposal (RFP)

A solicitation document used in negotiated procurement actions. [SRV]

requirements

(1) A phase of the development process wherein the security target of a Target of Evaluation is produced. (2) Phase of the development process wherein the top-level definition of the functionality of the computer system is produced. [AJP] A phase of the development process wherein the security target of a Target of Evaluation is produced. [ITSEC] Phase of the development process wherein the top-level definition of the functionality of the computer system is produced. [FCv1] (see also British Standard 7799, CASE tools, CKMS profile, Capstone policies, Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, DD 254 - Final, DD 254 - Original, Defense Information Systems Network, Engineering, FIPS PUB 140-1, FIPS-Validated Cryptography, For Official Use Only Certified TEMPEST Technical Authority, Lightweight Directory Access Protocol, SET private extension, TEMPEST approved, Trusted Computer System Evaluation Criteria, Yellow book, acceptable level of risk, acceptance testing, access, access eligibility determination, accesses, accreditation, accreditation disapproval, accreditation range, acquisition plan, acquisition special access program, anomaly, application generator, approved access control device, approved combination padlock, approved electronic, mechanical, or electromechanical device, approved key-operated padlock, assurance, assurance component, assurance level, authorized vendor, authorized vendor program, benchmark, body of evidence, business impact analysis, certificate, certificate policy, certification agent or certifier, certification analyst, certification authority, certification practice statement, certified TEMPEST technical authority, certifier, classified contract, clients, products, and business practices, closed area, collision-resistant hash function, common criteria, completeness, component hierarchy, computer, computing security methods, configuration management, conformance, consumers, controlled area, controlled cryptographic item, controlled security mode, correctness, critical design review, cryptographic key, cryptographic module security policy, defect, dependency, designated approving authority representative, designation policy, development assurance, development assurance component, development process, effectiveness, electronic messaging services, ephemeral key, evaluation assurance component, explain, extension, failure, formal access approval, formal development methodology, formal top-level specification, full accreditation, function, functional component, functionality, handle via special access control channels only, hash function, independent validation and verification, independent validation authority, information assurance, information security architect, information security program plan, information security testing, information sharing, information system security engineer/system design security officer, initial operating capability, interconnection security agreements, interim security clearance, key validation, major application, management control processes, mandatory declassification review, message authentication code algorithm, mission assurance category, multiuser mode of operation, national information assurance partnership, non-disclosure agreement, pass/fail, passive security testing, periods processing, personal security environment, preferred products list, privacy impact assessment, process, public-key derivation function, quality, quality assurance, quality attributes, quality function deployment, quality of service, records management, reliability, reserve account, reverse software engineering, secure single sign-on, security, security architecture, security assurance, security control assessment, security controls, security engineering, security incident, security plan, security policy, security program plan, security safeguards, security service, security violation, sensitive information, site certification, software lifecycle, software quality assurance, software system test and evaluation process, sound group, source code generator, source selection, special access program, special access program/special access required, special background investigation, special information operations, special program review group, specification, standard practice procedures, stress testing, subcontract, system, system administrator, system interconnection, tailoring (assessment procedures), target, temporary access eligibility, test coverage, top-level specification, trusted network interpretation, trusted operating system, two-person control, type accreditation, type certification, user representative, users, validation, verification, verification and validation, verification techniques, virtual password, waiver, certification, software development, target of evaluation) (includes DoD Information Technology Security Certification and Accreditation Process, certification and accreditation, construction of TOE requirements, development assurance requirements, downgrade, evaluation assurance level, evaluation assurance requirements, functional security requirements specification, global requirements, granularity of a requirement, information systems security engineering, local requirements, minimum essential requirements, protection needs elicitation, protection profile, requirements analysis, requirements for content and presentation, requirements for evidence, requirements for procedures and standards, requirements traceability matrix, reserve requirements, sanitization, scope of a requirement, security requirements, security requirements review, software requirement, strength of a requirement, system requirement, system security authorization agreement)

requirements analysis

An analysis to determine and document the need for resources to perform an organization's mission. [SRV] (see also resource, analysis, requirements)

requirements for content and presentation

A component of the evaluation criteria for a particular phase or aspect of evaluation identifying what each item of documentation identified as relevant to that phase or aspect of evaluation shall contain and how its information is to be presented. [AJP][ITSEC] (see also criteria, evaluation, identify, information, requirements)

requirements for evidence

A component of the evaluation criteria for a particular phase or aspect of evaluation defining the nature of the evidence to show that the criteria for that phase or aspect have been satisfied. [AJP][ITSEC] (see also criteria, evaluation, evidence, requirements)

requirements for procedures and standards

A component of the evaluation criteria for a particular phase or aspect of evaluation identifying the nature and/or content of procedures or standard approaches that shall be adopted or utilized when the TOE is placed into live operation. [AJP] A component of the evaluation criteria for a particular phase or aspect of evaluation identifying the nature and/or content of procedures or standard approaches that shall be adopted or utilized when the TOE is placed into live operation. Security: the combination of confidentiality, integrity, and availability. [ITSEC] (see also availability, confidentiality, criteria, identify, integrity, operation, security, requirements, standard, target of evaluation)

requirements traceability matrix

An automated tool that maps functional requirements to physical configuration items, such as computer programs or databases. [SRV] (see also computer, function, program, requirements)

research and technology

Activities described as basic research, applied research, and advanced technology development, demonstrations or equivalent activities, regardless of budget activity. [DSS]

reserve account

A noninterest earning balance that depository institutions maintain with the Federal Reserve Bank or with a correspondent bank to satisfy the Federal Reserve's reserve requirements. Reserve account balances play a central role in the exchange of funds between depository institutions. [FFIEC] (see also requirements, role)

reserve keying material

Key held to satisfy unplanned needs. [CNSSI] Key held to satisfy unplanned needs. See Contingency Key. [CNSSI-4009] (see also key)

reserve requirements

The percentage of deposits that a financial institution may not lend out or invest and must hold either as vault cash or on deposit at a Federal Reserve Bank. Reserve requirements affect the potential of the banking system to create transaction deposits. [FFIEC] (see also system, requirements)

residual risk

(I) The risk that remains after countermeasures have been applied. [RFC2828] Any combination of the risk that have been accepted by the organization, the risks that remain after all identified controls have been implemented because further action could not be identified. [SC27] Portion of risk remaining after security controls have been applied. [800-37] Portion of risk remaining after security measures have been applied. [CNSSI][CNSSI-4009; SP 800-30] The portion of risk that remains after security measures have been applied. [AFSEC][AJP][FCv1][NCSC/TG004] The portion of risk that remains after security measures have been applied. (I) The risk that remains after countermeasures have been applied. [OVT] The potential for the occurrence of an adverse event after adjusting for the impact of all in-place safeguards. [CIAO] The remaining potential risk after all IT security measures are applied. There is a residual risk associated with each threat. [800-33][SP 800-33][SRV] The risk remaining in an information system or network after the implementation of security countermeasures. [IATF] The risk that remains after implementation of the IT security plan. [SC27] The risk that remains after implementation of the IT security plan. [ISO/IEC PDTR 13335-1 (11/2001)] Any combination of the risk that have been accepted by the organization, the risks that remain after all identified controls have been implemented because further action could not be identified. [SC27] The risk that remains for the IT system manager to accept when all other known risks have been either mitigated to the maximum extent possible or fully corrected [NASA] (see also IT security, computer security, control, countermeasures, information, network, system, threat)

residue

Data left in storage after information processing operations are complete, but before degaussing or overwriting has taken place. [CNSSI][CNSSI-4009] Data left in storage after processing operations are complete, but before degaussing or rewriting has taken place. [AJP][NCSC/TG004] (see also information, operation, process, risk)

resilience

The ability to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a timeframe consistent with mission needs. [SP 800-137] The ability to quickly adapt and recover from any known or unknown changes to the environment through holistic implementation of risk management, contingency, and continuity planning. [SP 800-34] The ability to resist, absorb, recover from, or successfully adapt to adversity or a change in conditions. [NIPP] (see also management, risk)

resource

Anything used or consumed while performing a function. The categories of resources include: time, information, objects (information containers), or processors (the ability to use information). Specific examples include CPU time, terminal connect time, amount of directly addressable memory, disk space, and number of I/O requests per minute. [AJP][FCv1][TCSEC][TNI] (see also COMSEC manager, IT security incident, Lightweight Directory Access Protocol, TOE security functions interface, access, access category, access control, access control lists, access control service, access mediation, accessibility, accountability, accreditation boundary, alarm reporting, alarm surveillance, alert, anonymous login, application server attack, application system, assessment, asset, attack, attack potential, audit plan, audit trail, authenticate, authentication, authenticity, authorization, authorized, automated information system, availability, availability service, back up vs. backup, backdoor, baselining, bastion host, business areas, capability, chief information agency officer, chief information officer, common gateway interface, computer abuse, contingency plan, contingency planning, controlled access protection, covert channel, covert storage channel, covert timing channel, critical, criticality assessment, defense-in-depth, defense-wide information assurance program, demilitarized zone, denial-of-service, discretionary access control, domain, domain name, domain name system, dual control, encapsulation, end-user, entry control, expert review team, facilities, failed logon, firewall, function, general support system, honeypot, identification, identification authentication, identity credential issuer, identity validation, identity-based security policy, information, information system, information technology, input, insider, interim accreditation action plan, internal security controls, intruder, intrusion, intrusion detection, intrusion detection systems, least privilege, lines of business, logic bombs, logical access control, login, major application, major information system, malicious applets, malicious logic, mandatory access control, misappropriation, multilevel secure, network configuration, network information services, noncomputing security methods, one-time pad, open systems interconnection, operating system, penetration, permissions, personal identification number, physical security, plan of actions and milestones, privileged access, process, proprietary protocol, requirements analysis, risk analysis, risk assessment, risk management, role-based access control, rule-based security policy, sandboxed environment, secure operating system, secure single sign-on, secure subsystem, security, security clearance, security compromise, security intrusion, security kernel, security label, security management, security management infrastructure, security perimeter, security policy, security service, security testing, security violation, segregation of duties, simulation modeling, single sign-on, spoofing, state variable, stress testing, system, system assets, system integrity, system integrity service, system life, system low, system retention/backup, system security policy, technical security policy, term rule-based security policy, test plan, thrashing, ticket, tokens, trust relationship, trusted gateway, unauthorized access, users, virtual private network, vulnerability, vulnerability assessment, website, work factor, worm, target of evaluation) (includes COMSEC Resources Program, IT resources, MEI resource elements, TOE resource, TOE security functions, enterprise resource planning, information resources, object, resource encapsulation, resource starvation, system resources, uniform resource identifier, uniform resource locator, uniform resource name)

resource encapsulation

Method by which the reference monitor mediates accesses to an IS resource. Resource is protected and not directly accessible by a subject. Satisfies requirement for accurate auditing of resource usage. [CNSSI] Method by which the reference monitor mediates accesses to an information system resource. Resource is protected and not directly accessible by a subject. Satisfies requirement for accurate auditing of resource usage. [CNSSI-4009] The process of ensuring that a resource is not directly accessible by a subject, but that it is protected so that the reference monitor can properly mediate accesses to it. [AJP][NCSC/TG004] (see also access, access control, audit, process, resource) (includes subject)

resource starvation

A condition where a computer process cannot be supported by available computer resources. Resource starvation can occur due to the lack of computer resources or the existence of multiple processes that are competing for the same computer resources. [800-82] (see also availability, computer, process, threat, resource)

responder

The entity that responds to the initiator of the authentication exchange. [FIPS 196] (see also authentication)

response

Activities that address the short-term, direct effects of an incident, including immediate actions to save lives, protect property, and meet basic human needs. Response also includes the execution of emergency operations plans and incident mitigation activities designed to limit the loss of life, personal injury, property damage, and other unfavorable outcomes. As indicated by the situation, response activities include applying intelligence and other information to lessen the effects or consequences of an incident; increasing security operations; continuing investigations into the nature and source of the threat; ongoing surveillance and testing processes; immunizations, isolation, or quarantine; and specific law enforcement operations aimed at preempting, interdicting, or disrupting illegal activity, and apprehending actual perpetrators and bringing them to justice. [NIPP] Coordinated third party (not owner/operator) emergency (e.g., medical, fire, hazardous or explosive material handling), law enforcement, investigation, defense, or other crisis management service aimed at the source or cause of the incident. [CIAO] Data item sent by the claimant to the verifier, and which the verifier can process to help check the identity of the claimant. [SC27] (see also Attack Sensing and Warning, Challenge Handshake Authentication Protocol, Computer Incident Advisory Capability, Extensible Authentication Protocol, Guidelines and Recommendations for Security Incident Processing, IMAP4 AUTHENTICATE, POP3 AUTH, application proxy, authentication token, bit forwarding rate, challenge, contingency plan, contingency planning, covert channel, covert timing channel, domain name system, electromagnetic compatibility, emergency services, entity, functional testing, handler, hijacking, hypertext transfer protocol, identification authentication, identity, incident, infrastructure assurance, interactive mode, keystroke monitoring, mitigation, negotiated acquisition, network management protocol, nonce, object, online certificate status protocol, owner, polymorphism, process, proxy server, real-time reaction, security controls, server, smurf, solicitation, think time, troll, validation) (includes Challenge-Response Authentication Mechanism, Forum of Incident Response and Security Teams, challenge-response protocol, challenge/response, computer emergency response team, computer emergency response teams' coordination center, computer security emergency response team, computer security incident response capability, computer security incident response team, emergency response, emergency response time, incident handling, incident response capability, response time)

response force

Personnel (not including those on fixed security posts) appropriately equipped and trained, whose duties include initial or follow-up response to situations threatening security of the Special Access Program Facility. This includes local law enforcement support or other external forces as noted in agreements. [DSS] (see also access, security, threat)

response time

The time period between a terminal operator's completion of an inquiry and the receipt of a response. Response time includes the time taken to transmit the inquiry, process it by the computer, and transmit the response back to the terminal. Response time is frequently used as a measure of the performance of an interactive system. [SRV] (see also computer, process, system, response)

responsibility to provide

An information distribution approach whereby relevant essential information is made readily available and discoverable to the broadest possible pool of potential users. [CNSSI-4009] (see also users)

responsible individual

A trustworthy person designated by a sponsoring organization to authenticate individual applicants seeking certificates on the basis of their affiliation with the sponsor. [SP 800-32] (see also trust)

restart

The resumption of the execution of a computer program using the data recorded at a checkpoint. [SRV] (see also computer, program)

restricted area

Any area to which access is subject to special restrictions or controls for reasons of security or safeguarding of property or material. [AJP][NCSC/TG004] Controlled access area established for safeguarding classified material, that because of its size or nature, cannot be adequately protected during working hours by the usual safeguards, but that is capable of being stored during non-working hours in an approved repository or secured by other methods approved by the Cognizant Security Agency. [DSS] (see also access, access control, classified, control, property, security) (includes subject)

restricted data

All data concerning (i) design, manufacture, or utilization of atomic weapons; (ii) the production of special nuclear material; or (iii) the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category pursuant to Section 142 [of the Atomic Energy Act of 1954]. [SP 800-53; Atomic Energy Act of 1954] Data concerning design, manufacture, or use of atomic weapons; or, production of special nuclear material; or, use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category under Section 142 of the Atomic Energy Act of 1954, as amended. [DSS] (see also classified)

restructuring

The transformation from one representation form to another at the same relative abstraction level, while preserving the subject system's external behavior, such as functions and semantics. [SRV] (see also function, semantics, subject, system)

retrieval

To obtain an electronic cryptographic key from active or archival electronic storage, a backup facility, or an archive under normal operational circumstances. [800-130] (see also archive, backup, cryptographic, database management system, escrow, key, key recovery, non-repudiation service, operation, recover, world wide web)

retro-virus

A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state. [AFSEC][NSAINT] (see also availability, backup, system, threat, virus)

reusability

The extent to which a computer program can be used in other applications; related to the packaging and scope of the functions that programs perform. [SRV] The extent to which a program can be used in other applications. It is related to the packaging and scope of the functions that programs perform. [SRV] (see also application, automated information system, computer, function, program)

reusable software asset

An asset that has been catalogued and is stored in a reuse library. An asset is any product of the software lifecycle that can potentially be reused. [SRV] (see also software)

reverse engineering

A process by which people take a computer chip or machine-code executable version of a program and figure out what the program or chip is doing. [AFSEC] Acquiring sensitive data by disassembling and analyzing the design of a system component. [RFC2828] The process of analyzing a subject system to identify the system's components and their interrelationships and to create representations of the computer system in another form or at a higher level of abstraction. [SRV] (see also code, computer, identify, process, program, subject, system, version, threat consequence) (includes reverse software engineering)

reverse software engineering

The process of analyzing existing software to derive its design, requirements, and other products. [SRV] (see also process, requirements, reverse engineering, software)

review board

The authority responsible for evaluating and approving, or disapproving, proposed changes to a system and ensuring implementation of approved changes. [SRV] (see also authority, system)

review techniques

Passive information security testing techniques, generally conducted manually, used to evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities. Review techniques include documentation review, log review, ruleset review, system configuration review, network sniffing, and file integrity checking. [800-115] (see also application, file, information, information security, integrity, security, security testing, system, test, vulnerability)

revision

A change to a baseline configuration item that encompasses error corrections, minor enhancements, or adaptations, but in which there is no change in the functional capabilities. [SRV] (see also baseline, function)

revocation

Adjudicative decision for permanently withdrawing an individual's clearances based on a personnel security investigation, other relevant information, or both, that a cleared person is no longer eligible for access to classified information. [DSS] The process of permanently ending the operational period of a certificate from a specified time forward. Generally, revocation is performed when a private key has been compromised. [GSA] (see also Abstract Syntax Notation One, access, certificate, certificate management services, certificate reactivation, certificate validation, classified, compromise, cryptographic key management system, decertification, distribution point, extension, invalidity date, key, key management, notary, online certificate status protocol, operation, process, public-key infrastructure, registration authority, security, security event) (includes X.509 authority revocation list, X.509 certificate revocation list, authority revocation list, certificate revocation list, certificate revocation tree, indirect certificate revocation list, revocation date)

revocation date

(N) In an X.509 CRL entry, a date-time field that states when the certificate revocation occurred, i.e. when the CA declared the digital certificate to be invalid. (C) The revocation date may not resolve some disputes because, in the worst case, all signatures made during the validity period of the certificate may have to be considered invalid. However, it may be desirable to treat a digital signature as valid even though the private key used to sign was compromised after the signing. If more is known about when the compromise actually occurred, a second date-time, an 'invalidity date', can be included in an extension of the CRL entry. [RFC2828] (see also X.509, certificate, compromise, digital signature, key, signature, public-key infrastructure, revocation)

revocation of facility security clearance

Administrative action taken to terminate classified activity of a contractor because the contractor refuses, is unwilling, or has consistently demonstrated an inability to protect classified information. [DSS] (see also classified, security)

revoke

(see certificate revocation)

revoke a certificate

To prematurely end the operational period of a certificate effective at a specific date and time. [SP 800-32]

revoked

(see revoked state)

revoked state

The key lifecycle state in which a currently active cryptographic key is not to be used to encode, encrypt, or sign again within a domain or context. [800-130] (see also X.509 certificate revocation list, certificate rekey, certificate renewal, certificate revocation list, certificate validation, code, cryptographic, delta CRL, distribution point, domain, invalidity date, key, key lifecycle state, lifecycle, online certificate status protocol, security association, unit of transfer, key lifecycle state)

Rexd

This Unix command is the Sun RPC server for remote program execution. This daemon is started by inetd whenever a remote execution request is made. [NSAINT] (see also program, internet)

risk

(1) The expected loss due to, or impact of, anticipated threats in light of system vulnerabilities and strength or determination of relevant threat agents. (2) The probability that a particular threat will exploit a particular vulnerability of the computer system. [AJP] (I) An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. (O) SET usage: 'The possibility of loss because of one or more threats to information (not to be confused with financial or business risk).' [RFC2828] A measure derived from the probability of failure occurring and the severity of failure modes. The likelihood that a vulnerability may be exploited or that a threat may become harmful. [SRV] A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (1) the adverse impacts that would arise if the circumstance or event occurs; and (2) the likelihood of occurrence. Note: Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation. [CNSSI-4009] A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Note: Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and consider the adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation. [SP 800-53] A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. [Note: Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation. Adverse impacts to the Nation include, for example, compromises to information systems that support critical infrastructure applications or are paramount to government continuity of operations as defined by the Department of Homeland Security.] [SP 800-37; SP 800-53A] A situation where there is a known vulnerability and a potential adversary with the motivation and capability to exploit that vulnerability. [IATF] An event that has a potentially negative impact and the possibility that such an event will occur and adversely affect an entity's assets, activities, and operations. The principal classes of risk from terrorism are to the general public, targets of symbolic value, organizational, governmental, and societal infrastructure, cyber and physical infrastructure, and economic sectors and structures. [GAO] An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. [GSA] Measure of the potential degree to which protected information is subject to loss through adversary exploitation. [DSS] Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability. [CNSSI] The expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. [GAO] The expected loss due to, or impact of, anticipated threats in light of system vulnerabilities and strength or determination of relevant threat agents. [FCv1] The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system, given the potential impact of a threat and the likelihood of that threat occurring. [800-82] The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [800-60][SP 800-60] The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [FIPS 200] The net mission impact considering: (1) the probability that a particular threat source will exercise (accidentally trigger or intentionally exploit) a particular IT system vulnerability and (2) the resulting impact if this should occur. IT system-related risks arise from legal liability or mission loss due to: (1) unauthorized (malicious or accidental) disclosure, modification, or destruction of information, (2) unintentional errors and omissions, (3) IT disruptions due to natural or man-made disasters, and (4) failure to exercise due care and diligence in the implementation and operation of the IT system. [800-37] The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems. [FFIEC] The possibility that a particular system vulnerability will be exploited. [AFSEC] The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. [NIPP] The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization. [SC27] The probability that a particular critical infrastructure's vulnerability being exploited by a particular threat weighted by the impact of that exploitation. [CIAO] The probability that a particular threat will exploit a particular vulnerability of the computer system. [NCSC/TG004] The probability that a particular threat will exploit a particular vulnerability of the system. (I) An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. [OVT] The probability that one or more adverse events will occur. [800-61] Within this document, synonymous with IT-related risk. [800-30][800-33] (see also security software, Clinger-Cohen Act of 1996, Common Criteria for Information Technology Security Evaluation, Defense Information Systems Network Designated Approving Authority, IA infrastructure, IT security policy, Wassenaar Arrangement, accreditation, accreditation disapproval, accreditation phase, accreditation range, acknowledged special access program, adequate security, adjudicative process, adversary, approval to operate, association, assured information sharing, authorization (to operate), authorize processing, authorized, authorizing official, availability, backdoor, blue team, business case, business continuity plan, capability, certification agent or certifier, certification analyst, certification package, certifier, class 2, 3, 4, or 5, clean system, common vulnerabilities and exposures, computer, confinement, contingency plan, continuity of operations plan, continuous monitoring, controlled security mode, cost/benefit analysis, counterintelligence assessment, cover-coding, cryptoperiod, cybersecurity, cyberspace, dangling vulnerability, defense-in-breadth, defense-in-depth, denial time, designated accrediting authority, designated approval authority, disaster recovery plan, effectiveness, enterprise, entity, entity-wide security, environment of operation, exposures, fault tolerance, function, graduated security, group user id, inadvertent disclosure, independent validation authority, information, information security, infrastructure assurance, infrastructure protection, interconnection security agreements, interdependence, interim accreditation action plan, letter of compelling need, level of protection, levels of concern, likelihood of occurrence, low probability of detection, low probability of intercept, major application, malicious, management controls, management countermeasure, management security controls, minimum level of protection, minor application, monitoring and evaluation, multi-hop problem, multilevel device, operation, operations security, operations security process, policy-based access control, post-accreditation phase, pre-certification phase, privacy impact assessment, purge, qualitative assessment, quantitative assessment, redundancy, resilience, robustness, root cause analysis, rules of behavior, safety, scoping guidance, security control effectiveness, security controls, security countermeasures, security goals, security purpose, security safeguards, security-relevant change, semi-quantitative assessment, separation of duties, significant change, simulation modeling, single-hop problem, situational awareness, special information operations, symmetric cryptography, system, system security authorization agreement, system security plan, tactical edge, target, technical vulnerability, technology control plan, test plan, trusted gateway, trusted process, unacknowledged special access program, vaulting, virus scanner, virus-detection tool, work factor, Secure Electronic Transaction, security) (includes IS related risk, IT-related risk, acceptable risk, attack, certification and accreditation, community risk, compromising emanation performance requirement, contamination, critical, debilitated, defect, designated approving authority, destruction, electromagnetic interference, enterprise risk management, failure, false negative, false positive, illegal, incapacitation, information security risk, loop, maintenance hook, operational risk, qualitative risk assessment, remote logon, residue, risk assessment methodology, risk assessment report, risk assessor, risk avoidance, risk evaluation, risk executive, risk identification, risk management, risk management framework, risk mitigation, risk model, risk monitoring, risk plane, risk reduction analysis, risk response, risk response measure, risk tolerance, risk treatment, risk value, risk-adaptable access control, risk-based, risk-informed decisionmaking, security-relevant event, shared account, threat, total risk, unauthorized disclosure, undesired signal data emanations, untrusted process, web risk assessment)

risk analysis

A technique to identify and assess factors that may jeopardize the success of a project or achievement of a goal. This technique also helps define preventive measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these constraints when they develop. Risk analysis is a part of risk management. Synonymous with risk assessment. [SRV] Examination of information to identify the risk to an IS. [CNSSI] Examination of information to identify the risk to an information system. See Risk Assessment. [CNSSI-4009] Method by which individual vulnerabilities are compared to perceived or actual security threat scenarios to determine the likelihood of compromise of critical information. [DSS] The process for determining the sensitivity of information and applications, the threats to and vulnerabilities of that information and applications and other IT resources, and the potential losses that may be incurred if threats exploit identified vulnerabilities [NASA] The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is a part of risk management. [AJP][NCSC/TG004] The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is a part of risk management. Synonymous with risk assessment. (C) The analysis lists risks in order of cost and criticality, thereby determining where countermeasures should be applied first. It is usually financially and technically infeasible to counteract all aspects of risk, and so some residual risk will remain, even after all available countermeasures have been deployed. [FP031, R2196] [OVT] The process of identifying the risks to system security and determining the likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment. [SP 800-27] The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment. [800-33] The systematic process of estimating the magnitude of risks. [SC27] (see also risk assessment, application, assessment, compromise, countermeasures, critical, evaluation, identification, identify, information, management, process, resource, system, threat, vulnerability, analysis, risk management) (includes business impact analysis, cost-risk analysis, gap analysis, security fault analysis, security objectives, security requirements, security specifications, security testing, threat analysis, vulnerability analysis)

risk assessment

(I) A process that systematically identifies valuable system resources and threats to those resources, quantifies loss exposures (i.e. loss potential) based on estimated frequencies and costs of occurrence, and (optionally) recommends how to allocate resources to countermeasures so as to minimize total exposure. (C) The analysis lists risks in order of cost and criticality, thereby determining where countermeasures should be applied first. It is usually financially and technically infeasible to counteract all aspects of risk, and so some residual risk will remain, even after all available countermeasures have been deployed. [RFC2828] A process used to identify and evaluate risks and their potential effect. [FFIEC] A study of vulnerabilities, threats, likelihood, loss or impact, and theoretical effectiveness of security measures. The process of evaluating threats and vulnerabilities, known and postulated, to determine expected loss and establish the degree of acceptability to system operations. [NSAINT][OVT] Process of analyzing threats to and vulnerabilities of an IS, and the potential impact resulting from the loss of information or capabilities of a system. This analysis is used as a basis for identifying appropriate and cost-effective security countermeasures. [CNSSI] Produced from the combination of Threat and Vulnerability Assessments. Characterized by analyzing the probability of destruction or incapacitation resulting from a threat's exploitation of a critical infrastructure's vulnerabilities. [CIAO] The assessment of threats to, impacts on and vulnerabilities of information and information processing facilities and the likelihood of their occurrence. [SC27] The process of combining risk identification, risk analysis and risk evaluation. [SC27] The process of combining risk identification, risk analysis and risk evaluation. [ISO/IEC PDTR 13335-1 (11/2001)] The assessment of threats to, impacts on and vulnerabilities of information and information processing facilities and the likelihood of their occurrence. [SC27] The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses. [800-82] The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. [SP 800-53; SP 800-53A; SP 800-37] The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. [800-30] The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of risk management and synonymous with risk analysis. [800-37] The process of identifying, prioritizing, and estimating risks. This includes determining the extent to which adverse circumstances or events could impact an enterprise. Uses the results of threat and vulnerability assessments to identify risk to organizational operations and evaluates those risks in terms of likelihood of occurrence and impacts if they occur. The product of a risk assessment is a list of estimated potential impacts and unmitigated vulnerabilities. Risk assessment is part of risk management and is conducted throughout the Risk Management Framework (RMF). [CNSSI-4009] The process of qualitatively or quantitatively determining the probability of an adverse event and the severity of its impact on an asset. It is a function of threat, vulnerability, and consequence. A risk assessment may include scenarios in which two or more risks interact to create a greater or lesser impact. A risk assessment provides the basis for the rank ordering of risks and for establishing priorities for applying countermeasures. [GAO] Written evaluation supporting the adjudicative process, especially when a significant exception to a Personnel Security Standard is being considered. [DSS] (see also risk analysis, analysis, control, countermeasures, critical, critical infrastructures, criticality assessment, evaluation, exposures, function, identification, identify, impact, information, management, operation, process, resource, system, threat, vulnerability, assessment, risk management)

risk assessment methodology

A risk assessment process, together with a risk model, assessment approach, and analysis approach. [SP 800-30] (see also risk)

risk assessment report

The report which contains the results of performing a risk assessment or the formal output from the process of assessing risk. [SP 800-30] (see also risk)

risk assessor

The individual, group, or organization responsible for conducting a risk assessment. [SP 800-30] (see also risk)

risk avoidance

This assessment should consist of an evaluation from security, counterintelligence, and other technical or management experts as appropriate, and should contrast the compelling national security benefit of an individual accessed to Sensitive Compartmented Information with the risk. [DSS] (see also access, assessment, evaluation, intelligence, risk)

risk evaluation

The process of comparing analysed levels of risk against pre-established criteria and identifying areas needing risk treatment. [SC27] (see also criteria, identify, process, evaluation, risk)

risk executive

(or Risk Executive Function) An individual or group within an organization that helps to ensure that: (i) security risk-related considerations for individual information systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing risk from individual information systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success. [CNSSI-4009; SP 800-53A; SP 800-37; SP 800-39] (see also authorization, risk)

risk identification

The process of identifying risks considering business objectives, threats and vulnerabilities as the basis for further analysis. [SC27] (see also analysis, identify, object, process, threat, vulnerability, identification, risk)

risk index

Difference between the minimum clearance or authorization of IS users and the maximum sensitivity (e.g.; classification and categories) of data processed by the system. [CNSSI] The disparity between the minimum clearance or authorization of system users and the maximum sensitivity (e.g. classification and categories) of data processed by a system. (A complete explanation of this term is provided in CSC-STD-003-85 and CSC-STD-004-85 - U.S. Government publications). [AJP] The disparity between the minimum clearance or authorization of system users and the maximum sensitivity (e.g. classification and categories) of data processed by a system. See CSC-STD-003-85 and CSC-STD-004-85 for a complete explanation of this term. [NCSC/TG004] (see also authorization, classification levels, classified, process, system, users, risk management) (includes security range)

risk management

(1) A family of security controls in the management class dealing with the process of identifying and applying controls commensurate with the value of the assets protected based on a risk assessment. (2) The total process of identifying, controlling, and mitigating IT system-related risks. It includes risk assessment; cost benefit analysis; and the selection, implementation, test and security evaluation of security controls. This overall system security review considers both effectiveness and efficiency, including impact on the mission and constraints due to policy, regulations, and laws. [800-37] (I) The process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. [RFC2828] 1) Deliberate process of understanding risk and deciding upon and implementing actions to reduce risk to a defined level. Characterized by identifying, measuring, and controlling risks to a level commensurate with an assigned value. 2) The identification, assessment, and mitigation of probabilistic security events (risks) in information systems to a level commensurate with the value of the assets protected. [CIAO] A continuous process of managing through a series of mitigating actions that permeate an entity's activities, the likelihood of an adverse event and its negative impact. Risk management addresses risk before mitigating action, as well as the risk that remains after countermeasures have been taken. [GAO] Process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regualations. (NIST Special Pub 800-53) [CNSSI] Security philosophy postulating that adversaries are all-knowing and highly competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities. [DSS] The process of identifying, controlling and minimizing or eliminating security risks that may affect information systems, for an acceptable cost. [SC27] The process of identifying, controlling, and minimizing or eliminating uncertain events that may affect IT resources [NASA] The process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations. [800-82][SP 800-82; SP 800-34] The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation resulting from the operation or use of an information system, and includes: (1) the conduct of a risk assessment; (2) the implementation of a risk mitigation strategy; (3) employment of techniques and procedures for the continuous monitoring of the security state of the information system; and (4) documenting the overall risk management program. [CNSSI-4009] The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: 1) the conduct of a risk assessment; 2) the implementation of a risk mitigation strategy; and 3) employment of techniques and procedures for the continuous monitoring of the security state of the information system. [FIPS 200] The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. [SP 800-53; SP 800-53A; SP 800-37] The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, and includes: (i) establishing the context for risk-related activities; (ii) assessing risk; (iii) responding to risk once determined; and (iv) monitoring risk over time. [SP 800-39] The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect IT system resources. [SC27] The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect IT system resources. [ISO/IEC PDTR 13335-1 (11/2001)] The process of identifying, controlling and minimizing or eliminating security risks that may affect information systems, for an acceptable cost. [SC27] The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect an organization's resources. It includes risk analysis; cost-benefit analysis; gap analysis; sensitivity analysis; SWOT analysis; selection, implementation, test, and evaluation of safeguards; and management reviews. [SRV] The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. It includes risk analysis, cost benefit analysis, selection, implementation and test, security evaluation of safeguards, and overall security review. (I) The process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. [OVT] The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. It includes risk analysis, cost-benefit analysis, selection, implementation and test, security evaluation of safeguards, and overall security review. [AJP][NCSC/TG004] The total process of identifying, controlling, and mitigating information system-related risks. It includes risk assessment; cost-benefit analysis; and the selection, implementation, test, and security evaluation of safeguards. This overall system security review considers both effectiveness and efficiency, including impact on the mission and constraints due to policy, regulations, and laws. [800-30] The total process of identifying, controlling, and mitigating information technology related risks. It includes risk analysis; cost-benefit analysis; and the selection, implementation, test, and security evaluation of safeguards. This overall system security review considers both effectiveness and efficiency, including impact on the mission/business and constraints due to policy, regulations, and laws. [800-33] The total process to identify, control, and minimize the impact of uncertain events. The objective of the risk management program is to reduce risk and obtain and maintain DAA (Designated Approving Authority) approval. [NSAINT] The total process to identify, control, and minimize the impact of uncertain events. The objective of the risk management program is to reduce risk and obtain and maintain DAA approval. [AFSEC] (see also analysis, assessment, authority, authorization, control, cost/benefit analysis, cybersecurity, disaster recovery plan, entity, evaluation, function, identification, identify, information, information systems security engineering, infrastructure assurance, management controls, monitoring and evaluation, operation, opportunity cost, policy, process, program, resource, security controls, security software, strengths, weaknesses, opportunities, threats, system, technology, vulnerability, management, risk, security) (includes Automated Information System security, access control, automated security monitoring, availability, best practices, configuration management, consequence management, continuity of services and operations, control objectives, countermeasures, crisis management, critical infrastructures, disaster recovery, emergency shutdown controls, entrapment, environmental failure protection, external security controls, failure control, flaw hypothesis methodology, internal security controls, mitigation, penetration study, pseudo-flaw, recommended practices, reliability, remediation, risk analysis, risk assessment, risk index, risk-based management, security enforcing, security evaluation, security measures, security mechanism, security policy, security-critical mechanisms, segregation of duties, test, threat consequence, threat monitoring, user profile, waiver)

risk management framework

A planning methodology that outlines the process for setting goals and objectives; identifying assets, systems, and networks; assessing risks; prioritizing and implementing protection programs and resiliency strategies; measuring performance; and taking corrective action. Public and private sector entities often include risk management frameworks in their business continuity plans. [NIPP] A structured approach used to oversee and manage risk for an enterprise. [CNSSI-4009] (see also management, risk)

risk mitigation

Prioritizing, evaluating, and implementing the appropriate risk- reducing controls/countermeasures recommended from the risk management process. [CNSSI-4009; SP 800-30; SP 800-39] (see also control, management, risk)

risk model

A key component of a risk assessment methodology (in addition to assessment approach and analysis approach) that defines key terms and assessable risk factors. [SP 800-30] (see also risk)

risk monitoring

Maintaining ongoing awareness of an organization's risk environment, risk management program, and associated activities to support risk decisions. [SP 800-30; SP 800-39] (see also management, risk)

risk plane

A graphic technique for depicting the likelihood of particular attacks occurring and the degree of consequence to an operational mission. [IATF] (see also attack, operation, risk)

risk reduction analysis

The step by which a manager, knowing the risks and having listed the controls already available, addresses the additional controls needed to bring the risks to a manageable level [NASA] (see also control, analysis, risk)

risk response

Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (i.e. mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation. [SP 800-30; SP 800-39] (see also risk)

risk response measure

A specific action taken to respond to an identified risk. [SP 800-39] (see also risk)

risk tolerance

The defined impacts to an enterprise's information systems that an entity is willing to accept. [CNSSI-4009] The level of risk an entity is willing to assume in order to achieve a potential desired result. [SP 800-32] (see also risk)

risk treatment

The process of defining an IT security management plan based on risk evaluation. [SC27] (see also IT security, computer security, evaluation, process, risk)

risk value

The probability that any given threat will occur multiplied by the impact of loss that would occur if the threat were to attack a given vulnerability that has been identified for it [NASA] (see also attack, threat, vulnerability, risk)

risk-adaptable access control

(RAdAC) A form of access control that uses an authorization policy that takes into account operational need, risk, and heuristics. [CNSSI-4009] (see also authorization, access, control, risk)

risk-based

An approach to IT security intended to place the decisions about the nature and level of risk to accept in the hands of GRC line managers who are most familiar with the environment in which they have to operate [NASA] (see also IT security, risk)

risk-based management

Risk management that considers unquantifiable, speculative events as well as probabilistic events (that is, uncertainty as well as risk). [CIAO] (see also risk management)

risk-informed decisionmaking

The determination of a course of action predicated on the assessment of risk, the expected impact of that course of action on that risk, and other relevant factors. [NIPP] (see also risk)

Rivest Cipher 2 (RC2)

(N) A proprietary, variable-key-length block cipher invented by Ron Rivest for RSA Data Security, Inc. (now a wholly-owned subsidiary of Security Dynamics, Inc.). [RFC2828] A symmetric encryption algorithm by Ron Rivest (the R of RSA). [misc] (see also algorithm, encryption, key, security, cipher, symmetric algorithm)

Rivest Cipher 4 (RC4)

(N) A proprietary, variable-key-length stream cipher invented by Ron Rivest for RSA Data Security, Inc. (now a wholly-owned subsidiary of Security Dynamics, Inc.). [RFC2828] A symmetric encryption algorithm by Ron Rivest (the R of RSA). [misc] (see also algorithm, encryption, key, security, cipher, symmetric algorithm)

Rivest, Shamir, and Adleman

A public key signature algorithm. [SRV] (see Rivest-Shamir-Adleman algorithm)

Rivest-Shamir-Adleman

(N) An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman [RSA78, Schn]. (C) RSA uses exponentiation modulo the product of two large prime numbers. The difficulty of breaking RSA is believed to be equivalent to the difficulty of factoring integers that are the product of two large prime numbers of approximately equal size. (C) To create an RSA key pair, randomly choose two large prime numbers, p and q, and compute the modulus, n = pq. Randomly choose number e, the public exponent, that is less than n and relatively prime to (p-1)(q-1). Choose another number d, the private exponent, such that ed-1 evenly divides (p-1)(q-1). The public key is the set of numbers (n,e), and the private key is the set (n,d). (C) It is assumed to be difficult to compute the private key (n,d) from the public key (n,e). However, if n can be factored into p and q, then the private key d can be computed easily. Thus, RSA security depends on the assumption that it is computationally difficult to factor a number that is the product of two large prime numbers. (Of course, p and q are treated as part of the private key, or else destroyed after computing n.) (C) For encryption of a message, m, to be sent to Bob, Alice uses Bob's public key (n,e) to compute m**e (mod n) = c. She sends c to Bob. Bob computes c**d (mod n) = m. Only Bob knows d, so only Bob can compute c**d (mod n) = m to recover m. (C) To provide data origin authentication of a message, m, to be sent to Bob, Alice computes m**d (mod n) = s, where (d,n) is Alice's private key. She sends m and s to Bob. To recover the message that only Alice could have sent, Bob computes s**e (mod n) m, where (e,n) is Alice's public key. (C) To ensure data integrity in addition to data origin authentication requires extra computation steps in which Alice and Bob use a cryptographic hash function h (as explained for digital signature). Alice computes the hash value h(m) = v, and then encrypts v with her private key to get s. She sends m and s. Bob receives m' and s', either of which might have been changed from the m and s that Alice sent. To test this, he decrypts s' with Alice's public key to get v'. He then computes h(m') = v'. If v' equals v', Bob is assured that m' is the same m that Alice sent. [RFC2828] A public key algorithm invented by Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman (RSA). RSA can be used to generate digital signatures, encrypt messages, and provide key management for DES (Data Encryption Standard), RC2 (Rivest Cipher 2), RC4 (Rivest Cipher 4), and other secret key algorithms. RSA performs the key management process, in part, by encrypting a secret key for an algorithm such as DES, RC2, or RC4 with the recipient's public key for secure transmission to the recipient. This secret key can then be used to support private communications. [AJP] (see Rivest-Shamir-Adleman algorithm)

Rivest-Shamir-Adleman algorithm (RSA)

A public key algorithm can be used to generate digital signatures, encrypt messages, and provide key management for Data Encryption Standard and other secret key algorithms. [SRV] (see also authentication, cipher, communications, cryptographic, destruction, digital signature, encryption, function, hash, integrity, key, key management, message, process, public-key, random, security, signature, standard, test, algorithm, asymmetric algorithm, public-key cryptography) (includes public-key cryptography standards)

robust security network

A wireless security network that only allows the creation of Robust Security Network Associations (RSNAs). [SP 800-48] (see also network, security)

robustness

A characterization of the strength of a security function, mechanism, service, or solution, and the assurance (or confidence) that is implemented and functioning correctly. [IATF] Comparison and analysis of the relative threat (intent and capability to collect the information); vulnerability of the asset; cost and administrative burden of possible countermeasures; and value of the asset used to determine the appropriate level of protection to control and reduce the risk of compromise or disclosure to acceptable levels. Risk management allows an acceptance of risk in the security process based upon a cost-benefit analysis. Characterization of the strength of a security function, mechanism, service or solution, and the assurance (or confidence) that it is implemented and functioning correctly. The Department of Defense has three levels of robustness: High Robustness: Security services and mechanisms that provide the most stringent protection and rigorous security countermeasures. Medium Robustness: Security services and mechanisms that provide for layering of additional safeguards above good commercial practices. Basic Robustness: Security services and mechanisms that equate to good commercial practices. [DSS] The ability of an Information Assurance entity to operate correctly and reliably across a wide range of operational conditions, and to fail gracefully outside of that operational range. [CNSSI-4009] The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions. [OVT] (see also analysis, compromise, confidence, countermeasures, function, risk, software reliability, system, threat, vulnerability, assurance)

rogue device

An unauthorized node on a network. [800-115][SP 800-115] (see also authorized, threat)

role

A group attribute that ties membership to function. When an entity assumes a role, the entity is given certain rights that belong to that role. When the entity leaves the role, those rights are removed. The rights given are consistent with the functionality that the entity needs to perform the expected tasks. [CNSSI-4009] A predefined set of rules establishing the allowed interactions between a user and the system. [CC2][CC21][SC27][SRV] The set of acceptable functions, services, and tasks that a person or organization may perform within an environment or context. [800-130] (see also FIPS PUB 140-1, Guidelines and Recommendations for Security Incident Processing, IA-enabled information technlogogy product, IP splicing/hijacking, authorization, brand, common criteria, end entity, function, gas and oil production, storage and transportation, major information system, online attack, operator, organizational registration authority, personality label, physical access control, policy approving authority, policy creation authority, public-key infrastructure, registration, reserve account, subordinate certification authority, system, system entity, system security officer, transportation, trust, users, target of evaluation) (includes role-based access control)

role-based access control (RBAC)

(I) A form of identity-based access control where the system entities that are identified and controlled are functional positions in an organization or process. [RFC2828] (RBAC) A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities. [SP 800-95] Access control based on user roles (i.e. a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals. [SP 800-53; CNSSI-4009] (see also authorization, entity, function, identity, process, resource, subject, system, access, control, role)

rolling cost forecasting technique

A project cost estimating technique in which more cost details are provided for the current phase and fewer cost details for the latter phases of a system development lifecycle project. All costs are summed up for the entire project, and new costs are updated periodically. [SRV] (see also system, update, business process)

root

(I) A CA that is directly trusted by an end entity. Acquiring the value of a root CA's public key involves an out-of-band procedure. (I) Hierarchical PKI usage: The CA that is the highest level (most trusted) CA in a certification hierarchy; i.e. the authority upon whose public key all certificate users base their trust. (C) In a hierarchical PKI, a root issues public-key certificates to one or more additional CAs that form the second highest level. Each of these CAs may issue certificates to more CAs at the third highest level, and so on. To initialize operation of a hierarchical PKI, the root's initial public key is securely distributed to all certificate users in a way that does not depend on the PKI's certification relationships. The root's public key may be distributed simply as a numerical value, but typically is distributed in a self-signed certificate in which the root is the subject. The root's certificate is signed by the root itself because there is no higher authority in a certification hierarchy. The root's certificate is then the first certificate in every certification path. (O) MISSI usage: A name previously used for a MISSI policy creation authority, that is not a root as defined above for general usage, but is a CA at the second level of the MISSI hierarchy, immediately subordinate to a MISSI policy approving authority. (O) UNIX usage: A user account (also called 'superuser') that has all privileges (including all security-related privileges) and thus can manage the system and its other user accounts. [RFC2828] (see also authority, certificate, certification, entity, key, operation, policy, public-key, subject, system, trust, users, multilevel information systems security initiative, public-key infrastructure)

root CA

The Certification Authority that is trusted by everyone. The root CA issues digital certificates to other CAs. [misc] (see also authority, certificate, certification authority)

root cause analysis

A principle-based, systems approach for the identification of underlying causes associated with a particular set of risks. [SP 800-30; SP 800-39] A technique used to identify the conditions that initiate the occurrence of an undesired activity or state. Pareto diagram can be used for this purpose. [SRV] (see also identify, risk, analysis)

root certificate

(I) A certificate for which the subject is a root. (I) Hierarchical PKI usage: The self-signed public-key certificate at the top of a certification hierarchy. [RFC2828] (see also certification, key, public-key, subject, certificate)

root certification authority

In a hierarchical Public Key Infrastructure, the Certification Authority whose public key serves as the most trusted datum (i.e. the beginning of trust paths) for a security domain. [SP 800-32; CNSSI-4009] (see also security, trust, certification)

root key

(I) A public key for which the matching private key is held by a root. [RFC2828] (see also public-key, key)

root registry

(O) MISSI usage: A name previously used for a MISSI policy approving authority. [RFC2828] (see also authority, policy, multilevel information systems security initiative)

rootkit

A collection of files that is installed on a system to alter the standard functionality of the system in a malicious and stealthy way. [800-83] A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems. [NSAINT] A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker's activities on the host and permit the attacker to maintain root-level access to the host through covert means. [800-61][CNSSI-4009] (see also access, access control, compromise, computer, covert, file, function, information, malicious, message, network, passwords, software, standard, system, attack, malicious code)

rotational delay

For disk drives, the delay in rotating the correct sector under the read/write head. [SRV] (see also automated information system)

round key

Round keys are values derived from the Cipher Key using the Key Expansion routine; they are applied to the State in the Cipher and Inverse Cipher. [FIPS 197] (see also key)

round-function

A function f (.,.) that transforms two binary strings of lengths L_f to a binary string of length L_f . NOTE - It is used iteratively as part of a hash function, where it combines an 'expanded' data block of length L_f with the previous output of length L_f . [SC27] A function f(.,.) that transforms two binary strings of lengths L₁ and L₂ to a binary string of length L₂. It is used iteratively as part of a hash function, where it combines a data string of length L₁ with the previous output of length L₂. [ISO/IEC 10118-1: 2000, ISO/IEC ] Function f(.,.) that transforms two binary strings of lengths L₁ and L₂ to a binary string of length L₂. NOTE - It is used iteratively as part of a hash function, where it combines a data string of length L₁ with the previous output of length L₂. [ISO/IEC FDIS 9797-2 (09/2000)] A function f(.,.) that transforms two binary strings of lengths L_f to a binary string of length L_f. NOTE - It is used iteratively as part of a hash function, where it combines an 'expanded' data block of length L_f with the previous output of length L_f. [SC27] A function f (.,.) that transforms two binary strings of lengths L ₁ and L ₂ to a binary string of length L ₂. It is used iteratively as part of a hash function, where it combines a data string of length L ₁ with the previous output of length L ₂. [SC27] Function f (.,.) that transforms two binary strings of lengths L ₁ and L ₂ to a binary string of length L ₂. NOTE - It is used iteratively as part of a hash function, where it combines a data string of length L ₁ with the previous output of length L ₂. [SC27] (see also hash, function)

router

(I) A computer that is a gateway between two networks at OSI layer and that relays and directs data packets through that internetwork. The most common form of router operates on IP packets. (I) Internet usage: In the context of the Internet protocol suite, networked computer that forwards Internet Protocol packets that are not addressed to the computer itself. [RFC2828] A computer that is a gateway between two networks at OSI layer 3 and that relays and directs data packets through that inter-network. The most common form of router operates on IP packets. [800-82] A device that connects two networks or network segments and may use IP to route messages. [CIAO] A hardware device that connects two or more networks and routes incoming data packets to the appropriate network. [FFIEC] A physical or logical entity that receives and transmits data packets or establishes logical connections among a diverse set of communicating entities (usually supports both hardwired and wireless communication devices simultaneously). [800-130] A router keeps a record of network node addresses and current network status; it also extends LANs. [SRV] An interconnection device that is similar to a bridge but serves packets or frames containing certain protocols. Routers link LANs at the network layer. [NSAINT] (see also Extensible Authentication Protocol, IA-enabled information technlogogy product, Terminal Access Controller Access Control System, autonomous system, bastion host, bridge, computer, connection, deny by default, end-to-end encryption, entity, firewall, gateway, internet control message protocol, internet protocol, message, network, network device, packet filtering, packet filtering firewall, protocols, proxy server, screened host firewall, smurf, system resources, technology area, trusted process, vendor, internet) (includes brouters, filtering router, router flapping, router-based firewall, screening router, tunneling router)

router flapping

A router that transmits routing updates alternately advertising a destination network first via one route, then via a different route. [800-82] (see also update, router)

router-based firewall

A firewall where the security is implemented using screening routers as the primary means of protecting the network. [SRV] (see also network, security, firewall, router)

routine changes

Changes that have a minimal effect on the overall Transient Electromagnetic Pulse Emanation Standard, or TEMPEST, security of the Special Access Program Facility. Those changes include adding a different type electronic information processing equipment (unless the equipment added is known to have an unusually large Transient Electromagnetic Pulse Emanation Standard profile), movement of the equipment with the facility, and minor installation changes are examples of routine changes. [DSS] (see also access, security)

routing

The process of moving information from its source to a destination. [FFIEC] (see also information, process)

routing control

The application of rules during the process of routing so as to choose or avoid specific networks, links or relays. [NSAINT] (see also application, network, process, control)

RSA algorithm

RSA stands for Rivest-Shamir-Aldeman. A public-key cryptographic algorithm that hinges on the assumption that the factoring of the product of two large primes is difficult. [NSAINT] (see also cryptographic, key, public-key, algorithm)

rule-based security policy

(I) 'A security policy based on global rules imposed for all users. These rules usually rely on comparison of the sensitivity of the resource being accessed and the possession of corresponding attributes of users, a group of users, or entities acting on behalf of users.' [RFC2828] A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access. [800-33][SP 800-33][SRV] A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access. Also known as discretionary access control (DAC). [CNSSI-4009] (see also access, access control, control, object, resource, subject, users, policy, security)

rules based detection

The intrusion detection system detects intrusions by looking for activity that corresponds to known intrusion techniques (signatures) or system vulnerabilities. Also known as Misuse Detection. [NSAINT] (see also intrusion, intrusion detection, misuse detection model, security software, signature, system, vulnerability)

rules of behavior

The rules that have been established and implemented concerning use of, security in, and acceptable level of risk for the system. Rules will clearly delineate responsibilities and expected behavior of all individuals with access to the system. Rules should cover such matters as work at home, dial-in access, connection to the Internet, use of copyrighted works, unofficial use of federal government equipment, the assignment and limitation of system privileges, and individual accountability. [800-37] (see also access, access control, connection, internet, risk, security, system)

rules of engagement

Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions. [SP 800-115] Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test. It gives the test team authority to conduct the activities defined in the ROE without additional permission. [800-115] (see also authority, information, information security, security, security testing, test)

ruleset

A collection of rules or signatures that network traffic or system activity is compared against to determine an action to take, such as forwarding or rejecting a packet, creating an alert, or allowing a system event. [800-115] A set of directives that govern the access control functionality of a firewall. The firewall uses these directives to determine how packets should be routed between its interfaces. [SP 800-41] A table of instructions used by a controlled interface to determine what data is allowable and how the data is handled between interconnected systems. [SP 800-115; CNSSI-4009] The collection of access control rules that determines which packets the DUT/SUT will forward and which it will reject. Rule sets control access to and from the network interfaces of the DUT/SUT. By definition, rule sets do not apply equally to all network interfaces; otherwise there would be no need for the firewall. For benchmarking purposes, a specific rule set is typically applied to each network interface in the DUT/SUT. The tester must describe the complete contents of the rule set of each DUT/SUT. To ensure measurements reflect only traffic forwarded by the DUT/SUT, testers are encouraged to include a rule denying all access except for those packets allowed by the rule set. [RFC2647] (see also access, access control, allowed traffic, control, demilitarized zone, illegal traffic, interface, network, policy, protected network, rejected traffic, security association, signature, system, test, unprotected network, firewall)

run

An expression to execute a computer program. [SRV] (see also computer, program)

run manual

A document that provides application-specific operating instructions, such as error messages, job setup procedures, console commands and messages, job/step checkpoints, and job/step restart and recovery procedures. [SRV] (see also application, message, recovery)

S-box

Nonlinear substitution table used in several byte substitution transformations and in the Key Expansion routine to perform a one- for-one substitution of a byte value. [FIPS 197] S/MIME - A set of specifications for securing electronic mail. Secure/ Multipurpose Internet Mail Extensions (S/MIME) is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer's certificate(s). [SP 800-49] (see also authentication, privacy, security)

S/Key

(I) A security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. (C) The client generates a one-time password by applying the MD4 cryptographic hash function multiple times to the user's secret key. For each successive authentication of the user, the number of hash applications is reduced by one. (Thus, an intruder using wiretapping cannot compute a valid password from knowledge of one previously used.) The server verifies a password by hashing the currently presented password (or initialization value) one time and comparing the hash result with the previously presented password. [RFC2828] (see also application, authentication, cryptographic, function, hash, login, security, users, key)

safeguarding and safeguarding measures

Controls prescribed to protect classified information. [DSS] (see also classified)

safeguarding statement

Statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized individual. Synonymous with banner. [CNSSI][CNSSI-4009] (see also authorized, classified, computer, control, process)

safeguards

1.) Protection included to counteract a known or expected condition. 2.) Incorporated countermeasure or set of countermeasures within a base release. [CNSSI] A practice, procedure or mechanism that reduces risk. Note that the term 'safeguard' is normally considered to be synonymous with the term 'control'. [SC27] Protective measures prescribed to meet the security requirements (i.e. confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures. [SP 800-53; SP 800-37; FIPS 200; CNSSI-4009] (see security safeguards)

safety

(I) The property of a system being free from risk of causing harm to system entities and outside entities. [RFC2828] (DOD) Freedom from those conditions that can cause death, injury, occupational illness, or damage to or loss of equipment or property, or damage to the environment. (I) The property of a system being free from risk of causing harm to system entities and outside entities. Software is deemed safe if it is impossible (or at least highly unlikely) that the software could ever produce an output that would cause a catastrophic event for the system that the software controls. Examples of catastrophic events include loss of physical property, physical harm, and loss-of-life. [OVT] Freedom from those conditions that can cause death or injury, or damage to or loss of data, hardware, or software. [SRV] (see also control, damage, property, risk, software, system)

safety-critical software

Safety-critical software is any software that can directly or indirectly contribute to the occurrence of a hazardous system state. [OVT] (see also automated information system, system, critical, software)

salami technique

The process of secretly and repetitively slicing away tiny amounts of money in a way that is unlikely to be noticed. [AFSEC] (see also process, threat)

salt

(I) A random value that is concatenated with a password before applying the one-way encryption function used to protect passwords that are stored in the database of an access control system. (C) Salt protects a password-based access control system against a dictionary attack. [RFC2828] A non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker. [800-63][CNSSI-4009][SP 800-63] Random data produced by the signing entity during the generation of the message representative in Signature scheme 2. [SC27] (see also access, access control, attack, control, control systems, cryptographic, encryption, entity, function, message, passwords, process, random, signature, system)

SAML authentication assertion

A SAML assertion that conveys information about a successful act of authentication that took place for a subject. [800-63] (see also information, subject, authentication, security assertion markup language)

sample

A portion of a population that is examined or tested in order to obtain information or draw conclusions about the entire population. [SRV] (see also information, test)

sampling distribution

The distribution of a statistic. [SRV]

sampling error

Each estimate generated from a probability sample has a measurable precision, or sampling error, that may be expressed as a plus or minus figure. A sampling error indicates how closely we can reproduce from a sample the results that we would obtain if we were to take a complete count of the population using the same measurement methods. By adding the sampling error to and subtracting it from the estimate, we can develop upper and lower bounds for each estimate. This range is called a confidence interval. Sampling errors and confidence intervals are stated at a certain confidence level. For example, a confidence interval at the 95-percent confidence level means that in 95 of 100 instances, the sampling procedure we used would produce a confidence interval containing the population value we are estimating. [SRV] (see also confidence, precision)

sampling frame

A means of access to a population, usually a list of the sampling units contained in the population. The list may be a paper printout, a magnetic tape/disk file, or a physical file of such things as payroll records or accounts receivable. [SRV] (see also access, access control, file)

Samurai

A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an electronic locksmith. [NSAINT] (see also hackers, privacy)

sandboxed environment

The enforcement of access control by a native programming language such that an applet can only access limited resources. Java applets run in a sandboxed environment where an applet cannot read or write local files, cannot start or interact with local processes, and cannot load or link with dynamic libraries. While a sandboxed environment provides excellent protection against accidental or malicious destruction or abuse of local resources, it does not address the security issues related to authentication, authorization, privacy, integrity, and non-repudiation. [misc] (see also access, authentication, control, file, integrity, malicious, non-repudiation, privacy, process, program, resource, access control)

sandboxing

A method of isolating application modules into distinct fault domains enforced by software. The technique allows untrusted programs written in an unsafe language, such as C, to be executed safely within the single virtual address space of an application. Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. Access to system resources can also be controlled through a unique identifier associated with each domain. [SP 800-19] A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized. [CNSSI-4009] (see also access, control, software, trust)

sanitization

A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means. [SP 800-53; CNSSI-4009] Also Purging. Removal of information from the storage device such that data recovery using any known technique or analysis is prevented. Sanitization includes removal data from the storage device, as well as the removal of labels, markings, and activity logs. In general, laboratory techniques cannot retrieve data that has been sanitized/purged. The method of sanitization varies depending upon the storage device and may include actions such as degaussing, incineration, smelting, shredding, grinding, embossing, or chemical immersion. [DSS] Process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs. [FIPS 200] The changing of content information in order to meet the requirements of the sensitivity level of the network to which the information is being sent. [IATF] (see also analysis, information, network, purging, requirements, security)

sanitize

(I) Delete sensitive data from a file, a device, or a system; or modify data so as to be able to downgrade its classification level. [RFC2828] Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs. [CNSSI] To expunge data from storage media (e.g., diskettes, CD-ROMs, tapes) so that data recovery is impossible. [CIAO] (see also classification levels, classified, file, information, process, recovery, security, system)

sanitizing

Removal of information from the media or equipment such that data recovery using any known technique or analysis is prevented. Sanitizing includes removal of data from the media, as well as the removal of classified labels, markings, and activity logs. Properly sanitized media may be subsequently declassified upon observing the organization's respective verification and review procedures. [DSS] The degaussing or overwriting of sensitive information in magnetic or other storage media. Synonymous with scrubbing. [SRV] (see also analysis, classified, information)

sas 70 report

An audit report of a servicing organization prepared in accordance with guidance provided in the American Institute of Certified Public Accountants' Statement of Auditing Standards Number 70. [FFIEC] (see also audit, standard)

SATAN

Security Administrator Tool for Analyzing Networks - A tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A powerful freeware program which helps to identify system security weaknesses. [NSAINT] (see also identify, network, program, system, vulnerability, intrusion, security software)

SAVILLE Advanced Remote Keying (SARK)

(see also key)

SCADA server

The device that acts as the master in a SCADA system. [800-82] (see also system)

scalability

A measure of the ease of changing the capability of a system. [800-130] The ability to move application software source code and data into systems and environments that have a variety of performance characteristics and capabilities without significant modification. [SRV] The ability to move application software source code and data, without significant modification, into systems and environments that have a variety of performance characteristics and capabilities. [SRV] (see also application, code, open system environment, scoping guidance, software, system)

scaling

Ability to easily change in size or configuration to suit changing conditions. [CIAO]

scan

widespread search of the Internet to determine types of computers, services and connections. Hackers and crackers scan to take advantage of weaknesses in a particular make of computer or software program. [FJC] (see also computer, connection, internet, program, software)

scanning

Sending packets or requests to another system to gain information to be used in a subsequent attack. [800-61] (see also information, system, attack)

scattered castles

Security clearance repository for the Intelligence Community and the Director of National Intelligence's authoritative source for clearance and access information for all Intelligence Community, military services, Department of Defense civilians, and contractor personnel. Department of Defense information is furnished by the Joint Personnel Adjudication System. [DSS] (see also access, intelligence, security)

scatternet

A chain of piconets created by allowing one or more Bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance. [SP 800-121]

scavenging

Searching through data residue in a system to gain unauthorized knowledge of sensitive data. [RFC2828] Searching through object residue to acquire data. [CNSSI][CNSSI-4009] Searching through object residue to acquire unauthorized data. [AJP][NCSC/TG004] Searching through residue for the purpose of unauthorized data acquisition. [SRV] (see also authorized, cryptography, system, attack, threat consequence) (includes object)

scenario

The combination of weapon and attack mode on a specific target or critical asset (for example, the release of sarin gas in a subway train). [GAO] (see also attack, critical, target)

scheduled records

Records under a National Archives and Records Administration approved records control schedule. [DSS]

scheme

A (cryptographic) scheme consists of an unambiguous specification of a set of transformations that are capable of providing a (cryptographic) service when properly implemented and maintained. A scheme is a higher level construct than a primitive and a lower level construct than a protocol. [800-130] Set of rules defining the environment, including criteria and methodology required to conduct an assessment. [SC27] (see also assessment, criteria, cryptographic, protocols)

scope

The time period covered and the sources of information contacted during a Personnel Security Investigation. [DSS] (see also security)

scope of a requirement

Determination of whether a requirement applies to: all users, subjects, and objects of the TCB; all the TCB commands and application programming interfaces; all TCB elements; all configurations, or only a defined subset of configurations. [AJP][FCv1] (see also application, interface, program, users, requirements, trusted computing base) (includes object, subject)

Scope of Accreditation

The test methods for which a CCTL has been accredited by NVLAP and the specific technology areas where those approved test methods may be applied when conducting IT security evaluations within the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also IT security, computer security, criteria, evaluation, security, technology, test, validation, Common Criteria Testing Laboratory, accreditation)

scoping guidance

A part of tailoring guidance providing organizations with specific policy/regulatory-related, technology-related, system component allocation-related, operational/environmental-related, physical infrastructure-related, public access-related, scalability-related, common control-related, and security objective-related considerations on the applicability and implementation of individual security controls in the security control baseline. [SP 800-53] Provides organizations with specific technology-related, infrastructure-related, public access-related, scalability-related, common security control-related, and risk-related considerations on the applicability and implementation of individual security controls in the control baseline. [800-53] Specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline. [FIPS 200; CNSSI-4009] (see also access, access control, control, risk, scalability, security, technology)

scrambling

The precise injection of RF interference during the transmission of specific management messages. These attacks prevent proper network ranging and bandwidth allocations with the intent to degrade overall system performance. [800-127] (see also attack)

scratch pad store (SPS)

screen scraping

A process used by information aggregators to gather information from a customer's website, whereby the aggregator accesses the target site by logging in as the customer, electronically reads and copies selected information from the displayed webpage(s), then redisplays the information on the aggregator's site. The process is analogous to 'scraping' the information off the computer screen. [FFIEC] (see also access, access control, automated information system, computer, information, process, target)

screened host firewall

It combines a packet-filtering router with an application gateway located on the protected subnet side of the router. [SRV] (see also application, gateway, router, automated information system, firewall)

screened subnet firewall

Conceptually, it is similar to a dual-homed gateway, except that an entire network, rather than a single host is reachable from the outside. It can be used to locate each component of the firewall on a separate system, thereby increasing throughput and flexibility. [SRV] (see also gateway, network, system, firewall)

screening router

(I) A synonym for 'filtering router'. [RFC2828] A router is used to implement part of the security of a firewall by configuring it to selectively permit or deny traffic at a network level. [SRV] (see also filtering router, firewall, network, security, router)

script

A file containing active content; for example, commands or instructions to be executed by the computer. [FFIEC] (see also computer, file)

script bunny

a hacker with little technical savvy who is able to download programs, scripts from rogue web sites or bulletin boards that automate the job of breaking into computers. [FJC] (see also computer, program, hackers)

seal

(O) To use cryptography to provide data integrity service for a data object. (D) ISDs SHOULD NOT use this definition; instead, use language that is more specific with regard to the mechanism(s) used, such as 'sign' when the mechanism is digital signature. [RFC2828] (see also cryptography, digital signature, integrity, object, signature)

secrecy policy

A security policy to prevent unauthorized users from reading sensitive information. [AJP][TNI] (see also authorized, information, security, security policy, users, policy)

secret

(I) (1.) Adjective: The condition of information being protected from being known by any system entities except those who are intended to know it. (2.) Noun: An item of information that is protected thusly. (C) This term applies to symmetric keys, private keys, and passwords. [RFC2828] A PIN or password that is only known to a single entity (as opposed to shared secret). In conjunction with a personal token it is possible to demonstrate 'something you know' authentication when the correct operation of the hardware token is dependent on entering the correct secret. In this scenario, it is not necessary for the secret to be shared in order to establish authentication. [misc] Designation applied to classified information the unauthorized disclosure that could reasonably be expected to cause serious damage to the national security. [DSS] Information that must be known only to authorized users and/or the TSF in order to enforce a specific SFP. [CC2][CC21][SC27] (see also authentication, authorized, classified, damage, entity, information, key, operation, passwords, private key, shared secret, system, tokens, users, TOE security functions, classification levels)

secret and below interoperability (SABI)

secret key

A cryptographic key that is uniquely associated with one or more entities. The use of the term 'secret' in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution. [FIPS 198] A cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term 'secret' in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. [SP 800-57 Part 1] A cryptographic key that is used with a symmetric cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term 'secret' in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. [CNSSI-4009] A cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key. The use of the term 'secret' in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution. [FIPS 201] A cryptographic key used with a secret key cryptographic algorithm, uniquely associated with one or more entities, and that shall not be made public. The use of the term secret in this context does not imply a classification level, rather the term implies the need to protect the key from disclosure or substitution. [SRV] A cryptographic key, used with a secret key cryptographic algorithm, that is uniquely associated with one or more entities and should not be made public. [FIPS 140-2] A key used by a symmetric algorithm to encrypt and decrypt data. [IATF] A key used with symmetric cryptographic techniques and usable only by a set of specified entities. [SC27] A key used with symmetric cryptographic techniques and usable only by a set of specified entities. [ISO/IEC 11770-1: 1996, ISO/IEC WD 13888-1 (11/2001)] A key used with symmetric cryptographic techniques by a set of specified entities. [ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)] Key used with symmetric cryptographic techniques by a set of specified entities. [SC27] A key used with symmetric cryptographic techniques by a set of specified entities. [SC27] Key used with symmetric cryptographic techniques by a set of specified entities. [SC27] The key that two parties share and keep secret for secret key cryptography. Given secret key algorithms of equal strength, the approximate difficulty of decrypting encrypted messages by brute force search can be measured by the number of possible keys. e.g. a key length of 56 bits is over 65,000 times stronger or more resistant to attack than a key length of 40 bits. [AJP] (see also algorithm, attack, classified, cryptographic, message, key, secret-key cryptography, symmetric algorithm)

secret seed

A secret value used to initialize a pseudorandom number generator. [CNSSI-4009] Secure/Multipurpose Internet Mail Extensions (S/MIME) - A set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard [MIME] and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non- repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer's certificate(s). [SP 800-49; CNSSI-4009] (see also authentication, privacy, security)

secret-key cryptography

(I) A synonym for 'symmetric cryptography'. [RFC2828] Cryptography based on a single key (or symmetric cryptography). It uses the same secret key for encryption and decryption. [SRV] Cryptography based on a single key (or symmetric cryptography). It uses the same secret key for encryption and decryption. Messages are encrypted using a secret key and a secret key cryptographic algorithm, such as Skipjack, DES (Data Encryption Standard), RC2 (Rivest Cipher 2), or RC4 (Rivest Cipher 4). [AJP] (see also algorithm, cipher, cryptographic, encryption, message, standard, cryptography, key) (includes secret key)

sector

1) One of the two divisions of the economy (private or public); 2) A group of industries or infrastructures that perform a similar function within a society. (e.g., vital human services) [CIAO] A logical collection of assets, systems, or networks that provide a common function to the economy, government, or society. The NIPP addresses 18 CIKR sectors, identified by the criteria set forth in HSPD-7. [NIPP] (see also function)

sector coordinating council

The private sector counterpart to the GCC, these councils are self-organized, self-run, and self-governed organizations that are representative of a spectrum of key stakeholders within a sector. SCCs serve as the government.s principal point of entry into each sector for developing and coordinating a wide range of CIKR protection activities and issues. [NIPP]

sector coordinator

The majority of critical infrastructures are owned and operated by private sector entities. Members of each critical infrastructure sector will designate an individual to work with the Federal Lead Agency Sector Liaison to address problems related to critical infrastructure protection and recommend components for the National Plan for Information Systems Protection. [CIAO] (see also critical, critical infrastructures, information, system)

sector liaison

An individual of Assistant Secretary rank or higher designated by each Federal Lead Agency who cooperates with private sector representatives in addressing problems related to critical infrastructure protection and recommending components for the National Plan for Information Systems Protection. [CIAO] (see also critical, critical infrastructures, information, system)

sector partnership model

The framework used to promote and facilitate sector and cross-sector planning, coordination, collaboration, and information sharing for CIKR protection involving all levels of government and private sector entities. [NIPP]

sector specialists

DHS Sector Specialists provide coordination and integration capability across the CIKR sectors to provide senior DHS decisionmakers with strategic (nationallevel) situational awareness and assessments of CIKR impacts both on a steady-state basis and during incidents. [NIPP]

sector-specific agency

Federal departments and agencies identified in HSPD-7 as responsible for CIKR protection activities in specified CIKR sectors. [NIPP]

sector-specific plan

Augmenting plans that complement and extend the NIPP Base Plan and detail the application of the NIPP framework specific to each CIKR sector. SSPs are developed by the SSAs in close collaboration with other sector partners. [NIPP]

secure channel

An information path in which the set of all possible senders can be known to the receivers, the set of all possible receivers can be known to the senders, or both. [SRV] (see also information, security)

secure communication protocol

A communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection. [SP 800-57 Part 1; CNSSI-4009] (see also authentication)

secure communications

Telecommunications deriving security through use of NSA-approved products and/or Protected Distribution Systems. [CNSSI-4009] Telecommunications deriving security through use of type 1 products and/or PDSs. [CNSSI] (see also security, telecommunications, communications)

secure configuration management

The set of procedures appropriate for controlling changes to a system's hardware and software structure for the purpose of ensuring that changes will not lead to violations of the computer systems security policy. [AJP][NCSC/TG004][SRV] (see also computer, control, policy, security, software, system, configuration management)

secure copy

Computer program that is part of the Computer Security Toolbox. Secure Copy is a Microsoft-Disk Operating System (MS-DOS)-based program used to eliminate appended data within a file or files while transferring the same from a source disk or diskette to a target disk or diskette. [DSS] (see also security, target)

secure data device

Simple and cost-effective way to protect classified Government data transmissions. The Secure Data Device provides Secure Telephone Unit-III/STE secure data transmission functions without voice features and is fully interoperable with all other Secure Telephone Unit-III/ STE products. It allows the user to access a computer database, send a fax message, or use e-mail and be sure the information is protected. The Secure Data Device was developed under the U.S. Government's Secure Telephone Unit-III/STE program and is approved for use by Federal department, agencies, and Government contractors. [DSS] (see also access, classified, users)

Secure Data Exchange (SDE)

(N) A local area network security protocol defined by the IEEE 802.10 standard. [RFC2828] (see also communications security, network, protocols, standard, security protocol)

Secure Data Network System (SDNS)

(N) An NSA program that developed security protocols for electronic mail (Message Security Protocol), OSI layer 3 (SP3), OSI layer 4 (SP4), and key management (KMP). [RFC2828] (see also National Security Agency, email, key, key management, message, program, protocols, network, security protocol, system)

secure digital net radio interface unit (SDNRIU)

(see also security, interface)

secure DNS

Configuring and operating DNS servers so that the security goals of data integrity and source authentication are achieved and maintained. [SP 800-81] (see also authentication, integrity, security)

Secure Electronic Transaction (SET)

(N) A protocol developed jointly by MasterCard International and Visa International and published as an open standard to provide confidentiality of transaction information, payment integrity, and authentication of transaction participants for payment card transactions over unsecured networks, such as the Internet. (C) This term and acronym are trademarks of SETCo. MasterCard and Visa announced the SET standard on 1 February 1996. On 19 December MasterCard and Visa formed SET Secure Electronic Transaction LLC (commonly referred to as 'SETCo') to implement the SET 1.0 specification. A memorandum of understanding adds American Express and JCB Credit Card Company as co-owners of SETCo. [RFC2828] (see also authentication, confidentiality, information, integrity, internet, network, owner, protocols, standard) (includes SET private extension, SET qualifier, acquirer, baggage, bank identification number, brand, brand CRL identifier, brand certification authority, cardholder, cardholder certificate, cardholder certification authority, certificate, certificate policy, certification, certification hierarchy, dual signature, electronic commerce, encryption, geopolitical certificate authority, issuer, key, merchant, merchant certificate, merchant certification authority, payment card, payment gateway, payment gateway certification authority, primary account number, registration authority, risk, tokens, tunnel)

secure envelope (SENV)

A set of data items that is constructed by an entity in such a way that any entity holding the secret key can verify their integrity and origin. For the purpose of generating evidence, the SENV is constructed and verified by a TTP with a secret key known only to the TTP. [SC27] (see also entity, evidence, integrity, key, security)

secure erase

An overwrite technology using firmware-based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure. [SP 800-88]

secure hash algorithm (SHA)

A hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. [CNSSI-4009] A message digest algorithm that digests a message of arbitrary size to 160 bits. SHA is a cryptographic checksum algorithm. [misc] Algorithm that can generate a condensed message representation called a message digest. [CIAO] An algorithm that can generate a condensed message representation of a message or a data file, called a message digest. [SRV] (see also cryptographic, digital signature algorithm, file, message, algorithm, hash, integrity)

secure hash standard (SHA-1)

(N) The U.S. Government standard that specifies the Secure Hash Algorithm (SHA-1), a cryptographic hash function that produces a 160-bit output (hash result) for input data of any length < 2**64 bits. [RFC2828] Specification for a secure hash algorithm that can generate a condensed message representation called a message digest. [CNSSI][CNSSI-4009] This Standard specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 264 bits (for SHA-1, SHA- 224 and SHA-256) or less than 2128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm. [FIPS 180-4] (see also algorithm, authentication, code, cryptographic, cryptography, function, key, message, random, signature, hash, standard)

secure hypertext transfer protocol (S-HTTP)

(I) A Internet protocol for providing client-server security services for HTTP communications. (C) S-HTTP was originally specified by CommerceNet, a coalition of businesses interested in developing the Internet for commercial uses. Several message formats may be incorporated into S-HTTP clients and servers, particularly CMS and MOSS. S-HTTP supports choice of security policies, key management mechanisms, and cryptographic algorithms through option negotiation between parties for each transaction. S-HTTP supports both asymmetric and symmetric key operation modes. S-HTTP attempts to avoid presuming particular trust model, but it attempts to facilitate multiply-rooted hierarchical trust and anticipates that principals may have many public key certificates. [RFC2828] An extension to the HTTP protocol to protect the privacy and integrity of HTTP communications. [misc] (see also secure socket layer, algorithm, certificate, communications, cryptographic, integrity, key, key management, message, model, operation, privacy, public-key, public-key infrastructure, trust, internet, protocols, security protocol, world wide web)

secure mobile unit (SMU)

(see also security)

secure multipurpose internet mail extensions (S/MIME)

A protocol for sending secure e-mail. [misc] S/MIME A version of the MIME protocol that supports encrypted messages. S/MIME is based on RSA's public-key encryption technology. [IATF] (see also Secure/MIME, message, protocols, public-key, technology, version, email, encryption, internet, key, multipurpose internet mail extensions, security protocol)

secure network server

A device that acts as a gateway between a protected enclave and the outside world. [NSAINT] (see also gateway, network, security)

secure operating system

An operating system that effectively controls hardware and software functions in order to provide the level of protection appropriate to the value of the data and resources managed by the operating system. [SRV] (see also classified, control, function, resource, software, system)

secure profile inspector (SPI)

A network monitoring tool for Unix, developed by the Department of Energy. [NSAINT] (see also network, file, profile, security)

secure shell (SSH)

(I) A protocol for secure remote login and other secure network services over an insecure network. (C) Consists of three major components:

Transport layer protocol: Provides server authentication, confidentiality, and integrity. It may optionally also provide compression. The transport layer will typically be run over a TCP/IP connection, but might also be used on top of any other reliable data stream.
User authentication protocol: Authenticates the client-side user to the server. It runs over the transport layer protocol.
Connection protocol: Multiplexes the encrypted tunnel into several logical channels. It runs over the user authentication protocol.

[RFC2828] A completely encrypted shell connection between two machines protected by a super long pass-phrase. [NSAINT] (see also authentication, confidentiality, connection, encryption, integrity, login, network, protocols, tunnel, users, internet)

secure single sign-on (SSSO)

Secure single sign-on, or SSSO satisfies three synergetic sets of requirements. From an end-user perspective, SSSO refers to the ability of using a single user ID and a single password to logon once and gain access to all resources that one is allowed to access. From an administrative perspective, SSSO allows management of all security-related aspects of one's enterprise from a central location. This includes adding, modifying, and removing users as well as granting and revoking access to resources. From an enterprise perspective, SSSO provides the ability to protect the privacy and the integrity of transactions as well as to engage in auditable and non-repudiable transactions. [misc] (see also access, access control, audit, integrity, logon, non-repudiation, privacy, requirements, resource, security, single sign-on, authorization, passwords)

secure socket layer (SSL)

(N) An Internet protocol (originally developed by Netscape Communications, Inc.) that uses connection-oriented end-to-end encryption to provide data confidentiality service and data integrity service for traffic between a client (often a web browser) and a server, and that can optionally provide peer entity authentication between the client and the server. (C) SSL is layered below HTTP and above a reliable transport protocol (TCP). SSL is independent of the application it encapsulates, and any higher level protocol can layer on top of SSL transparently. However, many Internet applications might be better served by IPsec. (C) SSL has two layers: (a) SSL's lower layer, the SSL Record Protocol, is layered on top of the transport protocol and encapsulates higher level protocols. One such encapsulated protocol is SSL Handshake Protocol. (b) SSL's upper layer provides asymmetric cryptography for server authentication (verifying the server's identity to the client) and optional client authentication (verifying the client's identity to the server), and also enables them to negotiate a symmetric encryption algorithm and secret session key (to use for data confidentiality) before the application protocol transmits or receives data. A keyed hash provides data integrity service for encapsulated data. [RFC2828] A protocol used for protecting private information during transmission via the Internet. Note: SSL works by using a public key to encrypt data that's transferred over the SSL connection. Most Web browsers support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with .https:. instead of .http:.. [CNSSI-4009] A session layer protocol that provides authentication and confidentiality to applications. [NSAINT] A standard by for establishing a secure communication link using a public key system. [misc] An authentication and security protocol widely implemented in browsers and web servers. SSL has been superseded by the newer Transport Layer Security (TLS) protocol; TLS 1.0 is effectively SSL version 3.1. [800-63] An encryption system developed by Netscape. SSL protects the privacy of data exchanged by the website and the individual user. It is used by websites whose names begin with https instead of http. [FFIEC] The secure socket layer is a protocol invented by Netscape Communications, Inc. to provide end-to-end encryption of application layer network traffic. [SRV] (see also secure hypertext transfer protocol, algorithm, application, authentication, communications, confidentiality, connection, cryptography, encryption, entity, hash, hypertext transfer protocol, identity, integrity, internet, internet protocol security, internet security protocol, key, network, privacy, protocols, public-key, remote access software, standard, system, transport layer security, users, version, security protocol, world wide web)

secure state

(I) A system condition in which no subject can access any object in an unauthorized manner. [RFC2828] A condition in which no subject can access any object in an unauthorized manner. [AJP][NCSC/TG004] Condition in which no subject can access any object in an unauthorized manner. [CNSSI][CNSSI-4009] Condition in which no subject can access or utilize any object in an unauthorized manner. [IATF] (see also access, authorized, system, access control) (includes object, subject)

secure subsystem

A subsystem that contains its own implementation of the reference monitor concept for those resources it controls. However, the secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects. [AJP][NCSC/TG004] Subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects. [CNSSI][CNSSI-4009] (see also control, resource, security, system) (includes object, subject)

secure telephone unit (STU)

(see also security)

Secure Telephone Unit III

Secure Telephone Unit-III family includes several interoperable terminals capable of transmitting voice and data through the public telephone network. The Secure Telephone Unit-III can be used as an ordinary telephone but can also be used as a secure terminal, connected through the public telephone network to other Secure Telephone Unit-III's. A Secure Telephone Unit-III provides Secure Telephone Unit-III secure data transmissions functions without voice features. Secure Telephone Unit-III's are endorsed by the National Security Agency for protecting classified or sensitive, unclassified U.S. Government information, when appropriately keyed. [DSS] (see also classified, security)

secure terminal equipment (STE)

(see also security)

secure working area

Accredited facility or area that is used for handling, discussing and/or processing, but not storage of Special Access Program information. [DSS] (see also access)

Secure/MIME

(I) Secure/Multipurpose Internet Mail Extensions, an Internet protocol to provide encryption and digital signatures for Internet mail messages. [RFC2828] (see also secure multipurpose internet mail extensions, digital signature, encryption, message, protocols, signature, internet)

security

security architecture

(I) A plan and set of principles that describe (a) the security services that a system is required to provide to meet the needs of its users, (b) the system elements required to implement the services, and (c) the performance levels required in the elements to deal with the threat environment. (C) A security architecture is the result of applying the system engineering process. A complete system security architecture includes administrative security, communication security, computer security, emanations security, personnel security, and physical security. A complete security architecture needs to deal with both intentional, intelligent threats and accidental kinds of threats. [RFC2828] A detailed description of all aspects of the computer system that relate to security, along with a set of principles to guide the design. A security architecture describes how the system is put together to satisfy the security requirements. [NSAINT] The subset of computer architecture dealing with the security of the computer or network system. [AJP][TNI] (see also communications security, computer, computer security, emanation, emanations security, network, process, requirements, system, threat, users, security) (includes computer architecture, network architecture)

security assertion markup language (SAML)

An XML-based security specification developed by OASIS for exchanging authentication (and authorization) information between trusted entities over the Internet. [800-63] (see also application, authentication, authorization, information, internet, interoperability, standard, trust, security) (includes SAML authentication assertion)

security association

(I) A relationship established between two or more entities to enable them to protect data they exchange. The relationship is used to negotiate characteristics of protection mechanisms, but does not include the mechanisms themselves. (C) A security association describes how entities will use security services. The relationship is represented by a set of information that is shared between the entities and is agreed upon and considered a contract between them. (O) IPsec usage: A simplex (uni-directional) logical connection created for security purposes and implemented with either AH or ESP (but not both). The security services offered by a security association depend on the protocol selected, the IPsec mode (transport or tunnel), the endpoints, and the election of optional services within the protocol. A security association is identified by a triple consisting of (a) a destination IP address, (b) a protocol (AH or ESP) identifier, and (c) a Security Parameter Index. [RFC2828] A relationship established between two or more entities to enable them to protect data they exchange. [CNSSI-4009] Set of values that define the features and protections applied to a connection. [800-77] The logical set of security parameters containing elements required for authentication, key establishment, and data encryption. [800-127] The set of security information relating to a given network connection or set of connections. This definition covers the relationship between policy and connections. Security associations (SAs) are typically set up during connection establishment, and they may be reiterated or revoked during a connection. For purposes of benchmarking firewall performance, measurements of bit forwarding rate or UOTs per second must be taken after all security associations have been established. [RFC2647] (see also authentication, connection, connection establishment, establishment, information, internet protocol security, internet security protocol, policy, protocols, revoked state, ruleset, tunnel, association, security protocol)

security association identifier (SAID)

(I) A data field in a security protocol (such as NLSP or SDE), used to identify the security association to which a protocol data unit is bound. The SAID value is usually used to select a key for decryption or authentication at the destination. [RFC2828] A unique 16-bit value that identifies the SA. [800-127] (see also authentication, identify, key, protocols, association, security protocol)

security association lifetime

How often each SA should be recreated, based on elapsed time or the amount of network traffic. [800-77] (see also association, security)

security assurance

Written confirmation requested by and exchanged between governments of the security clearance level or eligibility for clearance, of their employees, contractors, and citizens. It includes a statement by a responsible official of a foreign government that the original recipient of U.S. classified information possesses the requisite security clearance and is approved by his or her government for access to information of the security classification involved on behalf of the foreign government and that the recipient will comply with any security requirements specified by the United States. In the case of contractors, the security assurance includes a statement concerning the level of storage capability. [DSS] (see also access, classified, foreign, requirements, assurance)

security attribute

A security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes. [FIPS 188] An abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy. [SP 800-53; CNSSI-4009] Information associated with subjects, users and/or objects that is used for the enforcement of the TSP. [CC2][CC21][SC27] (see also access, control, information, users, security) (includes TOE security functions, object, subject)

security audit

(I) An independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures. [I7498 Part 2, NCS01] (C) The basic audit objective is to establish accountability for system entities that initiate or participate in security-relevant events and actions. Thus, means are needed to generate and record security audit trail and to review and analyze the audit trail to discover and investigate attacks and security compromises. [RFC2828] A search through a computer system for security problems and vulnerabilities. [NSAINT] An examination of security procedures and measures for the purpose of evaluating their adequacy and compliance with established policy. [SRV] Independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures. [800-82] (see also attack, compromise, computer, control, countermeasures, object, policy, system, vulnerability, audit)

security audit trail

(I) A chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to final results. [RFC2828] The set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions. [AJP][TCSEC] (see also evidence, operation, process, system, audit trail)

security authority

The entity accountable for the administration of a security policy within a security domain. [SC27] (see also domain, entity, policy, authority, security)

security awareness, training, and education

A family of security controls in the operations class dealing with ensuring that employees receive adequate training to fulfill their security responsibilities. [800-37] (see also control, operation, security)

security banner

A banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. Also can refer to the opening screen that informs users of the security implications of accessing a computer resource. [CNSSI-4009] (see also access, users, security)

security breach

A violation of controls of a particular information system such that information assets or system components are unduly exposed. [AFSEC] (see also control, information, system, security, threat)

security categorization

The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems. [SP 800-37][SP 800-39][SP 800-53A] The process of determining the security category for information or an information system. See Security Category. [SP 800-53] (see also security)

security category

The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, or the nation. [800-60][CNSSI-4009][SP 800-53][SP 800-60] The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals. [FIPS 199][FIPS 200][SP 800-18] (see also assessment, availability, information, integrity, operation, system, security)

security certificate

A chunk of information (often stored as a text file) that is used by the SSL protocol to establish a secure connection. [AFSEC] (see also connection, file, information, protocols, certificate, security)

security certification level

A combination of techniques and procedures used during a C&A process to verify the correctness and effectiveness of security controls in an IT system. Security certification levels, ident ified as SCL-1, SCL-2, or SCL-3, represent increasing levels of intensity and rigor in the verification process and include such techniques as reviewing and examining documentation, interviewing personnel, conducting demonstrations and exercises, conducting functional, regression, and penetration testing, and analyzing system design documentation. [800-37] (see also control, function, penetration, process, security testing, system, test, verification, certification, security)

security class

(D) A synonym for 'security level'. For consistency, ISDs SHOULD use 'security level' instead of 'security class'. [RFC2828] (see also security)

security classification guides

Security Classification Guides are issued for each system, plan, program or project in which classified information is involved. [DSS] (see also classified, security)

security clearance

(I) A determination that a person is eligible, under the standards of a specific security policy, for authorization to access sensitive information or other system resources. [RFC2828] Also referred to as a 'clearance'. An administrative authorization for access to national security information up to a stated classification level (TOP SECRET, SECRET, CONFIDENTIAL). A security clearance does not, by itself, allow access to controlled access programs. [DSS] (see also access, access approval, access control, authorization, authorized, classified, clearance level, collateral information, controlled access programs, information, policy, process, resource, special access program, standard, system, trust, security)

security cognizance

Defense Security Service office assigned the responsibility for discharging industrial security responsibilities. [DSS] (see also security)

security compromise

(I) A security violation in which a system resource is exposed, or is potentially exposed, to unauthorized access. [RFC2828] Disclosure of classified information to persons not authorized access. [DSS] (see also access, access control, authorized, classified, resource, system, unauthorized access, compromise, security)

security concept of operations

(Security CONOP) A security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system's contribution to the operational mission. [CNSSI-4009] (see also users, security)

security control assessment

The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [SP 800-37; SP 800-53; SP 800-53A] The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise. [CNSSI-4009] (see also evaluation, management, requirements, control, security)

security control assessor

The individual, group, or organization responsible for conducting a security control assessment. [SP 800-37; SP 800-53A] (see also control, security)

security control baseline

One of the sets of minimum security controls defined for federal information systems in NIST Special Publication 800-53 and CNSS Instruction 1253. [SP 800-53A] The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. [FIPS 200][SP 800-53] (see also control, security)

security control effectiveness

The measure of correctness of implementation (i.e. how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance. [SP 800-137] (see also risk, control, security)

security control enhancements

Statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control. [CNSSI-4009; SP 800-53A; SP 800-39] Statements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control. [SP 800-53; SP 800-18] (see also control, security)

security control inheritance

A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control. [SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009] (see also control, security)

security controls

Management, operational, and technical controls (i.e. safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. (NIST Special Pub 800-53) [CNSSI] Management, operational, and technical measures prescribed for an IT system which, taken together, satisfy the specified security requirements and protect the confidentiality, integrity, and availability of the system and its information. Security controls can be selected from a variety of families including risk management, system development and acquisition, configuration management, system interconnection, personnel security, media protection, physical and environmental protection, contingency planning, incident response capability, hardware and system software maintenance, system and data integrity, security awareness, training, and education, documentation, identification and authentication, logical access, audit, and communications. [800-37] The management, operational, and technical controls (i.e. safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. [800-60][800-82][SP 800-53; SP 800-37; SP 800-53A; SP 800-60; FIPS] (see also security measures, IT security controls, access, access control, application controls, audit, authentication, availability, baseline controls, communications, computer related controls, confidentiality, connection, countermeasures, identification, incident, information, integrity, management, management controls, operation, operational controls, questions on controls, requirements, response, risk, risk management, software, system, technical controls, control, security) (includes external security controls, internal security controls)

security countermeasures

Actions, devices, procedures, and/or techniques for reducing security risk. [DSS] countermeasures that are aimed at specific threats and vulnerabilities or involve more sophisticated techniques as well as activities traditionally perceived as security. [AFSEC][NSAINT] (see also risk, vulnerability, countermeasures, security)

security director

Senior individual responsible for the overall security management of Special Access Program within that activity. [DSS] (see also access, security)

security domain

A collection of entities to which applies a single security policy executed by a single authority. [FIPS 188] A collections of users and systems subject to a common security policy. [SC27] A domain that implements a security policy and is administered by a single authority. [SP 800-37; SP 800-53; CNSSI-4009] A set of subjects, their information objects, and a common security policy. [800-33][SP 800-27][SRV] The sets of objects that a subject has the ability to access. [NSAINT] Within an information system, the set of objects that is accessible. Access is determined by the controls associated with information properties such as its security classification, security compartment or sensitivity. Controls are applied both within the information system and in its connection to other classified or unclassified information systems. [DSS] (see also access, access control, classified, connection, information, object, policy, subject, system, users, domain, security)

security element

An indivisible security requirement. [CC2][CC21][SC27] (see also security)

security enforcing

That which directly contributes to satisfying the security objectives of the Target of Evaluation. [AJP][ITSEC] (see also target, risk management, target of evaluation) (includes object)

security engineering

An interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development lifecycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem. [CNSSI-4009] (see also development, requirements, security)

security environment

(I) The set of external entities, procedures, and conditions that affect secure development, operation, and maintenance of a system. [RFC2828] (see also operation, system, security)

security environment changes

Changes that have a detrimental effect on the facility. Changes to the inspectable space, addition of a radio transmitter or a modern for external communications, removal or reduction of an existing Transient Electromagnetic Pulse Emanation Standard, or TEMPEST, countermeasure (for example, Radio Frequency Interference Shielding, Filters, Control/ Inspectable space) would be changes to the security environment. [DSS] (see also security)

security environment threat list

List of countries with U.S. diplomatic missions compiled by the Department of State and updated semiannually. The listed countries are evaluated based on transnational terrorism; political violence; human intelligence; technical threats; and criminal threats. The following four threat levels are based on these evaluations: Critical - defined as a definite threat to U.S. assets based on an adversary's capability, intent to attack, and targeting conducted on a recurring basis. High - defined as a credible threat to U.S. assets based on knowledge of an adversary's capability, intent to attack, and related incidents at similar facilities. Medium - defined as a potential threat to U.S. assets based on knowledge of an adversary's desire to compromise the assets and the possibility that the adversary could obtain the capability to attack through a third party who has demonstrated such a capability; Low - defined as little as no threat as a result of the absence of credible evidence of capability, intent, or history of actual or planned attack against U.S. assets. [DSS] (see also adversary, attack, compromise, criminal, critical, evaluation, evidence, intelligence, target, security, threat)

security evaluation

An evaluation done to assess the degree of trust that can be placed in systems for the secure handling of sensitive information. It is a major step in the certification and accreditation process. [SRV] An evaluation done to assess the degree of trust that can be placed in systems for the secure handling of sensitive information. One type, a product evaluation, is an evaluation performed on the hardware and software features and assurances of a computer product from a perspective that excludes the application environment. The other type, a system evaluation, is done for the purpose of assessing a system's security safeguards with respect to a specific operational mission and is a major step in the certification and accreditation process. [AJP][NCSC/TG004][OVT] (see also accreditation, application, assurance, computer, information, operation, process, software, system, trust, evaluation, risk management)

security event

(I) A occurrence in a system that is relevant to the security of the computer system.(C) The term includes both events that are security incidents and those that are not. In a CA workstation, for example, a list of security events might include the following:

Performing a cryptographic operation, e.g. signing a digital certificate or CRL.
Performing a cryptographic card operation: creation, insertion, removal, or backup.
Performing a digital certificate lifecycle operation: rekey, renewal, revocation, or update.
Posting information to an X.500 Directory.
Receiving a key compromise notification.
Receiving an improper certification request.
Detecting an alarm condition reported by a cryptographic module.
Logging the operator in or out.
Failing a built-in hardware self-test or a software system integrity check.

[RFC2828] An event that compromises the confidentiality, integrity, availability, or accountability of an information system. [FFIEC] (see also availability, backup, certificate, certification, compromise, computer, confidentiality, cryptographic, cryptography, incident, information, integrity, key, lifecycle, module, operation, public-key infrastructure, rekey, renewal, revocation, security incident, security-relevant event, software, system, test, update, security)

security fault analysis (SFA)

(I) A security analysis, usually performed on hardware at a logic gate level, gate-by-gate, to determine the security properties of device when a hardware fault is encountered. [RFC2828] A security analysis, usually performed on hardware at gate level, to determine the security properties of a device when a hardware fault is encountered. [AJP][NCSC/TG004] An assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered. [CNSSI-4009] Assessment, usually performed on IS hardware, to determine the security properties of a device when hardware fault is encountered. [CNSSI] (see also assessment, analysis, fault, risk analysis, security)

security features

The security relevant functions, mechanisms, and characteristics of system hardware and software. Security features are a subset of system security safeguards. [SRV] The security-relevant functions, mechanisms, and characteristics of AIS hardware and software. [NSAINT] The security-relevant functions, mechanisms, and characteristics of system hardware and software. Security features are a subset of system security safeguards. [AJP][NCSC/TG004] These are features which provide protection or enable end-users and administrators to assess the security of a system, for example, by auditing it. [RFC2504] (see also audit, function, software, system, users, security safeguards)

security features users guide (SFUG)

(SFUG) Guide or manual explaining how the security mechanisms in a specific system work. [CNSSI-4009] Guide or manual explaining how the security mechanisms in a specific system work. [CNSSI] (see also system, security, users)

security filter

A secure subsystem of an information system that enforces security policy on the data passing through it. [CNSSI-4009] A trusted subsystem that enforces a security policy on the data that pass through it. [AJP][NCSC/TG004] IS trusted subsystem that enforces security policy on the data passing through it. [CNSSI] (see also policy, system, trust, security) (includes firewall)

security flaw

An error of commission or omission in a system that may allow protection mechanisms to be bypassed. [AFSEC][AJP][NCSC/TG004][OVT] (see also system, security, threat)

security flow analysis

A security analysis performed on a formal system specification that locates potential flows of information within the system. [AJP][NCSC/TG004] (see also information, system, analysis, flow, security)

security function policy (SFP)

The security policy enforced by an SF. [CC2][CC21][SC27] (see also function, policy, security policy) (includes object)

security functions (SF)

A part or parts of the TOE [Target of Testing] that have to be relied upon for enforcing a closely related subset of the rules from the TSP [TOE Security Policy]. [OVT] A part or parts of the TOE that have to be relied upon for enforcing a closely related subset of the rules from the TSP. [CC2][CC21][SC27] The hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. [SP 800-53] (see also policy, security testing, software, target, test, function, security, target of evaluation) (includes object)

security gateway

(I) A gateway that separates trusted (or relatively more trusted) hosts on the internal network side from untrusted (or less trusted) hosts on the external network side. (O) IPsec usage: 'An intermediate system that implements IPsec protocols.' Normally, AH or ESP is implemented to serve a set of internal hosts, providing security services for the hosts when they communicate with other, external hosts or gateways that also implement IPsec. [RFC2828] (see also internet protocol security, internet security protocol, network, protocols, system, trust, gateway, security)

security goals

The IT security goal is to enable an organization to meet all mission/business objectives by implementing systems with due care consideration of IT-related risks to the organization, its partners, and its customers. [800-33] The five security goals are integrity, availability, confidentiality, accountability, and assurance. [800-30][SRV] The integrity, availability, confidentiality, accountability, and assurance. [SP 800-27] (see also IT security, object, risk, system, security) (includes accountability, assurance, availability, confidentiality, integrity)

security impact analysis

The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system. [CNSSI-4009][SP 800-37][SP 800-53][SP 800-53A] (see also security)

security in-depth

Determination made by the Program Security Officer that a facility's security program consists of layered and complementary security controls sufficient to deter and detect unauthorized entry and movement within the facility. [DSS] Synonymous with defense in depth. [CNSSI] (see also authorized, security)

security incident

(I) A security event that involves a security violation. (C) In other words, a security-relevant system event in which the systems security policy is disobeyed or otherwise breached. (O) 'Any adverse event which compromises some aspect of computer or network security.'(D) ISDs SHOULD NOT use this 'O' definition because (a) a security incident may occur without actually being harmful (i.e. adverse) and (b) this Glossary defines 'compromise' more narrowly in relation to unauthorized access. [RFC2828] Any act or circumstance that involves classified information that deviates from the requirements of governing security publications, for example, compromise, possible compromise, inadvertent disclosure, and deviation. An event involving classified information in which there is a deviation from the requirements of the governing security regulations. [AFSEC] Any act or circumstance that involves classified information that deviates from the requirements of governing security publications. For example, compromise, possible compromise, inadvertent disclosure, and deviation. [NSAINT] Security compromise, infraction, or violation. [DSS] (see also Forum of Incident Response and Security Teams, access, access control, activity security manager, authorized, classified, classified information spillage, communications security, compromise, computer, data compromise, inadvertent disclosure incident, information, network, policy, requirements, security event, security intrusion, suspicious event, system, unauthorized access, vulnerability, incident, security) (includes Guidelines and Recommendations for Security Incident Processing, IT security incident, automated security incident measurement, computer security incident, computer security incident response capability, computer security incident response team, program automated information system security incident support team)

security information object

An instance of an SIO class. [SC27] (see also information, object, security)

security information object class

An Information Object Class that has been tailored for security use. [SC27] (see also information, object, security)

security infraction

Incident not in the best interest of security and not involving the loss, compromise, or suspected compromise of classified information. [DSS] (see also classified, compromise, security)

security inspection

Examination of an IS to determine compliance with security policy, procedures, and practices. [CNSSI] Examination of an information system to determine compliance with security policy, procedures, and practices. [CNSSI-4009] (see also policy, security)

security intrusion

(I) A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so. [RFC2828] (see also access, access control, authorization, resource, security incident, system, incident, intrusion, security)

security kernel

(I) 'The hardware, firmware, and software elements of a trusted computing base that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct.' (C) That is, a security kernel is an implementation of a reference monitor for a given hardware base. [RFC2828] Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct. [CNSSI][CNSSI-4009] The central part of a computer system that implements the fundamental security procedures for controlling access to system resources. A most trusted portion of a system that enforces a fundamental property, and on which the other portions of the computer system depend. [SRV] The hardware, firmware, and software elements of a TCB that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct. [NCSC/TG004] The hardware, firmware, and software elements of a Trusted Computing Base (or Network Trusted Computing Base partition) that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct. [AJP][TNI] The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct. [NSAINT][TCSEC] (see also access, computer, control, network, property, resource, software, system, trust, access control, reference monitor concept)

security label

(I) A marking that is bound to a system resource and that names or designates the security-relevant attributes of that resource. [I7498 Part 2, R1457] (C) The recommended definition is usefully broad, but usually the term is understood more narrowly as a marking that represents the security level of an information object, i.e. a marking that indicates how sensitive an information object is. (C) System security mechanisms interpret security labels according to applicable security policy to determine how to control access to the associated information, otherwise constrain its handling, and affix appropriate security markings to visible (printed and displayed) images thereof. [RFC2828] A designation assigned to a system resource such as a file that cannot be changed except in emergency situations. The label can be used to protect against computer viruses and corporate espionage. A security level (i.e. a classification level) is associated with an object. [SRV] A marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. [FIPS 188] A piece of information that represents the security level of an object. [NCSC/TG004] Explicit or implicit marking of a data structure or output media associated with an information system representing the FIPS 199 security category, or distribution limitations or handling caveats of the information contained therein. [800-53] Information representing the sensitivity of a subject or object, such as UNCLASSIFIED or its hierarchical classification (CONFIDENTIAL, SECRET, TOP SECRET) together with any applicable nonhierarchical security categories (e.g., sensitive compartmented information, critical nuclear weapon design information). [CNSSI] Information that represents or designates the value of one or more security relevant-attributes (e.g., classification) of a system resource. [CNSSI-4009] Piece of information that represents the sensitivity of a subject or object, such as its hierarchical classification (CONFIDENTIAL, SECRET, TOP SECRET) together with any applicable non-hierarchical security categories (e.g. sensitive compartmented information, critical nuclear weapon design information). [NSAINT] The means used to associate a set of security attributes with a specific information object as part of the data structure for that object. [SP 800-53] (see also access, access control, classification levels, classified, computer, control, critical, file, information, policy, resource, subject, system, virus, security) (includes label, object, sensitivity label)

security level

(I) The combination of a hierarchical classification level and a set of non-hierarchical category designations that represents how sensitive information is. [RFC2828] A hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy being enforced, a specific level of protection. [FIPS 188] Clearance or classification and a set of designators of special access approvals; in other words, a clearance and a set of designators of special access approval or a classification and a set of such designators, the former applying to a user, the latter applying, for example, to a computer object. [DSS] The combination of a hierarchical classification and a set of non-hierarchical categories that represents the sensitivity of information. [AJP][NCSC/TG004][NSAINT][TCSEC][TNI] The combination of hierarchical classification and a set of non-hierarchical categories that represent the sensitivity of information. A clearance level associated with a subject, or a classification level (or sensitivity label) associated with an object. [SRV] (see also access, classification levels, classified, information, object, subject, threat, users, security) (includes access level)

security management

The process of monitoring and controlling access to network resources. This includes monitoring usage of network resources, recording information about usage of resources, detecting attempted or successful violations, and reporting such violations. [SRV] (see also access, access control, control, information, network, process, resource, security)

security management dashboard

A tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders. [SP 800-128] (see also management, security)

security management infrastructure (SMI)

(I) System elements and activities that support security policy by monitoring and controlling security services and mechanisms, distributing security information, and reporting security events. The associated functions are as follows [I7498-4]:

Controlling (granting or restricting) access to system resources: This includes verifying authorizations and identities, controlling access to sensitive security data, and modifying access priorities and procedures in the event of attacks.
Retrieving (gathering) and archiving (storing) security information: This includes logging security events and analyzing the log, monitoring and profiling usage, and reporting security violations.
Managing and controlling the encryption process: This includes performing the functions of key management and reporting on key management problems.

[RFC2828] A set of interrelated activities providing security services needed by other security features and mechanisms; SMI functions include registration, ordering, key generation, certificate generation, distribution, accounting, compromise recovery, rekey, destruction, data recovery, and administration. [IATF] (see also access, access control, attack, authorization, certificate, compromise, control, encryption, function, information, policy, process, recovery, registration, rekey, resource, system, key, security)

security markings

Human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein. For intelligence information, these could include compartment and sub-compartment indicators and handling restrictions. [CNSSI-4009] Human-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings. [SP 800-53] (see also security)

security measures

Elements of software, firmware, hardware, or procedures that are included in a system for the satisfaction of security specifications. [AJP][NCSC/TG004][OVT] (see also security controls, software, system, risk management)

security mechanism

(1) That which implements a security function. (2) The logic or algorithm that implements a particular security enforcing or security-relevant function in hardware and software. [AJP] (I) A process (or a device incorporating such a process) that can be used in a system to implement a security service that is provided by or within the system. (C) Some examples of security mechanisms are authentication exchange, checksum, digital signature, encryption, and traffic padding. [RFC2828] A device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design. [CNSSI-4009] That which implements a security function. [JTC1/SC27] The logic or algorithm that implements a particular security enforcing or security relevant function in hardware and software. [ITSEC] (see also algorithm, assurance, authentication, digital signature, encryption, function, process, signature, software, system, risk management)

security model

(I) A schematic description of a set of entities and relationships by which a specified set of security services are provided by or within a system. (C) An example is the Bell-LaPadula model. [RFC2828] (see also system, model, security) (includes Bell-LaPadula security model)

security net control station

Management system overseeing and controlling implementation of network security policy. [CNSSI][CNSSI-4009] (see also communications security, management, network, policy, system, control, security)

security objectives

A statement of intent to counter identified threats and/or satisfy identified organisation security policies and assumptions. [CC2][CC21][SC27] Confidentiality, integrity, or availability. [SP 800-53; SP 800-53A; SP 800-60; SP 800-37; FIPS] The contribution to security which a Target of Evaluation is intended to achieve. [ITSEC] The contribution to security which a system or product is intended to achieve. [AJP][JTC1/SC27] The five security objectives are integrity, availability, confidentiality, accountability, and assurance. [800-33] (see also accountability, assurance, confidentiality, integrity, system, target, threat, object, risk analysis, security, target of evaluation)

security officer

The ADP official having the designated responsibility for the security of and ADP system [NSAINT] When used alone, includes both Contractor Program Security Officers and activity security officers at Government facilities. [DSS] (see also system, officer, security)

security parameters index (SPI)

(I) IPsec usage: The type of security association identifier used in IPsec protocols. A 32-bit value used to distinguish among different security associations terminating at the same destination (IP address) and using the same IPsec security protocol (AH or ESP). Carried in AH and ESP to enable the receiving system to determine under which security association to process a received packet. [RFC2828] Arbitrarily chosen value that acts as a unique identifier for an IPsec connection. [800-77] (see also association, connection, internet protocol security, internet security protocol, process, protocols, system, security)

security perimeter

(I) The boundary of the domain in which a security policy or security architecture applies; i.e. the boundary of the space in which security services protect system resources. [RFC2828] A boundary within which security controls are applied to protect assets. A security perimeter typically includes a security kernel, some trusted-code facilities, hardware, and possibly some communications channels. [SRV] Boundary where security controls are in effect to protect assets. [CNSSI] The boundary where security controls are in effect to protect assets. [AJP][NCSC/TG004][NSAINT] (see also accreditation boundary, authorization, boundary, code, communications, control, domain, external security testing, insider, internal security testing, policy, remote access, remote diagnostics, resource, system, trust, access control) (includes perimeter-based security)

security plan

Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. See 'System Security Plan' or 'Information Security Program Plan'. [SP 800-53; SP 800-53A; SP 800-37; SP 800-18] Formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements. [800-82] Formal document that provides an overview of the security requirements of the IT system and describes the security controls in place or planned for meeting those requirements. [800-37] (see also control, information, requirements, system, security)

security policy

(1) A set of rules and procedures regulating the use of information, including its processing, storage, distribution, and presentation. (2) The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. [AJP] (I) A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources. (O) 'The set of rules laid down by the security authority governing the use and provision of security services and facilities.' (C) Ravi Sandhu notes that security policy is one of four layers of the security engineering process (as shown in the following diagram). Each layer provides a different view of security, ranging from what services are needed to how services are implemented. What Security Services Should Be Provided?

 
| + - - - - - - - - - - - + 
| | Security Policy       | 
| + - - - - - - - - - - - + + - - - - - - - - - - - - - - + 
| | Security Model        | | A 'top-level specification' | 
| + - - - - - - - - - - - + <- | is at a level below 'model' | 
| | Security Architecture | | but above 'architecture'. | 
| + - - - - - - - - - - - + + - - - - - - - - - - - - - - + 
| | Security Mechanism    | 
| + - - - - - - - - - - - + 
v 
How Are Security Services Implemented?

[RFC2828] A security policy is written by organisations to address security issues, in the form of 'do's' and 'don'ts'. These guidelines and rules are for users with respect to physical security, data security, information security and content (eg. rules stating that sites with sexual content should not be visited, and that copyrights should be honoured when downloading software, etc). [RFC2504] A set of criteria for the provision of security services. [SP 800-37; SP 800-53; CNSSI-4009] A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data. [FIPS 188] A set of rules and procedures regulating the use of information including its processing, storage, distribution and presentation. [JTC1/SC27] Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions 'what' and 'why' without dealing with 'how.' Policies are normally stated in terms that are technology-independent. [800-82] Set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. A complete security policy will necessarily address many concerns beyond the scope of computers and communications. [DSS] The rules and requirements established by an organization governing the acceptable use of its information and services, and the level and means for protecting the confidentiality, integrity, and avaliability of its information. [800-130] The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. [AJP][FCv1][NCSC/TG004][NSAINT][TCSEC][TDI][TNI] The statement of required protection of the information objects. [800-33][SP 800-27][SRV] What security means to the user; a statement of what is meant when claims of security are made. More formally, it is the set of rules and conditions governing the access and use of information. Typically, a security policy will refer to the conventional security services, such as confidentiality, integrity, availability, etc., and perhaps their underlying mechanisms and functions. [IATF] (see also access, access control, authority, availability, confidentiality, critical, function, incident, information, information protection policy, information security, integrity, integrity policy, model, operation, process, program, requirements, resource, secrecy policy, software, system, technology, threat, users, component operations, policy, risk management, security-relevant event) (includes FIPS approved security method, TOE security policy, corporate security policy, critical security parameters, cryptographic module security policy, formal security policy model, object, organisational security policy, security function policy, security policy model, system security policy, technical security policy, trusted functionality, trusted process, trusted subject, usage security policy)

security policy automation network

Wide area computer network sponsored by the Office of the Under Secretary of Defense for Policy Support consisting of a Department of Defense SECRET classified network and a separately supported unclassified network that supports communications with foreign among Department of Defense activities on foreign disclosure, export control, and international arms control and cooperation. [DSS] (see also classified, computer network, foreign, network, security)

security policy board

Board the Presient established to consider, coordinate, and recommend policy directives for U.S. security policies, procedures, and practices. [DSS] (see also security)

security policy information file

A construct that conveys domain-specific security policy information. [SC27] (see also domain, file, information, policy, security)

security policy model

(1) A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information. (2) An informal presentation of a formal security policy model. Note: this is the original definition from the U.S. Trusted Computer System Evaluation Criteria. [AJP] A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information. [NCSC/TG004][NSAINT] An informal presentation of a formal security policy model. [TCSEC][TNI] (see also computer, criteria, evaluation, identify, information, system, trust, trusted computer system, model, policy, security policy) (includes anomaly detection model, misuse detection model)

security posture

The security status of an enterprise's networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. [CNSSI-4009] (see also software, security)

security profile

Approved aggregate of hardware/software and administrative controls used for protecting the system. [DSS] (see also security)

security program manager

Ensures a standard C&A process is used throughout the agency, provides internal C&A guidance or policy, and, if appropriate, reviews certification packages prior to DAA review. [800-37] (see also certification, policy, process, standard, program, security)

security program plan

Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements. [CNSSI-4009] (see also control, management, requirements, security)

Security Protocol 3 (SP3)

(O) A protocol developed by SDNS to provide connectionless data security at the top of OSI layer 3. [RFC2828] (see also connection, protocols, security protocol)

Security Protocol 4 (SP4)

(O) A protocol developed by SDNS to provide either connectionless or end-to-end connection-oriented data security at the bottom of OSI layer 4. [RFC2828] (see also connection, protocols, security protocol)

security protocol

security purpose

The IS security purpose is to provide value by enabling an organization to meet all mission/business objectives while ensuring that system implementations demonstrate due care consideration of risks to the organization and its customers. [SRV] (see also computer security, object, risk, system, security)

security range

Highest and lowest security levels that are permitted in or on an IS, system component, subsystem, or network. [CNSSI] Highest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network. [CNSSI-4009] The highest and lowest security levels that are permitted in or on a system, system component, subsystem, or network. [AJP][NCSC/TG004] (see also network, system, risk index, security)

security relevant

that which is not security enforcing, but must function correctly for the Target of Evaluation to enforce security. [AJP][ITSEC] (see also function, target, security, target of evaluation) (includes security-relevant event)

security requirements

Requirements levied on an information system that are derived from laws, executive orders, directives, policies, instructions, regulations, or organizational (mission) needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted. [800-53] Security requirements generally include both requirements for the presence of desired behavior and requirements for the absence of undesired behavior. It is normally possible to demonstrate, by use or testing, the presence of the desired behavior. It is not always possible to perform a conclusive demonstration of absence of undesired behavior. Testing, design review, and implementation review contribute significantly to reducing the risk that such undesired behavior is present. [OVT] The types and levels of protection necessary for equipment, data, information, applications, and facilities to meet security policy. [AJP][NCSC/TG004][SRV] Types and levels of protection necessary for equipment, data, information, applications, and facilities to meet IS security policy. [CNSSI] Types and levels of protection necessary for equipment, data, information, applications, and facilities. [NSAINT] (see also application, availability, computer security, information, integrity, policy, process, security testing, system, test, requirements, risk analysis, security target) (includes security requirements baseline)

security requirements baseline

A description of minimum requirements necessary for a system to maintain an acceptable level of security. [AJP][NCSC/TG004] Description of the minimum requirements necessary for an IS to maintain an acceptable level of security. [CNSSI] (see also system, baseline, security requirements)

security requirements review (SRR)

(see also requirements, security)

security safeguards

Protective measures and controls prescribed to meet the security requirements specified for an IS. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. [CNSSI] Protective measures and controls prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. [CNSSI-4009] The protective measures and controls that are prescribed to meet the security requirements specified for a system. Those safeguards may include but are not necessarily limited to hardware and software security features, operating procedures, accountability procedures, access and distribution controls, management constraints, personnel security, and physical structures, areas, and devices. [AJP][NCSC/TG004] (see also access, access control, availability, control, countermeasures, management, requirements, risk, security, security software, software, system, Automated Information System security) (includes security features)

security service

(I) A processing or communication service that is provided by a system to give a specific kind of protection to system resources. (O) 'A service, provided by a layer of communicating open systems, which ensures adequate security of the computer systems or the data transfers.' (C) Security services implement security policies, and are implemented by security mechanisms. [RFC2828] A capability that supports one, or many, of the security goals. Examples of security services are key management, access control, and authentication. [SP 800-27] A capability that supports one, or more, of the security requirements (Confidentiality, Integrity, Availability). Examples of security services are key management, access control, and authentication. [CNSSI-4009] A service, provided by a layer of communicating open systems, which ensures adequate security of the computer systems or of data transfers. [NSAINT] (see also access, authentication, availability, computer, control, management, process, requirements, resource, security software, system, security)

security situation

(I) ISAKMP usage: The set of all security-relevant information-- e.g. network addresses, security classifications, manner of operation (normal or emergency)--that is needed to decide the security services that are required to protect the association that is being negotiated. [RFC2828] (see also association, classification levels, classified, information, network, operation, security)

security software

security specifications

A detailed description of the safeguards required to protect a system. [AJP][NCSC/TG004] Detailed description of the safeguards required to protect an IS. [CNSSI] Detailed description of the safeguards required to protect an information system. [CNSSI-4009] (see also system, development process, risk analysis, security)

security strength

A measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g. plaintext/ciphertext pairs for a given encryption algorithm). [SP 800-108] A number associated with the amount of work (that is, the base 2 logarithm of the number of operations) that is required to break a cryptographic algorithm or system. [800-130] A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. Sometimes referred to as a security level. [FIPS 186] (see also algorithm, cipher, critical, cryptographic, encryption, information, operation, system, security)

security support programming interface (SSPI)

A standard programming interface by Microsoft Corporation where two applications can establish a security context independent of the underlying security mechanisms. SSPI is very similar to GSS-API and may be eventually replaced by the GSS-API. [MSC] (see also application, standard, Generic Security Service Application Program Interface, interface, program, security software, software)

security tag

An information unit containing a representation of a certain security-related data. [SRV] Information unit containing a representation of certain security- related information (e.g., a restrictive attribute bit map). [FIPS 188] (see also information, security)

security target (ST)

(1) A specification of the security required of a Target of Evaluation, used as a baseline for evaluation. The security target will specify the security enforcing functions of the Target of Evaluation. It will also specify the security objectives, the threats to those objectives, and any specific security mechanisms that will be used. (2) Product-specific description, elaborating the more general requirements in a protection profile and including all evidence generated by the producers, of how a specific IT product meets the security requirements of a given protection profile. [AJP] A security target contains the IT security objectives and requirements of a specific identified Target of Evaluation and defines the functional and assurance measures offered by that Target of Evaluation to meet stated requirements. The ST may claim conformance to one or more PPs. [CC1] A set of security requirements and specifications to be used as the basis for evaluation of an identified IT product or system. [SC27] A set of security requirements and specifications to be used as the basis for evaluation of an identified IT product or system. [ISO/IEC 15292: 2001] A set of security requirements and specifications to be used as the basis for evaluation of an identified TOE. [SC27] A set of security requirements and specifications to be used as the basis for evaluation of an identified TOE [Target of Testing]. [OVT] A set of security requirements and specifications to be used as the basis for evaluation of an identified TOE. [CC2][CC21][IATF][SC27] A specification of the security required (both functionality and assurance) of a Target of Evaluation (TOE), used as a baseline for evaluation under the Common Criteria. The security target will specify the security enforcing functions of the TOE. It will also specify the security objectives, the threats to those objectives, and any specific security mechanisms that will be employed. [NIAP] A specification of the security required of a Target of Evaluation, used as a baseline for evaluation. [JTC1/SC27] A specification of the security required of a Target of Evaluation, used as a baseline for evaluation. The security target will specify the security enforcing functions of the Target of Evaluation. It will also specify the security objectives, the threats to those objectives, and any specific security mechanisms that will be employed. [ITSEC] Common Criteria specification that represents a set of security requirements to be used as the basis of an evaluation of an identified Target of Evaluation (TOE). [CNSSI][CNSSI-4009] Product-specific description, elaborating the more general requirements in a protection profile and including all evidence generated by the producers, of how a specific IT product meets the security requirements of a given protection profile. [FCv1] Security Test & Evaluation - (ST&E) Examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system. [CNSSI-4009] (see also IT security, assurance, baseline, computer security, correctness, criteria, deliverable, deliverables list, effectiveness, evidence, file, function, profile, protection profile, rating, security testing, suitability of functionality, system, test, threat, vulnerability assessment, Common Criteria for Information Technology Security Evaluation, component extensibility, construction of TOE requirements, functional package, security, target, target of evaluation) (includes functional component, security requirements)

security test & evaluation

The techniques and procedures employed during a C&A process to verify the correctness and effectiveness of security controls in an IT system. There are typically two types of ST&E activities, (i.e. developmental and operational ST&E), that can be applied during the certification phase depending on where the system is in the system development lifecycle. [800-37] (see also control, operation, process, system, evaluation, security, test)

security test and evaluation (ST&E)

An examination and analysis of the security safeguards of a system as they have been applied in an operational environment to determine the security posture of the computer system. [AJP][NCSC/TG004] Examination and analysis of the safeguards required to protect an IS, as they have been applied in an operational environment, to determine the security posture of that system. [CNSSI] (see also analysis, computer, operation, system, software security, software system test and evaluation process, test) (includes security testing)

security testing

A process used to determine that the security features of a system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands-on functional testing, penetration testing, and verification. [AJP][TCSEC][TNI] A process used to determine that the security features of a system are implemented as designed. This includes hands-on functional testing, penetration testing, and verification. [NCSC/TG004] Process to determine that an IS protects data and maintains functionality as intended. [CNSSI] Process to determine that an information system protects data and maintains functionality as intended. [CNSSI-4009] Process used to determine that the security features of a system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands-on functional testing, penetration testing, and verification. [DSS] Testing whether the system meets its specified security objectives. Security testing attempts to verify that protection mechanisms built into a system will, in fact, protect it from improper penetration. ... Given enough time and resources, good security testing will ultimately penetrate a system. (p.652) A process used to determine that the security features of a system are implemented as designed. This includes hands-on functional testing, penetration testing, and verification. [OVT] (see also CASE tools, FIPS PUB 140-1, RED team, acceptance inspection, accreditation, application, blue team, boundary value analysis, certificate, certification, change management, component, countermeasures, credentials, flaw hypothesis methodology, function, homed, implementation under test, independent validation and verification, information processing standard, instrument, monitoring and evaluation, national information assurance partnership, negative tests, object, patch management, path coverage, penetration, penetration test, point of control and observation, process, protection profile, reference validation mechanism, resource, review techniques, rules of engagement, security certification level, security functions, security requirements, security target, system, system development lifecycle, target identification and analysis techniques, target vulnerability validation techniques, test cycle, test facility, test item, test key, test plan, test report, tiger team, trusted certificate, users, risk analysis, security, security test and evaluation, test) (includes Common Criteria Testing Laboratory, Common Criteria Testing Program, acceptance testing, active security testing, ad hoc testing, black-box testing, boundary value testing, conformance testing, environmental failure testing, exhaustive testing, external security testing, functional testing, information security testing, interface testing, internal security testing, mutation testing, operational testing, passive security testing, penetration testing, pilot testing, regression testing, smart testing, stress testing, structural testing, syntax testing, system testing, testing, unit testing, verification, white-box testing)

security threat

The technical and operational capability of an adversary to detect and exploit vulnerabilities. [AFSEC] (see also adversary, exploit, operation, vulnerability, security, threat)

security token

(see also security, tokens)

security violation

(I) An act or event that disobeys or otherwise breaches security policy. [RFC2828] An instance in which a user or other person circumvents or defeats the controls of a system to obtain unauthorized access to information contained therein or to system resources. [AFSEC][NSAINT] Failure to comply with the policy and procedures established by Department of Defense 5220.22-M that could result in the loss or compromise of classified information. [DSS] (see also access, access control, authorized, classified, compromise, control, information, penetration, policy, requirements, resource, system, threat consequence, unauthorized access, users, security, threat)

security zone

A set of trusted relationships between a BS and a group of RSs. [800-127] (see also trust, security)

security-compliant channel

A channel is security compliant if the enforcement of the network policy depends only upon characteristics of the channel either (1) included in the evaluation, or (2) assumed as an installation constraint and clearly documented in the trusted facility manual. [AJP][TNI] (see also trusted channel, covert channel, computer security, evaluation, network, policy, trust, channel, security)

security-critical mechanisms

Those security mechanisms whose correct operation is necessary to ensure that the security policy is enforced. [AJP][NCSC/TG004] (see also operation, policy, critical, risk management)

security-relevant change

Any change to a system's configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations. [CNSSI-4009] (see also risk, users, security)

security-relevant event

An occurrence (e.g., an auditable event or flag) considered to have potential security implications to the system or its environment that may require further action (noting, investigating, or reacting). [CNSSI-4009] Any event that attempts to change the security state of the computer system (e.g. change access controls, change the security level of a user, change a user password). Also, any event that attempts to violate the security policy of the computer system (e.g. too many attempts to login, attempts to violate the mandatory access control limits of a device, attempts to downgrade a file, and so on). [AJP] Any event that attempts to change the security state of the computer system (e.g. change access controls, change the security level of a user, change a user password). Also, any event that attempts to violate the security policy of the computer system (e.g. too many logon attempts). [FCv1] Any event that attempts to change the security state of the computer system, (e.g. change access controls, change the security level of the subject, change user password, etc.). Also, any event that attempts to violate the security policy of the computer system, (e.g. too many attempts to login, attempts to violate the mandatory access control limits of a device, attempts to downgrade a file, etc.). [TCSEC] (see also IT security incident, access, audit, computer, control, file, login, logon, passwords, policy, security event, system, risk, security relevant) (includes access control, security policy, subject, users)

security-relevant information

Any information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. [SP 800-53] (see also security)

security/suitability investigations index

Office of Personnel Management database for personnel security investigations. [DSS] (see also security)

seed key

Initial key used to start an updating or key generation process. [CNSSI][CNSSI-4009] (see also process, key)

seek time

For disk drives, the delay in positioning the read/write head over the correct track. [SRV]

segregation of duties

Policies, procedures, and an organizational structure established so that one individual cannot control key aspects of physical and/or computer-related operations and thereby conduct unauthorized actions or gain unauthorized access to MEI Resource Elements. [CIAO] (see also access, access control, authorized, computer, control, key, minimum essential infrastructure, operation, resource, unauthorized access, risk management)

selection

The specification of one or more items from a list in a component. [CC2][CC21][SC27]

self-inspection

Internal review and evaluation of activities within an with respect to the implementation of the program established under this order and the implementing directives. [DSS] (see also evaluation)

self-signed certificate

(I) A public-key certificate for which the public key bound by the certificate and the private key used to sign the certificate are components of the same key pair, which belongs to the signer. (C) In a self-signed X.509 public-key certificate, the issuer's DN is the same as the subject's DN. [RFC2828] (see also X.509, key, public-key, subject, certificate)

semantic security

(I) An attribute of a encryption algorithm that is a formalization of the notion that the algorithm not only hides the plaintext but also reveals no partial information about the plaintext. Whatever is efficiently computable about the plaintext when given the ciphertext, is also efficiently computable without the ciphertext. [RFC2828] (see also algorithm, cipher, cryptography, encryption, information, security)

semantics

The intended meaning of acceptable sentences of a language. [800-130] (see also certificate validation, critical, formal, formal security policy model, formal specification, hypertext markup language, interoperability, meta-language, restructuring, semiformal)

semi-quantitative assessment

Use of a set of methods, principles, or rules for assessing risk based on bins, scales, or representative numbers whose values and meanings are not maintained in other contexts. [SP 800-30] (see also risk)

semiformal

Expressed in a restricted syntax language with defined semantics. [CC2][CC21][SC27] (see also semantics)

senior agency official

Official designated by an agency head to direct and administer the agency's program under which information is classified, safeguarded, and declassified. [DSS] (see also classified)

senior foreign official

Foreign government official who, by virtue of position or access, may directly affect the Government's policy. The officials include, but are not limited to, those of ministerial rank and above; heads of national departments, agencies and services; and representatives of ambassadorial rank and above. [DSS] (see also access, foreign)

senior intelligence officer

Highest-ranking military or civilian individual directly charged with foreign intelligence missions, functions, or responsibilities within a department agency component, command, or element of an Intelligence Community organization. [DSS] (see also foreign, intelligence)

senior officials of the intelligence community

Heads of organizations or activities within the Intelligence Community, the National Security Act of 1947 as amended), section 401a(4), title 50 of the United States Code ,and Executive Order 12333. [DSS] (see also security, intelligence)

senior review group

Provides advice and support to the Controlled Access Program Oversight Committee and services as the managing body for compartmented programs under the purview of the Director of National Intelligence. [DSS] (see also access, intelligence)

sensitive

(I) Information is sensitive if disclosure, alteration, destruction, or loss of the information would adversely affect the interests or business of its owner or user. [RFC2828] (see also information, owner, users, classification levels)

sensitive activities

Sensitive activities are special access or code word programs, critical research and development efforts, operations or intelligence activities, special plans, special activities, or sensitive support to the customer or customer contractors or clients. [DSS] (see also access, critical, intelligence)

sensitive but unclassified (SBU)

sensitive but unclassified information

Term often misused within the Department of Defense as a synonym for Sensitive Information. 'Sensitive But Unclassified Information' is the correct term. [DSS] (see also unclassified sensitive, classified)

sensitive compartmented information (SCI)

Classified information concerning or derived from intelligence sources and methods or analytical processes that is required to be handled within a formal control system established by Director of Central Intelligence. [DSS] Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of Central Intelligence. [CNSSI] (see also access, access control, classified, control, control systems, intelligence, process, system, information)

sensitive compartmented information courier

Certified. Sensitive Compartmented Information-approved active duty military personnel, U.S. Government civilian employees, or contractor employees whose primary responsibility is to transport Sensitive Compartmented Information material worldwide. The individual is designated in writing and must have Sensitive Compartmented Information access approvals at the level of material being transported. [DSS] Designated. Sensitive Compartmented Information approved active duty military personnel, U.S. Government civilian employees, or contractor employees or consultants whose temporary responsibility is to transport Sensitive Compartmented Information material. The individual is designated in writing and must have Sensitive Compartmented Information access approvals at the level of material being transported. [DSS] (see also access)

sensitive compartmented information facility - coutilization

Mutual agreement among two or more Government organizations to share the same Sensitive Compartmented Information Facility. [DSS]

sensitive compartmented information facility - fixed facility checklist

Standardized document used in the process of certifying a Sensitive Compartmented Information Facility. It documents physical, technical, and procedural security information for obtaining an initial or subsequent accreditation. Such information must include floor plans, diagrams, drawings, photographs, details of electrical, communications, heating, ventilation, and air conditioning. [DSS] (see also security)

sensitive compartmented information facility (SCIF)

Accredited area, room, or group of rooms, buildings, or installation where SCI may be stored, used, discussed, and/or processed. [CNSSI] Sensitive Compartmented Information Facility is an area, room (or set of rooms), building installation accredited to store, use, discuss, or electronically process Sensitive Compartmented Information. The standards and procedures for a Sensitive Compartmented Information Facility are stated in Director of Central Intelligence Directives 1/19 and 1/21. [DSS] (see also intelligence, process, information)

sensitive compartmented information facility accreditation

Formal acceptance of a Sensitive Compartmented Information Facility as meeting Director of National Intelligence security standards and formal authorization to process, store, and/or discuss Sensitive Compartmented Information. [DSS] (see also authorization, intelligence, security)

sensitive compartmented information facility database

Intelligence Community database that provides a single source listing of Sensitive Compartmented Information Facilities worldwide and is used to promote continuity of operations and relocation of affected resources in the event of a national emergency. [DSS] (see also intelligence)

sensitive information

(1) Information that, as determined by a competent authority, must be protected because its unauthorized disclosure, alteration, loss, or destruction will at least cause perceivable damage to someone or something. (2) Any information, the loss, misuse, modification of, or unauthorized access to, could affect the U.S. National interest or the conduct of federal programs, or the privacy to which individuals are entitled under Section 552a of Title 5, U.S. Code, but that has not been specifically authorized under criteria established by an executive order or an act of Congress to be kept classified in the interest of national defense or foreign policy. [AJP] Any information, the loss, misuse, modification of, or unauthorized access to, could affect the U.S. National interest or the conduct of Federal programs, or the privacy to which individuals are entitled under Section 552a of Title 5, U.S. Code, but that has not been specifically authorized under criteria established by an Executive order or an act of Congress to be kept classified in the interest of national defense or foreign policy. [NCSC/TG004] Any unclassified information that the loss of, misuse of, modification of, or unauthorized access to could affect the National interest, conduct of NASA's programs, or the privacy to which individuals are entitled. By OMB Circular A-130, Appendix III, all officially held information in an IT system operated by or on behalf of the U.S. Government is considered sensitive to some degree and is entitled to an appropriate level of protection. [NASA] Information that, as determined by a competent authority, must be protected because its unauthorized disclosure, alteration, loss, or destruction will at least cause perceivable damage to someone or something. [TCSEC] Information the loss, misuse, or unauthorized access to or modification of, which would adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. Systems that are not national security systems, but contain sensitive information, are to be protected in accordance with the requirements of the Computer Security Act of 1987 (P.L. 100-235). Some specific categories of sensitive information are protected by statute, regulation or contract, (e.g., privacy information, proprietary information, export control information, pre-publication academic information). [800-37] Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. [SP 800-53] Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (Systems that are not national security systems, but contain sensitive information, are to be protected in accordance with the requirements of the Computer Security Act of 1987 [P.L.100-235].) [CNSSI][CNSSI-4009] Unclassified information, the loss, misuse, or unauthorized disclosure or modification of which could adversely affect the national interest, the conduct of Federal programs, or the privacy of individuals protected by the Privacy Act (5 U.S.C. Section 552a). Information systems containing sensitive information are to be protected in accordance with the requirements of the Computer Security Act of 1987 (P.L. 100-235). [CIAO] (see also access, access control, authority, authorized, classified, code, computer, computer security, control, criteria, damage, foreign, policy, privacy, program, requirements, security, system, unauthorized access, information) (includes critical and sensitive information list, sensitive but unclassified)

Sensitive Information Computer Security Act of 1987

The Computer Security Law of 1987, Public Law 100235, was passed by to improve the security and privacy of sensitive information in Federal computer systems and to establish a minimum acceptable security practices for such systems. It requires creation of computer security plans and the appropriate training of system users or owners where the systems house sensitive information. The Federal Information Security Management Act of 2002 superseded this law. [DSS] (see also information security, privacy, users, security)

sensitive label

A piece of information that represents the security level of an object. Compare to security label. [SRV] (see also information, object, security)

sensitive position

Department of Defense-designated position that could bring about, by virtue of the nature of the position, a materially adverse effect on the national security. Civilian positions are critical-sensitive, noncritical-sensitive, or non-sensitive. [DSS] (see also critical, security)

sensitivity

A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection. [SP 800-60; CNSSI-4009] Used in this guideline to mean a measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection. [800-60] (see also information, owner)

sensitivity analysis

Analysis of how sensitive outcomes are to changes in the assumptions. The assumptions that deserve the most attention should depend largely on the dominant benefit and cost elements and the areas of greatest uncertainty of the program or process being analyzed. [SRV] (see also process, program, test, analysis)

sensitivity label

A piece of information that represents the security level of an object and that describes the sensitivity (e.g. classification) of the data in the object. Sensitivity labels are used by the TCB/NTCB as the basis for mandatory access control decisions. [AJP][TCSEC][TNI] A piece of information that represents the security level of an object. Sensitivity labels are used by the TCB/NTCB as the basis for mandatory access control decisions. [NCSC/TG004] Collection of information that represents the security level of an object and that describes the sensitivity of the data in the object. A sensitivity label consists of a sensitivity level (classification and compartments) and other required security markings (for example, codewords and handling caveats) to be used for labeling data. [DSS] Information representing elements of the security label(s) of a subject and an object. Sensitivity labels are used by the trusted computing base (TCB) as the basis for mandatory access control decisions. [CNSSI] Information representing elements of the security label(s) of a subject and an object. Sensitivity labels are used by the trusted computing base (TCB) as the basis for mandatory access control decisions. See Security Label. [CNSSI-4009] (see also access, classification levels, classified, control, information, subject, trust, access control, security label) (includes object)

sensor

A device that produces a voltage or current output that is representative of some physical property being measured (e.g., speed, temperature, flow) [800-82] An intrusion detection and prevention system component that monitors and analyzes network activity and may also perform prevention actions. [800-94] (see also flow, intrusion, intrusion detection, property, system)

sensor or monitor

A component/agent of an IDS, which collects event data from an IT system under observation.[ISO/IEC DTR 15947 (10/2001)] [SC27] (see also system)

separation of duties

(I) The practice of dividing the steps in a system function among different individuals, so as to keep a single individual from subverting the process. [RFC2828] (see also function, process, risk, system, security)

sequence number

A time variant parameter whose value is taken from a specified sequence that is non-repeating within a certain time period. [SC27]

serial number

(see certificate serial number)

server

(I) A system entity that provides a service in response to requests from other system entities called clients. [RFC2828] A computer or other device that manages a network service. An example is a print server, a device that manages network printing. [FFIEC] A computer program that provides services to other computer programs in the same or another computer. A computer running a server program is frequently referred to as a server, though it may also be running other client (and server) programs. [CIAO] A server is a computer system, or a set of processes on a computer system providing services to clients across a network. [RFC2504] A system that provides network service such as disk storage and file transfer, or a program that provides such a service. A kind of daemon which performs a service for the requester, which often runs on a computer other than the one which the server runs. [NSAINT] (see also computer, entity, file, network, process, program, response, system)

service

Honorable active duty (including attendance at the military academies), membership in Reserve Officers' Training Corps Scholarship Program, Army, and Air Force National Guard, Military Reserve Force (including active status and ready reserve), civilian employment in Government service, or civilian employment with a Department of Defense contractor or as a consultant involving access under the Department of Defense Industrial Security Program. Continuity of service is maintained with change from one status to another as long as there is no single break in service greater than 12 months. [DSS] (see also access, security)

service-level agreement

Defines the specific responsibilities of the service provider and sets the customer expectations. [CNSSI-4009]

servo valve

An actuated valve whose position is controlled using a servo actuator. [800-82] (see also control)

session hijack attack

An attack in which the attacker is able to insert himself or herself between a claimant and a verifier subsequent to a successful authentication exchange between the latter two parties. The attacker is able to pose as a subscriber to the verifier or vice versa to control session data exchange. [800-63] (see also authentication, authorized, communications, control, hijacking, users, attack)

session hijacking

Taking over an authorized user's terminal session, either physically when the user leaves his terminal unattended or electronically when the intruder carefully connects to a just-disconnected communications line. [AFSEC] (see session hijack attack)

session key

(I) In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. (C) Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be rekeyed frequently. [RFC2828] A temporary symmetric key that is only valid for a short period. Session keys are typically random numbers that can be chosen by either party to a conversation, by both parties in cooperation with one another, or by a trusted third party. [IATF][misc] The cryptographic key used by a device (module) to encrypt and decrypt data during a session. [SRV] (see also application, computer, connection, cryptographic, encryption, module, operation, random, rekey, kerberos, key, key recovery, trust, virtual private network)

set point

An input variable that sets the desired value of the controlled variable. This variable may be manually set, automatically set, or programmed. [800-82] (see also control, program)

SET private extension

(O) One of the private extensions defined by SET for X.509 certificates. Carries information about hashed root key, certificate type, merchant data, cardholder certificate requirements, encryption support for tunneling, or message support for payment instructions. [RFC2828] (see also X.509, certificate, encryption, hash, information, key, message, requirements, tunnel, Secure Electronic Transaction, public-key infrastructure)

SET qualifier

(O) A certificate policy qualifier that provides information about the location and content of a SET certificate policy. (C) In addition to the policies and qualifiers inherited from its own certificate, each CA in the SET certification hierarchy may add one qualifying statement to the root policy when the CA issues certificate. The additional qualifier is a certificate policy for that CA. Each policy in a SET certificate may have these qualifiers:

A URL where a copy of the policy statement may be found.
An electronic mail address where a copy of the policy statement may be found.
A hash result of the policy statement, computed using the indicated algorithm.
A statement declaring any disclaimers associated with the issuing of the certificate.

settlement

The final step in the transfer of ownership involving the physical exchange of securities or payment. In a banking transaction, settlement is the process of recording the debit and credit positions of the parties involved in a transfer of funds. In a financial instrument transaction, settlement includes both the transfer of securities by the seller and the payment by the buyer. Settlements can be 'gross' or 'net.' Gross settlement means each transaction is settled individually. Net settlement means that parties exchanging payments will offset mutual obligations to deliver identical items (e.g., dollars and EUROs), at a specified time, after which only one net amount of each item is exchanged. [FFIEC] (see also owner, process)

shall

Indication that a requirement must be met unless a justification of why it cannot be met is given and accepted. [AJP][FCv1] (includes object)

shared account

A common account is one that is shared by a group of users as opposed to a normal account that is available to only one user. If the account is misused, it is very difficult or impossible to know which of users was responsible. [RFC2504] (see also users, risk)

shared secret

(I) A synonym for 'keying material' or 'cryptographic key'. [RFC2828] A secret used in authentication that is known to the claimant and the verifier. [800-63][SP 800-63] (see also Challenge-Response Authentication Mechanism, POP3 APOP, authentication, cryptographic, cryptography, key, key agreement, out-of-band, passwords, personal identification number, remote authentication dial-in user service, secret)

shielded enclosure

Room or container designed to attenuate electromagnetic radiation, acoustic signals, or emanations. [CNSSI][CNSSI-4009]

shim

A layer of host-based intrusion detection and prevention code placed between existing layers of code on a host that intercepts data and analyzes it. [800-94] (see also code, intrusion, intrusion detection)

shipper

One who releases custody of material to a carrier for transportation to a consignee. [DSS] (see also consignor)

short title

Identifying combination of letters and numbers assigned to certain COMSEC materials to facilitate handling, accounting, and controlling. [CNSSI][CNSSI-4009] (see also communications security, control, identify)

should

Indication of an objective requirement that requires less justification for nonconformance and should be more readily approved. Note: 'Should' is often used when a specific requirement is not feasible in some situations or with common current technology. [AJP][FCv1] (see also technology) (includes object)

shoulder surfing

Stealing passwords or PINs by looking over someone's shoulder. [SRV] (see also eavesdropping, identity theft, attack)

shrink-wrapped software

Commercial software that can be used out of the box without change (i.e. customization). The term derives from the plastic wrapping used to seal microcomputer software. [SRV] (see also computer, software)

sign

(I) Create a digital signature for a data object. [RFC2828] (see also digital signature, object, signature)

signal flags

Intelligence Community database containing information used to assist security and counterintelligence professionals conducting National Agency Checks on individuals applying for positions with Intelligence Community organizations. [DSS] (see also intelligence, security)

signaling

The process by which a caller on the transmitting end of a line informs the party at the receiving end that a message is to be communicated. Signals hold the voice path together for the duration of the telephone call. [SRV] The process of generating and exchanging information between components for telecommunications systems to establish, monitor, or release connections (call handling functions) and to control related network and system operations and functions. [SRV] (see also communications, connection, control, function, information, message, network, operation, process, system, telecommunications)

signaling system 7 (SS-7)

A protocol used by phone companies. Has three basic functions: Supervising, Alerting and Addressing. Supervising monitors the status of a line or circuit to see if it is busy, idle, or requesting service. Alerting indicates the arrival of an incoming call. Addressing is the transmission of routing and destination signals over the network in the form of dial tone or data pulses. [NSAINT] (see also function, network, protocols, system)

signals analysis

Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data. [RFC2828] (see also system, analysis, threat consequence)

signals security (SIGSEC)

(see also security)

signature

A pattern that corresponds to a known threat. Signature-Based Detection: The process of comparing signatures against observed events to identify possible incidents. [800-94] A process that operates on a message to assure message source authenticity and integrity, and may be required for source non-repudiation. [IATF] A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system. [800-61][SP 800-61] A recognizable, distinguishing pattern. See also Attack Signature or Digital Signature. [CNSSI-4009] A set of characteristics of known malware instances that can be used to identify known malware and some new variants of known malware. [800-83] String of bits resulting from the signature process. [SC27] String of bits resulting from the signature process. [ISO/IEC FDIS 9796-2 (12/2001)] The string of bits resulting from the signature process NOTE - This string of bits may have internal structure specific to the signature mechanism. The signatures produced by the mechanisms specified in this part of ISO/IEC 9796 have two parts, of which only the second one depends on the signature key. [ISO/IEC 9796-3: 2000] The string of bits resulting from the signature process. [ISO/IEC FDIS 15946-2 (04/2001), ISO/IEC WD 15946-4 (10/2001)] The string of bits resulting from the signature process. NOTE - This string of bits may have internal structure specific to the signature mechanism. [SC27] The string of bits resulting from the signature process. [SC27] The string of bits resulting from the signature process. NOTE - This string of bits may have internal structure specific to the signature mechanism. [SC27] The string of bits resulting from the signature process. NOTE - This string of bits may have internal structure specific to the signature mechanism. The signatures produced by the mechanisms specified in this part of ISO/IEC 9796 have two parts, of which only the second one depends on the signature key. [SC27] (see also indication, ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman algorithm, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, access, access control, appendix, archive, assignment, asymmetric cryptographic technique, asymmetric cryptography, asymmetric keys, attack, attribute certificate, authenticate, authentication, authorized, bind, biometrics, brand CRL identifier, capacity, card personalization, certificate, certificate validation, certification path, cryptographic algorithm, cryptographic key, cryptographic system, cryptography, data encryption key, data input, data origin authentication service, digital certificate, digital notary, elliptic curve cryptography, email packages, email security software, encryption certificate, end entity, hash token, identification data, identify, incident, integrity, invalidity date, key, key pair, malware, merchant certificate, message, message digest, message representative, no prior relationship, non-recoverable part, non-repudiation, personality label, pretty good privacy, private key, process, public-key, public-key certificate, public-key cryptography, public-key infrastructure, public-key system, push technology, randomizer, recoverable part, relying party, revocation date, rules based detection, ruleset, salt, seal, secure hash standard, security mechanism, sign, signed message, signer, symmetric cryptography, system, threat, time-stamping service, triple DES, unauthorized access, unforgeable, vaccines, validate vs. verify, verification key, verification process, virus, virus definitions, security) (includes Digital Signature Standard, Elliptic Curve Digital Signature Algorithm, account authority digital signature, asymmetric signature system, attack signature, attack signature recognition, authentic signature, certification authority digital signature, continuous signature service, digital signature, digital signature algorithm, digitized signature, dual signature, electronic signature, penetration signature, pre-signature, private signature key, signature certificate, signature equation, signature function, signature generation, signature key, signature process, signature system, signature verification, valid signature, virus signature)

signature certificate

(I) A public-key certificate that contains a public key that is intended to be used for verifying digital signatures, rather than for encrypting data or performing other cryptographic functions. (C) A v3 X.509 public-key certificate may have a 'keyUsage' extension which indicates the purpose for which the certified public key is intended. [RFC2828] A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions. [CNSSI-4009][SP 800-32] (see also X.509, cryptographic, digital signature, encryption, function, key, public-key, certificate, signature)

signature equation

An equation defining the signature function. [SC27] (see also digital signature, function, signature)

signature function

A function in the signature process that is determined by the signature key and the domain parameters. A signature function takes the assignment and possibly the randomizer as inputs and gives the second part of the signature as output. [SC27] A function in the signature process that is determined by the signature key and the domain parameters. A signature function takes the assignment and possibly the randomizer as inputs and gives the second part of the signature as output. NOTE - In the context of this part of ISO/IEC 9796, the assignment is the data input. [SC27] A function in the signature process that is determined by the signature key and the domain parameters. A signature function takes the assignment and possibly the randomizer as inputs and gives the second part of the signature as output. [ISO/IEC 14888-1: 1998] A function in the signature process that is determined by the signature key and the domain parameters. A signature function takes the assignment and possibly the randomizer as inputs and gives the second part of the signature as output. NOTE - In the context of this part of ISO/IEC 9796, the assignment is the data input. [SC27] (see also digital signature, domain, key, process, random, function, signature)

signature generation

The process of using a digital signature algorithm and a private key to generate a digital signature on data. [FIPS 186] Uses a digital signature algorithm and a private key to generate a digital signature on data. [SP 800-57 Part 1] (see also algorithm, key, process, signature)

signature key

A secret data item specific to an entity and usable only by this entity in the signature process. [SC27] (see also digital signature, entity, process, key, signature)

signature process

A process which takes as inputs the message, the signature key and the domain parameters, and which gives as output the signature. [SC27] (see also digital signature, domain, key, message, process, signature)

signature system

A system based on asymmetric cryptographic techniques whose private transformation is used for signing and whose public transformation is used for verification. [SC27] (see also cryptographic, digital signature, verification, signature, system)

signature validation

The (mathematical) verification of the digital signature and obtaining the appropriate assurances (e.g., public key validity, private key possession, etc.). [FIPS 186] (see also assurance)

signature verification

The process of using a digital signature algorithm and a public key to verify a digital signature on data. [SP 800-89; FIPS 186] The use of a digital signature algorithm and a public key to verify a digital signature on data. [SP 800-57 Part 1] (see also algorithm, key, process, public-key, signature, verification)

signed applet

An applet that is digitally signed by the source that provides it. Signed applets are integrity-protected and cannot be tampered with while en route from the server to the browser. [misc] (see also integrity, security, tamper, software)

signed data

Data on which a digital signature is generated. [FIPS 196]

signed message

A set of data items consisting of the signature, the part of the message which cannot be recovered from the signature, and an optional text field. [SC27] A set of data items consisting of the signature, the part of the message which cannot be recovered from the signature, and an optional text field. [ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998] A set of data items formed by the signature, the part of the message which cannot be recovered from the signature, and an optional text field. [SC27] A set of data items formed by the signature, the part of the message which cannot be recovered from the signature, and an optional text field. [SC27] (see also signature, message)

signer

(N) A human being or an organization entity that uses its private key to create a digital signature for a data object. [RFC2828] The entity generating a digital signature. [SC27] (see also digital signature, entity, key, object, signature)

significant change

A modification that effects the security of a critical system or general support system and requires a new risk analysis. Significant changes include but are not limited to a change in the information category of data processed or stored, new operating system software or functions, new application software or functions, replacement of IT equipment with equipment of a different type, new IT equipment to perform new functions, new external interfaces, major changes in connectivity, and relocation of or major changes to the physical environment of an IT system. [NASA] (see also analysis, application, critical, function, information, interface, process, risk, security, software, system)

significant derogatory information

Information that could justify an unfavorable administrative action, or prompt an adjudicator to seek additional investigation or clarification. [DSS]

silver bullet

A methodology, practice, or prescription that promises miraculous results if followed - e.g., structured programming will rid you of all bugs, as will human sacrifices to the Atlantean god Fugawe. Named either after the Lone Ranger whose silver bullets always brought justice or, alternatively, as the only known antidote to werewolves. [OVT] (see also program)

simple authentication

(I) An authentication process that uses a password as the information needed to verify an identity claimed for an entity. (O) 'Authentication by means of simple password arrangements.' [RFC2828] (see also entity, identity, information, passwords, process, authentication)

Simple Authentication and Security Layer (SASL)

(I) An Internet specification for adding authentication service to connection-based protocols. To use SASL, a protocol includes a command for authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. The command names a registered security mechanism. SASL mechanisms include Kerberos, GSSAPI, S/KEY, and others. Some protocols that use SASL are IMAP4 and POP3. [RFC2828] (see also connection, key, protocols, users, authentication, internet, security protocol) (includes kerberos, remote authentication dial-in user service)

Simple Distributed Security Infrastructure (SDSI)

simple key management for IP (SKIP)

A protocol for protecting the privacy and integrity of IP packets. [misc] (see also integrity, privacy, protocols, key management, security protocol)

Simple Key-management for Internet Protocols

(I) A key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets. (C) SKIP uses the Diffie-Hellman algorithm (or could use another key agreement algorithm) to generate a key-encrypting key for use between two entities. A session key is used with a symmetric algorithm to encrypt data in one or more IP packets that are to be sent from one of the entities to the other. The KEK is used with a symmetric algorithm to encrypt the session key, and the encrypted session key is placed in a SKIP header that is added to each IP packet that is encrypted with that session key. [RFC2828] (see also algorithm, encryption, internet, key management, protocols, security protocol)

simple mail transfer protocol (SMTP)

(I) A TCP-based, application-layer, Internet Standard protocol for moving electronic mail messages from one computer to another. [RFC2828] (see also application, computer, email, message, standard, internet, protocols)

simple network management protocol (SNMP)

(I) A UDP-based, application-layer, Internet Standard protocol [R2570, R2574] for conveying management information between managers and agents. (C) SNMP version 1 uses cleartext passwords for authentication and access control. Version 2 adds cryptographic mechanisms based on DES and MD5. Version 3 provides enhanced, integrated support for security services, including data confidentiality, data integrity, data origin authentication, and message timeliness and limited replay protection. [RFC2828] A network management protocol used with TCP/IP suite of protocols. SNMP specifies a set of management operations for retrieving and altering information in a management information base, authorization procedures for accessing information base tables, and mappings to lower TCP/IP layers. [SRV] A standard TCP/IP protocol for network management. Network administrators use SNMP to monitor and map network availability, performance, and error rates. To work with SNMP, network devices utilize a distributed data store called the Management Information Base (MIB). All SNMP-compliant devices contain a MIB which supplies the pertinent attributes of a device. Some attributes are fixed or 'hard-coded' in the MIB, while others are dynamic values calculated by agent software running on the device. [800-82] Software used to control network communications devices using TCP/IP [NSAINT] (see also access, access control, application, authentication, authorization, availability, code, communications, confidentiality, control, cryptographic, cryptography, information, integrity, message, operation, passwords, security, software, standard, version, internet, network, protocols)

Simple Public-Key Infrastructure (SPKI)

Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure (SPKI/SDSI)

The SPKI efforts of the IETF have been combined with SDSI. The IETF draft creates Public Key Infrastructure (PKI), emphasizing authorizations rather than identities, allowing certificates to be created that indicate what the person is authorized to do on a network rather than their name. [misc] (see also authorization, authorized, certificate, network, key, public-key, public-key infrastructure, security) (includes Simple Distributed Security Infrastructure, Simple Public-Key Infrastructure)

simple random sample

A probability sample in which each member of the population has an equal chance of being drawn to the sample. [SRV] (see also random)

simple security condition

A Bell-LaPadula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object. [AJP][NCSC/TG004][TCSEC][TNI] (see also access, access control, model, Bell-LaPadula security model, simple security property) (includes object, subject)

simple security property

A Bell-LaPadula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object. [AJP][NCSC/TG004][TCSEC][TNI] An invariant state property allowing a subject read access to an object only if the security level of the subject dominates the security level of the object. [FCv1] Bell-La Padula security model rule allowing a subject read access to an object, only if the security level of the subject dominates the security level of the object. [CNSSI] (see also access, access control, model, Bell-LaPadula security model, property) (includes object, simple security condition, subject)

simulation modeling

A simulation is a computer program that replicates the operations of a business process and estimates rates at which outputs are produced and resources are consumed. Models test the consistency of the facts, logic, and assumptions used by planners to design a proposed business process, to compare alternative business processes, or to test the sensitivity of a process to changes in selected assumptions. Models help decision makers assess the potential benefits, costs, and risks of alternative processes and strategies. [SRV] (see also business process, computer, operation, process, program, resource, risk, test, model)

single loop controller

A controller that controls a very small process or a critical process. [800-82] (see also critical, process, control)

single point keying (SPK)

Means of distributing key to multiple, local cryptographic equipment or devices from a single fill point. [CNSSI][CNSSI-4009] (see also key)

single scope background investigation - periodic reinvestigation

Periodic personnel security reinvestigation for TOP SECRET clearances and/or critical sensitive or special sensitive positions consisting of the elements prescribed in Standard C of Intelligence Community Policy Guidance 704.1, 'Investigative Standards for Background Investigations for Access to Classified Information.' The reinvestigation is initiated at anytime following the completion of, but not later than 5 years, from the date of the previous investigation or reinvestigation. [DSS] (see also access, classified, critical, intelligence, security)

single scope background investigation

Only Personnel Security Investigation conducted by the Defense Security Service for the Department of Defense Personnel Security Program for TOP SECRET and Sensitive Compartmented Information duties. The period of investigation for a Single Scope Background Investigation is variable, ranging from 3 years for neighborhood checks to 10 years for local agency checks. [DSS] (see also security)

single sign-on

(I) A system that enables a user to access multiple computer platforms (usually a set of hosts on the same network) or application systems after being authenticated just one time. (C) Typically, a user logs in just once, and then is transparently granted access to a variety of permitted resources with no further login being required until after the user logs out. Such a system has the advantages of being user friendly and enabling authentication to be managed consistently across an entire enterprise, and has the disadvantage of requiring all hosts and applications to trust the same authentication mechanism. [RFC2828] (see also access, access control, application, authentication, computer, login, network, resource, secure single sign-on, system, trust, users)

single-hop problem

The security risks resulting from a mobile software agent moving from its home platform to another platform. [SP 800-19] (see also risk, security, software)

single-level device

A device that is used to process data of a single security level at any one time. Since the device need not be trusted to separate data of different security levels, sensitivity labels do not have to be stored with the data being processed. [AJP][TCSEC][TNI] An Automated Information Systems device that is used to process data of a single security level at any one time. [NCSC/TG004] (see also information, process, security, system, trust, modes of operation)

site accreditation

An accreditation where all systems at a location are grouped into a single management entity. A DAA may determine that a site accreditation approach is optimal given the number of IT systems, major applications, networks, or unique operational characteristics. Site accreditation begins with all systems and their interoperability and major applications at the site being certified and accredited. The site is then accredited as a single entity, and an accreditation baseline is established. [800-37] (see also application, baseline, entity, interoperability, operation, system, accreditation)

site certification

The comprehensive assessment of the technical and nontechnical security functions of an IT system in its operational environment to establish the extent to which the system meets a set of specified security requirements, performed to support operational system accreditation. [AJP][JTC1/SC27] (see also accreditation, assessment, function, operation, requirements, security, system, certification)

site information assurance manager

The single Information Systems security focal point for a defined site. The Site Information Assurance Manager supports two organizations: User organization and technical organization. The Site Information Assurance Manager is responsible for managing the baseline and ensuring that changes to the site baseline are properly controlled. [DSS] (see also users, assurance)

site security manager

Construction. U.S. citizen, at least 18 years of age, cleared at the TOP SECRET level and approved for Sensitive Compartmented Information and responsible for security where a Sensitive Compartmented Information Facility is under construction. [DSS] (see also United States citizen, security)

situation

(see security situation)

situational awareness

Within a volume of time and space, the perception of an enterprise's security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future. [CNSSI-4009] (see also risk, security, threat)

skimming

The unauthorized use of a reader to read tags without the authorization or knowledge of the tag's owner or the individual in possession of the tag. [SP 800-98] (see also authorization, authorized, owner)

Skipjack

(N) A Type II block cipher with a block size of 64 bits and key size of 80 bits, that was developed by NSA and formerly classified at the U.S. Department of Defense 'Secret' level. (C) On 23 June 1998, NSA announced that SKIPJACK had been declassified. [RFC2828] A classified 64-bit block encryption, or secret key encryption algorithm. The algorithm uses 80-bit keys (compared with 56 for DES) and has 32 computational rounds or iterations (compared with 16 for DES). Skipjack supports all DES modes of operation. Skipjack provides high-speed encryption when implemented in a key-escrow chip. [AJP] An NSA-developed encryption algorithm for the Clipper chip. The details of the algorithm are unpublished. [NSAINT] (see also algorithm, cipher, classified, encryption, escrow, key, operation, National Security Agency, symmetric algorithm)

slot

(O) MISSI usage: One of the FORTEZZA PC card storage areas that are each able to hold an X.509 certificate and additional data that is associated with the certificate, such as the matching private key. [RFC2828] (see also Fortezza, X.509, certificate, key, public-key infrastructure, multilevel information systems security initiative)

smart testing

Tests that based on theory or experience are expected to have a high probability of detecting specified classes of bugs; tests aimed at specific bug types. [OVT] (see also security testing, test)

smartcards

(I) A credit-card sized device containing one or more integrated circuit chips, which perform the functions of a computer's central processor, memory, and input/output interface. (C) Sometimes this term is used rather strictly to mean a card that closely conforms to the dimensions and appearance of the kind of plastic credit card issued by banks and merchants. At other times, the term is used loosely to include cards that are larger than credit cards, especially cards that are thicker, such as PC cards. (C) A 'smart token' is a device that conforms to the definition of smart card except that rather than having standard credit card dimensions, the token is packaged in some other form, such as a dog tag or door key shape. [RFC2828] A card with an embedded computer chip on which information can be stored and processed. [FFIEC] A credit card-sized card with embedded integrated circuits that can store, process, and communicate information. [CNSSI-4009] A small computer in the shape of a credit card used to identify and authenticate its owner. [SRV] A tamper-resistant hardware device where sensitive information can be stored. Typically a smart card stores the private key(s) of a principal. Smart Cards can also be used to encrypt or decrypt data on the card directly. This has the desirable effect of not exposing the private keys, even to the owner of the key. Smart Cards are password protected; in order for an application to use the keys and functions of a smart card the user must enter the correct password to open the card. [misc] A tamper-resistant security device (about the size of a credit card) that relies on an integrated circuit chip for information storage and processing. [GAO] (see also application, computer, function, identify, information, interface, key, owner, passwords, process, security, standard, tamper, users, tokens) (includes PIV issuer, contactless smart card, personal identity verification card)

smurf

(I) Software that mounts a denial-of-service attack ('smurfing') by exploiting IP broadcast addressing and ICMP ping packets to cause flooding. (D) ISDs SHOULD NOT use this term because it is not listed in most dictionaries and could confuse international readers. (C) A smurf program builds a network packet that appears to originate from another address, that of the 'victim', either a host or an IP router. The packet contains an ICMP ping message that is addressed to an IP broadcast address, i.e. to all IP addresses in a given network. The echo responses to the ping message return to the victim's address. The goal of smurfing may be either to deny service at a particular host or to flood all or part of an IP network. [RFC2828] (see also denial-of-service, exploit, message, network, program, response, router, smurfing, software, attack)

smurfing

A denial of service attack in which an attacker spoofs the source address of an echo-request ICMP (ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim thereby clogging its network. [NSAINT] (see also network, smurf, spoof, attack)

snake oil

Derogatory term applied to a product whose developers describe it with misleading, inconsistent, or incorrect technical statements. [OVT] (see also threat)

snarf

To grab a large document or file for the purpose of using it with or without the author's permission. [AFSEC][NSAINT] (see also file, threat)

sneaker

An individual hired to break into places in order to test their security; analogous to tiger team. [AFSEC][NSAINT][OVT] (see also security, test, tiger team, threat)

sniffer

A program to capture data across a computer network. Used by hackers to capture user id names and passwords. Software tool that audits and identifies network traffic packets. [AFSEC] A program to capture data across a computer network. Used by hackers to capture user id names and passwords. Software tool that audits and identifies network traffic packets. Is also used legitimately by network operations and maintenance personnel to troubleshoot network problems. [NSAINT] A software or hardware tool that monitors data packets on a network to make sure messages are arriving as they should and everything else is working correctly. On a TCP/IP network, sniffers audit information packets. [CIAO] Software tool for auditing and identifying network traffic packets. [CNSSI] Synonymous with packet sniffer. A program that intercepts routed data and examines each packet in search of specified information, such as passwords transmitted in clear text. [GAO] a program that covertly searches packets of data as they pass through the Internet, capturing passwords or the entire contents. [FJC] (see also audit, computer, computer network, covert, identify, information, message, network, operation, passwords, program, sniffing, software, users, exploit, internet) (includes packet sniffer)

sniffing

(C) A synonym for 'passive wiretapping'. (D) ISDs SHOULD NOT use this term because it unnecessarily duplicates the meaning of a term that is better established. Green Book. [RFC2828] The passive interception of data transmissions. [FFIEC] (see also sniffer, threat) (includes ethernet sniffing, password sniffing)

social engineering

(I) A euphemism for non-technical or low-technology means--such as lies, impersonation, tricks, bribes, blackmail, and threats--used to attack information systems. (D) ISDs SHOULD NOT use this term because it is vague; instead, use a term that is specific with regard to the means of attack. [RFC2828] A general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious. [SP 800-114] An attack based on deceiving users or administrators at the target Site and are typically carried out by an adversary telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems. [IATF] An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to the systems. [AFSEC] An attempt to trick someone into revealing information (e.g., a password) that can be used to attack an enterprise. [CNSSI-4009] An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks. [800-61][800-82] It refers to a person's ability to use personality, knowledge of human nature, and social skills (e.g. theft, trickery, coercion) to steal passwords, keys, tokens, or telephone toll calls. [SRV] Obtaining information from individuals by trickery. [FFIEC] The act of deceiving an individual into revealing sensitive information by associating with the individual to gain confidence and trust. [800-63] The process of attempting to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks. [800-115] The process of attempting to trick someone into revealing information (e.g., a password). [SP 800-115] a tactic used by hackers and crackers to gain access to computer systems by talking unsuspecting company employees or others out of valuable information, such as passwords. [FJC] (see also access, access control, adversary, authorized, computer, file, hoax, identity theft, impersonation, information, key, malicious, passwords, process, system, target, technology, theft, tokens, trust, users, attack) (includes phishing)

SOCKS

(I) An Internet protocol that provides a generalized proxy server that enables client-server applications--such as TELNET, FTP, and HTTP; running over either TCP or UDP--to use the services of a firewall. (C) SOCKS is layered under the application layer and above the transport layer. When a client inside a firewall wishes to establish a connection to an object that is reachable only through the firewall, it uses TCP to connect to the SOCKS server, negotiates with the server for the authentication method to be used, authenticates with the chosen method, and then sends a relay request. The SOCKS server evaluates the request, typically based on source and destination addresses, and either establishes the appropriate connection or denies it. [RFC2828] A networking proxy protocol that enables full access across the SOCKS server from one host to another without requiring direct IP reachability. The SOCKS server authenticates and authorizes the requests, establishes a proxy connection, and transmits the data. SOCKS is commonly used as a network firewall that enables hosts behind a SOCKS server to gain full access to the Internet, while preventing unauthorized access from the Internet to the internal hosts. [IATF] networking middleware that creates a secure, proxy data channel between two computers; SOCKS v5 adds strong authentication and encryption. [misc] (see also access, access control, application, authentication, authorized, computer, connection, encryption, network, object, protocols, unauthorized access, internet)

SOF-basic

A level of the TOE strength of function where analysis shows that the function provides adequate protection against casual breach of TOE security by attackers possessing a low attack potential. [CC2][CC21][SC27] (see also analysis, attack, function, security, strength of function, target of evaluation)

SOF-high

A level of the TOE strength of function where analysis shows that the function provides adequate protection against deliberately planned or organised breach of TOE security by attackers possessing a high attack potential. [CC2][CC21][SC27] (see also analysis, attack, function, security, strength of function, target of evaluation)

SOF-medium

A level of the TOE strength of function where analysis shows that the function provides adequate protection against straightforward or intentional breach of TOE security by attackers possessing a moderate attack potential. [CC2][CC21][SC27] (see also analysis, attack, function, security, strength of function, target of evaluation)

soft TEMPEST

(O) The use of software techniques to reduce the radio frequency information leakage from computer displays and keyboards. [RFC2828] (see also computer, information, key, software, TEMPEST)

software

(I) Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution. [RFC2828] Computer programs and associated data that may be dynamically written or modified during execution. [CNSSI-4009] The electronically stored commands and instructions that make an IS functional, including the operating system, applications, and communications protocols. [CIAO] The programs, and possibly associated data that can be dynamically written and modified. [FIPS140] (see also Automated Information System security, CASE tools, CKMS component, COMSEC boundary, COMSEC material, Clark Wilson integrity model, Common Criteria for Information Technology Security, FIPS PUB 140-1, Fortezza, IT resources, IT security controls, IT security product, IT security support functions, Integrated CASE tools, PIV issuer, PKCS #11, TCB subset, TOE security functions, Tiger, Tripwire, Trusted Computer System Evaluation Criteria, acceptance inspection, access, access control, access control mechanisms, active content, add-on security, anomaly, antivirus tools, application data backup/recovery, application generator, application programming interface, approval/accreditation, archive, assurance, authentication, authentication code, authentication mechanism, automated data processing system, automated information system, automated security monitoring, availability, backdoor, baseline, bastion host, benchmark, black-box testing, bomb, boundary, browse access protection, candidate TCB subset, cardholder, certification authority workstation, certification test and evaluation, clean system, clear, cloud computing, code coverage, coding, common misuse scoring system, communications, completeness, component, computer, computer architecture, computer emergency response teams' coordination center, computer fraud, computer oracle and password system, computer security, computer security subsystem, computer security technical vulnerability reporting program, computer-assisted audit technique, computing security methods, configuration, configuration control, configuration control board, configuration item, configuration management, controlled security mode, conversion, correctness, critical system files, cryptographic boundary, cryptographic module, cryptographic product, cryptographic service, cyberattack, data driven attack, database management system, debug, development process, dictionary attack, disaster recovery plan, documentation, domain name system, dongle, electronically generated key, ethernet sniffing, evaluated products list, execute access, executive state, fail safe, fail soft, failure, failure access, failure control, fault, fault injection, fault tolerance, fault tolerant, file integrity checker, file integrity checking, firewall, firmware, formal development methodology, formal specification, front-end security filter, function, general support system, global information grid, group of users, hardware, hashed message authentication code, high assurance guard, host, host-based firewall, hot site, human-machine interface, implementation, implementation vulnerability, independent validation and verification, independent validation authority, information and communications, information assurance component, information processing standard, information systems security equipment modification, information technology, instrument, instrumentation, integrity, interface, internal security controls, interoperable, intrusion detection, intrusion detection systems, intrusion prevention system, key management infrastructure, keystroke monitoring, license, logic bombs, loophole, maintenance, maintenance hook, major application, malicious code, malicious logic, malware, management network, mechanisms, message authentication code vs. Message Authentication Code, message integrity code, metrics, middleware, mobile code, mobile code technologies, modes of operation, modularity, multi-hop problem, negative tests, network analyzer, network architecture, network management architecture, network protocol stack, network trusted computing base, noncomputing security methods, operating system, operations manager, oracle, overwrite procedure, packet sniffer, packet switching, passive security testing, password cracker, patch, patch management, path histories, pharming, pilot testing, platform, plug-in modules, portability, post-accreditation phase, pretty good privacy, privacy programs, process, product, program, protocol analyzer, protocols, proxy, proxy agent, proxy server, pseudo-random number generator, public-key infrastructure, quality attributes, rapid application development, read access, regression testing, release, reliability, remediation, remote access, rootkit, safety, sandboxing, scalability, scan, secure configuration management, secure operating system, security controls, security evaluation, security event, security features, security functions, security kernel, security measures, security mechanism, security policy, security posture, security safeguards, significant change, simple network management protocol, single-hop problem, smurf, sniffer, soft TEMPEST, source code, source code generator, spyware, subsystem, supply chain attack, symbolic execution, system, system and data integrity, system assets, system development methodologies, system life, system low, system retention/backup, system safety, system-high security mode, tcpwrapper, technical attack, technical controls, technical countermeasures, technical security controls, technical security policy, technical vulnerability, technological attack, technology, telecommuting, test bed, test bed configuration, test case generator, test case suite, test coverage, test cycle, test design, test environment, test execution, test item, test plan, test result analyzer, test suite, testability, tester, testing, theft of functionality, trapdoor, trojan horse, trust anchor, trust-file PKI, trusted channel, trusted computer system, trusted computing base, trusted distribution, trusted gateway, trusted path, trustworthy system, type accreditation, unit, unit testing, update access, user initialization, utility programs, validation, vendor, verification, verification and validation, version, virtual machine, virus scanner, virus signature, virus-detection tool, vulnerability, web server, wedged, workgroup computing) (includes CGI scripts, COTS software, Java, antispyware software, antivirus software, application, application program interface, application software, assured software, audit software, commercial off-the-shelf software, commercial software, computer-aided software engineering, cryptographic application programming interface, customer/contractor-supplied software, email security software, encryption software, hardware and system software maintenance, hardware or software error, imported software, mass-market software, mobile software agent, modular software, network management software, networking features of software, programming languages and compilers, public domain software, remote access software, reusable software asset, reverse software engineering, safety-critical software, security software, security support programming interface, shrink-wrapped software, signed applet, software architecture, software assurance, software build, software configuration management, software development, software development lifecycle, software development methodologies, software engineering, software enhancement, software library, software lifecycle, software maintenance, software operation, software performance engineering, software product, software publisher certificate, software quality assurance, software reengineering, software release, software reliability, software repository, software requirement, software security, software system test and evaluation process, software verification and validation, software-based fault isolation, spam filtering software, support software, system software, systems software, trusted software, virus, web content filtering software)

software architecture

The organizational structure of the software or module. [IEEE610] (see also module, software, software development)

software assurance

Level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at anytime during its lifecycle, and that the software functions in the intended manner. [CNSSI][CNSSI-4009] (see also function, lifecycle, vulnerability, assurance, software)

software build

An operational version of a software system or component that incorporates a specified subset of the capabilities the final software system or component will provide. [IEEE610] (see also operation, system, version, software, software development)

software configuration management (SCM)

(see also software, software development)

software development

software development lifecycle

The sequence of events in the development of software. [SRV] (see also software, software development)

software development methodologies

Methodologies for specifying and verifying design programs for system development. Each methodology is written for a specific computer language. [AJP][NCSC/TG004] (see also computer, program, system, development assurance, software, software development, system development methodologies) (includes Gypsy verification environment, enhanced hierarchical development methodology, formal development methodology, hierarchical development methodology)

software engineering

The use of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software, that is, the use of engineering principles in the development of software. [SRV] (see also operation, system, software, software development)

software enhancement

Significant functional or performance improvements. [SRV] (see also function, software, software development)

software library

The controlled collection of configuration items associated with defined baselines: Three libraries can exist: (1) a dynamic library used for newly created or modified software elements, (2) a controlled library used for managing current baselines and controlling changes to them, and (3) a static library used to archive baselines. [SRV] (see also archive, baseline, control, software)

software lifecycle

The period of time that begins when a software product is conceived and ends when the software is no longer available for use. The software lifecycle typically includes a concept phase, requirements phase, design phase, implementation phase, test phase, installation and checkout phase, operation and maintenance phase, and, sometimes, retirement phase. [IEEE610] (see also operation, requirements, test, software, software development, software product)

software maintenance

Activities that modify software to keep it performing satisfactorily. [SRV] (see also software)

software operation

Routine activities that make the software perform without modification. [SRV] (see also operation, software)

software performance engineering

A method for constructing software to meet performance objectives. [SRV] (see also object, software, software development)

software product

The complete set, or any of the individual items of the set, of computer programs, procedures, and associated documentation and data designated for delivery to a customer or end user. [IEEE610] (see also computer, program, users, product, software) (includes mass-market software, software development, software lifecycle, software requirement)

software publisher certificate (SPC)

(see also certificate, software)

software quality assurance (SQA)

The planned systematic pattern of all actions necessary to provide adequate confidence that the product, or process by which the product is developed, conforms to established requirements. [SRV] (see also confidence, process, requirements, system, assurance, quality, software, software development)

software reengineering

The examination and alteration of a subject system to reconstitute it in a new form, and the subsequent implementation of the new form. Reengineering is also known as renovation and reclamation. [SRV] The process of examining, altering, and re-implementing existing software to reconstitute it in a new form. [SRV] (see also process, subject, system, software, software development)

software release

An updated version of commercial software to correct errors, resolve incompatibilities, or improve performance. [SRV] (see also update, version, software)

software reliability

(IEEE) (1) the probability that software will not cause the failure of a system for a specified time under specified conditions. The probability is a function of the inputs to and use of the system in the software. The inputs to the system determine whether existing faults, if any, are encountered. (2) The ability of a program to perform its required functions accurately and reproducibly under stated conditions for a specified period of time. [OVT] The probability that a given software operates for some time period on the machine for which it was designed, without system failure due to a software fault, given that it is used within design limits. [SRV] (see also failure, fault, function, program, robustness, system, reliability, software)

software repository

A permanent, archival storage place for software and related documentation. [SRV] (see also software)

software requirement

A condition or capability that must be met by software needed by a user to solve a problem or achieve an objective. [IEEE610] (see also users, requirements, software, software product) (includes object, software security, testability)

software security

General-purpose (executive, utility, or software development) tools and applications programs or routines that protect data handled by a system. [AJP][NCSC/TG004] (see also application, program, security software, software development, system, security, software, software requirement) (includes security test and evaluation)

software system test and evaluation process

A process that plans, develops, and documents the quantitative demonstration of the fulfillment of all baseline functional, performance, operational, and interface requirements. [AJP][NCSC/TG004] Process that plans, develops, and documents the quantitative demonstration of the fulfillment of all baseline functional performance, operational, and interface requirements. [CNSSI] (see also baseline, function, interface, operation, requirements, evaluation, process, software, software development, system, test) (includes security test and evaluation)

software verification and validation (SV&V)

software-based fault isolation

sole proprietorship

Business owned by one individual liable for the debts and other liabilities incurred in the operation of the business. [DSS]

sole source acquisition

A contract for the purchase of supplies or services entered into or proposed to be entered into by an organization after soliciting and negotiation with only one source. [SRV]

solenoid valve

A valve actuated by an electric coil. A solenoid valve typically has two states: open and closed. [800-82]

solicitation

In contracting, the term means information materials to go out to prospective bidders, requesting their response to a proposal. [SRV] (see also information, response)

sound group

Voice transmission attenuation groups established to satisfy acoustical requirements. Ratings measured in sound transmission class may be found in the Architectural Graphic Standards. [DSS] (see also requirements)

sound masking system

Electronic system used to create background noise to mask conversations and counter audio-surveillance threats. [DSS] (see also threat)

sound transmission class

Rating used in architectural considerations of sound transmission loss such as those involving walls, ceilings, and/or floors. [DSS]

source authentication

(D) ISDs SHOULD NOT use this term because it is ambiguous. If the intent is to authenticate the original creator or packager of data received, then say 'data origin authentication'. If the intent is to authenticate the identity of the sender of data, then say 'peer entity authentication'.. [RFC2828] (see also entity, identity, authentication)

source code

The form in which a computer program is written by the programmer. Source code is written in a programming language that is then compiled into object code or machine code or executed by an interpreter (the software). [SRV] (see also compiler, computer, object, program, software, code, software development) (includes source code generator)

source code generator

A tool that uses software requirements and/or designs to automatically generate source code. An application generator generates entire applications, whereas a source code generator may generate smaller pieces of source code. [SRV] (see also application, requirements, software, code, source code)

source data automation

Automating the data capture process at its source to reduce delays and to improve its accuracy. [SRV] (see also process)

source data entry

Conversion of paper-based data into machine-readable form for input into a computer system. [SRV] (see also computer, system, version)

source document

Existing document containing classified information that is incorporated, paraphrased, restated, or generated in new form into a new document. [DSS] (see also classified)

source integrity

(I) The degree of confidence that can be placed in information based on the trustworthiness of its sources. [RFC2828] (see also confidence, information, trust, integrity)

source program

A form of masquerading where a trusted IP address is used instead of the true IP address as a means of gaining access to a computer system. [FFIEC] (see also access, access control, computer, system, trust, program)

source selection

The process where requirements, technical evaluations, costs, commendations, and policy relevant to an award decision of a competitive procurement are examined, and the decision is made as to the source to supply the required system-related products and services. [SRV] (see also evaluation, policy, process, requirements, system)

spam

(I) (1.) Verb: To indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising in mass quantities. (2.) Noun: electronic 'junk mail'. (D) This term SHOULD NOT be written in upper-case letters, because SPAM(trademark) is a trademark of Hormel Foods Corporation. Hormel says, 'We do not object to use of this slang term to describe [unsolicited commercial email (UCE)], although we do object to the use of our product image in association with that term. Also, if the term is to be used, it should be used in all lower-case letters to distinguish it from our trademark SPAM, which should be used with all uppercase letters.' (C) In sufficient volume, spam can cause denial of service. According to the SPAM Web site, the term was adopted as result of the Monty Python skit in which a group of Vikings sang chorus of 'SPAM, SPAM, SPAM . . .' in an increasing crescendo, drowning out other conversation. Hence, the analogy applied because UCE was drowning out normal discourse on the Internet. [RFC2828] Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. [CNSSI-4009] The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. [SP 800-53] To crash a program by overrunning a fixed-site buffer with excessively large input data. Also, to cause a person or newsgroup to be flooded with irrelevant or inappropriate messages. [AFSEC][NSAINT] Unsolicited bulk commercial email messages. [SP 800-45] (see also association, denial-of-service, internet, message, object, program, email, threat) (includes spam filtering software, spamming)

spam filtering software

A program that analyzes emails to look for characteristics of spam, and typically places messages that appear to be spam in a separate email folder. [SP 800-69] (see also message, program, software, spam)

spammers

Individuals or organizations distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware/malware, or attack organizations (i.e. denial of service). [GAO] (see also attack, information, threat)

spamming

Posing identical messages to multiple unrelated newsgroups. Often used as cheap advertising, to promote pyramid schemes, or simply to annoy other people. [SRV] (see also message, spam)

spanning port

A switch port that can see all network traffic going through the switch. [800-94]

special access office (SAO)

(see also access)

special access program (SAP)

A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level. [SP 800-53; CNSSI-4009] Approved program which imposes strict clearance and investigative criteria, need-to-know and access controls beyond those normally required for access to CONFIDENTIAL, SECRET, or TOP SECRET information. [DSS] Sensitive program, approved in writing by a head of agency with original top secret classification authority, that imposes need-to-know and access controls beyond those normally provided for access to Confidential, Secret, or Top Secret information. The level of controls is based on the criticality of the program and the assessed hostile intelligence threat. The program may be an acquisition program, an intelligence program, or an operations and support program. (Joint Pub 1-02, 12 Apr 2001) [CNSSI] (see also authority, control, critical, information, intelligence, operation, requirements, security clearance, threat, access, program)

special access program facility

(SAPF) Facility formally accredited by an appropriate agency in accordance with DCID 6/9 in which SAP information may be processed. [CNSSI-4009] Facility formally accredited by an appropriate agency in accordance with DCID 6/9 in which SAP information may be procesed. [CNSSI] Specific physical space formally accredited in writing by the cognizant Program Security Officer which satisfies the criteria for generating, safeguarding, handling, discussing, and storing classified and/or unclassified program information, hardware, and materials. [DSS] (see also classified, information, security, access, program)

special access program/special access required

Program imposing 'need-to-know' or access control beyond those normally provided for access to CONFIDENTIAL, SERET, or TOP SECRET information. Such a program includes special clearance, adjudication, or investigative requirements; special designation of officials authorized to determine need-to-know; or special lists of persons determined to have a need-to-know. [DSS] (see also authorized, requirements, access)

special access programs central office

Office within the Department of Defense or military department responsible for establishment and application of regulations, oversight, and security policy for Special Access Programs. [DSS] (see also security, access)

special access programs coordination office

Department of Defense focal point for issues pertaining to Department of Defense controlled special access programs. [DSS] (see also access)

special access required programs oversight committee

Senior Air Force Review Committee for overseeing resource allocation, acquisition, management, security, and execution of Air Force Special Access Programs (excluding National Foreign Intelligence Program). The Secretary of the Air Force approves a Charter which describes the organization, composition, and functions of the Special Programs Oversight Committee. [DSS] (see also foreign, intelligence, security, access)

special activity

Activity, or functions in support of such activity, conducted in support of national foreign policy objectives abroad that is planned and executed so that the role of the U.S. Government is neither apparent nor acknowledged publicly; but that is not intended to influence United States, political processes, public opinion, policies, or media, and does not include diplomatic activities or the collection and production of intelligence or related support functions. [DSS] (see also foreign, intelligence, object)

special background investigation

Personnel security investigation consisting of all the components of a Background Investigation plus certain additional investigative requirements. The period of investigation for a Special Background Investigation is the last 15 years or since the 18th birthday, whichever is shorter, provided that the last 2 full years are covered and that no investigation will be conducted prior to an individual's 16th birthday. [DSS] (see also requirements, security)

special character

Any non-alphanumeric character that can be rendered on a standard American-English keyboard. Use of a specific special character may be application-dependent. The list of special characters follows: ` ~ ! @ # $ % ^ & * ( ) _ + | } { - : ? > < [ ] \ ; - , - / - = [CNSSI-4009]

special information operations (SIO)

Information Operations that by their sensitive nature, due to their potential effect or impact, security requirements, or risk to the national security of the United States, require a special review and approval process. (DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also process, requirements, risk, security, information, operation)

special intelligence (SI)

(see also intelligence)

special investigative inquiry

Supplemental personnel security investigation of limited scope conducted to prove or disprove relevant allegations that have arisen concerning a person upon whom a personnel security determination has been previously made and who, at the time of the allegation, holds a security clearance or otherwise occupies a position that requires a personnel security determination. [DSS] (see also security)

special program document control center

Component activity assigned responsibility by the Information System Security Representative for the management, control, and accounting of all documents and magnetic media received or generated as a result of the special program activity. [DSS] (see also security)

special program review group

Committee responsible for developing the Air Force Special Access Required programs resource requirements, including the Program Objective Memorandum, Budget Estimate Submission, and the President's Budget. [DSS] (see also access, object, requirements)

special security center

Director of National Intelligence element responsible for developing, coordinating, and overseeing the Director of National Intelligence security policies and databases to support Intelligence Community security elements. The Special Security Center interacts with other Intelligence Community security organizations to ensure that the Director of National Intelligence equities are considered in the development of national level security policies and procedures. [DSS] (see also intelligence, security)

special security officer (SSO)

(see also security)

specialized boundary host

A boundary host providing specialized services to users outside the security perimeter [NASA] (see also security, users, boundary)

specific SIO class

An SIO class in which the data types for all components are fully specified.[ISO/IEC 15816: 2002] [SC27]

specification

A description of the technical requirements for a system, product, or service. [SRV] An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, and architectural designs) associated with an information system. [SP 800-53A] (see also requirements, security, system)

spillage

Security incident that results in the transfer of classified or CUI information into an information system not accredited (i.e. authorized) for the appropriate security level. [CNSSI-4009] See classified information spillage. [CNSSI] (see also classified, information, security)

split key

(I) A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items. [RFC2828] (see also cryptographic, key)

split knowledge

(I) A security technique in which two or more entities separately hold data items that individually convey no knowledge of the information that results from combining the items. (O) 'A condition under which two or more entities separately have key components that individually convey no knowledge of the plaintext key that will be produced when the key components are combined in the cryptographic module.' [RFC2828] 1. Separation of data or information into two or more parts, each part constantly kept under control of separate authorized individuals or teams so that no one individual or team will know the whole data. 2. A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key. [CNSSI-4009] A condition under which two or more entities separately have key components that individually convey no knowledge of the plaintext key that will be produced when the key components are combined in the cryptographic module. [FIPS140][SRV] A procedure by which a cryptographic key is split into n multiple key components, individually providing no knowledge of the original key, which can be subsequently combined to recreate the original cryptographic key. If knowledge of k (where k is less than or equal to n) components is required to construct the original key, then knowledge of any k-1 key components provides no information about the original key other than, possibly, its length. [SP 800-57 Part 1] A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, that can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key. [FIPS 140-2] Separation of data or information into two or more parts, each part constantly kept under control of separate authorized individuals or teams so that no one individual or team will know the whole data. [CNSSI] (see also authorized, control, cryptographic, information, key, module, security, key recovery)

sponsor

An entity (organisation, individual, etc.) responsible for the content of a register entry. [SC27] An entity that is authorized to make a request that a certificate be issued to a subject or entity, and that attests that the subject has the need and the right to hold a certificate. [800-103] The person or organization that requests an evaluation of an IT product. [NIAP] The person or organization that requests an evaluation. [AJP][ITSEC] (see also authorized, certificate, entity, evaluation, subject, test)

sponsoring agency

Government department or agency that has granted access to classified national intelligence, including Sensitive Compartmented Information, to a person whom it does not directly employ, for example, a member of another Government organization or a contractor employee. [DSS] (see also access, classified, intelligence)

spoof

Attempt by an unauthorized entity to gain access to a system by posing as an authorized user. [RFC2828] (see also access, access control, authentication, authorized, entity, firewall, impersonating, masquerading, mimicking, phishing, smurfing, system, users, threat consequence) (includes DNS spoofing, address spoofing, anti-spoof, ip spoofing, spoofing attack)

spoofing

'IP spoofing' refers to sending a network packet that appears to come from a source other than its actual source. [SP 800-48] 1. Faking the sending address of a transmission to gain illegal entry into a secure system. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. 2. The deliberate inducement of a user or resource to take incorrect action. [CNSSI-4009] A form of masquerading where a trusted IP address is used instead of the true IP address as a means of gaining access to a computer system. [FFIEC] An attempt to gain access to a system by posing as an authorized user. [AJP][NCSC/TG004] Involves. 1) the ability to receive a message by masquerading as the legitimate receiving destination, or 2) masquerading as the sending machine and sending a message to a destination. [FIPS 191] Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect action. Attempt to gain access to an AIS by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing. [NSAINT] The deliberate inducement of a user or a resource to take an incorrect action. Assuming the characteristics of another computer system or user, for purposes of deception. Using various techniques to subvert IP-based access control by masquerading as another system by using their IP address. [SRV] The deliberate inducement of a user or resource to take an incorrect action. [SRV] Unauthorized use of legitimate Identification and Authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. [CNSSI] Unauthorized use of legitimate identification and authentication data, such as user IDs and passwords, by an intruder to impersonate an authorized user or process to gain access to an IS or data on it. [CIAO] creating a false e-mail address or web page to trick users into passing along critical information like passwords or credit card account numbers. [FJC] (see also mimicking, anti-spoof, access, access control, authentication, authorized, computer, control, critical, hijack attack, identification, impersonation, information, process, resource, subject, system, trust, users, attack, masquerade) (includes DNS spoofing, address spoofing, ip spoofing)

spoofing attack

(I) A synonym for 'masquerade attack'. [RFC2828] (see also attack, masquerade, spoof)

spread

A general term for the extent of variation among cases. [SRV]

spread spectrum

Telecommunications techniques in which a signal is transmitted in a bandwidth considerably greater than the frequency content of the original information. Frequency hopping, direct sequence spreading, time scrambling, and combinations of these techniques are forms of spread spectrum. [CNSSI][CNSSI-4009] (see also communications, information, telecommunications)

spyware

Malware intended to violate a user's privacy. [800-83] Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge. [800-53] Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code. [800-82][SP 800-53; CNSSI-4009] (see also code, identity theft, information, malicious, malware, privacy, software, system, users, malicious code)

spyware detection and removal utility

A program that monitors a computer to identify spyware and prevent or contain spyware incidents. [800-83] (see also computer, identify, incident, program)

SSO PIN

(O) MISSI usage: One of two personal identification numbers that control access to the functions and stored data of a FORTEZZA PC card. Knowledge of the SSO PIN enables the card user to perform the FORTEZZA functions intended for use by an end user and also the functions intended for use by a MISSI certification authority. [RFC2828] (see also Fortezza, access, authority, certification, control, function, identification, users, multilevel information systems security initiative)

SSO-PIN ORA

(O) MISSI usage: A MISSI organizational RA that operates in a mode in which the ORA performs all card management functions and, therefore, requires knowledge of the SSO PIN for an end user's FORTEZZA PC card. [RFC2828] (see also Fortezza, function, users, multilevel information systems security initiative)

stakeholder

An individual or group with an interest in the success of an organization in delivering intended results and maintaining the viability of the organization's products and services. Stakeholders influence plans, programs, products, and services. [SRV] (see also program)

stand-alone automated information system

Stand-alone Automated Information System may include desktop, laptop, and notebook personal computers, and any other hand-held electronic device containing classified information. Stand-alone Automated Information Systems by definition are not connected to any Local Area Network or other type of network. [DSS] (see also classified)

stand-alone, shared system

A system that is physically and electrically isolated from all other systems, and is intended to be used by more than one person, either simultaneously (e.g. a system with multiple terminals) or serially, with data belonging to one user remaining available to the system while another user is using the system (e.g. a personal computer with nonremovable storage media such as a hard disk). [AJP][NCSC/TG004] (see also computer, users, modes of operation, system)

stand-alone, single-user system

A system that is physically and electrically isolated from all other systems, and is intended to be used by one person at a time, with no data belonging to other users remaining in the system (e.g. a personal computer with removable storage media such as a floppy disk). [AJP][NCSC/TG004] (see also computer, modes of operation, system, users)

standalone system

Information Systems operating independent of any other Information Systems within an environment physically secured commensurate with the highest classification of material processed or stored thereon. [DSS]

standard

An established basis of performance used to determine quality and acceptability. [SRV] Start-Up KEK Key-encryption-key held in common by a group of potential communicating entities and used to establish ad hoc tactical networks. [CNSSI-4009] (see also Abstract Syntax Notation One, Advanced Mobile Phone Service, Basic Encoding Rules, COTS software, Clipper chip, Commercial COMSEC Evaluation Program, Common Criteria for Information Technology Security, Computer Security Objects Register, Cryptographic Application Program Interface, DoD Information Technology Security Certification and Accreditation Process, EE, Elliptic Curve Digital Signature Algorithm, FIPS PUB 140-1, Federal Criteria Vol. I, Generic Security Service Application Program Interface, Generic Upper Layer Security, Green book, IEEE 802.10, IEEE P1363, IT Security Evaluation Criteria, IT Security Evaluation Methodology, ITU-T, Information Technology Security Evaluation Criteria, Integrated services digital network, Internet Architecture Board, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Society, Internet Society Copyright, JTC1 Registration Authority, Law Enforcement Access Field, OSI architecture, Open Systems Interconnection Reference model, PC card, PCMCIA, PKCS #10, PKCS #11, PKCS #7, PKIX, POSIX, Post Office Protocol, version 3, Request for Comment, Rivest-Shamir-Adleman algorithm, Secure Data Exchange, Secure Electronic Transaction, TEMPEST, Transport Layer Security Protocol, Trusted Computer System Evaluation Criteria, Type III cryptography, X.400, X.500 Directory, acceptance inspection, accreditation, accreditation body, application program interface, assessment, audit, bandwidth, benchmark, center for information technology excellence, certificate, certificate chain, certificate chain validation, certificate request, certification authority, coefficient of variation, common criteria, communications protocol, compliance-based, computer architecture, conformance, consistency, country code, credentials, cryptographic module security policy, data authentication code, data authentication code vs. Data Authentication Code, data encryption algorithm, deliverable, development environment, dial-up capability, digital signature algorithm, dispersion, electronic data interchange, encryption, evaluation and validation scheme, evaluation authority, evaluation pass statement, extension, file transfer protocol, framing, incident, internet control message protocol, internet protocol, internet vs. Internet, judgment sample, key, key center, key distribution center, key recovery, key translation center, key-escrow system, leapfrog attack, legacy data, level of protection, media access control address, message authentication code vs. Message Authentication Code, network architecture, object identifier, octet, open system environment, open systems, open systems interconnection, operational environment, operational risk, operational risk exposure, origin authenticity, parameters, plug-in, preproduction model, pretty good privacy, privacy enhanced mail, private communication technology, protected communications, public law 100-235, public-key cryptography, public-key forward secrecy, public-key infrastructure, quality, random selection, rootkit, sas 70 report, secret-key cryptography, secure socket layer, security assertion markup language, security clearance, security program manager, security support programming interface, simple mail transfer protocol, simple network management protocol, smartcards, starting variable, stealth probe, stovepipe systems, system administrator, telnet, transmission control protocol, trust hierarchy, trust level, type 3 product, user data protocol, validation, vulnerability, wireless application protocol, wrap) (includes American National Standards Institute, American Standard Code for Information Interchange, British Standard 7799, Digital Signature Standard, Escrowed Encryption Standard, Federal Information Processing Standards, Federal Information Processing Standards Publication 140, Federal Standard 1027, International organization for standardization, Internet Standard, Internet Standards document, National Institute of Standards and Technology, Standard Security Label, Standards for Interoperable LAN/MAN Security, advanced encryption standard, data encryption standard, endorsed data encryption standard products list, extended industry standard architecture, industry standard architecture, information processing standard, international standards organization, interoperability standards/protocols, public-key cryptography standards, requirements for procedures and standards, secure hash standard, standard deviation, standard error of the mean, standard generalized markup language)

standard deviation

The standard deviation is a numerical measure of the spread of a group of values about their mean. It is a measure of the average squared deviation from the mean. It is the square root of the variance. We take the square root to account for the fact that we squared the differences in computing the variance. It is the measure of variability of a statistical sample that serves as an estimate of the population variability. A measure of spread used with interval-ratio variables. A numerical measurement of the dispersion, or scatter, of a group of values about their mean, also called root mean square deviation. This is the most common and useful of the dispersion measures. [SRV] (see also standard)

standard error of the mean

The standard deviation of the sampling distribution of a sample statistic. It is a measure of the variability within a sample. [SRV] (see also standard)

standard generalized markup language

A markup language used to define the structure of and manage documents in electronic form. [CIAO] (see also automated information system, hypertext, wireless application protocol, standard) (includes extensible markup language, hypertext markup language, markup language)

standard operating procedure

A set of instructions used to describe a process or procedure that performs an explicit operation or explicit reaction to a given event. [800-127]

standard practice procedures

Document prepared by a contractor who implements applicable requirements of this manual for the contractor's operations and involvement with classified information at the contractor's facility. [DSS] (see also classified, requirements)

Standard Security Label (SSL)

(see also security, standard)

Standards for Interoperable LAN/MAN Security (SILS)

(N) (1.) The IEEE 802.10 standards committee. (2.) A developing set of IEEE standards, which has eight parts: (a) Model, including security management, (b) Secure Data Exchange protocol, (c) Key Management, (d) [has been incorporated in (a)], (e) SDE Over Ethernet 2.0, (f) SDE Sublayer Management, (g) SDE Security Labels, and (h) SDE PICS Conformance. Parts b, e, f, g, and h are incorporated in IEEE Standard 802.10-1998. [RFC2828] (see also key, key management, model, protocols, security, standard)

star (*) property

(I) (Written '*-property'.) See: 'confinement property' under Bell-LaPadula model. [RFC2828] (see *-property)

Star Trek attack

start-up KEK

Key-encryption-key held in common by a group of potential communicating entities and used to establish ad hoc tactical networks. [CNSSI] (see also encryption, key, network)

starting variable (SV)

Variable defining the starting point of the mode of operation. NOTE - The method of deriving the starting variable from the initializing value is not defined in this International Standard. It needs to be described in any application of the modes of operation. [SC27] Variable derived from the initializing value and used in defining the starting point of the modes of operation. NOTE - The method of deriving the starting variable from the initializing value is not defined in this International Standard. It needs to be described in any application of the modes of operation. [SC27] Variable derived from the initializing value and used in defining the starting point of the modes of operation. NOTE - The method of deriving the starting variable from the initializing value is not defined in this International Standard. It needs to be described in any application of the modes of operation. [ISO 8372: 1987] Variable defining the starting point of the mode of operation. NOTE - The method of deriving the starting variable from the initializing value is not defined in this International Standard. It needs to be described in any application of the modes of operation. [SC27] (see also application, operation, standard)

state

Give required information with no attempt or implied requirement, to justify the information presented. [AJP][FCv1] Intermediate Cipher result that can be pictured as a rectangular array of bytes. [FIPS 197] (see also information)

state delta verification system

A system designed to give high confidence regarding microcode performance by using formulas that represent isolated states of a computation to check proofs concerning the course of that computation. [AJP][NCSC/TG004] (see also code, confidence, system, verification)

state transition diagram (STD)

(see also network)

state variable

A variable that represents either the state of the computer system or the state of some system resource. [AJP][NCSC/TG004] (see also computer, resource, system)

stateful inspection

A firewall inspection technique that examines the claimed purpose of a communication for validity. For example, a communication claiming to respond to a request is compared to a table of outstanding requests. [FFIEC]

stateful packet filtering

The process of forwarding or rejecting traffic based on the contents of a state table maintained by a firewall. Packet filtering and proxy firewalls are essentially static, in that they always forward or reject packets based on the contents of the rule set. In contrast, devices using stateful packet filtering will only forward packets if they correspond with state information maintained by the device about each connection. For example, a stateful packet filtering device will reject a packet on port 20 (ftp-data) if no connection has been established over the ftp control port (usually port 21). [RFC2647] (see also connection, control, information, process, proxy, firewall, packet filtering)

stateful protocol analysis

The process of comparing predetermined profiles of generally accepted definitions of benign protocol activity for each protocol state against observed events to identify deviations. [800-94] (see also file, identify, process, profile, analysis, protocols)

statement coverage

Metric of the number of source language statements executed under test. [OVT] (see also test)

statement of reasons

Letter from a Central Adjudication Facility to a subject, notifying of the Central Adjudication Facility's intent to deny/revoke security clearance/eligibility, and the reasons for the proposed action. [DSS] (see also security, subject)

static analysis

The process of evaluating a system or component based on its form, structure, content, or documentation. Contrast with: dynamic analysis. Analysis of a program carried out without executing the program. (NBS) Analysis of a program that is performed without executing the program. [OVT] (see also process, program, system, analysis)

static binding

A binding in which the name/class association is made when the name is declared (at compile time), but before the creation of the object that the name designates. [SRV] (see also association, object, backup)

static key

A key that is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establish scheme [SP 800-57 Part 1] (see also key)

statistic

A number computed from data on one or more variables. [SRV]

statistical estimate

A numerical value assigned to a population parameter on the basis of evidence from a sample. [SRV] (see also evidence)

statistical process control (SPC)

The application of statistical techniques for measuring, analyzing, and controlling the variation in processes. [SRV] The use of statistical techniques to control the quality of a product or process. [800-82] (see also application, quality, control, process)

status information

Information that is output from a cryptographic module for the purposes of indicating certain operational characteristics or states of the module. [FIPS140] (see also cryptographic, cryptography, module, operation, information)

status monitoring

Monitoring the information security metrics defined by the organization in the information security ISCM strategy. [SP 800-137] (see also security)

steady-state

A characteristic of a condition, such as value, rate, periodicity, or amplitude, exhibiting only negligible change over an arbitrarily long period of time. [800-82] In the context of the NIPP, steady-state is the posture for routine, normal, day-to-day operations as contrasted with temporary periods of heightened alert or real-time response to threats or incidents. [NIPP]

stealth mode

Operating an intrusion detection and prevention sensor without IP addresses assigned to its monitoring network interfaces. [800-94] (see also interface, intrusion, intrusion detection)

stealth probe

A probe that does not use standard connection protocols. Its activity is normally low enough that it does not trigger standard intrusion detection. A low level and inconspicuous network connection. [AFSEC] (see also connection, intrusion, intrusion detection, network, protocols, standard, threat)

steganography

(I) Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. (C) An example of a steganographic method is 'invisible' ink. [RFC2828] The art and science of communicating in a way that hides the existence of the communication. For example, a child pornography image can be hidden inside another graphic image file, audio file, or other file format. [SP 800-72; SP 800-101] The art, science, and practice of communicating in a way that hides the existence of the communication. [CNSSI-4009] (see also cryptography, message)

storage channel

(see covert channel)

storage object

An object that supports both read and write accesses. [AJP][ITSEC][NCSC/TG004][TCSEC][TDI][TNI] Object supporting both read and write accesses to an IS. [CNSSI] Object supporting both read and write accesses to an information system. [CNSSI-4009] (see also access, access control, object)

store

To place an electronic data into a storage medium which may be accessed and retrieved under normal operational circumstances by authorized entities. [800-130] (see also access, authorized, operation)

stovepipe systems

A computer system developed to solve a specific problem, characterized by a limited focus and functionality, and containing data that cannot be easily shared with other computer systems. Most stovepipe systems are legacy systems. [SRV] Systems developed to solve a specific problem and having little or no interconnection with other systems. They are characterized by a limited focus and functionality, and typically contain redundant data, nonstandard data element names, and data that cannot be easily shared with other systems. [SRV] (see also computer, connection, function, standard, system)

strata

Two or more mutually exclusive subdivisions of a population, defined in such a way that each sampling unit can belong to only one subdivision or stratum. [SRV]

stratified random sample

If the population to be sampled is first subclassified into several subpopulations called strata the sample may be drawn by taking random samples from each stratum. The samples need not be proportional to the strata sizes. [SRV] (see also classified, random)

stream cipher

(I) An encryption algorithm that breaks plaintext into a stream of successive bits (or characters) and encrypts the n-th plaintext bit with the n-th element of a parallel key stream, thus converting the plaintext bit stream into a ciphertext bit stream. [RFC2828] Symmetric encryption algorithm with the property that the encryption process involves combining the plaintext with a pseudorandom enciphering sequence one bit at a time. Each ciphertext bit is thus a function of both the corresponding plaintext bit and its position within the sequence of plaintext bits. [SC27] (see also algorithm, encryption, function, key, process, property, random, cipher)

strength of a requirement

Definition of the conditions under which a functional component withstands a defined attack or tolerates failures. [AJP][FCv1] (see also attack, failure, function, evaluation, requirements)

strength of encryption

(see encryption strength)

strength of function (SOF)

A qualification of a TOE security function expressing the minimum efforts assumed necessary to defeat its expected security behavior by directly attacking its underlying security mechanisms. [CC2][CC21][SC27] (see also attack, TOE security functions, function, target of evaluation) (includes SOF-basic, SOF-high, SOF-medium)

strength of mechanisms (SML)

A rating of the ability of a security mechanism to withstand a direct attack. [AJP][JTC1/SC27] A scale for measuring the relative strength of a security mechanism hierarchically ordered from SML 1 through SML 3. [IATF] A scale for measuring the relative strength of a security mechanism. [CNSSI-4009] An aspect of the assessment of the effectiveness of a Target of Evaluation, namely, the ability of its security mechanisms to withstand direct attack against deficiencies in their underlying algorithms, principles, and properties. [AJP][ITSEC] (see also algorithm, assessment, attack, target, security, target of evaluation)

strengths, weaknesses, opportunities, threats (SWOT)

(see also risk management, threat) (includes SWOT analysis)

stress testing

Testing in which a system is subjected to unrealistically harsh inputs or load with inadequate resources with the intention of breaking it. Testing conducted to evaluate a system or component at or beyond the limits of its specified requirements. Stress tests are designed to confront programs with abnormal situations. ... Stress testing executes a system in a manner that demands resources in abnormal quantity, frequency, or volume. ... Essentially, the tester attempts to break the program. (p.652-653) [OVT] (see also black-box testing, boundary value, program, requirements, resource, subject, system, security testing, test)

stretch goal

A goal that requires a significant change in the performance (e.g. quality, time, cost) of a process. [SRV] (see also process, quality)

striped core

A network architecture in which user data traversing a core IP network is decrypted, filtered and re-encrypted one or more times. Note: The decryption, filtering, and re-encryption are performed within a 'Red gateway'; consequently, the core is 'striped' because the data path is alternately Black, Red, and Black. [CNSSI-4009]

strong authentication

(I) An authentication process that uses cryptography--particularly public-key certificates--to verify the identity claimed for an entity. (O) 'Authentication by means of cryptographically derived credentials.' [RFC2828] Layered authentication approach relying on two or more authenticators to establish the identity of an originator or receiver of information. [CNSSI] The requirement to use multiple factors for authentication and advanced technology, such as dynamic passwords or digital certificates, to verify an entity's identity. [CNSSI-4009] (see also certificate, cryptographic, cryptography, entity, identity, information, key, process, public-key, public-key infrastructure, authentication)

structural testing

Testing that takes into account the internal mechanism of a system or component. Types include branch testing, path testing,, statement testing. Syn: glass-box testing; white-box testing. Contrast with: functional testing (1) (1) (IEEE) Testing that takes into account the internal mechanism [structure] of a system or component. Types include branch testing, path testing, statement testing. (2) Testing to insure each program statement is made to execute during testing and that each program statement performs its intended function. Contrast with functional testing. Syn: white-box testing, glass-box testing, logic driven testing. [OVT] (see also function, program, system, security testing, test)

structured query language (SQL)

(see also automated information system)

sub-function

Sub-functions are the basic operations employed to provide the system services within each area of operations or line of business. The recommended information types provided in NIST SP 800-60 is established from the 'business areas' and 'lines of business' from OMB's Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.2 [800-60] (see also information, operation, system, version, function)

sub-registration authority (SRA)

(see also authority, registration)

subassembly

Major subdivision of an assembly consisting of a package of parts, elements, and circuits that perform a specific function. [CNSSI][CNSSI-4009] (see also function)

subclass

A class that inherits from one or more other classes. [SRV]

subcommittee on Automated Information System security (SAISS)

NSDD (National Security Decision Directive) 145 authorized and directed the establishment, under the NTISSC (National Telecommunications and Information Systems Security Committee), of a permanent Subcommittee on Automated Information System Security (SAISS). The SAISS is composed of one voting member from each U.S. federal organization represented on the NTISSC. In 1990, the NTISSC was replaced with the NSTISSC (National Security Telecommunications and Information Systems Security Committee) pursuant to NSD-42. [AJP] NSDD-145 authorizes and directs the establishment, under the NTISSC, of a permanent Subcommittee on Automated Information System Security. The SAISS is composed of one voting member from each organization represented on the NTISSC. [NCSC/TG004] (see also authorized, communications, establishment, telecommunications, National Security Decision Directive 145, computer security, information, system) (includes Automated Information System security)

Subcommittee on Information Systems Security (SISS)

(see also computer security, information, system)

subcommittee on telecommunications security (STS)

NSDD (National Security Decision Directive) 145 authorized and directed the establishment, under the NTISSC (National Telecommunications and Information Systems Security Committee), of a permanent Subcommittee on Telecommunications Security (STS). The STS is composed of one voting member from each U.S. federal organization represented on the NTISSC. In 1990, the NTISSC was replaced with the NSTISSC (National Security Telecommunications and Information Systems Security Committee) pursuant to NSD-42. [AJP] NSDD-145 authorizes and directs the establishment, under the NTISSC, of a permanent Subcommittee on Telecommunications Security. The STS is composed of one voting member from each organization represented on the NTISSC. [NCSC/TG004] (see also authorized, computer security, establishment, information, system, National Security Decision Directive 145, communications, communications security, telecommunications)

subcontract

Contract entered into by a contractor to furnish supplies or services for performance of a prime contract or subcontract. A subcontract is any contract, subcontract, purchase order, lease agreement, service agreement, request for quotation, request for proposal, invitation for bid, or other agreement or procurement action between contractors that requires or will require access to classified information to fulfill the performance requirements of a prime contract. [DSS] (see also access, classified, requirements)

subcontractor

Supplier, distributor, vendor, or firm that furnishes supplies or services to or for a prime contractor or another subcontractor, who enters into a contract with a prime contractor. Each subcontractor shall be considered as a prime contractor in relation to its subcontractors. [DSS]

subject

(I) in a system: A system entity that causes information to flow among objects or changes the system state; technically, a process-domain pair. (I) Of a certificate: The entity name that is bound to the data items in a digital certificate, and particularly a name that is bound to a key value in a public-key certificate. [RFC2828] A field in a certificate that identifies the person or entity to whom the certificate is issued; also, an authorized entity that uses a certificate as applicant, subscriber, recipient or relying party, but not including the CA issuing the certificate. [800-103] Active entity in an IT product or AIS, generally in the form of a process or device, that causes information to flow among objects or changes the system state. [AJP][FCv1] An active entity (generally an individual, process, or device) that causes information to flow among objects or changes the system state. See also Object. [CNSSI-4009] An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or changes the system state. [800-33] An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or changes the system state. Technically, a process/domain pair. [NCSC/TG004][TCSEC][TDI][TNI] An active entity, generally in the form of a person, process, or device. [ITSEC] An active entity- e.g. a process or device acting on behalf of a user, or in some cases the actual user- that can make a request to perform an operation on an object. [SRV] An entity within the TSC that causes operations to be performed. [CC2][CC21][SC27] Generally an individual, process, or device causing information to flow among objects or change to the system state. [CNSSI] Generally an individual, process, or device causing information to flow among objects or changes to the system state. See Object. [SP 800-53] The person whose identity is bound to a particular credential. [800-63] (see object) (see also Biba Integrity model, Biba model, MISSI user, PIV issuer, RA domains, SAML authentication assertion, TSF scope of control, X.500 Directory, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, access control lists, access mode, anti-spoof, attribute certificate, authentication, authenticity, authorized, automated security monitoring, batch process, bind, category, central office of record, certificate, certificate holder, certificate owner, certificate rekey, certificate renewal, certificate update, certificate user, certification path, certify, challenge and reply authentication, ciphertext-only attack, classification guide, collateral information, component, compromised key list, confidentiality, confinement property, contract, controlled area/compound, controlled building, credit check, data integrity, delegation of disclosure authority letter, discretionary access control, distinguished name, end entity, entity, exception, extension, file series, financial disclosure, flow, hash code, hash function, identity, identity theft, identity-based security policy, information, key, key management infrastructure, lead, letter of intent, limited background investigation, local agency check, mandatory access control, minimum background investigation, model, national security system, network, non-repudiation service, object, operation, pass/fail, personality label, personnel security exceptions, personnel security questionnaire, phased periodic reinvestigation, public domain software, public-key, public-key infrastructure, records, references, registration, registration authority, restructuring, reverse engineering, role-based access control, root, root certificate, rule-based security policy, security domain, security label, security level, self-signed certificate, sensitivity label, software reengineering, sponsor, spoofing, statement of reasons, stress testing, system, system entity, target of evaluation, type 1 products, users, validity period, vulnerability, Bell-LaPadula security model, TCB subset, access, candidate TCB subset, component reference monitor, covert storage channel, declassification of AIS storage media, exploitable channel, granularity of a requirement, internal security controls, isolation, least privilege, list-oriented, network reference monitor, object reuse, owner, permissions, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource encapsulation, restricted area, scope of a requirement, secure state, secure subsystem, security attribute, security-relevant event, simple security condition, simple security property, technical policy, ticket-oriented, transaction, write) (includes domain, evidence subject, internal subject, process, subject matter expert, subject security level, trusted subject)

subject matter expert

An expert in a particular field who contributes or verifies the accuracy of specific information needed by the project team. [DSS] (see also subject)

subject security level

A subject's security level is equal to the security level of the objects to which it has both read and write access. A subject's security level must always be dominated by the clearance of the user the subject is associated with. [AJP][NCSC/TG004][TCSEC][TNI] Sensitivity label(s) of the objects to which the subject has both read and write access. Security level of a subject must always be dominated by the clearance level of the user associated with the subject. [CNSSI][CNSSI-4009] (see also access, access control, users, security, subject) (includes object)

subnetwork

(N) An OSI term for a system of packet relays and connecting links that implement the lower three protocol layers of the OSIRM to provide a communication service that interconnects attached end systems. Usually the relays operate at OSI layer 3 and are all of the same type (e.g. all X.25 packet switches, or all interface units in an IEEE 802.3 LAN). [RFC2828] (see also communications, interface, protocols, system, network)

subordinate certification authority (SCA)

(I) A CA whose public-key certificate is issued by another (superior) CA. (O) MISSI usage: The fourth-highest (bottom) level of a MISSI certification hierarchy; a MISSI CA whose public-key certificate is signed by a MISSI CA rather than by a MISSI PCA. A MISSI SCA is the administrative authority for a subunit of an organization, established when it is desirable to organizationally distribute or decentralize the CA service. The term refers both to that authoritative office or role, and to the person who fills that office. A MISSI SCA registers end users and issues their certificates and may also register ORAs, but may not register other CAs. An SCA periodically issues a CRL. [RFC2828] (see also certificate, key, public-key, role, users, authority, certification, multilevel information systems security initiative, public-key infrastructure)

subordinate distinguished name

(I) An X.500 DN is subordinate to another X.500 DN if it begins with a set of attributes that is the same as the entire second DN except for the terminal attribute of the second DN (that is usually the name of a CA). For example, the DN is subordinate to the DN . [RFC2828] (see also distinguished name)

subprocess

A collection of related activities and tasks within a process. [SRV] (see also process)

subscriber

A party who receives a credential or token from a CSP (Credentials Service Provider) and becomes a claimant in an authentication protocol. [CNSSI-4009] A party who receives a credential or token from a CSP (Credentials Service Provider). [SP 800-63] A party who receives a credential or token from a CSP. [800-63] (see also authentication)

subscriber station

A wireless node that typically communicates only with a BS, except when part of a multi-hop relay configuration. [800-127]

subset-domain

A set of system domains. For evaluation by parts, each candidate TCB subset must occupy a distinct subset-domain such that modify-access to a domain within a TCB subset's subset-domain is permitted only to that TCB subset and (possibly) to more primitive TCB subsets. [AJP][TDI] (see also access, access control, evaluation, system, domain, trusted computing base)

subsidiary

Corporation in which another corporation owns at least a majority of its voting securities. [DSS]

substantial issue information

substitution

Altering or replacing valid data with false data that serves to deceive an authorized entity. [RFC2828] (see also authorized, entity, threat consequence)

subsystem

A major subdivision or component of an IT system consisting of hardware/software/firmware that performs a specific function. [800-37] A major subdivision or component of an information system consisting of information, information technology, and personnel that performs one or more specific functions. [800-53][SP 800-53; SP 800-53A; SP 800-37] (see also function, information, software, technology, system)

subtest

The smallest identifiable part of a test consisting of at least one input and one outcome. [OVT] (see also test)

subversion

Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur. [NSAINT] (see also intrusion, operation, attack, version)

suitability of functionality

An aspect of the assessment of the effectiveness of a Target of Evaluation, namely, the suitability of its security enforcing functions and mechanisms to in fact counter the threats to the security of the Target of Evaluation identified in its security target. [AJP][ITSEC] (see also assessment, security, security target, target, threat, function, target of evaluation)

Suite A

A specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission-critical information. [CNSSI-4009] (see also critical)

Suite B

A specific set of cryptographic algorithms suitable for protecting national security systems and information throughout the U.S. Government and to support interoperability with allies and coalition partners. [CNSSI-4009, as modified] (see also security)

superclass

The class from which another class inherits. [SRV]

superencryption

(I) An encryption operation for which the plaintext input to be transformed is the ciphertext output of a previous encryption operation. [RFC2828] Process of encrypting encrypted information. Occurs when a message, encrypted off-line, is transmitted over a secured, online circuit, or when information encrypted by the originator is multiplexed onto a communications trunk, which is then bulk encrypted. [CNSSI][CNSSI-4009] (see also cipher, communications, information, message, operation, process, encryption)

superior certification authority

In a hierarchical PKI, a Certification Authority who has certified the certificate signature key of another CA, and who constrains the activities of that CA. [SP 800-32; CNSSI-4009] (see also certification)

supersession

Scheduled or unscheduled replacement of COMSEC material with a different edition. [CNSSI-4009] Scheduled or unscheduled replacement of a COMSEC aid with a different edition. [CNSSI] (see also communications security)

superuser

A user who is authorized to modify and control IS processes, devices, networks, and file systems. [CIAO] (see also authorized, control, file, network, process, system, users)

supervisor state

Synonymous with executive state of an operating system. [CNSSI] (see executive state)

supervisory control

A term that is used to imply that the output of a controller or computer program is used as input to other controllers. [800-82] (see also computer, program, control)

supervisory control and data acquisition (SCADA)

A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated. [800-82] (see also computer, integrity, operation, process, system, control, control systems)

supplementary character

Check character which does not belong to the character set of the strings which are to be protected. [SC27]

supplementary check character

(see supplementary character)

supply chain

A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers. [SP 800-53; CNSSI-4009]

supply chain attack

Attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the lifecycle. [CNSSI-4009] (see also software, attack)

support software

All software that indirectly supports the operation of a computer system and its functional applications; for example, MACRO instructions, call routines, read and write routines. [SRV] (see also application, computer, function, operation, system, software)

supporting information assurance infrastructures

Collections of interrelated processes, systems, and networks that provide a continual flow of information assurance services throughout the Department of Defense, for example, the key management infrastructure or the incident detection and response infrastructure. [DSS] (see also assurance)

suppression measure

Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in an IS. [CNSSI] Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in an information system. [CNSSI-4009] (see also compromise, emanation, emanations security)

surface warfare

That portion of maritime warfare in which operations are conducted to destroy or neutralize enemy naval surface forces and merchant vessels. [DOD] (see also warfare)

surreptitious entry

Unauthorized entry in a manner that leaves no readily discernible evidence. [DSS] (see also authorized, evidence, threat)

surrogate access

See discretionary access control. [CNSSI] (see also control, access, discretionary access control)

survivability

(I) The ability of a system to remain in operation or existence despite adverse conditions, including both natural occurrences, accidental actions, and attacks on the system. [RFC2828] Capability of a system to withstand a man-made or natural hostile environment without suffering an abortive impairment of its ability to accomplish its dedicated mission. [DSS] (see also attack, operation, system)

suspended state

The key lifecycle state used to temporarily remove a previously active key from that status but making provisions for later returning the key to active status, if appropriate. [800-130] (see also key, lifecycle, key lifecycle state)

suspicious activity report (SAR)

Reports required to be filed by the Bank Secrecy Act when a financial institution identifies or suspects fraudulent activity. [FFIEC] (see also assurance, file, fraud, threat)

suspicious contact

Efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise a cleared employee, all contacts by cleared employees with known or suspected intelligence officers from any country, or any contact which suggests the employee concerned may be the target of an attempted exploitation by the intelligence services of another country. [DSS] (see also access, authorized, classified, compromise, illegal, intelligence, target, threat)

suspicious event

Any event that has the potential to become a validated computer security incident. [AFSEC] (see also computer, computer security, security, security incident, validate, incident)

switched multi-megabit data service (SMDS)

SWOT analysis

An analysis of strengths, weaknesses, opportunities, and threats facing an organization to identify business drives for improvement and to set business strategy. [SRV] (see also identify, analysis, strengths, weaknesses, opportunities, threats)

syllabary

List of individual letters, combination of letters, or syllables, with their equivalent code groups, used for spelling out words or proper names not present in the vocabulary of a code. A syllabary may also be a spelling table. [CNSSI] (see also code)

symbolic execution

A software analysis technique in which program execution is simulated using symbols, such as variable names, rather than actual values for input data, and program outputs are expressed as logical or mathematical expressions involving these symbols. [OVT] (see also analysis, program, software)

symmetric algorithm

An algorithm where the same key can be used for encryption and decryption. [IATF][misc] (see also algorithm, encryption, key) (includes International Data Encryption Algorithm, Rivest Cipher 2, Rivest Cipher 4, Skipjack, data encryption standard, secret key)

symmetric cryptographic technique

A cryptographic technique that uses the same secret key for both the originator's and the recipient's transformation. Without knowledge of the secret key, it is computationally infeasible to compute either the originator's or the recipient's transformation. [SC27] A cryptographic technique that uses the same secret key for both the originator's and the recipient's transformation. Without knowledge of the secret key, it is computationally infeasible to compute either the originator's or the recipient's transformation. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-1: 1996] Cryptographic technique that uses the same secret key for both the encryption and the decryption transformation. Without knowledge of the secret key, it is computationally infeasible to compute either the originator's or the recipient's transformation. [SC27] Cryptographic technique that uses the same secret key for both the encryption and the decryption transformation. Without knowledge of the secret key, it is computationally infeasible to compute either the originator's or the recipient's transformation. [SC27] (see also encryption, key, symmetric cryptography, cryptographic)

symmetric cryptography

(I) A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). (C) Symmetric cryptography has been used for thousands of years. A modern example of a symmetric encryption algorithm is the U.S. Government's Data Encryption Algorithm. (C) Symmetric cryptography is sometimes called 'secret-key cryptography' (versus public-key cryptography) because the entities that share the key, such as the originator and the recipient of a message, need to keep the key secret. For example, when Alice wants to ensure confidentiality for data she sends to Bob, she encrypts the data with a secret key, and Bob uses the same key to decrypt. Keeping the shared key secret entails both cost and risk when the key is distributed to both Alice and Bob. Thus, symmetric cryptography has a key management disadvantage compared to asymmetric cryptography. [RFC2828] Cryptography that uses the same key for both encryption and decryption. [800-77] (see also algorithm, confidentiality, digital signature, encryption, key, key management, message, public-key, risk, signature, symmetric cryptographic technique, symmetric encipherment algorithm, symmetric encryption algorithm, verification, cryptography) (includes Blowfish, CAST, advanced encryption standard, data encryption algorithm)

symmetric encipherment algorithm

An encipherment algorithm that uses the same secret key for both the originator's and the recipient's transformation. [SC27] (see also key, symmetric cryptography, algorithm, cipher, encipherment)

symmetric encryption algorithm

Encryption algorithm that uses the same secret key for both the encryption and decryption processes. NOTE - A symmetric encryption algorithm is a symmetric cryptographic technique that is also an encryption algorithm. [SC27] Encryption algorithms using the same secret key for encryption and decryption. [CNSSI-4009][SP 800-49; CNSSI-4009] (see also cryptographic, key, process, symmetric cryptography, algorithm, encryption)

symmetric key

(I) A cryptographic key that is used in a symmetric cryptographic algorithm. [RFC2828] A cryptographic key that is used in symmetric cryptographic algorithms. The symmetric key used for encryption is also used for decryption. [SRV] A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt and decrypt, or create a message authentication code and to verify the code. [800-63][SP 800-63; CNSSI-4009] A single cryptographic key that is used with a secret (symmetric) key algorithm. [SP 800-21 [2nd Ed]] Encryption methodology in which the encryptor and decryptor use the same key, which must be kept secret. [CNSSI] (see also algorithm, authentication, code, cryptographic, encryption, message, operation, key)

symmetric measure of association

A measure of association that does not make a distinction between independent and dependent variables. [SRV] (see also association)

SYN flood

(I) A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle. [RFC2828] When the SYN queue is flooded, no new connections can be opened. [AFSEC][NSAINT] (see also connection, denial-of-service, protocols, synchronous flood)

synchronous crypto-operation

Encryption algorithms using the same secret key for encryption and decryption. [CNSSI-4009][SP 800-49; CNSSI-4009] Method of online crypto-operation in which cryptographic equipment and associated terminals have timing systems to keep them in step. [CNSSI] (see also system, cryptography, operation)

synchronous flood

A method of disabling a system by sending more SYN packets than its networking code can handle. [SRV] (see also code, network, system, attack) (includes SYN flood)

synchronous transmission

The serial transmission of a bit stream in which each bit occurs at a fixed time interval and the entire stream is preceded by a specific combination of bits that initiate the timing. [SRV] (see also network)

syntax

The rules for constructing acceptable sentences of a language. [800-130] The structural or grammatical rules that define how symbols in a language are to be combined to form words, phrases, expressions, and other allowable constructs. [OVT]

syntax testing

A test case design technique for a component or system in which test case design is based upon the syntax of the input. [OVT] (see also system, security testing, test)

synthetic benchmarks

A performance test consisting of programs and data written specifically as a benchmark. [SRV] (see also program, test)

system

system accreditation

Authorizes the operation of a major application or a general support system at a particular location with specified environmental constraints. [800-37] (see also application, operation, accreditation, system)

system acquisition plan (SAP)

(see also system)

system administrator (SA)

A person who manages the technical aspects of a system. [SP 800-40] Individual responsible for maintaining the system in day-to-day operations. The System Administrator is responsible for managing system hardware and software, data storage devices and application software; managing system performance; provide system security and customer support; performing equipment custodian duties; maintaining software licenses and documentation; monitoring hardware and software maintenance contracts: establishing Userids and passwords; ensuring adequate network connectivity; reviewing audit trails; and providing backup of systems operations and other system unique requirements. [DSS] Individual responsible for the installation and maintenance of an IS, providing effective IS utilization, adequate security parameters, and sound implementation of established IA policy and procedures. [CNSSI] Individual responsible for the installation and maintenance of an information system, providing effective information system utilization, adequate security parameters, and sound implementation of established Information Assurance policy and procedures. [CNSSI-4009] Person responsible for the effective operation and maintenance of an IS, including implementation of standard procedures and controls to enforce an organization's security policy. [CIAO] (see also assurance, audit, backup, control, information assurance officer, operation, policy, requirements, security, standard, users, system)

system administrator privileges

System administrators have more rights (greater permissions) as their work involve the maintenance of system files. [RFC2504] (see also file, system)

system and data integrity

A family of security controls in the operations class dealing with the logical correctness and reliability of the operating system, the logical completeness of the hardware and software implementing the protection mechanisms, and the consistency of the data structures and occurrence of the stored data. [800-37] (see also control, operation, security, software, integrity, system)

system assets

Any software, hardware, data, administrative, physical, communications, or personnel resource within an IS. [CNSSI] Any software, hardware, data, administrative, physical, communications, or personnel resource within an information system. [CNSSI-4009] (see also communications, resource, software, system)

system boundary

Encompasses all those components of the system that are to be accredited by the DAA and excludes separately accredited systems, to which the system is connected. [800-37] (see also boundary, system)

system design review (SDR)

(see also system)

system development

(see also analysis, system)

system development and acquisition

A family of security controls in the management class dealing with the design, development and acquisition of IT systems. [800-37] (see also control, security, system)

system development lifecycle (SDLC)

(SDLC) The scope of activities associated with a system, encompassing the system's initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation. [SP 800-34; CNSSI-4009] A written strategy or plan for the development and modification of computer systems, including initial approvals, development documentation, testing plans and results, and approval and documentation of subsequent modifications. [FFIEC] (see also computer, security testing, test, development, system)

system development methodologies

Methodologies developed through software engineering to manage the complexity of system development. Development methodologies include software engineering aids and high-level design analysis tools. [AJP][CNSSI][NCSC/TG004] (see also analysis, software, system) (includes software development methodologies)

system entity

(I) An active element of a system-- e.g. an automated process, a subsystem, a person or group of persons-- that incorporates a specific set of capabilities. [RFC2828] (see also authentication, information, object, process, role, subject, entity, system)

system entry

Mechanism by which an identified and authenticated user is provided access into the system. [AJP][FCv1] (see also access, authentication, access control, system)

system files

The set of files on a system that do not belong to end-users, which govern the functionality of the computer system. System files have a great impact on the security of the computer system. [RFC2504] (see also computer, function, security, users, file, system)

system high

(I) The highest security level supported by a system at a particular time or in a particular environment. [RFC2828] Highest security level supported by an IS. [CNSSI] Highest security level supported by an information system. [CNSSI-4009] The highest security level supported by a system at a particular time or in a particular environment. [AJP][TNI] (see also system low, security, modes of operation, system, system-high security mode)

system high mode

IS security mode of operation wherein each user, with direct or indirect access to the IS, its peripherals, remote terminals, or remote hosts, has all of the following: a. valid security clearance for all information within an IS; b. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments and/or special access programs); and c. valid need-to- know for some of the information contained within the IS. [CNSSI] Information systems security mode of operation wherein each user, with direct or indirect access to the information system, its peripherals, remote terminals, or remote hosts, has all of the following: a. valid security clearance for all information within an information system; b. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments and/or special access programs); and c. valid need-to-know for some of the information contained within the information system. [CNSSI-4009] (see also access, access control, computer security, information, operation, process, program, security, users, system)

system indicator

Symbol or group of symbols in an off-line encrypted message identifying the specific cryptosystem or key used in the encryption. [CNSSI][CNSSI-4009] (see also cryptographic system, cryptography, encryption, identify, key, message, system)

system integrity

(1) The quality of a system fulfilling its operational purpose while (a) preventing unauthorized users from making modifications to resources or using resources, and (b) preventing authorized users from making improper modifications to resources or making improper use of resources. (2) The quality that a system has when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the computer system. [AJP] (I) 'The quality that a system has when it can perform its intended function in a unimpaired manner, free from deliberate or inadvertent unauthorized manipulation.' [RFC2828] Attribute of an IS when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. [CNSSI] Attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. [CNSSI-4009] Optimal functioning of an IS, free from unauthorized impairment or manipulation. [CIAO] The quality of a system fulfilling its operational purpose while: preventing unauthorized users from making modifications to resources or using resources preventing authorized users from making improper modifications to resources or making improper use of resources. [JTC1/SC27] The quality that a system has when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the computer system. [NCSC/TG004][SRV] The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental. [800-33][SP 800-27] (see also authorized, computer, function, operation, quality, resource, users, integrity, system)

system integrity service

(I) A security service that protects system resources in a verifiable manner against unauthorized or accidental change, loss, or destruction. [RFC2828] (see also authorized, resource, security, integrity, system)

system interconnection

A family of security controls in the management class dealing with the operational, technical, and management requirements for interconnecting IT systems. [800-37] The direct connection of two or more IT systems for the purpose of sharing data and other information resources. [SP 800-47; CNSSI-4009] (see also control, operation, requirements, security, connection, system)

system life

A projection of the time period that begins with the installation of a system resource (e.g. software or hardware) and ends when the organization's need for that resource has terminated. [SRV] (see also resource, software, system)

system lifecycle

The evolution with time of the computer system from conception through to disposal. [SC27] (see also computer, system)

system low

(I) The lowest security level supported by a system at a particular time or in a particular environment.$ system resource (I) Data contained in an information system; or a service provided by a system; or a system capability, such as processing power or communication bandwidth; or an item of system equipment (i.e. a system component--hardware, firmware, software, or documentation); or a facility that houses system operations and equipment. [RFC2828] Lowest security level supported by an IS. [CNSSI] Lowest security level supported by an information system. [CNSSI-4009] The lowest security level supported by a system at a particular time or in a particular environment. [AJP][NCSC/TG004][TNI] (see also system high, information, operation, process, resource, security, software, modes of operation, system)

system of records

A group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. [SP 800-122] (see also control)

system owner

Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system. [CNSSI-4009] Represents the interests of the user community and the IT system throughout the system's lifecycle. The system owner assumes responsibility for the system after delivery and installation during operation, maintenance, and disposal. [800-37] (see also development, operation, users, owner, system)

system parameter

A factor or property whose value determines a characteristic or behavior of the computer system. [SRV] (see also computer, property, system)

system profile

Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an IS. [CNSSI] Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an information system. [CNSSI-4009] (see also security, file, profile, system)

system requirement

A condition or capability that must be met or possessed by a system or system component to satisfy a condition or capability needed by a user to solve a problem. [IEEE610] (see also users, requirements, system)

system resources

Capabilities that can be accessed by a user or program either on the user's machine or across the network. Capabilities can be services, such as file or print services, or devices, such as routers. [FFIEC] (see also access, access control, automated information system, file, program, router, users, resource, system)

system retention/backup

The process of saving software and information on magnetic media and storing the media in a location away from the IT facility. This process will ensure availability of critical resources and facilitate continued processing in an emergency situation. [NASA] (see also critical, information, process, resource, software, availability, backup, system)

system safety

Freedom from those conditions that can cause death or injury, or damage to or loss of data, hardware, or software. [SRV] (see also damage, software, system)

system security

See information systems security. [CNSSI] (see also information, information systems security, system)

system security authorization agreement (SSAA)

Formal document that fully describes the planned security tasks required to meet system or network security requirements. The package must contain all information necessary to allow the Designated Approving Authority to make an official management determination for authorization for a system, or site to operate in a particular security mode of operation; with a prescribed set of safeguards, against a defined threat with stated vulnerabilities and countermeasures; in a given operational environment; under a stated operational concept; with stated interconnections to external systems; and at an acceptable level of risk. [DSS] The SSAA is the formal agreement among the DAA(s), Certifier, user representative, and program manager. It is used throughout the entire DITSCAP to guide actions, document decisions, specify IA requirements, document certification tailoring and level-of-effort, identify potential solutions, and maintain operational systems security. [IATF] (see also connection, countermeasures, identify, operation, program, risk, threat, vulnerability, authorization, requirements, security, system) (includes system security plan)

system security engineering

Efforts that help achieve maximum security and survivability of a system during its lifecycle and interfacing with other program elements to ensure security functions are effectively integrated into the total system engineering effort. [DSS] See information systems security engineering. [CNSSI] (see also information, information systems security, system)

system security management

(see also security, system)

system security officer (SSO)

(I) A person responsible for enforcement or administration of the security policy that applies to the system. [RFC2828] Person assigned to implement an organization's computer security policy. Also referred to as a system security program manager. [CIAO] See information system security officer. [CNSSI] The person responsible for the security of a system. The SSO is authorized to act in the 'security administrator' role. Functions that the SSO is expected to perform include: auditing and changing security characteristics of a user. [TNI] The person responsible to the Designated Approving Authority, program manager, and/or system/data owner for ensuring the security of an IT system throughout its lifecycle, from design through disposal. [800-37] (see also audit, authority, authorized, computer, function, information, owner, policy, program, role, users, officer, security, system) (includes information system security officer)

system security plan (SSP)

A formal document listing the tasks necessary to meet system security requirements, a schedule for their accomplishments, and to whom responsibilities for each task are assigned. [CIAO] A system document that provides an overview of the security requirements of a system and describes the controls in place to meet those requirements. [800-127] Document fully describing the planned security tasks and controls required to meet system security requirements. [CNSSI] The formal document prepared by the information system owner (or common security controls owner for inherited controls) that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements. The plan can also contain as supporting appendices or as references, other key security-related documents such as a risk assessment, privacy impact assessment, system interconnection agreements, contingency plan, security configurations, configuration management plan, and incident response plan. [CNSSI-4009] (see also control, management, privacy, risk, system, system security authorization agreement)

system security policy

The set of laws, rules, and practices that regulate how sensitive information and other resources are managed, protected, and distributed within a specific system. [AJP][ITSEC] (see also information, resource, policy, security policy, system)

system software

Computer programs that control, monitor, or facilitate use of the Information System; for example, operating systems, programming languages, communication, input-output control, sorts, security packages and other utility-type programs. Considered to also include off-theshelf application packages obtained from manufacturers and commercial vendors, such as for word processing, spreadsheets, data base management, graphics, and computer-aided design. [DSS] Controls that limit and monitor access to the powerful programs and sensitive files that (1) control the computer hardware and (2) secure applications supported by the system. [CIAO] The special software (e.g. operating system, compilers or utility programs) designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system, programs, and data. [FIPS140] The special software within the cryptographic boundary (e.g., operating system, compilers or utility programs) designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system, associated programs, and data. [FIPS 140-2] (see also access, access control, application, computer, control, file, operation, program, security, software, system)

system testing

The testing of a complete system prior to delivery. The purpose of system testing is to identify defects that will only surface when a complete system is assembled. That is, defects that cannot be attributed to individual components or the interaction between two components. System testing includes testing of performance, security, configuration sensitivity, startup and recovery from failure modes. [OVT] (see also identify, recovery, security testing, system, test)

system under test (SUT)

The real open system in which the Implementation Under Test (IUT) resides. [OVT] (see also system, test)

system verification

(see also system, verification)

system-high security mode

(I) A mode of operation of an information system, wherein all users having access to the system possess a security clearance or authorization, but not necessarily a need-to-know, for all data handled by the system. (C) This mode is defined formally in U.S. Department of Defense policy regarding system accreditation, but the term is widely used outside the Defense Department and outside the Government. [RFC2828] The mode of operation in which system hardware and software is only trusted to provide discretionary protection between users. In this mode, the entire system, to include all components electrically and/or physically connected, must operate with security measures commensurate with the highest classification and sensitivity of the information being processed and/or stored. All system users in this environment must possess clearances and authorization for all information contained in the system. All system output must be clearly marked with the highest classification and all system caveats until the information has been reviewed manually by an authorized individual to ensure appropriate classifications and that caveats have been affixed. Compare Dedicated Security Mode, Multilevel Security Mode. [TNI] (see also access, access control, accreditation, authorization, authorized, classification levels, classified, dedicated security mode, information, operation, policy, process, software, trust, users, modes of operation, multilevel security mode, system) (includes system high)

system-specific security control

A security control for an information system that has not been designated as a common security control or the portion of a hybrid control that is to be implemented within an information system. [SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009] (see also control, security)

systematic declassification review

Review for declassification of classified information contained in records that have been determined by the Archivist to have permanent historical value in accordance with title 44 of the United States Code. [DSS] (see also classified)

systematic selection with a random start

A sampling method in which a given sample size is divided into the population size in order to obtain a sampling interval. A random starting point between 1 and the sampling interval is obtained. This item is selected first; then every item whose number or location is equal to the previously selected item plus the sampling interval is selected, until the population is used up. [SRV] (see also random, system)

systems administrator

The individual who maintains the system and has system administrator privileges. In order to avoid errors and mistakes done by this individual while not acting as an administrator, he/she should limit the time he/she acts as an administrator (as known to the system) to a minimum. [RFC2504] (see also system)

systems engineering

The systematic application of technical and managerial processes and concepts to transform an operational need into an efficient, cost-effective system, using an iterative approach to define, analyze, design, build, test, and evaluate the system. [SRV] (see also application, operation, process, test, system)

systems security steering group

The senior U.S. Government body established by NSDD (National Security Decision Directive) 145 to provide top-level review and policy guidance for the telecommunications security and Automated Information System security activities of the U.S. Government. This group is chaired by the Assistant to the President for National Security Affairs and consists of the Secretary of State, Secretary of Treasury, Secretary of Defense, Attorney General, Director of the Office of Management and Budget, and Director of Central Intelligence. In 1990, NSDD 145 was partially replaced by NSD-42. [AJP] The senior government body established by NSDD-145 to provide top-level review and policy guidance for the telecommunications security and Automated Information System security activities of the U.S. Government. This group is chaired by the Assistant to the President for National Security Affairs and consists of the Secretary of State, Secretary of Treasury, the Secretary of Defense, the Attorney General, the Director of the Office of Management and Budget, and the Director of Central Intelligence. [NCSC/TG004] (see also communications, communications security, computer security, information, intelligence, policy, telecommunications, security, system)

systems software

A major category of programs used to control the computer and process other programs, such as secure operating systems, communications control programs, and database managers. Contrasts with applications software, which comprises the data entry, update, query, and report programs that process an organization's data. [SRV] A series of control programs including the operating system, communications software, and database management system. [SRV] (see also application, communications, computer, control, process, program, update, software, system)

T-1 line

A special type of telephone line for digital communication only. [FFIEC]

tactical approval to operate

Cognizant Security Authority delegated authority to an operational element to allow a Tactical Sensitive Compartmented Information Facility to be functional before formal accreditation is received. Tactical Approval to Operate may not exceed 1 year in duration. [DSS] (see also security)

tactical data

Information that requires protection from disclosure and modification for a limited duration as determined by the originator or information owner. [CNSSI-4009]

tactical edge

The platforms, sites, and personnel (U. S. military, allied, coalition partners, first responders) operating at lethal risk in a battle space or crisis environment characterized by 1) a dependence on information systems and connectivity for survival and mission success, 2) high threats to the operational readiness of both information systems and connectivity, and 3) users are fully engaged, highly stressed, and dependent on the availability, integrity, and transparency of their information systems. [CNSSI-4009] (see also availability, risk, threat, users)

tactical sensitive compartmented information facility

Area, room, group of rooms, building, o installation accredited for Sensitive Compartmented Information- level processing, storage and discussion, that is used for operational exigencies (actual or simulated) for a specified period of time not exceeding one year. [DSS]

tactical special access program facility

Accredited area used for actual or simulated war operations for a specified period of time. [DSS] (see also access)

tactical terminal (TACTERM)

tactical trunk encryption device (TACTED)

(see also encryption)

tailored security control baseline

A set of security controls resulting from the application of tailoring guidance to the security control baseline. See Tailoring. [SP 800-37; SP 800-53; SP 800-53A] (see also control, security)

tailoring (assessment procedures)

The process by which assessment procedures defined in Special Publication 800-53A are adjusted, or scoped, to match the characteristics of the information system under assessment, providing organizations with the flexibility needed to meet specific organizational requirements and to avoid overly-constrained assessment approaches. [SP 800-53A] (see also requirements)

tailoring

The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements. [SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009] (see also control, security)

tamper

(I) Make an unauthorized modification in a system that alters the system's functioning in a way that degrades the security services that the system was intended to provide. [RFC2828] In context of corruption, deliberate alteration of a system's logic, data, or control information to interrupt or prevent correct operation of system functions. [RFC2828] In context of misuse, deliberate alteration of a system's logic, data, or control information to cause the system to perform unauthorized functions or services. [RFC2828] Unauthorized modification that alters the proper functioning of cryptographic or automated information system security equipment in a manner that degrades the security or functionality it provides. [IATF] (see also Clipper chip, Federal Standard 1027, TCB subset, authorized, computer security, control, cryptographic, denial-of-service, function, information, operation, personal security environment, protective technologies, quadrant, reference monitor, reference validation mechanism, signed applet, smartcards, system, trusted foundry, trusted platform module chip, encryption, security, threat consequence) (includes anti-tamper, anti-tamper executive agent, tamper resisting, tampering)

tamper resisting

Refers to the technology available to prevent unauthorized alteration or modification of cards. [GSA] (see also authorized, technology, tamper)

tampering

An intentional event resulting in modification of a system, its intended behavior, or data. [CNSSI-4009] An unauthorized modification that alters the proper functioning of equipment or system in a manner that degrades the security or functionality it provides. [AFSEC][AJP][NCSC/TG004][SRV] Refers to any unauthorized alteration or modification of a card. [GSA] Unauthorized modification altering the proper functioning of INFOSEC equipment. [CNSSI] (see also authorized, function, system, attack, tamper)

target

Individual, operation, or activity which an adversary has determined possesses information that might prove useful in attaining his/her objective. [DSS] (see also Defense Travel Briefing, European Information Technology Security Evaluation Criteria, Office of Foreign Assets Control, TOE security policy, acceptance procedure, account aggregation, active security testing, administration documentation, administrator, advanced persistent threats, adversary, advisory, architectural design, assurance, assurance level, attack, attribute-based access control, automated security incident measurement, binding of functionality, component, computer network exploitation, configuration, configuration control, construction, controlled information, correctness, counterintelligence assessment, critical mechanism, cross site scripting, deliverable, deliverables list, delivery, detailed design, developer, development environment, development process, documentation, ease of use, effectiveness, electronic warfare support, end-user, evaluation, evaluation assurance, evasion, external it entity, functionality class, implementation, intrusion detection systems, intrusion prevention system, message passing, network sniffing, object, operating procedure, operating system fingerprinting, operation, operational documentation, operational environment, pagejacking, passive security testing, penetration testing, production, programming languages and compilers, protection profile, proximity sensor, rating, reference monitor, requirements, risk, scenario, screen scraping, secure copy, security enforcing, security environment threat list, security functions, security objectives, security relevant, social engineering, strength of mechanisms, suitability of functionality, suspicious contact, technical threat analysis, threat, threat source, tool, trusted path, uniform resource identifier, user documentation, vulnerability, vulnerability assessment) (includes security target, target identification and analysis techniques, target of evaluation, target vulnerability validation techniques)

target identification and analysis techniques

Information security testing techniques, mostly active and generally conducted using automated tools, used to identify systems, ports, services, and potential vulnerabilities. Target identification and analysis techniques include network discovery, network port and service identification, vulnerability scanning, wireless scanning, and application security testing. [800-115] (see also application, information, information security, security, security testing, system, test, vulnerability, analysis, identification, target)

target of evaluation (TOE)

An IT product or system and its associated administrator and user guidance documentation that is the subject of evaluation. [CC2][CC21][IATF][OVT][SC27] An IT product that is subjected to security evaluation under the Common Criteria. [NIAP] An IT system, product, or component that is identified/subjected as requiring security evaluation. [AJP] An IT system, product, or component that is subjected to security evaluation. [CC1][ITSEC] IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation. [CNSSI] In accordance with Common Criteria, an information system, part of a system or product, and all associated documentation, that is the subject of a security evaluation. [CNSSI-4009] (see also criteria, security, subject, system, users, evaluation, target, trusted computing base) (includes European Information Technology Security Evaluation Criteria, IT security certification, SOF-basic, SOF-high, SOF-medium, TOE resource, TOE security functions, TOE security functions interface, TOE security policy, TOE security policy model, TSF data, TSF scope of control, acceptance procedure, administration documentation, administrator, architectural design, asset, assurance, binding of functionality, component, configuration, configuration control, connectivity, construction, construction of TOE requirements, critical mechanism, deliverables list, delivery, detailed design, developer, development environment, development process, documentation, ease of use, end-user, external it entity, formal model of security policy, functionality, functionality class, human user, implementation, inter-TSF transfers, internal TOE transfer, internal communication channel, operating procedure, operation, operational documentation, operational environment, penetration testing, production, programming languages and compilers, reference monitor, requirements, requirements for procedures and standards, resource, role, security enforcing, security functions, security objectives, security relevant, security target, strength of function, strength of mechanisms, suitability of functionality, tool, transfers outside TSF control, user documentation, vulnerability, vulnerability assessment)

target vulnerability validation techniques

Active information security testing techniques that corroborate the existence of vulnerabilities. Target identification and analysis techniques include password cracking, remote access testing, penetration testing, social engineering, and physical security testing. [800-115] (see also access, analysis, identification, information, information security, passwords, security, security testing, test, target, validation, vulnerability)

task

(1) A sequence of instructions treated as a basic unit of work. [IEEE610]

TCB subset

A set of firmware, software, and hardware (where any of these three could be absent) that mediates the access of a set S of subjects to a set O of objects on the basis of a stated access control policy P and satisfies the properties: (1) M mediates every access to objects in O by subjects in S, (2) M is tamper resistant, and (3) M is small enough to be subject to analysis and tests, the completeness of which can be assured. [AJP][FCv1][TDI] (see also access, access control, analysis, control, policy, software, tamper, test, trusted computing base) (includes object, subject)

tcpwrapper

A software tool for security which provides additional network logging, and restricts service access to authorized hosts by service. [NSAINT] (see also access, access control, authorized, network, software, security software)

tear line

Place in an intelligence report (usually denoted by a series of dashes) at which the sanitized version of a more highly classified and/or controlled report begins. The sanitized information below the tear line should contain the substance of the information above the tear line, but without identifying the sensitive sources and methods. This will permit wider dissemination, in accordance with the need-to-know, need-to-release, and write-torelease principles and foreign disclosure guidelines of the information below the tear line. [DSS] (see also classified, foreign, intelligence)

technical attack

An attack that can be perpetrated by circumventing hardware and software protection mechanisms, rather than by subverting system personnel or other users. [SRV] An attack that can be perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users. [AFSEC][AJP][NCSC/TG004][OVT] (see also software, system, users, attack)

technical controls

Consist of hardware and software controls used to provide automated protection to the system or applications. Technical controls operate within the IT system and applications. [800-37] Security controls (i.e. safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. (NIST Special Pub 800-53.) [CNSSI] The security controls (i.e. safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. [800-82][SP 800-53; SP 800-53A; SP 800-37; FIPS 200] (see also application, countermeasures, information, security, security controls, software, system, control)

technical countermeasures

A security feature implemented in hardware and/or software, that is incorporated in the network information security processing system. [IATF] System safeguards implemented by computer systems, including controls such as authentication, access control, auditing, and protecting communications. [800-127] (see also access, audit, authentication, information, information security, network, process, software, system, countermeasures, security)

technical data

Information, other than software, which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of Defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions and documentation. Classified information relating to Defense articles and services. Information covered by an invention secrecy order. Software directly related to Defense articles. This definition does not include information concerning general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities or information in public domain. It also does not include basic marketing information on function or purpose or general system descriptions of Defense articles. [DSS] (see also classified)

technical non-repudiation

The contribution of public key mechanisms to the provision of technical evidence supporting a non-repudiation security service. [SP 800-32] (see also security)

technical policy

(1) The set of rules regulating access of subjects to objects enforced by a TCB subset. (2) The set of rules regulating access of subjects to objects enforced by a computer system. [AJP] The set of rules regulating access of subjects to objects enforced by a TCB subset. [FCv1] The set of rules regulating access of subjects to objects enforced by a computer system. [TDI] (see also access, computer, system, trust, access control, policy) (includes object, subject)

technical reference model

A component-driven, technical framework that categorizes the standards and technologies to support and enable the delivery of service components and capabilities. [CNSSI-4009]

technical review board (TRB)

technical security

Security discipline dedicated to detecting, neutralizing, and/or exploiting a wide variety of hostile and foreign penetration technologies. The discipline mandates training in various countermeasure techniques. [DSS] (see also foreign, security)

technical security controls

Security controls (i.e. safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. [CNSSI-4009] (see also software, control, security)

technical security policy

(1) Specific protection conditions and/or protection philosophy that expresses the boundaries and responsibilities of the IT product in supporting the information protection policy control objectives and countering expected threats. (2) The set of laws, rules, and practices regulating the processing of sensitive information and the use of resources by the hardware and software of An IT system, product, or component. [AJP] Specific protection conditions and /or protection philosophy that express the boundaries and responsibilities of the IT product in supporting the information protection policy control objectives and countering expected threats. [FCv1] The set of laws, rules, and practices regulating the processing of sensitive information and the use of resources by the hardware and software of An IT system, product, or component. [ITSEC] (see also control, information, process, resource, software, system, threat, policy, security policy) (includes object)

technical surveillance countermeasures (TSCM)

Physical, electronic, and visual techniques used to detect and counter technical surveillance devices, technical security hazards, and related physical security deficiencies. [DSS] (see also security, countermeasures)

technical surveillance countermeasures inspection

Government-sponsored comprehensive physical and electronic examination of an area by trained and specially equipped security personnel to detect or counter technical surveillance penetrations or hazards. [DSS] (see also security, countermeasures)

technical surveillance countermeasures surveys and evaluations

Physical, electronic, and visual examination to detect technical surveillance devices, technical security hazards, and attempts at clandestine penetration. [DSS] (see also security, countermeasures, evaluation)

technical threat analysis

Continual process of compiling and examining all available information concerning potential technical surveillance activities by intelligence collection groups which could target personnel, information, operations and resources. [DSS] (see also intelligence, target, analysis, threat)

technical vulnerability

A hardware, firmware, communication, or software flaw that leaves a computer processing system open for potential exploitation, either externally or internally, thereby resulting in risk for the owner, user, or manager of the computer system. [AFSEC][AJP][NCSC/TG004][OVT][SRV] Hardware, firmware, communication, or software weakness that leaves an Information System. Open for potential exploitation or damage, either externally resulting in risk for the owner, user, or manager of the Information System. [DSS] (see also computer, damage, exploit, owner, process, risk, software, system, users, vulnerability)

technical vulnerability information

Detailed description of a vulnerability to include the implementable steps (such as code) necessary to exploit that vulnerability. [CNSSI] (see also code, information, vulnerability)

technological attack

An attack that can be perpetrated by circumventing or nullifying hardware and software access control mechanisms, rather than by subverting system personnel or other users. [SRV] (see also access, access control, control, software, system, users, attack)

technology

1) Broadly defined, includes processes, systems, models and simulations, hardware, and software. 2) All hardware and software, connectivity, countermeasures and/or safeguards that are utilized in support of the core process. [CIAO] Information and know-how (whether in tangible form, such as models, prototypes, drawings, sketches, diagrams, blueprints, or manuals, or in intangible form, such as training or technical services) that can be used to design, produce, manufacture, utilize, or reconstruct goods, including computer software and technical data, but not the goods themselves, or the technical information and know-how that can be used to design, produce, manufacture, use, or reconstruct goods, including technical data and computer software. The term does not include the goods themselves. [DSS] (see also Defensive Information Operations, Digital Signature Standard, Federal Criteria Vol. I, Federal Information Processing Standards, Guidelines and Recommendations for Security Incident Processing, IA-enabled information technlogogy product, IT-related risk, International Traffic in Arms Regulations, International organization for standardization, Internet Engineering Task Force, PCMCIA, Scope of Accreditation, access, access control, antivirus tools, approved technologies list, archive, assurance, asynchronous transfer mode, beyond A1, broadband network, cellular transmission, chief information agency officer, chief information officer, code division multiple access, collaborative computing, common criteria, common criteria version 1.0, common criteria version 2.0, computer related crime, container, control, correctness, countermeasures, criteria, cyberattack, cyberspace, data encryption standard, defense-in-depth, digital telephony, electronic commerce, emanations security, extranet, facilities, false negative, false positive, frame relay, graduated security, information assurance product, information category, information resources, intranet, intrusion, kerberos, key-escrow system, major application, national information assurance partnership, personal communications network, phreaking, process, proximity, public law 100-235, quadrant, risk management, scoping guidance, secure multipurpose internet mail extensions, security, security policy, should, social engineering, software, subsystem, system, tamper resisting, tokens, tunneling, vendor, vulnerability, web vs. Web) (includes Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IA-enabled information technology product, Information Technology Security Evaluation Criteria, National Institute of Standards and Technology, center for information technology excellence, computer operations, audit, and security technology, control objectives for information and related technology, information systems/technology, information technology, information technology system, private communication technology, push technology, technology area, technology gap, wireless technology)

technology area

The specific areas of IT, for example, general purpose operating systems, database management systems, network components (firewalls, routers, guards), specialized subsystem components, and limited functionality devices such as telecommunications switches, that require particular expertise and knowledge to effectively conduct IT security evaluations of products in those areas through the correct and consistent application of the IT security evaluation criteria. [NIAP] (see also IT security, application, communications, computer security, criteria, evaluation, function, network, router, security, system, telecommunications, technology)

technology control plan

Document that identifies and describes sensitive program information; the risks involved in foreign access to the information; the participation in the program or foreign sales of the resulting system; and the development of access controls and protective measures as necessary to protect the U.S. technological or operational advantage represented by the system. [DSS] (see also access, foreign, risk)

technology critical

Also referred to as militarily critical technology. Technologies that would make a significant contribution to the military potential of any country or combination of countries and that may prove detrimental to the security of the United States, consisting of: arrays of design and manufacturing know-how (including technical data); keystone manufacturing, inspection, and test equipment; keystone materials; and goods accompanied by sophisticated operation, application, or maintenance know-how. [DSS] (see also security, critical)

technology gap

A technology that is needed to mitigate a threat at a sufficient level but is not available. [IATF] (see also technology, threat)

technology transfer

Transferring, exporting, or disclosing Defense articles, Defense service, or Defense technical data covered by the U.S. Munitions List to any foreign person or entity in the United States or abroad. [DSS] (see also foreign)

telecommunications

telecommunications and automated information systems security

Superseded by Information Systems Security. [DSS] (see also security)

telecommunications security (TSEC)

telecommuting

The practice of working in one location (often, at home) and communicating with a main office in a different location through a personal computer equipped with a modem and communications software; also called electronic commuting. [SRV] (see also communications, computer, software)

telemetry

Science and technology of automatic data measurement and transmission, as by wire or radio, from remote sources, such as space vehicles, to a receiving station for recording and analysis. [DSS] (see also analysis)

telemetry intelligence

Technical and intelligence information derived from intercept, processing, and analysis of foreign telemetry; a subcategory of foreign instrumentation signals intelligence. [DSS] (see also analysis, foreign, intelligence)

teleprocessing

Pertaining to an information transmission system that combines telecommunications, computer application systems, and man-machine interface equipment for the purpose of interacting and functioning as an integrated whole. [SRV] (see also application, communications, computer, function, information, interface, system, telecommunications, process)

telework

Any arrangement in which an employee performs officially assigned duties at an alternative worksite on either a regular or recurring, or on an ad hoc, basis (not including while on official travel). [DSS] The ability for an organization's employees and contractors to perform work from locations other than the organization's facilities. [SP 800-46]

telnet

(I) A TCP-based, application-layer, Internet Standard protocol for remote login from one host to another. [RFC2828] A protocol that enables remote login to other computer systems over the network. [RFC2504] A protocol used for (possibly remote) login to a computer host. [SRV] (see also application, computer, login, network, protocols, remote access software, standard, system, internet)

temperature sensor

A sensor system that produces an electrical signal related to its temperature and, as a consequence, senses the temperature of its surrounding medium. [800-82] (see also system)

TEMPEST

(O) A nickname for specifications and standards for limiting the strength of electromagnetic emanations from electrical and electronic equipment and thus reducing vulnerability to eavesdropping. This term originated in the U.S. Department of Defense. [Army, Kuhn, Russ] (D) ISDs SHOULD NOT use this term as a synonym for 'electromagnetic emanations security'. [RFC2828] A name referring to the investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment. [CNSSI-4009] A name referring to the investigation, study, and control of unintentional compromising emanations from telecommunications and automated information systems equipment. [FIPS 140-2] Short name referring to investigation, study, and control of compromising emanations from IS equipment. [CNSSI] The investigation, study and control of compromising emanations from telecommunications and automated information systems equipment. [IATF] The study and control of spurious electronic signals emitted by electrical equipment, such as computer equipment. [AJP][NCSC/TG004][TCSEC] Transient Electromagnetic Pulse Emanation Standard. Short name referring to investigation, study, and control of compromising emanations from telecommunications and information systems equipment. [DSS] (see also International Traffic in Arms Regulations, approval/accreditation, communications, compromise, computer, control, information, inspectable space, optional modification, standard, system, telecommunications, vulnerability, preferred products list, security) (includes Endorsed TEMPEST Products List, TEMPEST Endorsement Program, TEMPEST advisory group, TEMPEST shielded, TEMPEST test, TEMPEST zone, certified TEMPEST technical authority, compromising emanations, emanation, emanations security, emissions security, equipment radiation TEMPEST zone, soft TEMPEST)

TEMPEST advisory group (TAG)

(see also TEMPEST, advisory)

TEMPEST approved

This term applies to equipment or systems that have been built and certified to meet Level I of National Security Telecommunications Information System Security Advisory Memorandum TEMPEST/1-92, Compromising Emanations Laboratory Test Requirements. [DSS] (see also requirements, security)

TEMPEST Endorsement Program (TEP)

(see also TEMPEST, program)

TEMPEST shielded

Rules for limiting compromising signals emanating from electrical equipment. [SRV] (see also compromise, TEMPEST)

TEMPEST test

Laboratory or on-site test to determine the nature of compromising emanations associated with an IS. [CNSSI] Laboratory or on-site test to determine the nature of compromising emanations associated with an information system. [CNSSI-4009] (see also compromise, emanation, emanations security, TEMPEST, test)

TEMPEST zone

A defined area within a facility where equipment with appropriate Transient Electromagnetic Pulse Emanation Standard (TEMPEST) characteristics (TEMPEST zone assignment) may be operated with emanating electromagnetic radiation beyond the controlled space boundary of the facility. [DSS] Designated area within a facility where equipment with appropriate TEMPEST characteristics (TEMPEST zone assignment) may be operated. [CNSSI][CNSSI-4009] (see also TEMPEST)

TEMPEST zoned equipment

Equipment that has been evaluated and assigned an equipment zone corresponding to the level in National Security Telecommunications and Information Systems Security Advisory Memorandum TEMPEST/1-92. This equipment must be installed according to the National Security Telecommunications and Information Systems Security Advisory Memorandum and HQ-Level specialized installation instructions. [DSS] (see also security)

temporary access eligibility

Access based on the completion of minimum investigative requirements under exceptional circumstances where official functions must be performed prior to completion of the investigation and adjudication process. Temporary eligibility for access may be granted before the investigations are complete and favorably adjudicated. The Temporary eligibility will be valid until completion of the investigation and adjudication; however, the agency granting it may revoke it at anytime based on unfavorable information identified in the course of the investigation. [DSS] (see also interim access authorization, interim security clearance, requirements, access)

temporary help/job shopper

Individual employed by a cleared company whose services are retained by another cleared company or Government activity performing on Special Access Program contracts and providing required services (for example, computer, engineering, or administrative support) under a classified contractual agreement. This individual will have access to Special Access Program material only at locations designated by the utilizing activity. [DSS] (see also access, classified)

temporary records

Federal records approved for disposal, either immediately or after a specified retention period. Also called disposable records. [DSS]

term rule-based security policy

A security policy based on global rules imposed for all users. These rules usually rely on a comparison of the sensitivity of the resources being accessed and the possession of corresponding attributes of users, a group of users, or entities acting on behalf of users. [NSAINT] (see also access, access control, resource, users, policy, security)

Terminal Access Controller Access Control System (TACACS+)

(I) A UDP-based authentication and access control protocol in which a network access server receives an identifier and password from a remote terminal and passes them to a separate authentication server for verification. (C) TACACS was developed for ARPANET and has evolved for use in commercial equipment. TACs were a type of network access server computer used to connect terminals to the early Internet, usually using dial-up modem connections. TACACS used centralized authentication servers and served not only network access servers like TACs but also routers and other networked computing devices. TACs are no longer in use, but TACACS+ is.

'XTACACS': The name of Cisco Corporation's implementation, which enhances and extends the original TACACS.
'TACACS+': A TCP-based protocol that improves on TACACS and XTACACS by separating the functions of authentication, authorization, and accounting and by encrypting all traffic between the network access server and authentication server. It is extensible to allow any authentication mechanism to be used with TACACS+ clients.

terminal hijacking

Allows an attacker, on a certain machine, to control any terminal session that is in progress. An attack hacker can send and receive terminal I/O while a user is on the terminal. [NSAINT] (see also TTY watcher, control, derf, hijack attack, users, attack)

terminal identification

The means used to uniquely identify a terminal to a system. [AJP][NCSC/TG004] (see also identify, system, identification)

terrorism

Calculated use of violence or threat of violence to inculcate fear; intended to coerce or to intimidate governments or societies in the pursuit of goals that are generally political, religious, or ideological. [DSS] Premeditated threat or act of violence against noncombatant persons, property, and environmental or economic targets to induce fear, intimidate, coerce, or affect a government, the civilian population, or any segment thereof, in furtherance of political, social, ideological, or religious objectives. [NIPP] (see also threat)

terrorists

Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the U.S. economy, and damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information. [GAO] (see also critical, damage, information, security, threat)

test

(1) An activity in which a system or component is executed under specified conditions, the results are observed or recorded and an evaluation is made of some aspect of the system or component. (2) To conduct an activity as in (1). (3) A set of one or more test cases. (4) A set of one or more test procedures. (5) A set of one or more test cases and procedures. Subtests are grouped into tests, which must be run as a set, typically because the outcome of one subtest is the input or the initial condition for the next subtest in the test. Tests can be run independently of one another but are typically defined over the same database. (p.447) [OVT] A type of assessment method that is characterized by the process of exercising one or more assessment objects under specified conditions to compare actual with expected behavior, the results of which are used to support the determination of security control effectiveness over time. [SP 800-53A] The process of exercising a product to identify differences between expected and actual behavior. [SRV] (see also analysis, CASE tools, FIPS PUB 140-1, RED team, Rivest-Shamir-Adleman algorithm, Scope of Accreditation, TCB subset, abend, acceptance inspection, accreditation, allowed traffic, approved technologies list, assured software, authentication, bebugging, benchmark, bit forwarding rate, blue team, boundary value analysis, boundary value coverage, branch coverage, certificate, certification, certification authority, change management, code coverage, commercial off-the-shelf software, component, computer-assisted audit technique, concurrent connections, configuration management, conformance, connection establishment, connection teardown, contingency plan, control, coverage, credentials, development assurance, error guessing, exercised, flaw hypothesis methodology, goodput, homed, hot wash, identify, identity validation, independent validation and verification, information processing standard, instrument, lattice, lattice model, logging, message digest, monitoring and evaluation, mutation analysis, national information assurance partnership, non-repudiation service, oracle, password cracker, patch management, path coverage, point of control and observation, process, protection profile, pseudo-random number generator, public-key certificate, random, records, reference monitor, reference validation mechanism, remote terminal emulation, review techniques, rules of engagement, ruleset, sample, security certification level, security event, security functions, security requirements, security target, sensitivity analysis, simulation modeling, sneaker, software development, software lifecycle, sponsor, statement coverage, synthetic benchmarks, system, system development lifecycle, systems engineering, target identification and analysis techniques, target vulnerability validation techniques, tiger team, time-stamping service, trusted certificate, trusted process, unit, unit of transfer, users, validate, validate vs. verify, validation, verification, assurance, audit, risk management) (includes Common Criteria Testing Laboratory, Common Criteria Testing Program, TEMPEST test, acceptance testing, active security testing, ad hoc testing, ad-lib test, approved test methods list, black-box testing, boundary value testing, certification test and evaluation, conformance testing, covert testing, environmental failure testing, exhaustive testing, external security testing, functional test case design, functional testing, implementation under test, information security testing, integrated test facility, integration test, interface testing, interim approval to test, internal security testing, mutation testing, negative tests, operational testing, overt testing, passive security testing, penetration test, penetration testing, pilot testing, regression testing, reliability qualification tests, security test & evaluation, security test and evaluation, security testing, smart testing, software system test and evaluation process, stress testing, structural testing, subtest, syntax testing, system testing, system under test, test bed, test bed configuration, test case, test case generator, test case specification, test case suite, test coverage, test cycle, test design, test driver, test environment, test execution, test facility, test generator, test item, test key, test log, test method, test plan, test procedure, test report, test result analyzer, test strategy, test suite, testability, tester, testing, unit testing, white-box testing)

test bed

An environment containing the hardware, instrumentation, simulators, software tools, and other support elements needed to conduct a test. Any system whose primary purpose is to provide a framework within which other systems can be tested. Test beds are usually tailored to a specific programming language and implementation technique, and often to a specific application. Typically a test bed provides some means of simulating the environment of the system under test, of test-data generation and presentation, and of recording test results. [OVT] (see also application, program, software, system, test)

test bed configuration

This includes many things: hardware physical configuration, platform software configuration, operating system version, sysgen details, test terminals, test tools, etc. It must be possible to precisely recreate the entire test situation. [OVT] (see also software, system, test case generator, test case specification, version, test)

test case

(1) A set of test inputs, execution conditions, and expected results developed for a particular objective, such as to exercise a particular program path or to verify compliance with a specific requirement [do178b?]. (2) Documentation specifying inputs, predicted results, and a set of execution conditions for a test item. A document describing a single test instance in terms of input data, test procedure, test execution environment and expected outcome. Test cases also reference test objectives such as verifying compliance with a particular requirement or execution of a particular program path. [OVT] A set of test inputs, execution conditions, and expected results developed for a particular objective, for example, to exercise a particular program path. [SRV] (see also object, program, software development, test procedure, test)

test case generator

A software tool that accepts as input source code, test criteria, specifications, or data structure definitions; uses these inputs to generate test input data; and, sometimes, determines expected results. Syn: test data generator, test generator. [OVT] (see also code, criteria, software, test bed configuration, test generator, test)

test case specification

A document that specifies the test inputs, execution conditions, and predicted results for an item to be tested. Syn: test description, test specification. [OVT] (see also test bed configuration, test)

test case suite

A collection of one or more test cases for the software under test. [OVT] (see also software, test)

test coverage

The extent to which the test cases test the software requirements. [SRV] (see also requirements, software, test)

test cycle

A formal test cycle consists of all tests performed. In software development, it can consist of, for example, the following tests: unit/component testing, integration testing, system testing, user acceptance testing and the code inspection. [OVT] (see also code, security testing, software, software development, system, users, test)

test design

Documentation specifying the details of the test approach for a software feature or combination of software features and identifying the associated tests. [OVT] The test approach and associated tests. [SRV] (see also identify, software, software development, test)

test driver

A program or testing tool used to execute and control testing. Includes initialization, data object support, preparation of input values, call to tested object, recording and comparison of outcomes to required outcomes. A software module used to invoke a module under test and, often, provide test inputs, control and monitor execution, and report test results. Syn: test harness. A program or test tool used to execute software against a test case suite. [OVT] (see also test)

test environment

A description of the hardware and software environment in which the tests will be run, and any other software with which the software under test interacts when under test including stubs and test drivers. [OVT] (see also software, test)

test execution

The processing of a test case suite by the software under test, producing an outcome. [OVT] (see also process, software, test)

test facility

An environment that partially represents the production environment but is isolated from it and is dedicated to the testing and validation of processes, applications, and system components. [SRV] (see also application, process, security testing, software development, system, validation, test)

test generator

A program that generates tests in accordance to a specified strategy or heuristic. [OVT] (see also program, test case generator, test)

test item

A software item that is an object of testing. [OVT] (see also object, security testing, software, test)

test key

Key intended for testing of COMSEC equipment or systems. [CNSSI][CNSSI-4009] (see also communications security, security testing, system, key, test)

test log

A chronological record of all relevant details about the execution of a test. [OVT] (see also test)

test method

An evaluation assurance package from the Common Criteria and the associated evaluation methodology for that assurance package from the Common Methodology. [NIAP] (see also criteria, evaluation, test)

test plan

A document describing the scope, approach, resources, and schedule of intended test activities. It identifies test items, the features to be tested, the testing tasks, who will do each task, and any risks requiring contingency planning. A record of the test planning process detailing the degree of tester independence, the test environment, the test case design techniques and test measurement techniques to be used, and the rationale for their choice. [OVT] A plan that details the specific tests and procedures to be followed when testing software. [SRV] (see also process, resource, risk, security testing, software, test)

test procedure

(1) Detailed instructions for the set-up, execution, and evaluation of results for a given test case. (2) A document containing a set of associated instructions as in (1). (3) Documentation specifying a sequence of actions for the execution of a test. (NIST) A formal document developed from a test plan that presents detailed instructions for the setup, operation, and evaluation of the results for each defined test. [OVT] Detailed instructions for the setup, execution, and evaluation of results for a given test case. [SRV] (see also evaluation, operation, test case, test)

test report

A document that summarizes the outcome of testing in terms of items tested, summary of results (e.g. defect density), effectiveness of testing and lessons learned. A document that describes the conduct and results of the testing carried out for a system or component. Syn: test summary report. [OVT] (see also security testing, system, test)

test result analyzer

A software tool used to test output data reduction, formatting, and printing. [OVT] (see also software, test)

test strategy

Any method for generating tests based on formally or informally defined criteria of test completeness (also test technique). [OVT] (see also criteria, test)

test suite

A test suite is a set of related tests, usually pertaining to a group of features or software component and usually defined over the same database. Suites are combined into groups. (p.448) A group of tests with a common purpose and database, usually run as a group. [OVT] (see also software, test)

testability

(1) The degree to which a system or component facilitates the establishment of test criteria and the performance of tests to determine whether those criteria have been met. (2) The degree to which a requirement is stated in terms that permit establishment of test criteria and performance of tests to determine whether those criteria have been met. [IEEE610] The degree to which software or a software component facilitates the establishment of test criteria and the performance of tests to determine whether those criteria have been met. The effort required to test a program to ensure it performs its intended function. [SRV] The effort required to test a computer program to ensure it performs its intended function. [SRV] (see also computer, criteria, establishment, function, program, software, system, software requirement, test)

tester

One who writes and/or executes tests of software with the intention of demonstrating that the software does not work. Contrast with programmer whose tests (if any) are intended to show that the program does work. [OVT] (see also program, software, test)

testing

The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault or weakness in a work product. (1) The process of operating a system or component under specified conditions, observing or recording the results, and making an evaluation of some aspect of the system or component. (2) The process of analyzing a software item to detect the differences between existing and required conditions, (that is, bugs) and to evaluate the features of the software items. [OVT] (see also dynamic analysis, evaluation, process, software, system, security testing, test)

The Exponential Encryption System (TESS)

(I) A system of separate but cooperating cryptographic mechanisms and functions for the secure authenticated exchange of cryptographic keys, the generation of digital signatures, and the distribution of public keys. TESS employs asymmetric cryptography, based on discrete exponentiation, and a structure of self-certified public keys. [RFC2828] (see also authentication, cryptographic, cryptography, digital signature, function, key, public-key, signature, encryption, system)

theft

Gaining access to sensitive data by stealing a shipment of a physical medium, such as a magnetic tape or disk, that holds the data. [RFC2828] (see also access, access control, account fraud, computer abuse, criminal groups, password shadowing, phishing, physical security, social engineering, unclassified controlled nuclear information, illegal, threat consequence) (includes identity theft, theft of data, theft of functionality, theft of service)

theft of data

Unauthorized acquisition and use of data. [RFC2828] (see also authorized, theft, threat consequence)

theft of functionality

Unauthorized acquisition of actual hardware, software, or firmware of a system component. [RFC2828] (see also authorized, software, system, function, theft, threat consequence)

theft of service

Unauthorized use of service by an entity. [RFC2828] (see also authorized, entity, theft, threat consequence)

thermostat

A device that automatically responds to temperature changes and activates switches controlling equipment such as refrigerators, furnaces, and air conditioners. [SRV] (see also control)

think time

The amount of time spent by an interactive user between the completion of the transaction response from the system and the start of user typing or other system input. [SRV] (see also response, system, users)

third party trusted host model

An authentication model in which a trusted third party authenticates principals to each other. The trusted third party shares a secret (password) with each principal. It uses a key derived from the password to issue tickets to these principals. [misc] (see also authentication, key, passwords, kerberos, model, trust) (includes ticket)

thrashing

A state in which a computer system is expending most or all of its resources on overhead operations, such as swapping data between main and auxiliary storage, rather than on intended computing functions. [OVT] (see also computer, function, operation, resource, system)

threat

(1) An action or event that might prejudice security. (2) Sequence of circumstances and events that allows a human or other agent to cause an information-related misfortune by exploiting a vulnerability in an IT product. (3) Any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, or denial of service. [AJP] (I) A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. (C) That is, a threat is a possible danger that might exploit a vulnerability. A threat can be either 'intentional' (i.e. intelligent; e.g. an individual cracker or a criminal organization) or 'accidental' (e.g. the possibility of a computer malfunctioning, or the possibility of an 'act of God' such as an earthquake, a fire, or a tornado). (C) In some contexts, such as the following, the term is used narrowly to refer only to intelligent threats: (N) U. S. Government usage: The technical and operational capability of a hostile entity to detect, exploit, or subvert friendly information systems and the demonstrated, presumed, or inferred intent of that entity to conduct such activity. [RFC2828] 1) A foreign or domestic entity possessing both the capability to exploit a critical infrastructure's vulnerabilities and the malicious intent of debilitating defense or economic security. A threat may be an individual, an organization, or a nation. 2) Any circumstance or event that could harm a critical asset through unauthorized access, compromise of data integrity, denial or disruption of service, or physical destruction or impairment. [CIAO] 37; CNSSI-4009 The potential source of an adverse event. [SP 800-61] A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property. [NIPP] A potential cause of an unwanted incident that may result in harm to a system or organization. [SC27] A potential cause of an unwanted incident that may result in harm to a system or organization. [ISO/IEC PDTR 13335-1 (11/2001)] A potential cause of an unwanted incident that may result in harm to an IT system. [ISO/IEC DTR 15947 (10/2001)] A potential cause of an unwanted incident which may result in harm to a system or organization. [SC27] A potential cause of an unwanted incident that may result in harm to an IT system. [SC27] A potential cause of an unwanted incident which may result in harm to a system or organization. [SC27] An action or event that might prejudice security. [ITSEC] An indication of the likelihood that a specific type of attack will be initiated against a specific target or class of targets. It may include any indication, circumstance, or event with the potential to cause the loss of or damage to an asset. It can also be defined as an adversary's intention and capability to undertake actions that would be detrimental to a valued asset. [GAO] Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. [800-60] Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. [800-82] Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. [CNSSI] Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. [SP 800-53; SP 800-53A; SP 800-27; SP 800-60; SP 800-] Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. [FIPS 200] Any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service. [NCSC/TG004] Any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service. The potential for exploitation of a vulnerability. An entity or event with the potential to harm a system. [SRV] Any circumstance or event with the potential to cause harm to an IT system in the form of destruction, disclosure, or modification of information in the system, and/or denial of service [NASA] Any circumstance or event with the potential to cause harm to an information system in the form of destruction, disclosure, adverse modification of data, and/or denial of service. [GSA] Capabilities, intentions, and attack methods of adversaries to exploit, or any circumstance or event with the potential to cause harm to, information or an information system. [IATF] Sequence of circumstances and events that allows a (human or other) agent to cause an information-related misfortune by exploiting a vulnerability in an IT product. [FCv1] The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. A potential violation of security. [AFSEC][NSAINT] The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. A potential violation of security. Any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service. [OVT] The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. [800-30] The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability; or Any circumstance or even with the potential to harm an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. [800-37] The potential for a threat source to exploit (intentional) or trigger (accidental) a specific vulnerability. [800-33] The potential source of an adverse event. [800-61] The potential that an existing vulnerability can be exploited to compromise the security of systems or networks. Even if a vulnerability is not known, it represents a threat by this definition. [RFC2504] The sum of the potential strengths, capabilities, and strategic objectives of any adversary that can limit or negate United States. Mission accomplishment or reduce force, system, or equipment effectiveness. [DSS] (see also security software, Common Criteria for Information Technology Security, IS related risk, IT-related risk, OAKLEY, RED team, Tiger, access, access control, adversary, advisory, anonymous login, authorized, blacklist, blue team, computer, computer emergency response team, counterintelligence, counterintelligence assessment, criminal, critical, criticality, damage, defense, disaster plan, easter egg, effectiveness, electronic warfare support, emergency plan, emergency response, enterprise risk management, entity, environment of operation, evaluation assurance, false negative, firewall, foreign, function, graduated security, high impact, hybrid warfare, information, information protection policy, information security, information sharing and analysis center, infrastructure assurance, infrastructure protection, integrity, joint task force-computer network defense, keyed hash, law enforcement sensitive, level of protection, levels of concern, likelihood of occurrence, malicious, moderate impact, national computer security assessment program, national intelligence, network, network behavior analysis system, network sniffing, object, one-time passwords, operating system fingerprinting, operation, operations security, operations security process, passive, physical and environmental protection, physical security, port scanner, post-accreditation phase, predisposing condition, privacy protection, product rationale, qualitative risk assessment, radio frequency jamming, remediation, remediation plan, resource starvation, response force, risk analysis, risk assessment, risk identification, risk value, robustness, rogue device, security architecture, security level, security objectives, security policy, security target, signature, situational awareness, sound masking system, special access program, suitability of functionality, suspicious activity report, system, system security authorization agreement, tactical edge, target, technical security policy, terrorism, tiger team, tinkerbell program, total risk, triangulation, web bug, component operations, risk) (includes CGI scripts, Chernobyl packet, PHF, PHF hack, RED signal, abuse of privilege, acceptable level of risk, advanced persistent threats, adversary threat strategy, ankle-biter, attack, blue box devices, bomb, bot-network operators, breach, buffer overflow, bug, chain letter, classified information spillage, code amber, code red, compromised key list, compromising emanations, computer abuse, computer related crime, countermeasures, crack, crash, criminal groups, dangling threat, dark-side hacker, deadlock, deadly embrace, derf, dumpster diving, emanation, espionage, ethernet meltdown, exploit, exploitable channel, failed logon, failure access, fault, flaw, foe, fork bomb, fraud, generic threat, hackers, hoax, hybrid threat, inappropriate usage, incident, incomplete parameter checking, infection, information systems security, information systems security engineering, information warfare, inside threat, insider, intelligent threat, intercept, leakage, letterbomb, loophole, lurking, macro virus, mailbomb, malicious applets, malicious code, malicious intruder, malicious program, memory scavenging, mission needs statement, mockingbird, nations, outside threat, outside(r) threat, passive threat, password cracker, perceived collection threat, phage, phishers, phracker, phreaker, piggyback entry, promiscuous mode, prowler, pseudo-flaw, psychological operations, residual risk, retro-virus, salami technique, security breach, security environment threat list, security flaw, security threat, security violation, snake oil, snarf, sneaker, sniffing, spam, spammers, stealth probe, strengths, weaknesses, opportunities, threats, surreptitious entry, suspicious contact, technical threat analysis, technology gap, terrorists, threat action, threat agent, threat analysis, threat assessment, threat consequence, threat event, threat monitoring, threat scenario, threat shifting, threat source, time bomb, trap, trapdoor, troll, unauthorized access, unlimited network analyzer, vulnerability, war dialer, war dialing, wedged, zombie)

threat action

(I) An assault on system security. (C) A complete security architecture deals with both intentional acts (i.e. attacks) and accidental events. Various kinds of threat actions are defined as subentries under 'threat consequence'. [RFC2828] (see also attack, security, system, threat consequence, threat)

threat agent

A method used to exploit a vulnerability in a system, operation, or facility. [AJP][NCSC/TG004][SRV] Methods and things used to exploit a vulnerability in an information system, operation, or facility; fire, natural disaster and so forth. [AFSEC][NSAINT] (see also exploit, information, operation, system, vulnerability, threat)

threat analysis

(I) An analysis of the probability of occurrences and consequences of damaging actions to a system. [RFC2828] Examination of information to identify the elements comprising a threat. [CNSSI] Operations Security process which examines an adversary's technical and operational capabilities, motivation, and intentions, designed to detect and exploit vulnerabilities. [DSS] See Threat Assessment. [CNSSI-4009] The examination of all actions and events that might adversely affect a system or operation. [AFSEC][AJP][NCSC/TG004][OVT][SRV] The examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment. [800-30][800-33][SP 800-27] (see also adversary, countermeasures, identify, information, operation, security, system, vulnerability, analysis, risk analysis, threat)

threat assessment

Evaluation of the intelligence collection threat to a program activity, system, or operation. [DSS] Formal description and evaluation of threat to an IS. [CNSSI] Formal description and evaluation of threat to an information system. [SP 800-53; SP 800-18] Process of formally evaluating the degree of threat to an information system and describing the nature of the threat. [AFSEC][NSAINT] Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat. [CNSSI-4009; SP 800-53A] The identification and evaluation of adverse events that can harm or damage an asset. A threat assessment includes the probability of an event and the extent of its lethality. Threats may be present at the global, national, or local level. [GAO] (see also countermeasures, damage, evaluation, identification, information, intelligence, process, system, assessment, threat)

threat consequence

(I) A security violation that results from a threat action. Includes disclosure, deception, disruption, and usurpation. (C) The following subentries describe four kinds of threat consequences, and also list and describe the kinds of threat actions that cause each consequence. Threat actions that are accidental events are marked by '*'.

'(Unauthorized) Disclosure' (a threat consequence): A circumstance or event whereby an entity gains access to data for which the entity is not authorized. The following threat actions can cause unauthorized disclosure: A. 'Exposure': A threat action whereby sensitive data is directly released to an unauthorized entity. This includes: a. 'Deliberate Exposure': Intentional release of sensitive data to an unauthorized entity. b. 'Scavenging': Searching through data residue in a system to gain unauthorized knowledge of sensitive data. c* 'Human error': Human action or inaction that unintentionally results in an entity gaining unauthorized knowledge of sensitive data. d* 'Hardware/software error'. System failure that results in an entity gaining unauthorized knowledge of sensitive data. B. 'Interception': A threat action whereby an unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. This includes: a. 'Theft': Gaining access to sensitive data by stealing a shipment of a physical medium, such as a magnetic tape or disk, that holds the data. b. 'Wiretapping (passive)': Monitoring and recording data that is flowing between two points in a communication system. c. 'Emanations analysis': Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data. C. 'Inference': A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications. This includes: a. Traffic analysis: Gaining knowledge of data by observing the characteristics of communications that carry the data. b. 'Signals analysis': Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data. D. 'Intrusion': A threat action whereby an unauthorized entity gains access to sensitive data by circumventing a system's security protections. This includes: a. 'Trespass': Gaining unauthorized physical access to sensitive data by circumventing a system's protections. b. 'Penetration': Gaining unauthorized logical access to sensitive data by circumventing a system's protections. c. 'Reverse engineering': Acquiring sensitive data by disassembling and analyzing the design of a system component. d. Cryptanalysis: Transforming encrypted data into plaintext without having prior knowledge of encryption parameters or processes.
'Deception' (a threat consequence): A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. The following threat actions can cause deception: A. 'Masquerade': A threat action whereby an unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity. a. 'Spoof': Attempt by an unauthorized entity to gain access to a system by posing as an authorized user. b. 'Malicious logic': In context of masquerade, any hardware, firmware, or software (e.g. Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic. B. 'Falsification': A threat action whereby false data deceives an authorized entity. a. 'Substitution': Altering or replacing valid data with false data that serves to deceive an authorized entity. b. 'Insertion': Introducing false data that serves to deceive an authorized entity. C. 'Repudiation': A threat action whereby an entity deceives another by falsely denying responsibility for an act. a. 'False denial of origin': Action whereby the originator of data denies responsibility for its generation. b. 'False denial of receipt': Action whereby the recipient of data denies receiving and possessing the data.
'Disruption' (a threat consequence): A circumstance or event that interrupts or prevents the correct operation of system services and functions. The following threat actions can cause disruption: A. 'Incapacitation': A threat action that prevents or interrupts system operation by disabling a system component. a. 'Malicious logic': In context of incapacitation, any hardware, firmware, or software (e.g. logic bomb) intentionally introduced into a system to destroy system functions or resources. b. 'Physical destruction': Deliberate destruction of a system component to interrupt or prevent system operation. c* 'Human error': Action or inaction that unintentionally disables a system component. d* 'Hardware or software error': Error that causes failure of a system component and leads to disruption of system operation. e* 'Natural disaster': Any 'act of God' (e.g. fire, flood, earthquake, lightning, or wind) that disables a system component. [FP031 section 2] B. 'Corruption': A threat action that undesirably alters system operation by adversely modifying system functions or data. a. 'Tamper': In context of corruption, deliberate alteration of a system's logic, data, or control information to interrupt or prevent correct operation of system functions. b. 'Malicious logic': In context of corruption, any hardware, firmware, or software (e.g. a computer virus) intentionally introduced into a system to modify system functions or data. c* 'Human error': Human action or inaction that unintentionally results in the alteration of system functions or data. d* 'Hardware or software error': Error that results in the alteration of system functions or data. e* 'Natural disaster': Any 'act of God' (e.g. power surge caused by lightning) that alters system functions or data. [FP031 section 2] C. 'Obstruction': A threat action that interrupts delivery of system services by hindering system operations. a. 'Interference': Disruption of system operations by blocking communications or user data or control information. b. 'Overload': Hindrance of system operation by placing excess burden on the performance capabilities of a system component.
'Usurpation' (a threat consequence): A circumstance or event that results in control of system services or functions by an unauthorized entity. The following threat actions can cause usurpation: A. 'Misappropriation': A threat action whereby an entity assumes unauthorized logical or physical control of a system resource. a. 'Theft of service': Unauthorized use of service by an entity. b. 'Theft of functionality': Unauthorized acquisition of actual hardware, software, or firmware of a system component. c. 'Theft of data': Unauthorized acquisition and use of data. B. 'Misuse': A threat action that causes a system component to perform a function or service that is detrimental to system security. a. 'Tamper': In context of misuse, deliberate alteration of a system's logic, data, or control information to cause the system to perform unauthorized functions or services. b. 'Malicious logic': In context of misuse, any hardware, software, or firmware intentionally introduced into a system to perform or control execution of an unauthorized function or service. c. 'Violation of permissions': Action by an entity that exceeds the entity's system privileges by executing an unauthorized function.

threat event

A specific type of threat event as often specified in a risk analysis procedure. [AFSEC] An event or situation that has the potential for causing undesirable consequences or impact. [SP 800-30] (see also analysis, threat)

threat monitoring

Analysis, assessment, and review of Information System audit trails and other data collected for the purpose of searching out system events that may constitute violations or attempted violations of data or system security. [DSS] Analysis, assessment, and review of audit trails and other information collected for the purpose of searching out system events that may constitute violations of system security. [CNSSI][CNSSI-4009] The analysis, assessment, and review of audit trails and other data collected for the purpose of searching out system events that may constitute violations or attempted violation of system security. [AFSEC][AJP][NCSC/TG004][SRV] (see also analysis, assessment, audit, information, system, risk management, threat) (includes audit trail)

threat scenario

A set of discrete threat events, associated with a specific threat source or multiple threat sources, partially ordered in time. [SP 800-30] (see also threat)

threat shifting

Response from adversaries to perceived safeguards and/or countermeasures (i.e. security controls), in which the adversaries change some characteristic of their intent to do harm in order to avoid and/or overcome those safeguards/countermeasures. [SP 800-30] (see also control, security, threat)

threat source

Either (1) intent and method targeted at the intentional exploitation of a vulnerability or (2) a situation and method that may accidentally trigger a vulnerability. [800-30][800-33][800-37] The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally exploit a vulnerability. [CNSSI-4009] The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. Synonymous with Threat Agent. [FIPS 200; SP 800-53; SP 800-53A; SP 800-37] (see also target, vulnerability, threat)

threshold

A value that sets the limit between normal and abnormal behavior. [800-94]

thumbprint

(I) A pattern of curves formed by the ridges on the tip of a thumb. (D) ISDs SHOULD NOT use this term as a synonym for 'hash result' because that meaning mixes concepts in a potentially misleading way. [RFC2828] (see also hash, biometric authentication)

ticket

(I) A synonym for 'capability'. (C) A ticket is usually granted by a centralized access control server (ticket-granting agent) to authorize access to a system resource for a limited time. Tickets have been implemented with symmetric cryptography, but can also be implemented as attribute certificates using asymmetric cryptography. [RFC2828] A credential used in a third-party trusted host model. A ticket is encrypted with the password of the principal to whom the ticket is presented. A ticket contains a session key as well as the identity of the principal to whom the ticket is issued. Tickets have an expiration time. [misc] (see also access, access control, certificate, control, cryptography, entity, identity, key, model, passwords, resource, system, credentials, third party trusted host model)

ticket-oriented

A computer protection system in which each subject maintains a list of unforgeable bit patterns, called tickets, one for each object the subject is authorized to access. [AJP][NCSC/TG004] IS protection system in which each subject maintains a list of unforgeable bit patterns called tickets, one for each object a subject is authorized to access. [CNSSI] (see also list-oriented, access, access control, authorized, computer, system, authorization) (includes object, subject)

tier 1

Tier 1 facilities and systems are those that if successfully destroyed or disrupted through terrorist attack would cause major national or regional impacts similar to those experienced with Hurricane Katrina or the September 11, 2001, attacks. [NIPP]

tier 2

Tier 2 facilities and systems are those that meet predefined, sector-specific criteria and that are not Tier 1 facilities or systems. [NIPP]

Tiger

A software tool which scans for system weaknesses. [NSAINT] (see also software, system, threat, security software)

tiger team

Government and industry-sponsored teams of computer experts who attempt to break down the defenses of computer systems in an effort to uncover, and eventually patch, security holes. [AFSEC][NSAINT] [U.S. military jargon] 1. Originally, a team (of sneakers) whose purpose is to penetrate security, and thus test security measures. ... Serious successes of tiger teams sometimes lead to early retirement for base commanders and security officers. 2. Recently, and more generally, any official inspection team or special firefighting group called in to look at a problem. A subset of tiger teams are professional crackers, testing the security of military computer installations by attempting remote attacks via networks or supposedly 'secure' comm channels. The term has been adopted in commercial computer-security circles in this more specific sense. Government and industry - sponsored teams of computer experts who attempt to break down the defenses of computer systems in an effort to uncover, and eventually patch, security holes. [OVT] (see also attack, computer, officer, security, security testing, sneaker, system, test, threat)

time bomb

A Trojan horse set to trigger at a particular time. [SRV] A logic bomb that is triggered by reaching some preset time, either once or periodically. A variant of the Trojan horse in which malicious code is inserted to be triggered later. [AFSEC] A time bomb is a type of logic bomb that is triggered by the arrival of a date or time. [CIAO] Resident computer program that triggers an unauthorized act at a predefined time. [CNSSI][CNSSI-4009] (see also authorized, code, computer, logic bombs, malicious, program, threat)

time compliance data (TCD)

time division multiple access (TDMA)

A technique to interweave multiple conversations into one transponder so as to appear to get simultaneous conversations. [IATF] (see also access, security)

time stamp

A data item which denotes a point in time with respect to a common time reference. [SC27] A time variant parameter which denotes a point in time with respect to a common time reference. [SC27] A time variant parameter which denotes a point in time with respect to a common time reference. [ISO/IEC 11770-1: 1996] A time variant parameter which denotes a point in time with respect to a common time reference. [ISO/IEC 9798-1: 1997] A data item which denotes a point in time with respect to a common time reference. [ISO/IEC 11770-3: 1999] A data item which denotes a point in time with respect to a common time reference. [SC27] (includes time-stamp requester, time-stamp token, time-stamp verifier, time-stamping authority, time-stamping service, trusted time stamp, trusted time stamping authority)

time variant parameter

A data item used by an entity to verify that a message is not a replay, such as a random number, a sequence number, or a time stamp. [SC27] A data item used to verify that a message is not a replay, such as a random number, a sequence number, or a time stamp. [SC27] A data item used to verify that a message is not a replay, such as a random number, a sequence number, or a time stamp. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-2: 1996, ISO/IEC 11770-3: 1999] A data item used by an entity to verify that a message is not a replay, such as a random number, a sequence number, or a time stamp. [SC27] (see also entity, message, random)

time-and-materials contract

A contract in which the user organization reimburses a contractor for total labor charges (based on time and expended at fixed labor rates) and for materials used to complete the work. [SRV] (see also users)

time-compliance date

Date by which a mandatory modification to a COMSEC end-item must be incorporated if the item is to remain approved for operational use. [CNSSI][CNSSI-4009] (see also communications security, operation)

time-dependent password

A password that is valid only at a certain time of day or during a specified interval of time. [AJP][NCSC/TG004][SRV] Password that is valid only at a certain time of day or during a specified interval of time. [CNSSI][CNSSI-4009] (see also passwords)

time-stamp requester

An entity which possesses data it wants to be time-stamped. NOTE - A requester may also be a Trusted Third Party including a time-stamping authority. [SC27] (see also authority, entity, trust, time stamp)

time-stamp token

A data structure containing a verifiable cryptographic binding between a data items' representation and a time-value. A time-stamp token may also include additional data items in the binding. [SC27] (see also backup, cryptographic, cryptography, time stamp, tokens)

time-stamp verifier

An entity which possesses data and wants to verify that it has a valid time-stamp bound to it. The verification process may be performed by the verified itself or by a Trusted Third Party. [SC27] (see also entity, process, trust, verification, time stamp)

time-stamping authority (TSA)

A trusted third party trusted to provide a time stamping service. [SC27] A trusted third party trusted to provide evidence which includes the time when the secure time stamp is generated. [SC27] (see also evidence, trust, authority, time stamp)

time-stamping service

A service providing evidence that a data item existed before a certain point in time. NOTE - An example is given by adding a time stamp to a data items representation and signing the result. [SC27] A service providing evidence that a data item existed before a certain point in time. NOTE - An example is given by adding a time stamp to a data items representation and signing the result. A service which attests the existence of electronic data at a precise instant of time. NOTE - Time stamping services are useful and probably indispensable to support long term validation of signatures. They will be defined in a separate document. [SC27] A service which attests the existence of electronic data at a precise instant of time. NOTE - Time stamping services are useful and probably indispensable to support long term validation of signatures. They will be defined in a separate document. [SC27] (see also evidence, signature, test, validation, time stamp)

time-to-recover (TTR)

timing attacks

Attacks that take advantage of the timing of computer processes and operations to get access. [AFSEC] (see also access, access control, computer, operation, process, attack)

timing channel

(see covert channel)

tinkerbell program

A monitoring program used to scan incoming network connections and generate alerts when calls are received from particular sites, or when logins are attempted using certain ID's. [NSAINT] (see also connection, login, network, threat, program, security software)

to-be-process model

A process model that results from a business process redesign or reengineering action. The to be model shows how the business process will function after the improvement action is implemented. [SRV] (see also business process, function, model, process)

TOE resource

Anything useable or consumable in the TOE. [CC2][CC21][SC27] (see also resource, target of evaluation)

TOE security functions (TSF)

A set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TSP. [CC2][CC21][SC27] All parts of the TOE which have to be relied upon for enforcement of the TOE security policy. [CC1] Set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TOE Security Policy (TSP). [CNSSI-4009] Set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TSP. [CNSSI] (see also policy, software, trusted channel, function, object, resource, security attribute, target of evaluation) (includes TOE security functions interface, TSF data, TSF scope of control, inter-TSF transfers, secret, strength of function, transfers outside TSF control, trusted path, user data)

TOE security functions interface (TSFI)

A set of interfaces, whether interactive (man-machine interface) or programmatic (application programming interface), through which TOE resources are accessed, mediated by the TSF, or information is obtained from the TSF. [CC2][CC21][SC27] (see also access, access control, application, information, program, resource, TOE security functions, function, interface, target of evaluation)

TOE security policy (TSP)

A set of rules that regulate how assets are managed, protected and distributed within a TOE. [CC2][CC21][SC27] Set of rules that regulate how assets are managed, protected, and distributed within the TOE. [CNSSI][CNSSI-4009] The rules defining the required security behavior of a Target of Evaluation. [CC1] (see also target, policy, security policy, target of evaluation) (includes object, trusted path)

TOE security policy model

A structured representation of the security policy to be enforced by the TOE. [CC2][CC21][SC27] (see also model, policy, security, target of evaluation)

token authenticator

The value that is provided to the protocol stack to prove that the claimant possesses and controls the token. Protocol messages sent to the verifier are dependant upon the token authenticator, but they may or may not explicitly contain it. [800-63] (see also control, message, protocols)

token backup

(I) A token management operation that stores sufficient information in a database (e.g. in a CAW) to recreate or restore security token (e.g. a smart card) if it is lost or damaged. [RFC2828] (see also damage, information, operation, availability, backup, tokens)

token copy

(I) A token management operation that copies all the personality information from one security token to another. However, unlike in token restore operation, the second token is initialized with its own, different local security values such as PINs and storage keys. [RFC2828] (see also information, key, operation, security, tokens)

token device

A device used for generating passwords based on some information (e.g. time, date, and personal identification number) that is valid for only a brief period (e.g. one minute). [SRV] (see also identification, information, tokens)

token management

(I) The process of initializing security tokens, loading data into the tokens, and controlling the tokens during their lifecycle. May include performing key management and certificate management functions; generating and installing PINs; loading user personality data; performing card backup, card copy, and card restore operations; and updating firmware. [RFC2828] (see also availability, backup, certificate, control, function, key, key management, operation, process, security, users, tokens)

token restore

(I) A token management operation that loads a security token with data for the purpose of recreating (duplicating) the contents previously held by that or another token. [RFC2828] (see also operation, security, tokens)

token storage key

(I) A cryptography key used to protect data that is stored on a security token. [RFC2828] (see also cryptography, security, key, tokens)

tokens

(I) General usage: An object that is used to control access and is passed between cooperating entities in a protocol that synchronizes use of a shared resource. Usually, the entity that currently holds the token has exclusive access to the resource. (I) Authentication usage: A data object or a portable, user-controlled, physical device used to verify an identity in an authentication process. (I) Cryptographic usage: See: cryptographic token. (O) SET usage: 'A portable device [e.g. smart card or PCMCIA card] specifically designed to store cryptographic information and possibly perform cryptographic functions in a secure manner.' [RFC2828] A hardware device (authentication token) carried by users to provide positive authentication services to host systems. These tokens typically employ encryption technology to externally validate a user request for access. A programming method (user/job token) in certain operating systems. The token allows the host to associate an unforgettable authentication with a user for the purpose of validating further access within the operating system. [NASA] A hardware device that is used to augment password-based authentication by challenging a principal to prove that possesses the token. [misc] A hardware security token that contains a user's private key(s), public key certificate, and optionally other certificates [GSA] A message consisting of data fields relevant to a particular communication and which contains information that has been transformed using a cryptographic technique. [SC27] A small device with an embedded computer chip that can be used to store and transmit electronic information. [FFIEC] A token is used to validate an end entity's identity and bind that identity to its public key. An example is an X.509 certificate. [IATF] Something that the claimant possesses and controls (such as a key or password) that is used to authenticate a claim. See also Cryptographic Token. [CNSSI-4009] Something that the claimant possesses and controls (typically a key or password) that is used to authenticate the claimant's identity. [SP 800-63] Something that the claimant possesses and controls (typically a key or password) used to authenticate the claimant's identity. [800-63] (see also 3-factor authentication, Europay, MasterCard, Visa, Fortezza, Generic Security Service Application Program Interface, PKCS #11, X.509, access, access control, authentication, capability, card initialization, card personalization, cardholder certificate, cardholder certification authority, certificate, challenge/response, class 2, 3, 4, or 5, computer, control, cryptographic, cryptographic ignition key, domain parameter, encryption, entity, function, identity, information, message, notary, object, passwords, personal security environment, process, program, protocols, public-key, public-key infrastructure, registration authority, resource, secret, security, social engineering, system, technology, users, validate, witness, Secure Electronic Transaction, key) (includes NRD token, NRO token, NRS token, NRT token, authentication token, cryptographic card, cryptographic token, dongle, hash token, identity token, key token, non-repudiation token, notarization token, personal identity verification card, security token, smartcards, time-stamp token, token backup, token copy, token device, token management, token restore, token storage key)

tolerable error

The specified precision or the maximum sampling error that will still permit the results to be useful. It is also called bound on error. [SRV]

toluene

Colorless flammable aromatic liquid obtained from coal tar or petroleum and used in some fuels, dyes, and explosives. It is also used as a solvent/thinner for some gums, lacquers, and paints; also called xylene or methylbenzene. At least one permanent marker on the market still contains toluene (AD Marker by Chartpak). These markers tend to be strong smelling and may damage Compact Disc/Digital Video Discs. [DSS] (see also damage)

tool

A product used in the construction and/or documentation of a Target of Evaluation. [AJP][ITSEC] (see also target, target of evaluation)

top CA

(I) A CA that is the highest level (i.e. is the most trusted CA) in a certification hierarchy. [RFC2828] (see also certification, trust, public-key infrastructure)

TOP SECRET

The designation applied to information the unauthorized disclosure of which could reasonably be expected to cause exceptionally grave damage to the national security. [DSS] (see also authorized, damage, security, classification levels)

top-level certification

More stringent than a mid-level certification, this certification level is appropriate for systems engendering high levels of concern for confidentiality, integrity, and/or availability. [800-37] (see also availability, confidentiality, integrity, system, certification)

top-level security objectives (TLSO)

(see also object, security, top-level specification)

top-level specification (TLS)

(I) 'A non-procedural description of system behavior at the most abstract level; typically a functional specification that omits all implementation details.' (C) A top-level specification may be descriptive or formal:

'Descriptive top-level specification': One that is written in a natural language like English or an informal design notation.
'Formal top-level specification': One that is written in a formal mathematical language to enable theorems to be proven that show that the specification correctly implements a set of formal requirements or a formal security model.

[RFC2828] A non-procedural description of system behavior at the most abstract level. Typically, a functional specification that omits all implementation details. [AJP][NCSC/TG004][TCSEC][TNI] (see also function, model, requirements, security, system, development process) (includes descriptive top-level specification, formal top-level specification, top-level security objectives)

topical areas

A grouping of related control objectives. [CIAO] (see also control, object)

topology

A description of any kind of locality in terms of its physical layout. In the context of communication networks, a topology describes pictorially the configuration or arrangement of a network, including its nodes and connecting communication lines. [FFIEC] The map or plan of the network. The physical topology describes how the wires or cables are laid out, and the logical or electrical topology describes how the information flows. [NSAINT] (see also flow, information, network)

total quality management (TQM)

A performance-enhancement methodology for examining current business processes. It does not usually involve radical changes and is equal to BPI. [SRV] An approach that motivates, supports, and enables quality management in all activities of the organization, focusing on the needs and expectations of internal and external customers. [SRV] (see also business process, process, quality)

total risk

The potential for the occurrence of an adverse event if no mitigating action is taken (i.e. the potential for any applicable threat to exploit a system vulnerability). [CIAO][SP 800-16] (see also system, threat, vulnerability, risk)

trace a correspondence

Explain a correspondence, using natural language prose, between levels of abstraction. [AJP][FCv1]

trace packet

In a packet-switching network, a unique packet that causes a report of each stage of its progress to be sent to the network control center from each visited system element. [NSAINT] (see also control, network, system)

traceability

The degree to which a relationship can be established between two or more products of the development process, especially products having a predecessor-successor or master-subordinate relationship to one another. [IEEE610] (see also attack, process)

traceroute

An operation of sending trace packets for determining information; traces the route of UDP packets for the local host to a remote host. Normally traceroute displays the time and location of the route taken to reach its destination computer. [NSAINT] (see also computer, information, operation, internet)

tracking cookie

A cookie placed on a user's computer to track the user's activity on different Web sites, creating a detailed profile of the user's behavior. [800-83][SP 800-83] (see also computer, file, profile, users)

tradecraft identity

An identity used for the purpose of work-related interactions that may or may not be synonymous with an individual's true identity. [CNSSI-4009] (see also identity)

traditional INFOSEC program

Program in which NSA acts as the central procurement agency for the development and, in some cases, the production of INFOSEC items. This includes the Authorized Vendor Program. Modifications to the INFOSEC end-items used in products developed and/or produced under these programs must be approved by NSA. [CNSSI][CNSSI-4009] (see also authorized, development, program)

traffic analysis (TA)

(I) Inference of information from observable characteristics of data flow(s), even when the data is encrypted or otherwise not directly available. Such characteristics include the identities and locations of the source(s) and destination(s), and the presence, amount, frequency, and duration of occurrence. (O) 'The inference of information from observation of traffic flows (presence, absence, amount, direction, and frequency).' [RFC2828] A form of passive attack in which an intruder observes information about calls (although not necessarily the contents of the messages) and makes inferences, e.g., from the source and destination numbers, or frequency and length of the messages. [SP 800-24] Gaining knowledge of data by observing the characteristics of communications that carry the data. [RFC2828] Gaining knowledge of information by inference from observable characteristics of a data flow, even if the information is not directly available (e.g., when the data is encrypted). These characteristics include the identities and locations of the source(s) and destination(s) of the flow, and the flow's presence, amount, frequency, and duration of occurrence. [CNSSI-4009] Study of communications patterns. [CNSSI] The analysis of patterns in communications for the purpose of gaining intelligence about a system or its users. It does not require examination of the content of the communications, which may or may not be decipherable. For example, an adversary may be able to detect a signal from a reader that could enable it to infer that a particular activity is occurring (e.g., a shipment has arrived, someone is entering a facility) without necessarily learning an identifier or associated data. [SP 800-98] The inference of information from observation of traffic flows (presence, absence, amount, direction, and frequency). [800-33][SRV] (see also adversary, attack, cipher, communications, cryptography, encryption, flow, information, intelligence, system, traffic flow confidentiality, traffic padding, users, analysis, threat consequence)

traffic encryption key (TEK)

Key used to encrypt plain text or to superencrypt previously encrypted text and/or to decrypt cipher text. [CNSSI][CNSSI-4009] (see also cipher, encryption, key)

traffic flow confidentiality

(I) A data confidentiality service to protect against traffic analysis. (O) 'A confidentiality service to protect against traffic analysis.' [RFC2828] A confidentiality service to protect against traffic analysis. [800-33][SRV] (see also analysis, traffic analysis, confidentiality, flow)

traffic load

The number of messages input to a network during a specific time period. [SRV] (see also message, network)

traffic padding

(I) 'The generation of spurious instances of communication, spurious data units, and/or spurious data within data units.' [RFC2828] Generation of mock communications or data units to disguise the amount of real data units being sent. [CNSSI-4009] Generation of spurious communications or data units to disguise the amount of real data units being sent. [CNSSI] The protection that results from those features in some cryptographic equipment that conceal the presence of valid messages on a communications circuit usually by causing the circuit to appear busy at all times. [SRV] (see also communications, cryptography, message, traffic analysis)

traffic-flow security (TFS)

Measure used to conceal the presence of valid messages in an online cryptosystem or secure communications system. [CNSSI] Techniques to counter Traffic Analysis. [CNSSI-4009] The protection resulting from encrypting the source and destination addresses of valid messages transmitted over a communications circuit. [SRV] (see also communications, cryptographic system, cryptography, message, system, flow, security)

trailer

String of bits of length one or two octets, concatenated to the end of the recoverable part of the message during message representative production. [SC27] (see also message)

training (information security)

Training strives to produce relevant and needed (information) security skills and competencies. [SP 800-50] (see also security)

training assessment

An evaluation of the training efforts. [SP 800-16] (see also evaluation)

training effectiveness

A measurement of what a given student has learned from a specific course or training event. [SP 800-16]

training effectiveness evaluation

Information collected to assist employees and their supervisors in assessing individual students. subsequent on-the-job performance, to provide trend data to assist trainers in improving both learning and teaching, and to be used in return-on-investment statistics to enable responsible officials to allocate limited resources in a thoughtful, strategic manner among the spectrum of IT security awareness, security literacy, training, and education options for optimal results among the workforce as a whole. [SP 800-16] (see also security, evaluation)

tranquility

A security model rule stating that the security level of an active object cannot change during the period of activity. [NSAINT] A security model rule stating that the security level of an object cannot change while the object is being processed by an IT product. [AJP][NCSC/TG004] Property whereby the security level of an object cannot change while the object is being processed by an IS. [CNSSI] Property whereby the security level of an object cannot change while the object is being processed by an information system. [CNSSI-4009] (see also model, process, property, security, Bell-LaPadula security model) (includes object)

tranquility property

(see Bell-LaPadula security model)

transaction

An activity or request to a computer. Purchase orders, changes, additions, and deletions are examples of transactions that are recorded in a business information environment. [SRV] The set of subject actions and their associated data storage accesses. [AJP][FCv1] (see also access, access control, computer, information, database management system) (includes subject)

transaction file

A group of related records processed with an associated master file. [SRV] (see also network, process, file)

transaction intermediary

An entity that is involved in or handles a credential transaction, but that does not act as the ultimate arbiter of the transaction's authenticity or trustworthiness. [800-103] (see also entity, trust)

transfer device (TD)

(see also network)

transfer time

For disk drives, the delay between reading data from the disk and transferring it through the data path into system memory (or the reverse for writing to disk). [SRV] (see also network, system)

transferred records

Records transferred to Agency storage facilities or a Federal records center. [DSS]

transfers outside TSF control

Communicating data to entities not under control of the TSF. [CC2][CC21][SC27] (see also TOE security functions, control, target of evaluation)

transmission

Sending information from one place to another by radio, microwave, laser, or other non-connective methods, as well as by cable, wire, or other connective medium. Transmission also includes movement involving the actual transfer of custody and responsibility for a document or other classified material from one authorized addressee to another. [DSS] The sending and receiving of signals from point A to point B while maintaining integrity of the information. [SRV] The state that exists when information is being electronically sent from one location to one or more other locations. [CNSSI-4009] (see also authorized, classified, information, integrity, network)

transmission control protocol (TCP)

(I) An Internet Standard protocol that reliably delivers a sequence of datagrams (discrete sets of bits) from one computer to another in a computer network. (C) TCP is designed to fit into a layered hierarchy of protocols that support internetwork applications. TCP assumes it can obtain simple, potentially unreliable datagram service (such as the Internet Protocol) from the lower-layer protocols. [RFC2828] A protocol that establishes a connection and provides a reliable transport service between source and destination systems. TCP calls IP to provide a routing service. [CIAO] (see also application, computer, computer network, connection, network, standard, system, control, internet, protocols)

transmission control protocol/internet protocol (TCP/IP)

(I) A synonym for 'Internet Protocol Suite', in which the Transmission Control Protocol (TCP) and the Internet Protocol (IP) are important parts. [RFC2828] Transmission Control Protocol/Internetwork Protocol. The suite of protocols the Internet is based on. [NSAINT] (see also control, internet, protocols)

transmission medium

A mechanism that supports propagation of digital signals. Examples of a transmission medium are cables such as leased lines from common commercial carriers, fiber optic cables, and satellite channels. [SRV] (see also network)

transmission security (TRANSEC)

(TRANSEC) Measures (security controls) applied to transmissions in order to prevent interception, disruption of reception, communications deception, and/or derivation of intelligence by analysis of transmission characteristics such as signal parameters or message externals. Note: TRANSEC is that field of COMSEC which deals with the security of communication transmissions, rather than that of the information being communicated. [CNSSI-4009] Component of COMSEC resulting from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis. [CNSSI] Component of communications security that results from all measures designed to protect transmissions from interception and exploitation by means other than crypto analysis. [DSS] Maintaining confidentiality of information in a telecommunications network. [AJP] (see also analysis, application, communications, communications security, confidentiality, control, information, network, telecommunications, security)

transmission security key (TSK)

(see also key, security)

transport

The process used to move a cryptographic key from one protected domain to another (includes both physical and electronic methods of movement) [800-130] (see also cryptographic, domain, key, process)

transport layer security (TLS)

(I) TLS Version 1.0 is an Internet protocol based-on and very similar to SSL Version 3.0. (C) The TLS protocol is misnamed, because it operates well above the transport layer (OSI layer 4). [RFC2828] An authentication and security protocol widely implemented in browsers and Web servers. [SP 800-63] An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by [RFC 2246] and [RFC 3546]. TLS is similar to the older Secure Socket Layer (SSL) protocol, and TLS 1.0 is effectively SSL version 3.1. NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations specifies how TLS is to be used in government applications. [800-63] (see also Transport Layer Security Protocol, application, authentication, protocols, secure socket layer, version, internet, security)

Transport Layer Security Protocol (TLSP)

(I) An end-to-end encryption protocol(ISO Standard 10736) that provides security services at the bottom of OSI layer 4, i.e. directly above layer 3. (C) TLSP evolved directly from the SP4 protocol of SDNS. [RFC2828] (see also encryption, standard, transport layer security, protocols, security protocol)

transport mode

IPsec mode that does not create a new IP header for each protected packet. [800-77] (see also internet protocol security, internet security protocol)

transport mode vs. tunnel mode

(I) IPsec usage: Two ways to apply IPsec protocols (AH and ESP) to protect communications:

'Transport mode': The protection applies to (i.e. the IPsec protocol encapsulates) the packets of upper-layer protocols, the ones that are carried above IP.
'Tunnel mode': The protection applies to (i.e. the IPsec protocol encapsulates) IP packets.

(C) A transport mode security association is always between two hosts. In a tunnel mode security association, each end may be either a host or a gateway. Whenever either end of an IPsec security association is a security gateway, the association is required to be in tunnel mode. [RFC2828] (see also association, communications, gateway, internet security protocol, protocols, internet protocol security, tunnel)

transportation

A critical infrastructure characterized by the physical distribution system critical to supporting the national security and economic well-being of this nation, including the national airspace system, airlines and aircraft, and airports; roads and highways, trucking and personal vehicles; ports and waterways and the vessels operating thereon; mass transit, both rail and bus; pipelines, including natural gas, petroleum, and other hazardous materials; freight and long haul passenger rail; and delivery services. [CIAO] (see also critical, role, security, system, critical infrastructures)

transportation plan

Comprehensive plan covering the movement of classified material between participants of an international program or project. [DSS] (see also classified)

transshipping activity

Government activity to which a carrier transfers custody of freight for reshipment by another carrier to the consignee. [DSS]

trap

A message indicating that a fault condition may exist or that a fault is likely to occur. [SRV] (see also fault, message, security software, threat)

trapdoor

(1) Hidden software or hardware mechanism that can be triggered to permit protection mechanisms in an Automated Information System to be circumvented. Note: A trap-door is usually activated in some innocent-appearing manner (e.g. a special random key sequence at a terminal). Software developers often write trap-doors in their code that enable them to reenter the system to perform certain functions. (2) A secret entry point to a cryptographic algorithm through which the developer or another entity can bypass security controls and decrypt messages. [AJP] (I) A hidden computer flaw known to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, who can activate the trap door to gain access to the computer without being blocked by security services or mechanisms. [RFC2828] 1) A means of disabling a system's security, by a hardware or software mechanism that is intentionally hidden by designers of the system, often for the purpose of providing access to service technicians or maintenance programmers. 2) Hidden code or hardware device used to circumvent security controls. [CIAO] 1. A means of reading cryptographically protected information by the use of private knowledge of weaknesses in the cryptographic algorithm used to protect the data. 2. In cryptography, one-to-one function that is easy to compute in one direction, yet believed to be difficult to invert without special information. [CNSSI-4009] A hidden flaw in a system mechanism that can be triggered to circumvent the system's security. [SRV] A hidden software or hardware mechanism that can be triggered to permit protection mechanisms in an Automated Information System to be circumvented. Note: A trap-door is usually activated in some innocent-appearing manner (e.g. a special random key sequence at a terminal). Software developers often write trap-doors in their code that enable them to reenter the system to perform certain functions. [FCv1] A hidden software or hardware mechanism that can be triggered to permit system protection mechanisms to be circumvented. It is activated in some innocent-appearing manner; e.g. a special 'random' key sequence at a terminal. Software developers often introduce trap-doors in their code to enable them to reenter the system and perform certain functions. [NCSC/TG004] A hidden software or hardware mechanism that permits system protection mechanisms to be circumvented. It is activated in some non-apparent manner (e.g. special 'random' key sequence at a terminal). [TCSEC][TNI] A hidden software or hardware mechanism used to circumvent security control. aka Back door. [AFSEC] Operating system and applications that usually have safeguards to prevent unauthorized personnel from accessing or modifying programs. During software development, however, these built-in security measures are usually bypassed. Programmers often create entry points into a program for debugging and/or insertion of new code at a later date. These entry points are usually eliminated in the final stages of program development, but they are sometimes overlooked, accidentally or intentionally. A perfect example of a trapdoor was dramatized in the movie War Games, where the teen-age hackers enters the special password 'Joshua' and gains unrestricted access to a mainframe computer in North American Aerospace Defense Command headquarters. Such a mechanism in a computer's operating system can grant an attacker unlimited and virtually undetectable access to any system resource after presenting a relatively trivial control sequence or password. [DSS] Synonymous with back door. [CNSSI] (see also backdoor, access, access control, algorithm, attack, authorized, code, computer, control, cryptographic, cryptography, entity, function, information, key, message, program, random, security, software, system, threat)

trashing

(see dumpster diving)

tree diagram

A diagram to break a few larger steps into many smaller steps. [SRV]

trespass

Gaining unauthorized physical access to sensitive data by circumventing a system's protections. [RFC2828] (see also access, access control, authorized, system, threat consequence)

tri-homed

A firewall with three network interfaces. Tri-homed firewalls connect three network segments with different network addresses. Typically, these would be protected, DMZ, and unprotected segments. A tri-homed firewall may offer some security advantages over firewalls with two interfaces. An attacker on an unprotected network may compromise hosts on the DMZ but still not reach any hosts on the protected network. [RFC2647] (see also attack, compromise, interface, security, homed)

tri-service tactical communications system (TRI-TAC)

(see also communications, system)

triangulation

Identifying the physical location of a detected threat against a wireless network by estimating the threat's approximate distance from multiple wireless sensors by the strength of the threat's signal received by each sensor, then calculating the physical location at which the threat would be the estimated distance from each sensor. [800-94] (see also identify, threat)

trigger

A condition that causes a virus payload to be executed, usually occurring through user interaction (e.g., opening a file, running a program, clicking on an e-mail file attachment). [800-83] (see also file, program, users, virus)

triple DES (3DES)

(I) A block cipher, based on DES, that transforms each 64-bit plaintext block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits. (C) IPsec usage: The algorithm variation proposed for ESP uses a 168-bit key, consisting of three independent 56-bit quantities used by the Data Encryption Algorithm, and a 64-bit initialization value. Each datagram contains an IV to ensure that each received datagram can be decrypted even when other datagrams are dropped or sequence of datagrams is reordered in transit.$ triple-wrapped (I) S/MIME usage: Data that has been signed with a digital signature, and then encrypted, and then signed again. [RFC2828] An implementation of the Data Encryption Standard (DES) algorithm that uses three passes of the DES algorithm instead of one as used in ordinary DES applications. Triple DES provides much stronger encryption than ordinary DES but it is less secure than AES. [CNSSI-4009] Product cipher that, like DES, operates on 64-bit data blocks. There are several forms, each of which uses the DES cipher 3 times. Some forms use two 56-bit keys, some use three. [CNSSI] (see also algorithm, cipher, digital signature, encryption, internet protocol security, internet security protocol, key, signature)

Tripwire

A software tool for security. Basically, it works with a database that maintains information about the byte count of files. If the byte count has changed, it will identify it to the system security manager. [NSAINT] (see also file, identify, information, software, system, security software)

trojan horse

(I) A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. [RFC2828] 1) Program containing hidden code allowing the unauthorized collection, falsification, or destruction of information. 2) A malicious program such as a virus or a worm, hidden in an innocent-looking piece of software, usually for the purpose of unauthorized collection, alteration, or destruction of information. [CIAO] A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. [800-82][CNSSI-4009] A computer program that conceals harmful code. A Trojan horse usually masquerades as a useful program that a user would wish to execute. [GAO][SRV] A computer program with an apparent or actual useful function that contains additional (hidden) functions that surreptitiously bypass the legitimate authorizations of the invoking process to the detriment of security or integrity. It is a program that performs a useful function, but also performs an unexpected action as well. [SRV] A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security or integrity. [NCSC/TG004] A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security; e.g. making a 'blind copy' of a sensitive file for the creator of the Trojan horse. [AJP][TCSEC][TNI] A non-replicating program that appears to be benign but actually has a hidden malicious purpose. [800-83] A nonself-replicating program that seems to have a useful purpose, but in reality has a different, malicious purpose. [800-61] A program which carries within itself a means to allow the creator of the program access to the system using it. [RFC2504] A software entity that appears to do something normal but which in fact contains a trapdoor or attack program. [IATF] An apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data. [AFSEC][NSAINT][OVT] Computer program containing an apparent or actual useful function that contains additional (hidden) functions that allow unauthorized collection, falsification or destruction of data. [FCv1] Computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security (for example, making a 'blind copy' of a sensitive file for the creator of the Trojan horse). [DSS] Malicious code that is hidden in software that has an apparently beneficial or harmless use. [FFIEC] Program containing hidden code allowing the unauthorized collection, falsification, or destruction of information. [CNSSI] a program that appears to be harmless but actually contains instructions that exploits a known vulnerability in software. [FJC] (see also access, access control, attack, authorization, authorized, code, computer, entity, file, function, information, integrity, internet, malicious, process, program, security, software, system, users, vulnerability, worm, exploit, malicious code) (includes virus)

troll

An online message whose purpose is to attract responses and make the responders look stupid. People who troll want to make you waste your time responding to their pointless statements. [AFSEC] (see also message, response, threat)

trunk

A communication channel connecting two switching centers, or a switching center with an individual terminal. A trunk can also be a communication channel between two offices or between equipment in the same office. A trunk is used commonly for all calls of the same class that are generated between two terminals. [SRV]

trunk encryption device (TED)

(see also encryption)

trust

(I) Information system usage: The extent to which someone who relies on a system can have confidence that the system meets its specifications, i.e. that the system does what it claims to do and does not perform unwanted functions. (C) 'trusted vs. trustworthy': In discussing a system or system process or object, this Glossary (and industry usage) prefers the term 'trusted' to describe a system that operates as expected, according to design and policy. When the trust can also be guaranteed in some convincing way, such as through formal analysis or code review, the system is termed 'trustworthy'; this differs from the ABA Guidelines definition. (I) PKI usage: A relationship between a certificate user and a CA in which the user acts according to the assumption that the CA creates only valid digital certificates. (O) 'Generally, an entity can be said to 'trust' a second entity when it (the first entity) makes the assumption that the second entity will behave exactly as the first entity expects. This trust may apply only for some specific function. The key role of trust in [X.509] is to describe the relationship between an entity and a authority; an entity shall be certain that it can trust the certification authority to create only valid and reliable certificates.' [RFC2828] A characteristic of an entity (e.g., person, process, key, or algorithm) that indicates its ability to perform certain functions or services correctly, fairly, and impartially, and that the entity and its identity are genuine. [800-130] Permitted action to be performed only for the intended purpose. [800-103] (see also Biba model, Common Criteria for Information Technology Security, Federal Criteria for Information Technology Security, IA-enabled information technlogogy product, IA-enabled product, Internet Architecture Board, Internet Engineering Steering Group, Internet Society, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, National Computer Security Center glossary, Orange book, PKIX, Red book, X.509, Yellow book, accountability, accreditation, accreditation authority, accreditation range, adjudication, algorithm, analysis, assured software, attribute authority, audit, authentic signature, authentication, authenticity, authority, authorization, binding, certificate policy, certificate status authority, certificate status responder, certificate validation, certification, certification authority workstation, certification path, certification practice statement, clean system, clearance, code, common security, component, compromise, controlled access protection, credential service provider, credentials service provider, criteria, cross-certificate, cryptographic product, data integrity, delivery authority, demilitarized zone, derogatory information, descriptive top-level specification, digital notary, domain modulus, dominated by, endorsed tools list, enterprise risk management, entity, escrow, evaluated products list, evidence, evidence requester, external it entity, foreign interest, foreign person, function, guard, identity, information, information assurance, information sharing environment, integrity, inter-TSF transfers, internal vulnerability, kerberos, key, key distribution center, key generation exponent, key recovery, key translation centre, key-escrow, key-escrow system, labeled security protections, mandatory access control, mesh PKI, minimum background investigation, modes of operation, monitor, multilevel device, multiple facility organization, multiple security levels, mutual suspicion, network component, non-repudiation service, notarization, notary, path discovery, penetration testing, personal security environment, personalization service, personnel security, personnel security determination, personnel security program, personnel security questionnaire, policy, privileged process, privileged user, process, public-key certificate, public-key infrastructure, recover, registration authority, repository, responsible individual, role, root, root certification authority, sandboxing, secure hypertext transfer protocol, security assertion markup language, security clearance, security evaluation, security filter, security gateway, security kernel, security perimeter, security policy model, security zone, security-compliant channel, sensitivity label, single sign-on, single-level device, social engineering, software-based fault isolation, source integrity, source program, spoofing, system, system-high security mode, technical policy, time-stamp requester, time-stamp verifier, time-stamping authority, top CA, transaction intermediary, tunneled VPN, unfavorable personnel security determination, users, valid certificate, validate, validate vs. verify, validation, web vs. Web) (includes Canadian Trusted Computer Product Evaluation Criteria, DoD Trusted Computer System Evaluation Criteria, Trusted Computer System Evaluation Criteria, Trusted Network Interpretation Environment Guideline, Trusted Products Evaluation Program, Trusted Systems Interoperability Group, bilateral trust, certification authority, confidence, directly trusted CA, directly trusted CA key, hierarchy of trust, least trust, session key, third party trusted host model, trust anchor, trust anchor store, trust chain, trust hierarchy, trust level, trust list, trust relationship, trust-file PKI, trusted agent, trusted certificate, trusted facility manual, trusted foundry, trusted functionality, trusted identification forwarding, trusted key, trusted network interpretation, trusted operating system, trusted platform module chip, trusted process, trusted recovery, trusted third party, trusted time stamp, trusted time stamping authority, trustworthiness, trustworthy system, tunneling router, untrusted process, virtual network perimeter, web of trust)

trust anchor

A public key and the name of a certification authority that is used to validate the first certificate in a sequence of certificates. The trust anchor's public key is used to verify the signature on a certificate issued by a trust anchor certification authority. The security of the validation process depends upon the authenticity and integrity of the trust anchor. Trust anchors are often distributed as self-signed certificates. [SP 800-57 Part 1] A public or symmetric key that is trusted because it is directly built into hardware or software, or securely provisioned via out-of-band means, rather than because it is vouched for by another trusted entity (e.g. in a public key certificate). [SP 800-63] An established point of trust (usually based on the authority of some person, office, or organization) from which an entity begins the validation of an authorized process or authorized (signed) package. A 'trust anchor' is sometimes defined as just a public key used for different purposes (e.g., validating a Certification Authority, validating a signed software package or key, validating the process [or person] loading the signed software or key). [CNSSI-4009] One or more trusted public keys that exist at the base of a tree of trust or as the strongest link on a chain of trust and upon which a Public Key Infrastructure is constructed in a CKMS. [800-130] (see also certification, key, public-key, security, software, trust)

trust anchor store

The location where trust anchors are stored. [800-130] (see also trust)

trust chain

(D) ISDs SHOULD NOT use this term as a synonym for 'certification path' because it mixes concepts in a potentially misleading way. [RFC2828] (see also certification, public-key infrastructure, trust)

trust hierarchy

(D) ISDs SHOULD NOT use this term as a synonym for 'certification hierarchy' because this term mixes concepts in a potentially misleading way and duplicates the meaning of another, standardized term. [RFC2828] (see also certification, public-key infrastructure, standard, trust)

trust level

(I) A characterization of a standard of security protection to be met by a computer system. (C) The TCSEC defines eight trust levels. From the lowest to the highest, they are D, C1, C2, B1, B2, B3, and A1. A trust level is based not only on the presence of security mechanisms but also on the use of systems engineering discipline to properly structure the system and implementation analysis to ensure that the system provides an appropriate degree of trust. [RFC2828] (see also analysis, computer, security, standard, system, classification levels, trust)

trust list

The collection of trusted certificates used by relying parties to authenticate other certificates. [CNSSI-4009][SP 800-32] (see also trust)

trust relationship

The relationship between different domains to access resources belonging to each other [NASA] (see also access, access control, domain, resource, trust)

trust-file PKI

(I) A non-hierarchical PKI in which each certificate user has a local file (that is used by application software) of public-key certificates that the user trusts as starting points (i.e. roots) for certification paths. (C) For example, popular browsers are distributed with an initial file of trusted certificates, which often are self-signed certificates. Users can add certificates to the file or delete from it. The file may be directly managed by the user, or the user's organization may manage it from a centralized server. [RFC2828] (see also application, certificate, certification, key, public-key, software, users, file, public-key infrastructure, trust)

trusted agent

Entity authorized to act as a representative of an Agency in confirming subscriber identification during the registration process. Trusted Agents do not have automated interfaces with CAs. [GSA] Entity authorized to act as a representative of an agency in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities. [CNSSI-4009][SP 800-32] (see also authorized, certification, entity, identification, interface, process, registration, trust)

trusted certificate

(I) A certificate upon which a certificate user relies as being valid without the need for validation testing; especially a public-key certificate that is used to provide the first public key in a certification path. (C) A trusted public-key certificate might be (a) the root certificate in a hierarchical PKI, (b) the certificate of the CA that issued the user's own certificate in a mesh PKI, or (c) any certificate accepted by the user in a trust-file PKI. [RFC2828] A certificate that is trusted by the relying party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a 'trust anchor'. [CNSSI-4009][GSA][SP 800-32] (see also certification, file, key, public-key, security testing, test, users, validation, certificate, trust)

trusted channel

A channel where the endpoints are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. Examples include SSL, IPSEC, and secure physical connection. [CNSSI-4009] A means by which a TSF and a remote trusted IT product can communicate with necessary confidence to support the TSP. [CC2][CC21][SC27] A mechanism by which two NTCB partitions can communicate directly. This mechanism can be activated by either of the NTCB partitions, cannot be imitated by untrusted software, and maintains the integrity of information that is sent over it. A trusted channel may be needed for the correct operation of other security mechanisms. [AJP][TNI] Means by which a TOE Security Function (TSF) and a remote trusted IT product can communicate with necessary confidence to support the TOE Security Policy (TSP). [CNSSI] (see also security-compliant channel, TOE security functions, confidence, function, information, integrity, operation, policy, privacy, security, software, channel, trusted computing base)

trusted computer system

(I) Multilevel security usage: 'A system that employs sufficient hardware and software assurance measures to allow its use for simultaneous processing of a range of sensitive or classified information.' [RFC2828] A system that employs sufficient hardware and software assurance measures to allow its use for processing simultaneously a range of sensitive or classified information. [CNSSI-4009] A system that employs sufficient hardware and software assurance/integrity measures to allow its use for simultaneous processing of a range of sensitive or classified information. [AJP][NCSC/TG004][TCSEC][TNI] IS employing sufficient hardware and software assurance measures to allow simultaneous processing of a range of classified or sensitive information. [CNSSI] System employing sufficient hardware and software integrity measures to allow its use for processing sensitive or classified information. [DSS] (see also trusted computing system, trusted operating system, accreditation, accreditation range, assurance, classified, evaluated products list, information, integrity, network component, process, security policy model, software, trusted network interpretation, National Computer Security Center, computer, system, trusted computing base) (includes beyond A1)

Trusted Computer System Evaluation Criteria (TCSEC)

(N) A standard for evaluating the security provided by operating systems [CSC001, DOD1]. Informally called the 'Orange Book' because of the color of its cover; first document in the Rainbow Series. [RFC2828] A document published by the U.S. National Computer Security Center containing a uniform set of basic requirements and evaluation classes for assessing degrees of assurance in the effectiveness of hardware and software security controls built into systems. These criteria are intended for use in the design and evaluation of systems that will process and/or store sensitive or classified data. This document is government standard DoD 5200.28-STD and is frequently referred to as 'The Criteria' or 'The Orange Book.' [AJP][NCSC/TG004] Dept. of Defense Standard, Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, GPO 1986-623-963, 643 0, Dec. 26, 1985. [TCSEC] (see also assurance, classified, computer security, control, process, requirements, security, software, standard, Common Criteria for Information Technology Security Evaluation, computer, criteria, evaluation, system, trust) (includes rainbow series, trusted computing base)

trusted computing base (TCB)

(I) 'The totality of protection mechanisms within a system, including hardware, firmware, and software, the combination of that is responsible for enforcing a security policy.' [RFC2828] The totality of protection mechanisms within a system -including hardware, firmware, and software - the combination of that is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a Trusted Computing Base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g. a user's clearance) related to the security policy. [TCSEC] The totality of protection mechanisms within a system -including hardware, firmware, and software - the combination of that is responsible for enforcing a security policy. It creates a basic protection environment and provides additional user services required for a Trusted Computer System. The ability of a Trusted Computing Base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g. a user's clearance) related to the security policy. [TNI] The totality of protection mechanisms within a system, including hardware, firmware, and software, the combination of that is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a TCB to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g. a user's clearance) related to the security policy. [AJP][TDI] The totality of protection mechanisms within a system, including hardware, firmware, and software, the combination of that is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a TCB to enforce correctly a unified security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g. a user's clearance level) related to the security policy. [NCSC/TG004] The totality of protection mechanisms within a system, the combination of that is responsible for enforcing a security policy. [IATF] Totality of protection mechanisms with a computer system, including hardware firmware, and software, the combination of which is responsible for enforcing a security policy. The ability of a Trusted Computing Base to enforce correctly a unified security policy depends on the correctness of the mechanisms within the Trusted Computing Base, the protection of those mechanisms to ensure their correctness, and the correct input of parameters related to the security policy. [DSS] Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy. [CNSSI][CNSSI-4009] Totality of protection mechanisms within an IT product, including hardware, firmware, software, and data, the combination of that is responsible for enforcing a technical security policy. Note: The ability of an organization to achieve an organizational security policy depends jointly on the correctness of the mechanisms within the TCB, the protection of those mechanisms to ensure their correctness, and on adherence to associated usage security policies by authorized users. [FCv1] (see also authorized, computer, policy, security, software, system, users, Trusted Computer System Evaluation Criteria, protection profile) (includes NTCB partition, TCB subset, access control, candidate TCB subset, dependency, depends, exploitable channel, formal security policy model, global requirements, granularity of a requirement, local requirements, monolithic TCB, network trusted computing base, output, primitive, protection-critical portions of the TCB, reference validation mechanism, scope of a requirement, subset-domain, target of evaluation, trusted channel, trusted computer system, trusted computing system, trusted distribution, trusted gateway, trusted path, trusted software, trusted subject)

trusted computing system

A system believed to enforce a given set of attributes to a stated degree of assurance (confidence). [SRV] (see also trusted computer system, assurance, confidence, security software, security, system, trusted computing base)

trusted distribution

(I) 'A trusted method for distributing the TCB hardware, software, and firmware components, both originals and updates, that provides methods for protecting the TCB from modification during distribution and for detection of any changes to the TCB that may occur.' [RFC2828] A trusted method for distributing the TCB hardware, software, and firmware components, both originals and updates, that provides methods for protecting the TCB from modification during distribution and for detection of any changes to the TCB that may occur. [AJP][NCSC/TG004] Method for distributing trusted computing base (TCB) hardware, software, and firmware components that protects the TCB from modification during distribution. [CNSSI][CNSSI-4009] (see also software, update, trusted computing base)

trusted facility manual (TFM)

(see also trust)

trusted foundry

Facility that produces integrated circuits with a higher level of integrity assurance. [CNSSI-4009] Facility where both classified and unclassified parts can be produced with an extra level of assurance that the parts have not been tampered. [CNSSI] (see also assurance, classified, tamper, trust)

trusted functionality

that which is determined to be correct with respect to some criteria, e.g. as established by a security policy. The functionality shall neither fall short of nor exceed the criteria. [AJP][TNI] (see also criteria, policy, function, security policy, trust)

trusted gateway

Trusted gateways are firewalls that use very secure operating systems. These operating systems are typically rated B1 or better according to the Trusted Computing Base. Evaluation Criteria (the Orange book). The firewall system itself is divided into three software compartments: that which interacts with the Internet, that which interacts with the enterprise, and a trusted gateway that mediates communications between the other two compartments. The operating system prevents applications that run in one compartment from accessing resources outside of that compartment. Any application that runs on the Internet compartment (e.g. a Web server), can only have access to resources in the Internet compartment (e.g. public HTML pages), or else it must use the trusted gateway to ask for information from the enterprise compartment. [misc] (see also access, access control, application, communications, criteria, information, internet, resource, risk, software, system, Common Criteria for Information Technology Security Evaluation, firewall, gateway, trusted computing base)

trusted identification forwarding

An identification method used in networks whereby the sending host can verify that an authorized user on its system is attempting a connection to another host. The sending host transmits the required user authentication information to the receiving host. The receiving host can then verify that the user is validated for access to its system. This operation may be transparent to the user. [AJP][NCSC/TG004] Identification method used in IS networks whereby the sending host can verify an authorized user on its system is attempting a connection to another host. The sending host transmits the required user authentication information to the receiving host. [CNSSI] Identification method used in information system networks whereby the sending host can verify an authorized user on its system is attempting a connection to another host. The sending host transmits the required user authentication information to the receiving host. [CNSSI-4009] (see also access, access control, authorized, connection, information, network, operation, system, users, validate, identification, trust)

trusted key

(I) A public key upon which a user relies; especially a public key that can be used as the first public key in a certification path. (C) A trusted public key might be (a) the root key in a hierarchical PKI, (b) the key of the CA that issued the user's own certificate in a mesh PKI, or (c) any key accepted by the user in trust-file PKI. [RFC2828] (see also certificate, certification, file, public-key, public-key infrastructure, users, key, trust)

trusted network interpretation (TNI)

The specific security features, the assurance requirements and the rating structure of the Orange Book as extended to networks of computers ranging from isolated LANs to WANs. [NSAINT] Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria, NCSC-TG-005, National Computer Security Center, July 1987. [TNI] (see also assurance, computer, computer security, criteria, evaluation, requirements, security, system, trusted computer system, network, trust)

Trusted Network Interpretation Environment Guideline (TNIEG)

(see also network, trust)

trusted operating system

An operating system that satisfies a number of stringent security requirements where high security is required. [IATF] (see also trusted computer system, requirements, security, system, trust)

trusted path

(I) COMPUSEC usage: A mechanism by which a computer system user can communicate directly and reliably with the trusted computing base (TCB) and that can be activated only by the user or the TCB and cannot be imitated by untrusted software within the computer. (I) COMSEC usage: A mechanism by which a person or process can communicate directly with a cryptographic module and that can be activated only by the person, process, or module, and cannot be imitated by untrusted software within the module. [RFC2828] A means by which a user and a TSF can communicate with necessary confidence to support the TSP. [CC2][CC21][SC27] A means by which an operator and a target of evaluation security function can communicate with the necessary confidence to support the target of evaluation security policy. [FIPS 140-2] A mechanism by which a person at a terminal can communicate directly with the TCB. This mechanism can be activated only by the person or by TCB and cannot be imitated by untrusted software. [NCSC/TG004] A mechanism by which a person at a terminal can communicate directly with the Trusted Computing Base. This mechanism can be activated only by the person or by the Trusted Computing Base and cannot be imitated by untrusted software. [AJP][TCSEC][TNI] A mechanism by which a person or process can communicate directly with a cryptographic module and which can be activated only by the person, process, or module, and cannot be imitated by untrusted software within the module. [FIPS140][SRV] A mechanism by which a user (through an input device) can communicate directly with the security functions of the information system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the information system and cannot be imitated by untrusted software. [800-53][SP 800-53; CNSSI-4009] Means by which a user and a TOE Security Function (TSF) can communicate with necessary confidence to support the TOE Security Policy (TSP). [CNSSI] Mechanism by which a person at a terminal can communicate directly with the trusted computing base. This mechanism can only be activated by the person or the trusted computing base and cannot be imitated by untrusted software. [DSS] Mechanism by which a person using a terminal can communicate directly with the TCB. Note: Trusted path can be activated only by the person or by TCB and cannot be imitated by untrusted software. [FCv1] (see also communications security, computer, confidence, cryptographic, cryptography, evaluation, function, information, module, policy, process, software, system, target, users, TOE security functions, TOE security policy, trusted computing base)

trusted platform module chip

(see also computer, cryptographic, information, key, operation, tamper, module, trust)

trusted process

(I) A system process that has privileges that enable it to affect the state of system security and that can, therefore, through incorrect or malicious execution, violate the systems security policy.$ trusted subnetwork (I) A subnetwork containing hosts and routers that trust each other not to engage in active or passive attacks. (There also is an assumption that the underlying communication channels-- e.g. telephone lines, or a LAN--are protected from attack by some means.) [RFC2828] A process whose incorrect or malicious execution is capable of violating system security policy. [AJP][NCSC/TG004] Process that has been tested and verified to operate only as intended. [CNSSI-4009] Process that has privileges to circumvent the system security policy and has been tested and verified to operate only as intended. [CNSSI] (see also untrusted process, attack, malicious, network, policy, risk, router, system, test, process, security policy, trust)

Trusted Products Evaluation Program (TPEP)

(see also evaluation, program, trust)

trusted recovery

Ability to ensure recovery without compromise after a system failure. [CNSSI][CNSSI-4009] (see also compromise, system, recovery, trust)

trusted software

Software portion of a trusted computing base (TCB). [CNSSI][CNSSI-4009] The software portion of a Trusted Computing Base. [AJP][NCSC/TG004][TCSEC][TNI] (see also software, trusted computing base)

trusted subject

(1) A subject that is part of the TCB. It has the ability to violate the security policy, but is trusted not to actually do so. e.g. in the Bell-LaPadula model, a trusted subject is not constrained by the *-property and thus has the ability to write sensitive information into an object whose level is not dominated by the (maximum) level of the subject, but it is trusted to only write information into objects with a label appropriate for the actual level of the information. (2) A subject that is permitted to have simultaneous view and alter-access to objects of more than one sensitivity level. [AJP] A subject that is part of the TCB. It has the ability to violate the security policy, but is trusted not to actually do so. For example in the Bell-Lapadula model a trusted subject is not constrained by the *-property and thus has the ability to write sensitive information into an object whose level is not dominated by the (maximum) level of the subject, but it is trusted to only write information into objects with a label appropriate for the actual level of the information. [TNI] A subject that is permitted to have simultaneous view and alter-access to objects of more than one sensitivity level. [TDI] (see also access, access control, information, model, policy, property, Bell-LaPadula security model, security policy, subject, trusted computing base) (includes object)

Trusted Systems Interoperability Group (TSIG)

(N) A forum of computer vendors, system integrators, and users devoted to promoting interoperability of trusted computer systems. TSIG meetings are open to all persons who are working in the INFOSEC area. [RFC2828] (see also computer, users, interoperability, system, trust)

trusted third party

A security authority or its agent, trusted by other entities with respect to security-related activities. In the context of ISO/IEC 9798, a trusted third party is trusted by a claimant and/or a verifier for the purposes of authentication. [SC27] A security authority, or its agent, trusted by other entities with respect to security related activities. [SC27] A security authority, or its agent, trusted by other entities with respect to security related activities. [ISO/IEC 11770-3: 1999, ISO/IEC WD 13888-1 (11/2001), ISO/IEC 14888-2: 1999] A security authority or its agent, trusted by other entities with respect to security-related activities. In the context of ISO/IEC 9798, a trusted third party is trusted by a claimant and/or a verifier for the purposes of authentication. [SC27] (see also authentication, authority, public-key infrastructure, security, trust)

trusted time stamp

A data item with time and date information assured by a trusted time stamping authority. [SC27] A digitally signed assertion by a trusted authority that a specific digital object existed at a particular time. [SP 800-32; CNSSI-4009] (see also authority, information, time stamp, trust)

trusted time stamping authority

A trusted third party trusted to provide evidence which includes the time when the trusted time stamp is generated. [SC27] (see also evidence, authority, time stamp, trust)

trustworthiness

Security decision with respect to extended investigations to determine and confirm qualifications, and suitability to perform specific tasks and responsibilities. [FIPS 201][GSA] The attribute of a person or enterprise that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. [CNSSI-4009; SP 800-39] The attribute of a person or organization that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. [SP 800-79] (see also security, trust)

trustworthy system

(O) ABA usage: 'Computer hardware, software, and procedures that: (a) are reasonably secure from intrusion and misuse; (b) provide a reasonably reliable level of availability, reliability, and correct operation; (c) are reasonably suited to performing their intended functions; and (d) adhere to generally accepted security principles.' This differs somewhat from other industry usage. [RFC2828] Computer hardware, software and procedures that. 1) are reasonably secure from intrusion and misuse; 2) provide a reasonable level of availability, reliability, and correct operation; 3) are reasonably suited to performing their intended functions; and 4) adhere to generally accepted security procedures. [SP 800-32] (see also availability, computer, function, intrusion, operation, security, software, system, trust)

TSEC

Telecommunications Security. [CNSSI-4009] (see also security)

TSEC nomenclature

System for identifying the type and purpose of certain items of COMSEC material. [CNSSI][CNSSI-4009] (see also communications security, identify, system)

TSF data

Data created by and for the TOE, that might affect the operation of the TOE. [CC2][CC21][SC27] (see also operation, TOE security functions, target of evaluation)

TSF scope of control (TSC)

The set of interactions that can occur with or within a TOE and are subject to the rules of the TSP. [CC2][CC21][SC27] (see also subject, TOE security functions, control, target of evaluation)

TTY watcher

A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface. [NSAINT] (see also interface, terminal hijacking, attack)

tuning

Altering the configuration of an intrusion detection and prevention system to improve its detection accuracy. [800-94] (see also intrusion, intrusion detection, system)

tunnel

(I) A communication channel created in a computer network by encapsulating (carrying, layering) a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. (C) Tunneling can involve almost any OSI or TCP/IP protocol layers; for example, a TCP connection between two hosts could conceivably be tunneled through email messages across the Internet. Most often, a tunnel is a logical point-to-point link -- i.e. an OSI layer 2 connection--created by encapsulating the layer 2 protocol in a transport protocol (such as TCP), in a network or internetwork layer protocol (such as IP), or in another link layer protocol. Often, encapsulation is accomplished with an extra, intermediate protocol, i.e. a tunneling protocol (such as L2TP) that is layered between the tunneled layer 2 protocol and the encapsulating protocol. (C) Tunneling can move data between computers that use a protocol not supported by the network connecting them. Tunneling also can enable a computer network to use the services of a second network as though the second network were a set of point-to-point links between the first network's nodes. (O) SET usage: The name of a SET private extension that indicates whether the CA or the payment gateway supports passing encrypted messages to the cardholder through the merchant. If so, the extension lists OIDs of symmetric encryption algorithms that are supported. [RFC2828] (see also SET private extension, algorithm, authentication header, communications, computer, computer network, encapsulating security payload, encryption, gateway, message, network, protocols, public-key infrastructure, secure shell, security association, virtual private network, Secure Electronic Transaction, internet) (includes Layer 2 Tunneling Protocol, point-to-point tunneling protocol, transport mode vs. tunnel mode, tunnel mode, tunneled VPN, tunneled password protocol, tunneling, tunneling attack, tunneling router)

tunnel mode

(I) IPsec usage: See: transport mode vs. tunnel mode. [RFC2828] IPsec mode that creates a new IP header for each protected packet. [800-77] (see also internet security protocol, internet protocol security, tunnel)

tunneled password protocol

A protocol where a password is sent through a protected channel to a cryptographically authenticated verifier. For example, the TLS protocol is often used with a verifier's public key certificate to (1) authenticate the verifier to the claimant, (2) establish an encrypted session between the verifier and claimant, and (3) transmit the claimant's password to the verifier. The encrypted TLS session protects the claimant's password from eavesdroppers. [800-63] (see also certificate, cryptographic, key, public-key, passwords, protocols, tunnel)

tunneled VPN

A bi-directional virtual private network that encapsulates data and transmits relatively securely across an untrusted network. [misc] (see also network, trust, tunnel, virtual private network)

tunneling

A method for circumventing a firewall by hiding a message that would be rejected by the firewall inside a second, acceptable message. [CIAO] Technology enabling one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. [CNSSI][CNSSI-4009] (see also connection, message, network, protocols, technology, tunnel, virtual private network)

tunneling attack

An attack that attempts to exploit a weakness in a system at a low level of abstraction. [SRV] (see also system, attack, tunnel)

tunneling router

A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption. [IATF] (see also network, system, router, security, trust, tunnel)

turnaround time

The time interval between the initiation of a job or function and the availability of results. [SRV] (see also availability, function)

twisted-pair wire

A wire made of two separately insulated strands of wire twisted together. [SRV]

two-part code

Code consisting of an encoding section, in which the vocabulary items (with their associated code groups) are arranged in alphabetical or other systematic order, and a decoding section, in which the code groups (with their associated meanings) are arranged in a separate alphabetical or numeric order. [CNSSI][CNSSI-4009] (see also system, code)

two-person control (TPC)

(I) The close surveillance and control of a system, process, or materials (especially with regard to cryptography) at all times by minimum of two appropriately authorized persons, each capable of detecting incorrect and unauthorized procedures with respect to the tasks to be performed and each familiar with established security requirements. [RFC2828] Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed and each familiar with established security and safety requirements. [CNSSI-4009] Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed, and each familiar with established security and safety requirements. [CNSSI] (see also authorized, cryptography, process, requirements, security, system, control)

two-person integrity (TPI)

Provision that prohibits one person from working alone. [DSS] System of storage and handling designed to prohibit individual access by requiring the presence of at least two authorized individuals, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed. See No-Lone Zone. [CNSSI-4009] System of storage and handling designed to prohibit individual access to certain COMSEC keying material by requiring the presence of at least two authorized individuals, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed. [CNSSI] (see also access, access control, authorized, communications security, key, security, system, integrity)

Type 1 key

Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of classified and sensitive national security information. [CNSSI] Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of national security information. [CNSSI-4009, as modified] (see also classified, cryptographic, information, security, key)

type 1 products

Classified or controlled cryptographic item endorsed by the National Security Agency for securing classified and sensitive U.S. Government information, when appropriately keyed. The term refers only to products, and not to information, key, services, or controls. They are available to United States. Government users, their contractors, and federally sponsored non-United States. Government activities subject to export restrictions in accordance with International Traffic in Arms Regulation. [DSS] Cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms. Used to protect systems requiring the most stringent protection mechanisms. [CNSSI] Cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting national security information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms. Used to protect systems requiring the most stringent protection mechanisms. [CNSSI-4009, as modified] (see also algorithm, classified, cryptographic, information, key, process, security, subject, system, users)

Type 2 key

Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of unclassified information. [CNSSI-4009, as modified] Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of unclassified national security information. [CNSSI] (see also classified, cryptographic, information, security, key)

type 2 product

Cryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified information. [CNSSI-4009, as modified] Cryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified national security information. [CNSSI] (see also algorithm, classified, cryptographic, information, key, process, security, system)

type 3 key

Used in a cryptographic device for the protection of unclassified sensitive information, even if used in a Type 1 or Type 2 product. [CNSSI][CNSSI-4009] (see also classified, cryptographic, information, key)

type 3 product

Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP). [CNSSI][CNSSI-4009] (see also algorithm, assurance, classified, cryptographic, information, key, module, standard, system)

Type 4 key

Used by a cryptographic device in support of its Type 4 functionality; i.e. any provision of key that lacks U.S. Government endorsement or oversight. [CNSSI][CNSSI-4009] (see also cryptographic, function, key)

Type 4 product

Unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor's commercial practices. These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS. [CNSSI][CNSSI-4009] (see also algorithm, cryptographic)

type accepted telephone

Any telephone whose design and construction conforms to the design standards for Telephone Security Group approved telephone sets. (Telephone Security Group Standard No. 3, No. 4, or No. 5). [DSS] (see also security)

type accreditation

A form of accreditation that is used to authorize multiple instances of a major application or general support system for operation at approved locations with the same type of computing environment. In situations where a major application or general support system is installed at multiple locations, a type accreditation will satisfy C&A requirements only if the application or system consists of a common set of tested and approved hardware, software, and firmware. [CNSSI-4009] In some situations, a major application or general support system is intended for installation at multiple locations. The application or system usually consists of a common set of hardware, software, and firmware. Type accreditations are a form of interim accreditation and are used to certify and accredit multiple instances of a major application or general support system for operation at approved locations with the same type of computing environment. [800-37] (see also application, operation, requirements, software, system, accreditation)

type certification

The certification acceptance of replica information systems based on the comprehensive evaluation of the technical and non-technical security features of an IS and other safeguards, made as part of and in support of the accreditation process, to establish the extent to which a particular design and implementation meet a specified set of security requirements. [CNSSI] The certification acceptance of replica information systems based on the comprehensive evaluation of the technical and nontechnical security features of an information system and other safeguards, made as part of and in support of the formal approval process, to establish the extent to which a particular design and implementation meet a specified set of security requirements. [CNSSI-4009] (see also accreditation, evaluation, information, process, requirements, security, system, certification)

Type I cryptography

(O) A cryptographic algorithm or device approved by NSA for protecting classified information. [RFC2828] (see also National Security Agency, algorithm, classified, cryptographic, information, cryptography)

Type II cryptography

(O) A cryptographic algorithm or device approved by NSA for protecting sensitive unclassified information (as specified in section 2315 of Title 10 United States Code, or section 3502(2) of Title 44, United States Code.) [RFC2828] (see also National Security Agency, algorithm, classified, code, cryptographic, information, cryptography)

Type III cryptography

(O) A cryptographic algorithm or device approved as a Federal Information Processing Standard. [RFC2828] (see also algorithm, cryptographic, information, process, standard, cryptography)

type time

The amount of time spent by an interactive user typing or otherwise entering data or instructions to the computer. [SRV] (see also computer, users)

U.S. citizen

(see United States citizen)

U.S. person

U.S. citizen or a permanent resident alien, an unincorporated association substantially composed of U.S. citizens or permanent resident aliens, or a corporation incorporated in U.S., except for a corporation directed and controlled by a foreign government or governments. [CNSSI] federal law and Executive Order define a U.S. Person as: a citizen of the United States; an alien lawfully admitted for permanent residence; an unincorporated association with a substantial number of members who are citizens of the U.S. or are aliens lawfully admitted for permanent residence; and/or a corporation that is incorporated in the U.S. [CNSSI-4009] (see also United States citizen, United States national, association, control, foreign)

U.S.-controlled facility

Base or building to which access is physically controlled by U.S. individuals who are authorized U.S. Government or U.S. Government contractor employees. [CNSSI][CNSSI-4009] (see also access, access control, authorized, control)

U.S.-controlled space

Room or floor within a facility that is not a U.S.-controlled facility, access to which is physically controlled by U.S. individuals who are authorized U.S. Government or U.S. Government contractor employees. Keys or combinations to locks controlling entrance to U.S.-controlled spaces must be under the exclusive control of U.S. individuals who are U.S. Government or U.S. Government contractor employees. [CNSSI][CNSSI-4009] (see also access, access control, authorized, key, control)

umbrella special access program

Approved Department of Defense Special Access Program containing compartments for specific projects within the overall program. While there is no formal requirement to obtain separate approval for each individual project under the umbrella Special Access Program, each project must be consistent with the Special Access Program Oversight Committee-approved scope of the umbrella Special Access Program. The nickname, program description, and accomplishments of each significant project will be reported in the annual Special Access Program report. An individual participant's access can be afforded across-theboard at the umbrella level or specific individual project access can be granted on a limited (that is, nonumbrella) level. [DSS] (see also access)

unacknowledged special access program

Existence of the Special Access Program is protected as special access and the details, technologies, materials, and techniques of the program are classified as dictated by their vulnerability to exploitation and the risk of compromise. Program funding is often unacknowledged, classified, or not directly linked to the program. The four Congressional Defense Committees normally have access to the program. [DSS] (see also classified, compromise, risk, vulnerability, access)

unauthorized access

A person gains logical or physical access without permission to a network, system, application, data, or other resource. [800-61][800-82] (see also SOCKS, access control mechanisms, access control service, adequate security, application, between-the-lines-entry, computer intrusion, computer security intrusion, covert channel analysis, data compromise, failure access, fetch protection, file protection, firewall, information systems security, intrusion, intrusion detection tools, major application, malicious logic, motivation, network security, penetration, physical and environmental protection, physical security, piggyback, piggyback entry, probe, procedural security, protected network, resource, security compromise, security incident, security violation, segregation of duties, sensitive information, signature, system, vulnerability, access, authorized, threat)

unauthorized disclosure

An event involving the exposure of information to entities not authorized access to the information. [SP 800-57 Part 1; CNSSI-4009] Communication or physical transfer of classified information to an unauthorized recipient. [DSS] Type of event involving exposure of information to individuals not authorized to receive it. [CNSSI] (see also access, classified, exposures, information, authorized, risk)

unauthorized person

Person not authorized to have access to specific classified information. [DSS] (see also access, classified, authorized)

unclassified

(I) Not classified. [RFC2828] Information that has not been determined pursuant to E.O. 12958 or any predecessor order to require protection against unauthorized disclosure and that is not designated as classified. [CNSSI] Information that has not been determined pursuant to E.O. 12958, as amended, or any predecessor order, to require protection against unauthorized disclosure and that is not designated as classified. [CNSSI-4009] (see also authorized, information, classified)

unclassified controlled nuclear information

Unclassified Controlled Nuclear Information under jurisdiction of the Department of Energy includes unclassified facility design information, operational information concerning the production, processing or utilization of nuclear material for atomic energy Defense programs, safeguards and security information, nuclear material, and declassified controlled nuclear weapon information once classified as Restricted Data. Department of Defense Unclassified Controlled Nuclear Information is unclassified information on security measures (including security plans, procedures and equipment) for the physical protection of Department of Defense Special Nuclear Material, equipment, or facilities. Information is designated Unclassified Controlled Nuclear Information only when it is determined that its unauthorized disclosure could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by increasing significantly the likelihood of the illegal production of nuclear weapons or the theft, diversion, or sabotage of Special Nuclear Material, equipment, or facilities. [DSS] (see also authorized, illegal, theft, classified)

unclassified internet protocol router network

Non-Secure Internet Protocol Router Network is used to exchange sensitive but unclassified information between 'internal' users as well as providing user's access to the Internet. Non-Secure Internet Protocol Router Network is composed of Internet Protocol routers owned by the U.S. Department of Defense. It was created by the Defense Information Systems Agency to supersede the earlier Military Network. [DSS] (see also access, users, classified, network)

unclassified sensitive

For computer applications, this term refers to any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal program, or the privacy to which individuals are entitled under the section 552a of title 5 of the United States Code (the Privacy Act), but not specifically authorized under the criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy. (Computer Security Act of 1987, Public Law 100-235). [DSS] (see also access, authorized, foreign, privacy, sensitive but unclassified information, classified)

unconventional warfare

A broad spectrum of military and paramilitary operations, normally of long duration, predominantly conducted through, with, or by indigenous or surrogate forces who are organized, trained, equipped, supported, and directed in varying degrees by an external source. It includes, but is not limited to, guerrilla warfare, subversion, sabotage, intelligence activities, and unconventional assisted recovery. [DOD] (see also intelligence, version, warfare)

under sea warfare

Operations conducted to establish and maintain control of the underwater environment by denying an opposing force the effective use of underwater systems and weapons. It includes offensive and defensive submarine, antisubmarine, and mine warfare operations. [DOD] (see also control, system, warfare)

undercover operation

Phrase that is usually associated with the law enforcement community and which describes an operation that is so planned and executed as to conceal the identity of, or permit plausible denial by, the sponsor. [DSS] (see also identity)

underflow

(ISO) The state in which a calculator shows a zero indicator for the most significant part of a number while the least significant part of the number is dropped. For example, if the calculator output capacity is four digits, the number .0000432 will be shown as .0000. [OVT] (see also flow)

undesired signal data emanations (USDE)

(see also emanations security, risk)

unencrypted

(I) Not encrypted. [RFC2828] (see also encryption)

unfavorable administrative action

Adverse action taken as the result of personnel security determinations and unfavorable personnel security determinations. [DSS] (see also security)

unfavorable personnel security determination

Denial or revocation of clearance for access to classified information; denial or revocation of access to classified information; denial or revocation of a Special Access authorization (including access to Sensitive Compartmented Information); non-appointment to or non-selection for appointment to a sensitive position; non-appointment to or non-selection for any other position requiring a trustworthiness; reassignment to a position of lesser sensitivity or to a non-sensitive position; and non-acceptance for or discharge for the Armed Forces when any of the foregoing actions are based on derogatory information of personnel security significance. [DSS] (see also access, authorization, classified, trust, security)

unforgeable

(I) Cryptographic usage: The property of a cryptographic data structure (i.e. a data structure that is defined using one or more cryptographic functions) that makes it computationally infeasible to construct (i.e. compute) an unauthorized but correct value of the structure without having knowledge of one of more keys. (C) This definition is narrower than general English usage, where 'unforgeable' means unable to be fraudulently created or duplicated. In that broader sense, anyone can forge a digital certificate containing any set of data items whatsoever by generating the to-be-signed certificate and signing it with any private key whatsoever. But for PKI purposes, the forged data structure is invalid if it is not signed with the true private key of the claimed issuer; thus, the forgery will be detected when a certificate user uses the true public key of the claimed issuer to verify the signature. [RFC2828] (see also authorized, certificate, cryptographic, cryptography, digital signature, fraud, function, key, property, public-key, public-key infrastructure, signature, users)

unified network

Unified network is a connected collection of systems or networks that are accredited (1) under a single System Security Plan, (2) as a single entity, and (3) by a single Cognizant Security Authority. Such a network Can be as simple as a small standalone Local Area Network operating at Protection Level 1, following a single security policy, accredited as a single entity, and administered by a single Information System Security Officer. Conversely, it can be as complex as a collection of hundreds of Local Area Networks separated over a wide area but still following a single security policy, accredited as a single Cognizant Security Authority. The perimeter of each network encompasses all its hardware, software, and attached devices. Its boundary extends to all of its users. [DSS] (see also security, users, network)

uniform resource identifier (URI)

(I) A type of formatted identifier that encapsulates the name of an Internet object, and labels it with an identification of the name space, thus producing a member of the universal set of names in registered name spaces and of addresses referring to registered protocols or name spaces. (C) URIs are used in HTML to identify the target of hyperlinks. In common practice, URIs include uniform resource locators and relative URLs, and may be URNs. [RFC2828] (see also identification, identify, object, protocols, target, internet, resource)

uniform resource locator (URL)

(I) A type of formatted identifier that describes the access method and location of an information resource object on the Internet. (C) A URL is a URI that provides explicit instructions on how to access the named object. For example, 'ftp://bbnarchive.bbn.com/foo/bar/picture/cambridge.zip' is a URL. The part before the colon specifies the access scheme or protocol, and the part after the colon is interpreted according to that access method. Usually, two slashes after the colon indicate the host name of a server (written as a domain name). In an FTP or HTTP URL, the host name is followed by the path name of a file on the server. The last (optional) part of a URL may be either a fragment identifier that indicates a position in the file, or a query string. [RFC2828] A way of specifying the location of publicly available information on the Internet, in the form: protocol://machine: port number/filename. Often the port number and/or filename are unnecessary. [FFIEC] (see also access, access control, archive, domain, file, information, object, protocols, internet, resource)

uniform resource name (URN)

(I) A URI that has an institutional commitment to persistence and availability. [RFC2828] (see also availability, internet, resource)

unilateral authentication

An IEEE 802.16-2004 vulnerability resulting from PKMv1 providing for authentication of SSs by BSs but not for authentication of BSs by SSs. Lack of mutual authentication may allow a rogue BS to impersonate a legitimate BS, thereby rendering the SS unable to verify the authenticity of protocol messages received from the BS. This may enable a rogue BS operator to degrade performance or steal valuable information by conducting DoS or man-in-the-middle attacks against client SSs. [800-127] Entity authentication which provides one entity with assurance of the other's identity but not vice versa. [SC27] (see also assurance, attack, entity, identity, mutual authentication, vulnerability, authentication)

uninterruptible power supply (UPS)

Typically a collection of batteries that provide electrical power for a limited period of time. [FFIEC] (see also failure)

unique interswitch rekeying key (UIRK)

(see also key, rekey)

unit

(1) A separately testable element specified in the design of a computer software component. (2) A logically separable part of a computer program. (3) A software component that is not subdivided into other components. [IEEE610] The smallest piece of software that can be independently tested (i.e. compiled or assembled, loaded, and tested). Usually the work of one programmer consisting of a few hundred lines of source code. [OVT] (see also code, computer, program, software, test)

unit of transfer

A discrete collection of bytes comprising at least one header and optional user data. This metric is intended for use in describing steady-state forwarding rate of the DUT/SUT. The unit of transfer (UOT) definition is deliberately left open to interpretation, allowing the broadest possible application. Examples of UOTs include TCP segments, IP packets, Ethernet frames, and ATM cells. While the definition is deliberately broad, its interpretation must not be. The tester must describe what type of UOT will be offered to the DUT/SUT, and must offer these UOTs at a consistent rate. Traffic measurement must begin after all connection establishment routines complete and before any connection completion routine begins. Further, measurements must begin after any security associations (SAs) are established and before any SA is revoked. Testers also must compare only like UOTs. It is not appropriate, for example, to compare forwarding rates by offering 1,500-byte Ethernet UOTs to one DUT/SUT and 53-byte ATM cells to another. [RFC2647] (see also application, association, bit forwarding rate, connection, establishment, firewall, revoked state, security, test, users)

unit testing

The testing of software elements at the lowest level of development. [SRV] (see also software, security testing, test)

United States

The 50 States and the District of Columbia. [DSS]

United States and its Territorial Areas

The 50 States, the District of Columbia, Puerto Rico, Guam, American Samoa, the Virgin Islands, Wake Island, Johnston Atoll, Kingman Reef, Palmyra Atoll, Baker Island, Howland Island, Jarvis Island, Midway Islands, Navassa Island, and Northern Mariana Islands. [DSS]

United States citizen

Native Born. Person born in one of the 50 States, Puerto Rico, Guam, American Samoa, Northern Mariana Islands, U.S. Virgin Islands; or Panama Canal Zone (if the father or mother (or both) was or is, a citizen of the United States). [DSS] (see also U.S. person, United States national, alien, cleared escort, dual citizen, foreign contact, guard, limited access authorization, nations, random procurement, site security manager)

United States national

A citizen of the United States or a person who, though not a citizen of the United States, owes permanent allegiance to the United States, for example, a lawful permanent resident of the United States. Categories of persons born in and outside the United States or its possessions who may qualify as nationals of the United States are listed in section 1101(a), title 8 of the United States Code and section 1401, title 8 of the United States Code, subsection (a) paragraphs (1) through (7). Legal counsel should be consulted when doubt exists as to whether or not a person can qualify as a national of the United States. A U.S. national shall not be treated as a foreign person except when acting as a foreign representative. [DSS] (see also U.S. person, United States citizen, foreign)

unlimited network analyzer

A device that reads and potentially modifies packet contents [NASA] (see also network, threat)

unprotected network

A network segment or segments to which access is not controlled by the DUT/SUT. Firewalls are deployed between protected and unprotected segments. The unprotected network is not protected by the DUT/SUT. Note that a DUT/SUT's policy may specify hosts on an unprotected network. For example, a user on a protected network may be permitted to access an FTP server on an unprotected network. But the DUT/SUT cannot control access between hosts on the unprotected network. [RFC2647] (see also protected network, access, access control, control, policy, ruleset, users, demilitarized zone, firewall, network)

unscheduled records

Federal records whose final disposition has not been approved. [DSS]

unsigned data

Data included in an authentication token, in addition to a digital signature. [FIPS 196] (see also authentication)

untrusted process

(I) A system process that is not able to affect the state of system security through incorrect or malicious operation, usually because its operation is confined by a security kernel. [RFC2828] A process that has not been evaluated or examined for adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the security mechanisms. [AJP][NCSC/TG004] Process that has not been evaluated or examined for adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the security mechanisms. [CNSSI] Process that has not been evaluated or examined for correctness and adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the security mechanisms. [CNSSI-4009] (see also trusted process, code, malicious, operation, policy, system, process, risk, trust)

update (a certificate)

The act or process by which data items bound in an existing public key certificate, especially authorizations granted to the subject, are changed by issuing a new certificate. [SP 800-32; CNSSI-4009] (see also authorization)

update (key)

Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key. [CNSSI-4009] (see also key)

update

The process used to replace a previously active key with a new key that is related to the old key. [800-130] (see also Advanced Mobile Phone Service, Internet Draft, OAKLEY, X.509 certificate revocation list, accreditation phase, certificate management, certificate rekey, certificate renewal, issuing authority, key, patch, process, push technology, real-time system, rolling cost forecasting technique, router flapping, security event, software release, systems software, trusted distribution, validation service) (includes certificate update, key update, update access)

update access

The ability to change data or a software program [CIAO] (see also program, software, access, update)

updating

Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key, equipment, device, or system. [CNSSI] (see also communications security, cryptographic, cryptography, key, process, system)

upgrade

Determination that certain classified information, in the interest of national security, requires a higher degree of protection against unauthorized disclosure than currently provided, coupled with a changing of the classification designation to reflect such a higher degree. [DSS] (see also authorized, classified, security)

upload

The process of transferring a copy of a file from a local computer to a remote computer. [SRV] (see also computer, file, process)

US-CERT

A partnership between the Department of Homeland Security and the public and private sectors, established to protect the nation's Internet infrastructure. US-CERT coordinates defense against and responses to cyber attacks across the nation. [CNSSI-4009] (see also attack, cyberspace, security)

usage security policy

Assumptions regarding the expected environment and intended method of IT product use. [AJP][FCv1] (see also policy, security policy)

USENET

An e-mail-based discussion system, originally supported by dial-up connections, now usually accessed via TCP/IP. [SRV] (see also access, connection, system, internet)

user agent (UA)

(see also users)

user data

Data created by and for the user, that does not affect the operation of the TSF. [CC2][CC21][SC27] (see also operation, TOE security functions, users)

user data protocol (UDP)

(I) An Internet Standard protocol that provides a datagram mode of packet-switched computer communication in an internetwork. (C) UDP is a transport layer protocol, and it assumes that IP is the underlying protocol. UDP enables application programs to send transaction-oriented data to other programs with minimal protocol mechanism. UDP does not provide reliable delivery, flow control, sequencing, or other end-to-end services that TCP provides. [RFC2828] (see also application, communications, computer, control, flow, network, program, standard, internet, protocols, users)

user datagram protocol

(see user data protocol) (see also users)

user documentation

The information about a Target of Evaluation supplied by the developer for use by its end-users. [AJP][ITSEC] (see also information, target, target of evaluation, users)

user id

A unique symbol or alphanumeric string that is used by a system to identify a specific user. [SRV] The name a person uses to identify himself or herself when logging onto a computer system or online service [NASA] Unique symbol or alphanumeric string used by an IS to recognize a specific user. [CIAO] Unique symbol or character string used by an IS to identify a specific user. [CNSSI] Unique symbol or character string used by an information system to identify a specific user. [CNSSI-4009] (see also user identifier, computer, identify, system, users) (includes group user id)

user id revalidation

The process of verifying that a user ID continues to be in the possession of the individual to whom it was last issued and that individual continues to have a valid need for it [NASA] (see also process, users, validation)

user identification

Unique symbol or character string used by an Information System to uniquely identify a specific user. [DSS] (see also users)

user identifier

(I) A alphanumeric string or symbol that is used in a system to uniquely name a specific user or group of users. (C) Often verified by a password in an authentication process. [RFC2828] Unique symbol or alphanumeric string that is used by An IT system, product, or component to uniquely identify a specific user. [AJP] (see also user id, authentication, identify, passwords, process, system, users)

user initialization

A function in the lifecycle of keying material; the process whereby a user initializes its cryptographic application (e.g., installing and initializing software and hardware). [SP 800-57 Part 1] (see also software)

user interface

A combination of menus, screen design, keyboard commands, command language, and help screens that together create the way a user interacts with a computer. Hardware, such as a mouse or touch screen, is also included. Synonymous with graphical user interface. [SRV] (see also computer, key, interface, users)

user interface system (UIS)

(see also interface, system, users)

user partnership program (UPP)

Partnership between the NSA and a U.S. Government agency to facilitate development of secure IS equipment incorporating NSA-approved cryptography. The result of this program is the authorization of the product or system to safeguard national security information in the user's specific application. [CNSSI] Partnership between the NSA and a U.S. Government agency to facilitate development of secure information system equipment incorporating NSA-approved cryptography. The result of this program is the authorization of the product or system to safeguard national security information in the user's specific application. [CNSSI-4009] (see also application, authorization, cryptography, development, information, security, system, program, users)

user PIN

(O) MISSI usage: One of two personal identification numbers that control access to the functions and stored data of a FORTEZZA PC card. Knowledge of the user PIN enables the card user to perform the FORTEZZA functions that are intended for use by an end user. [RFC2828] (see also Fortezza, access, access control, control, function, identification, multilevel information systems security initiative, users)

user profile

Patterns of a user's activity that can be used to detect changes in normal routines. [NCSC/TG004][SRV] (see also file, profile, risk management, users)

user registration

A function in the lifecycle of keying material; a process whereby an entity becomes a member of a security domain. [SP 800-57 Part 1] (see also security)

user representative

Individual authorized by an organization to order COMSEC keying material and interface with the keying system, provide information to key users, and ensure the correct type of key is ordered. [CNSSI][CNSSI-4009] The individual or organization that represents the operational interests of the user community and serves as the liaison for that community throughout the lifecycle of the system. The user representative also assists in the C&A process, when needed, to ensure mission requirements are satisfied while meeting the security requirements defined in the security plan. [800-37] (see also authorized, communications security, information, interface, key, operation, process, requirements, security, system, users)

user-PIN ORA (UORA)

(O) A MISSI organizational RA that operates in a mode in which the ORA performs only the subset of card management functions that are possible with knowledge of the user PIN for a FORTEZZA PC card. [RFC2828] (see also Fortezza, function, multilevel information systems security initiative, users)

users

(1) Any person who interacts directly with a computer system. (2) Any person who interacts directly with a network system. This includes both those persons who are authorized to interact with the system and those people who interact without authorization (e.g. active or passive wiretappers). Note that 'users' do not include 'operators,' 'system programmers,' 'technical control officers,' 'system security officers,' and other system support personnel. They are distinct from users and are subject to the trusted facility manual and the system architecture requirements. Such individuals may change the system parameters of the network system, e.g. by defining membership of a group. These individuals may also have the separate role of users. (3) Any person or process accessing an IT product by direct connections (e.g. via terminals) or indirect connections. Note: Indirect connection relates to persons who prepare input data or receive output that is not reviewed for content or classification by a responsible individual. [AJP] (I) A person, organization entity, or automated process that accesses a system, whether authorized to do so or not. (C) Any ISD that uses this term SHOULD provide an explicit definition, because this term is used in many ways and can easily be misunderstood. [RFC2828] A person or process authorized to access an IT system. [CIAO] A person or process requesting access to resources protected by the DUT/SUT. 'User' is a problematic term in the context of firewall performance testing, for several reasons. First, a user may in fact be a process or processes requesting services through the DUT/SUT. Second, different 'user' requests may require radically different amounts of DUT/SUT resources. Third, traffic profiles vary widely from one organization to another, making it difficult to characterize the load offered by a typical user. For these reasons, testers should not attempt to measure DUT/SUT performance in terms of users supported. Instead, testers should describe performance in terms of maximum bit forwarding rate and maximum number of connections sustained. Further, testers should use the term 'data source' rather than user to describe traffic generator(s). [RFC2647] An individual authorized by an organization and its policies to use an information system, one or more of its applications, its security procedures and services, and a supporting CKMS. [800-130] An individual or a process (subject) acting on behalf of the individual that accesses a cryptographic module in order to obtain cryptographic services. [FIPS 140-2] Any entity (human user or external IT entity) outside the TOE that interacts with the TOE. [CC2][CC21][SC27] Any person who interacts directly with a computer system. [TCSEC][TDI] Any person who interacts directly with a network system. This includes both those persons who are authorized to interact with the system and those people who interact without authorization (e.g. active or passive wiretappers). Note that 'users' does not include 'operators,' 'system programmers,' 'technical control officers,' 'system security officers,' and other system support personnel. They are distinct from users and are subject to the Trusted Facility Manual and the System Architecture requirements. Such individuals may change the system parameters of the network system, for example by defining membership of a group. These individuals may also have the separate role of users. [TNI] Individual or (system) process authorized to access an information system. [FIPS 200] Individual or process authorized to access an IS. (PKI) Individual defined, registered, and bound to a public key structure by a certification authority (CA). [CNSSI] Individual, or (system) process acting on behalf of an individual, authorized to access an information system. [SP 800-53; SP 800-18; CNSSI-4009] Person interacting directly with an Automated Information System or a network system. This includes both those persons who are authorized to interact with the system and those people who interact without authorization (for example, active or passive wiretapping). [DSS] Person or process authorized to access an IT system. [800-37] The party, or his designee, responsible for the security of designated information. The user works closely with an ISSE. Also referred to as the customer. [IATF] (see also Advanced Mobile Phone Service, American National Standards Institute, Defense Information Infrastructure, Defense Information Systems Network, Directory Access Protocol, Gypsy verification environment, IP splicing/hijacking, IT security incident, IT security policy, IT security support functions, Identification Protocol, Integrated services digital network, Internet Protocol Security Option, Key Management Protocol, Layer 2 Forwarding Protocol, OAKLEY, OSI architecture, PHF hack, POP3 APOP, Password Authentication Protocol, S/Key, SSO PIN, SSO-PIN ORA, Sensitive Information Computer Security Act of 1987, Simple Authentication and Security Layer, Trusted Systems Interoperability Group, X.500 Directory, X.509 certificate revocation list, abuse of privilege, acceptable use policy, acceptance criteria, acceptance testing, access, access category, access control lists, access level, access profile, access type, access with limited privileges, accreditation boundary, active wiretapping, administrative account, anomaly, anomaly detection, anomaly detection model, anonymity, anonymous, anonymous login, application, application program interface, application server attack, architecture, assurance, attack, attribute certificate, audit trail, authenticate, authentication, authentication code, authentication data, authentication mechanism, authenticity, authority, automated logon sequences, automatic log-on, availability, availability of data, backdoor, bastion host, benchmark, between-the-lines-entry, biometric measurement, biometric system, blacklist, boundary, browse access protection, capture, cardholder, certificate, certificate policy, certificate revocation, certificate revocation list, certificate status responder, certificate validation, certification, certification authority, certification hierarchy, certification path, certification practice statement, chain letter, challenge/response, classification levels, client, client server, cloud computing, cold start, command authority, community of interest, compartmented mode, compromised key list, computer, computer cryptography, concurrency control, concurrent connections, confidentiality, connection, connection maintenance, console, console logon, consumers, content filtering, control, controlled access protection, controlled security mode, corporate security policy, correctness, crack, critical, cross-certification, cryptographic token, cybersecurity, data driven attack, data integrity service, database management system, dedicated mode, dedicated security mode, default account, denial-of-service, device registration manager, dial-up capability, dictionary attack, direct shipment, disaster recovery, discretionary access control, documentation, domain, domain name system, ease of use, electrical power systems, electronic authentication, electronic key entry, email packages, email security software, encapsulation, encryption software, energy-efficient computer equipment, enterprise service, entity, environment, ethernet sniffing, executive state, external system exposure, extranet, failed logon, false acceptance, false acceptance rate, federated identity, federation, file, firewall, fishbowl, frame relay, framing, frequency division multiple access, general support system, gopher, granularity of a requirement, group, guard, hackers, handshaking procedures, hijacking, hoax, honeypot, host, hyperlink, identification, identification and authentication, identification authentication, identity, identity credential, identity credential issuer, identity validation, identity-based security policy, impersonation, independent validation and verification, individual accountability, individual electronic accountability, information, information security, information systems security, integrity policy, intelligence cycle, interface, interference, internal subject, internet, internet vs. Internet, intranet, issue, kerberos, key, key center, key management device, key management infrastructure, keys used to encrypt and decrypt files, keystroke monitoring, leapfrog attack, least privilege, local authority, local logon, local management device/key processor, local-area network, logging, logical access, logical access control, logical perimeter, login prompt, major application, malicious logic, mandatory access control, masquerading, mass-market software, mesh PKI, message handling system, min-entropy, mobile code, mockingbird, mode of operation, modes of operation, multi-releasable, multilevel mode, multilevel secure, multilevel security mode, multiple access rights terminal, national information assurance partnership, national information infrastructure, natural benchmark, network, network component, network services, no-PIN ORA, node, non-discretionary security, non-organizational user, office information system, officer, on-demand scanning, open system environment, operations manager, organizational maintenance, organizational registration authority, owner, packet filter, partitioned security mode, password-locked screensaver, passwords, patch management, peer-to-peer communication, penetration test, penetration testing, periods processing, persistent cookie, personal identification number, personality label, personnel registration manager, phishing, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, policy, policy creation authority, portability, primary services node (prsn), privacy, privacy programs, private key, privileged access, privileged accounts, probe, process, profile, program, programmable logic controller, protection ring, protocol analyzer, proxy, proxy server, public-key, public-key certificate, public-key cryptography, public-key infrastructure, push technology, quality, rapid application development, registration authority, relying party, remote access, remote login, remote logon, repository, requirements, resource, responsibility to provide, risk index, role, root, rule-based security policy, scope of a requirement, secrecy policy, secret, secure data device, secure shell, secure socket layer, security architecture, security attribute, security banner, security concept of operations, security domain, security features, security level, security policy, security testing, security violation, security-relevant change, sensitive, session hijack attack, shared account, single sign-on, site information assurance manager, smartcards, sniffer, social engineering, software product, software requirement, specialized boundary host, spoof, spoofing, spyware, stand-alone, shared system, subject, subject security level, subordinate certification authority, system, system administrator, system files, system high mode, system integrity, system owner, system requirement, system resources, system security officer, system-high security mode, tactical edge, target of evaluation, technical attack, technical vulnerability, technological attack, telecommunications, term rule-based security policy, terminal hijacking, test, test cycle, think time, time-and-materials contract, token management, tokens, tracking cookie, traffic analysis, trigger, trojan horse, trust, trust-file PKI, trusted certificate, trusted computing base, trusted identification forwarding, trusted key, trusted path, type 1 products, type time, unclassified internet protocol router network, unforgeable, unified network, unit of transfer, unprotected network, validate vs. verify, vendor, verification, virtual private network, virus, virus-detection tool, vulnerability, web bug, weblinking, wide-area network, wiki, workstation, world wide web, worm, accountability, data source, security-relevant event) (includes MISSI user, access control, authorization, authorized user, certificate user, closed user group, directory user agent, end-user, end-user computing, graphical-user interface, group of users, human user, key management user agent, multiuser mode of operation, privileged user, remote authentication dial-in user service, security features users guide, stand-alone, single-user system, superuser, user PIN, user agent, user data, user data protocol, user datagram protocol, user documentation, user id, user id revalidation, user identification, user identifier, user interface, user interface system, user partnership program, user profile, user representative, user-PIN ORA)

usurpation

A circumstance or event that results in control of system services or functions by an unauthorized entity. [RFC2828] (see also authorized, control, entity, function, system, threat consequence)

UTCTime

(N) The ASN.1 data type 'UTCTime' contains a calendar date (YYMMDD) and a time to a precision of either one minute (HHMM) or one second (HHMMSS), where the time is either (a) Coordinated Universal Time or (b) the local time followed by an offset that enables Coordinated Universal Time to be calculated. Note: UTCTime has the Year 2000 problem. [RFC2828] (see also GeneralizedTime, coordinated universal time)

utility

A program that performs a specific task for an IS, such as managing a disk drive or printer. [CIAO] (see also program, critical infrastructures)

utility programs

A program that supports the operation of the computer. Utility programs provide file management capabilities, such as sorting, copying, archiving, comparing, listing, and searching, as well as diagnostic routines which check the health of the computer system. It also includes compilers or software that translates a programming language into machine language. [SRV] A program used to configure or maintain systems, or to make changes to stored or transmitted data. [FFIEC] (see also computer, file, operation, software, system, program)

v1 certificate

(C) Ambiguously refers to either an X.509 public-key certificate in its version 1 format, or an X.509 attribute certificate in its version 1 format. However, many people who use this term are not aware that X.509 specifies attribute certificates that do not contain a public key. Therefore, ISDs MAY use this term as an abbreviation for 'version 1 X.509 public-key certificate', but only after using the full term at the first instance. (D) ISDs SHOULD NOT use this term as an abbreviation for 'version X.509 attribute certificate'. [RFC2828] (see also X.509, key, public-key, version, certificate)

v1 CRL

(I) An abbreviation for 'X.509 CRL in version 1 format'. (C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation. [RFC2828] (see also X.509, certificate, version, public-key infrastructure)

v2 certificate

(I) An abbreviation for 'X.509 public-key certificate in version 2 format'. (C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation. [RFC2828] (see also X.509, key, public-key, version, certificate)

v2 CRL

(I) An abbreviation for 'X.509 CRL in version 2 format'. (C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation. [RFC2828] (see also X.509, certificate, version, public-key infrastructure)

v3 certificate

(I) An abbreviation for 'X.509 public-key certificate in version 3 format'. (C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation. [RFC2828] (see also X.509, key, public-key, version, certificate)

vaccines

Program that injects itself into an executable program to perform a signature check and warns if there have been any changes. [NSAINT] (see also program, signature, virus-detection tool, security software)

valid certificate

(I) A digital certificate for which the binding of the data items can be trusted; one that can be validated successfully. [RFC2828] (see also backup, trust, validate, certificate)

valid data element

A payload, an associated data string, or a nonce that satisfies the restrictions of the formatting function. [SP 800-38C]

valid signature

(D) ISDs SHOULD NOT use this term; instead, use 'authentic signature'. This Glossary recommends saying 'validate the certificate' and 'verify the signature'; therefore, it would be inconsistent to say that a signature is 'valid'. [RFC2828] (see also certificate, digital signature, public-key infrastructure, validate, signature)

validate

The process by which cryptographic parameters (e.g., domain parameters, private keys, public keys, certificates, symmetric keys) are tested as being appropriate for use by a particular cryptographic algorithm for a specific security service and application and that they can be trusted. [800-130] (see also algorithm, application, authenticate, authority revocation list, cardholder certificate, certificate, certificate revocation list, certificate validation, certification authority, certification path, circuit level gateway, cross-certification, cryptographic, domain, identity credential issuer, identity proofing, key, non-repudiation, non-repudiation information, pre-authorization, process, public-key, public-key infrastructure, registration, security, suspicious event, test, tokens, trust, trusted identification forwarding, valid certificate, valid signature, validation, verifier, web of trust) (includes corroborate, validate vs. verify, validated products list)

validate vs. verify

(C) The PKI community uses words inconsistently when describing what a certificate user does to make certain that a digital certificate can be trusted. Usually, we say 'verify the signature' but say 'validate the certificate'; i.e. we 'verify' atomic truths but 'validate' data structures, relationships, and systems that are composed of or depend on verified items. Too often, however, verify and validate are used interchangeably. ISDs SHOULD comply with the following two rules to ensure consistency and to align Internet security terminology with ordinary English:

Rule 1: Use 'validate' when referring to a process intended to establish the soundness or correctness of a construct.
Rule 2: Use 'verify' when referring to a process intended to test or prove the truth or accuracy of a fact or value.

The rationale for Rule 1 is that 'valid' derives from a word that means 'strong' in Latin. Thus, to validate means to make sure that construction is sound. A certificate user validates a public-key certificate to establish trust in the binding that the certificate asserts between an identity and a key. (To validate can also mean to officially approve something; e.g. NIST validates cryptographic modules for conformance with FIPS PUB 140-1.) The rationale for Rule 2 is that 'verify' derives from a word that means 'true' in Latin. Thus, to verify means to prove the truth of an assertion by examining evidence or performing tests. To verify an identity, an authentication process examines identification information that is presented or generated. To validate a certificate, a certificate user verifies the digital signature on the certificate by performing calculations; verifies that the current time is within the certificate's validity period; and may need to validate a certification path involving additional certificates. [RFC2828] (see also authentication, backup, certificate, certification, cryptographic, cryptography, digital signature, entity, evidence, identification, identity, information, internet, key, module, process, public-key, public-key infrastructure, security, signature, system, test, trust, users, validation, verification, verification and validation, National Institute of Standards and Technology, validate)

validated products list

A publicly available document issued periodically by the NIAP Oversight Body giving brief particulars of every product which holds a currently valid validation certificate awarded by that body and every product validated or certified under the authority of another Party for which the validation certificate has been recognized. [NIAP] List of validated products that have been successfully evaluated under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS). [CNSSI][CNSSI-4009] (see also authority, certificate, criteria, evaluation, information, validation, national information assurance partnership, validate)

validation

Confirmation (through the provision of strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled (e.g., a trustworthy credential has been presented, or data or information has been formatted in accordance with a defined set of rules, or a specific process has demonstrated that an entity under consideration meets, in all respects, its defined attributes or requirements). [CNSSI-4009] Confirmation, through review and/or examination, that relevant security-related policies, plans, procedures, or documents have been completed and/or any security-related activities accomplished in support of the C&A process. [800-37] Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an IS by one or more departments or agencies and their contractors. [CNSSI] The process carried out by the NIAP Oversight Body leading to the issue of a validation certificate. [NIAP] The process of assessing the usefulness of a system in relation to its intended use or purpose. [AJP][JTC1/SC27] The process of demonstrating that the system under consideration meets in all respects the specification of that system. [FIPS 201][GSA] The process of evaluating a system or component (including software), during or at the end of the development process, to determine whether it satisfies specified requirements. [SRV] The process of evaluating a system or component during or at the end of the development process to determine whether it satisfies specified requirements. (1) (FDA) Establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications and quality attributes. Contrast with data validation. [OVT] The process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. [IEEE610] Verification that something is correct or conforms to a certain standard. In data collection or data entry, it is the process of ensuring that the data that are entered fall within the accepted boundaries of the application collecting the data. For example, if a program is collecting last names to be entered in a database, the program validates that only letters are entered and not numbers; or in a survey collecting data in the form of 'yes' or 'no' questions, the program validates that only those responses are used and not some other word. [800-103] (see also verification, Common Criteria Testing Laboratory, Common Criteria Testing Program, IT Security Evaluation Criteria, IT Security Evaluation Methodology, NIAP Oversight Body, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, application, application controls, assurance, authentication, certificate, certification hierarchy, designated, designated laboratories list, designating authority, designation policy, evaluation technical report, evidence, extensible markup language, identity management systems, mesh PKI, monitoring and evaluation, physical access control, pre-certification phase, process, program, public-key infrastructure, quality, requirements, response, security, software, standard, system, test, test facility, time-stamping service, trust, trusted certificate, validate, validate vs. verify, validated products list, development process, evaluation) (includes NIAP Common Criteria Evaluation and Validation Scheme, Validation Certificate, certificate chain validation, certificate validation, conformant validation certificate, data validation, evaluation and validation scheme, identity validation, independent validation and verification, key validation, path validation, reference validation mechanism, software verification and validation, target vulnerability validation techniques, user id revalidation, validation report, validation service, verification and validation)

Validation Certificate

A brief publicly available document in which it is confirmed by the NIAP Oversight Body that a given product has successfully completed evaluation by a CCTL. A validation certificate always has associated with it, a validation report. [NIAP] (see also Common Criteria Testing Laboratory, certificate, validation)

validation report

A publicly available document issued by the NIAP Oversight Body which summarizes the results of an evaluation and confirms the overall results, (i.e. that the evaluation has been properly carried out, that the evaluation criteria, the evaluation methods, and other procedures have been correctly applied and that the conclusions of the evaluation technical report are consistent with the evidence adduced. [NIAP] (see also criteria, evidence, validation)

validation service

An entity that receives requests from relying parties to determine the status of a credential, and that returns the status of the credential, as updated by the Issuing Authority. [800-103] (see also authority, entity, update, validation)

validity period

(I) A data item in a digital certificate that specifies the time period for which the binding between data items (especially between the subject name and the public key value in a public-key certificate) is valid, except if the certificate appears on a CRL or the key appears on a CKL. [RFC2828] (see also backup, certificate, key, public-key, subject, public-key infrastructure)

value analysis

Value analysis is related to product or service characteristics such as quality, performance, marketability, maintainability, and reliability. [SRV] (see also quality, analysis)

value proposition

A statement that outlines the national and homeland security interest in protecting the Nation.s CIKR and articulates the benefits gained by all CIKR partners through the risk management framework and public-private partnership described in the NIPP. [NIPP]

value-added

Those activities or steps that add to or change a product or service as it goes through a process; these are the activities or steps that customers view as important and necessary. [SRV] (see also process)

value-added network (VAN)

(I) A computer network or subnetwork (that is usually a commercial enterprise) that transmits, receives, and stores EDI transactions on behalf of its customers. (C) A VAN may also provide additional services, ranging from EDI format translation, to EDI-to-FAX conversion, to integrated business systems. [RFC2828] (see also computer, computer network, electronic data interchange, system, version, network)

valve

An in-line device in a fluid-flow system that can interrupt flow, regulate the rate of flow, or divert flow to another branch of the system. [800-82] (see also flow, system)

variable sampling

In variable sampling, the selected sampling units are measured or evaluated (in terms of dollars, pounds, days, and so on), and some statistical measure (statistic) is computed from these measurements to estimate the population parameter or measure. [SRV]

variance

This measure is sometimes called the average squared deviation. It is computed by taking the difference between the individual value and the mean, and squaring it. Then, add all the squared differences and divide by the number of items. [SRV]

variant

One of two or more code symbols having the same plain text equivalent. [CNSSI][CNSSI-4009] (see also code)

vault

Room or rooms used for the storing, handling, discussing, and/or processing of Special Access Program information and constructed to afford maximum protection against unauthorized entry. [DSS] (see also access, authorized)

vaulting

A process that periodically writes backup information over a computer network directly to the recovery site. [FFIEC] (see also availability, backup, computer, computer network, information, process, recovery, risk)

vendor

A person or an organization that provides software and/or hardware and/or firmware and/or documentation to the user for a fee or in exchange for services. Such a firm could be a medical device manufacturer. A 'vendor' is any entity that produces networking or computing technology, and is responsible for the technical content of that technology. Examples of 'technology' include hardware (desktop computers, routers, switches, etc.), and software (operating systems, mail forwarding systems, etc.). Note that the supplier of a technology is not necessarily the ' vendor' of that technology. As an example, an Internet Service Provider (ISP) might supply routers to each of its customers, but the 'vendor' is the manufacturer, since the manufacturer, rather than the ISP, is the entity responsible for the technical content of the router. [OVT] Manufacturer or sellers of the Automated Information System equipment and/or software used on the special program. [DSS] (see also computer, entity, internet, router, software, system, technology, users)

verification

(1) The process of ensuring correctness. (2) The process of comparing two levels of system specification for proper correspondence (e.g. security policy model with top-level specification (TLS), TLS with source code, or source code with object code). This process may or may not be automated. [AJP] Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity's requirements have been correctly defined, or an entity's attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome). [CNSSI-4009] In a biometric security system, the process of comparing a biometric sample against a single reference template of a specific user in order to confirm the identity of the person trying to gain access to a system. [800-103] Process of comparing two levels of an IS specification for proper correspondence (e.g., security policy model with top-level specification, top-level specification with source code, or source code with object code). [CNSSI] System verification: The process of comparing two levels of system specification for proper correspondence, such as comparing security policy with a top-level specification, a top-level specification with source code, or source code with object code. Identification verification: Presenting information to establish the truth of a claimed identity. [RFC2828] The assessment process, including techniques and procedures, used to demonstrate that security controls for an IT system are implemented correctly and are effective in their application. [800-37] The process of comparing two levels of system specification for proper correspondence (e.g. security policy model with top-level specification, top-level specification with source code, or source code with object code). This process may or may not be automated. [NCSC/TG004][SRV] The process of ensuring correctness. [JTC1/SC27] The process of evaluating a system or component (including software) to determine whether the products of a given development process satisfy the requirements imposed at the start of that process. [SRV] The process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase. [IEEE610] (see also validation, PIV issuer, PKIX private extension, Terminal Access Controller Access Control System, access, access control, analysis, application, assessment, asymmetric cryptographic technique, asymmetric keys, asymmetric signature system, audit, authentication, binding, biometric system, cardholder certification authority, certification phase, certify, code, comparisons, component, computing security methods, control, correctness, cryptographic key, data integrity service, data origin authentication, digital signature, dual signature, endorsed tools list, entity, formal development methodology, formal proof, formal top-level specification, identification, identity, identity management systems, information, integrity, key, model, non-repudiation policy, policy, pre-certification phase, private accreditation exponent, process, public-key, public-key certificate, public-key derivation function, public-key system, requirements, security certification level, signature system, software, symmetric cryptography, system, test, time-stamp verifier, users, validate vs. verify, verified name, verifier, development process, evaluation, security testing) (includes Gypsy verification environment, domain verification exponent, formal verification, identity verification, independent validation and verification, object, personal identity verification, personal identity verification card, public accreditation verification exponent, public verification key, signature verification, software verification and validation, state delta verification system, system verification, verification and validation, verification function, verification key, verification procedure refinements, verification process, verification techniques)

verification and validation (V&V)

The process of determining whether the requirements for a system or component (including software) are complete and correct, the products of each development process fulfill the requirements or conditions imposed by the previous process, and the final system or component (including software) complies with specified requirements. [SRV] (see also process, requirements, software, system, validate vs. verify, validation, verification)

verification function

A function in the verification process that is determined by the verification key and which gives a recomputed value of the witness as output. [SC27] (see also key, process, function, verification)

verification key

A data item that is mathematically related to an entity's signature key and that is used by the verifier in the verification process. [SC27] A value required to verify a cryptographic check value. [SC27] A value required to verify a cryptographic check value. [ISO/IEC WD 13888-1 (11/2001)] A data item that is mathematically related to an entity's signature key and that is used by the verifier in the verification process. [SC27] (see also cryptographic, entity, process, signature, key, verification)

verification procedure refinements

Verification procedures that have been tailored to the specific system and environment where the system is deployed for operation (or in the case of new systems, where the system is intended to be deployed for operation). [800-37] (see also operation, system, verification)

verification process

A process which takes as input the signed message, the verification key and the domain parameters, and which gives as output the result of the signature verification: valid or invalid. [SC27] A process which takes as input the signed message, the verification key and the domain parameters, and which gives as output the result of the signature verification: valid or invalid. [ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998, ISO/IEC FDIS 15946-2 (04/2001)] A process, which takes as input the signed message, the verification key and the domain parameters, and which gives as its output the recovered message if valid. [SC27] A process, which takes as input the signed message, the verification key and the domain parameters, and which gives as its output the recovered message if valid. [SC27] (see also domain, key, message, signature, process, verification)

verification techniques

Specific approaches that can be employed during the C&A process to demonstrate compliance with the security requirements and to determine the correctness and effectiveness of the security controls. [800-37] (see also control, process, requirements, security, verification)

verified name

A subscriber name that has been verified by identity proofing. [800-63] (see also entity, identity, verification, verifier)

verifier

An entity that is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges. [SC27][SRV] An entity that verifies evidence. [SC27] An entity that verifies evidence. [ISO/IEC WD 13888-1 (11/2001)] An entity that is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges. [SC27] An entity that verifies the claimant's identity by verifying the claimant's possession and control of a token using an authentication protocol. To do this, the verifier may also need to validate credentials that link the token and identity and check their status. [SP 800-63] An entity that verifies the claimant's identity by verifying the claimant's possession of a token using an authentication protocol. To do this, the verifier may also need to validate credentials that link the token and identity and check their status. [800-63] An entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges. [FIPS 196] (see also authentication, control, entity, evidence, function, identity, man-in-the-middle attack, protocols, validate, verification, verified name, zero-knowledge password protocol)

verifier impersonation attack

A scenario where the attacker impersonates the verifier in an authentication protocol, usually to capture information that can be used to masquerade as a claimant to the real verifier. [800-63][SP 800-63] (see also authentication, information, protocols, impersonation)

version

A new release of commercial software reflecting major changes made in functions. It is a change to a baseline configuration item that modifies its functional capabilities. As functional capabilities are added to, modified within, or deleted from a baseline configuration item, its version identifier changes. [SRV] (see also COMSEC equipment, Common Criteria for Information Technology Security, European Information Technology Security Evaluation Criteria, Federal Criteria Vol. I, IP address, Internet Engineering Task Force, Key Management Protocol, MD5, X.509 attribute certificate, X.509 authority revocation list, X.509 certificate revocation list, X.509 public-key certificate, banner grabbing, baseline, business areas, community string, compromise, controlled security mode, encryption, encryption algorithm, error, function, host-based security, internet protocol, internet protocol security, laptop computer, lines of business, non-repudiation service, pilot testing, point-to-point tunneling protocol, preproduction model, proxy server, reverse engineering, secure multipurpose internet mail extensions, secure socket layer, simple network management protocol, software, software build, software release, source data entry, sub-function, test bed configuration, transport layer security, unconventional warfare, v1 CRL, v1 certificate, v2 CRL, v2 certificate, v3 certificate, value-added network, worm) (includes Internet Message Access Protocol, version 4, Post Office Protocol, version 3, common criteria version 1.0, common criteria version 2.0, conversion, subversion, version scanning)

version scanning

The process of identifying the service application and application version in use. [800-115] (see also application, process, version)

victim

A machine that is attacked. [800-61] (see also attack)

view

That portion of the database that satisfies the conditions specified in a query. [AJP][TDI] (see also database management system)

view definition

A stored query, sometimes loosely referred to as a 'view.' [AJP][TDI] (see also database management system)

violation

Any knowing, willful, or negligent action that could reasonably be expected to result in an unauthorized disclosure of classified information; or, any knowing, willful, or negligent action to classify or continue the classification of information contrary to the requirements of Executive Order 12958 or its implementing directives; or, any knowing, willful, or negligent action to create or continue a special access program contrary to the requirements of Executive Order12958. [DSS] (see security violation)

violation of permissions

Action by an entity that exceeds the entity's system privileges by executing an unauthorized function. [RFC2828] (see also authorized, entity, function, system, threat consequence)

virtual departments or divisions

Several departments or divisions that provide information and services in a seamless manner, transparent to the customer. [SRV] (see also information)

virtual machine

Software that allows a single host to run one or more guest operating systems. [800-115][SP 800-115] (see also software, system)

virtual mall

An Internet website offering products and services from multiple vendors or suppliers. [FFIEC] (see also internet, world wide web)

virtual network perimeter

A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks. [IATF] (see also network, security, trust)

virtual password

A password computed from a passphrase that meets the requirements of password storage. [SRV] (see also requirements, passwords)

virtual private network (VPN)

(I) A restricted-use, logical (i.e. artificial or simulated) computer network that is constructed from the system resources of relatively public, physical (i.e. real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network. (C) For example, if a corporation has LANs at several different sites, each connected to the Internet by a firewall, the corporation could create a VPN by (a) using encrypted tunnels to connect from firewall to firewall across the Internet and (b) not allowing any other traffic through the firewalls. A VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network. [RFC2828] A logical network that is established at the network layer of the OSI model. The logical network typically provides authentication and data confidentiality services for some subset of a larger physical network. [800-127] A restricted-use, logical (i.e. artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e. real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network. [800-82] A virtual network, built on top of existing physical networks, that provides a secure communications tunnel for data and other information transmitted between networks. [SP 800-46] A way of using a public network (typically the Internet) to link two sites of an organization. A VPN is typically set up by protecting the privacy and integrity of the communication line using a secret session key. The secret session key is usually negotiated using the public keys of the two principals. [misc] A wide-area network interconnected by common carrier lines or that uses the Internet as its network transport. [FFIEC] Protected IS link utilizing tunneling, security controls, and end-point address translation giving the impression of a dedicated line. [CNSSI] Protected information system link utilizing tunneling, security controls (see Information Assurance), and endpoint address translation giving the impression of a dedicated line [CNSSI-4009] Virtual Private Network; a way of using a public network (typically the Internet) to link two sites of an organization. A VPN is typically set up by protecting the privacy and integrity of the communication line using a secret session key. The secret session key is usually negotiated using the public keys of the two principals. [IATF] Virtual network built on top of existing networks that can provide a secure communications mechanism for data and IP information transmitted between networks. [800-77] (see also assurance, authentication, communications, computer, computer network, control, encryption, extranet, gateway, information, integrity, public-key, resource, system, tunnel, users, internet, key, network, privacy, security protocol) (includes point-to-point tunneling protocol, session key, tunneled VPN, tunneling)

virus

(1) Malicious software, a form of Trojan horse, which reproduces itself in other executable code. (2) A self-propagating Trojan horse, composed of a mission component, a trigger component, and a self-propagating component. (3) Self-replicating malicious program segment that attaches itself to an application or other executable system component and leaves no external signs of its presence. [AJP] (I) A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting-- i.e. inserting a copy of itself into and becoming part of--another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. [RFC2828] A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk. [CNSSI-4009] A computer program that can infect, replicate, and spread among computer systems. Unlike the computer worm, a virus requires human involvement to propagate. A code segment that replicates by attaching copies to existing executable programs. A self-propagating malicious software program, composed of a mission component, a trigger component, and a self-propagating component. A code segment that replicates by attaching copies to existing executable programs. A self-propagating malicious software program, composed of a mission component, a trigger component, and a self-propagating component. A small program that inserts itself into another program when executed. [SRV] A form of malware that is designed to self-replicate -- make copies of itself -- and distribute the copies to other files, programs, or computers. [800-83] A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (i.e. inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. [800-82] A program that can "infect" other programs by modifying them to include a, possibly evolved, copy of itself. [NSAINT] A program that infects computer files, usually executable programs, by inserting a copy of itself into the file. These copies are usually executed when the infected file is loaded into memory, allowing the virus to infect other files. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate. [GAO] A program that modifies other programs to include a copy or an evolved copy of itself [NASA] A program which replicates itself on computer systems by incorporating itself (secretly and maliciously) into other programs. A virus can be transferred onto a computer system in a variety of ways. [RFC2504] A self-propagating Trojan horse, composed of a mission component, a trigger component, and a self-propagating component. [NCSC/TG004] A self-replicating code segment; viruses may or may not contain attack programs or trapdoors. [IATF] A self-replicating program that runs and spreads by modifying other programs or files. [800-61] A small, self-replicating, malicious program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in Microsoft® Office® programs that allows users to generate macros. [CIAO] A variation of Trojan Horse. It is propagating with a triggering mechanism (event time) with a mission (delete files, corrupt data, send data). Often self replicating, malicious program segment that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence. [AFSEC] Malicious code that replicates itself within a computer. [FFIEC] Malicious software, a form of Trojan horse, which reproduces itself in other executable code. [TNI] Malicious software. [DSS] Self replicating, malicious program segment that attaches itself to an application or other executable system component and leaves no external signs of its presence. [FCv1] Self-replicating, malicious code that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence. [CNSSI] a piece of programming code inserted into other programming to cause an unexpected and, for the victim, usually undesirable event. Viruses can be transmitted by downloading programming from other sites, or they can be present on a diskette. The source of the downloaded file or diskette often is unaware of the virus. The virus lies dormant until circumstances cause its code to be executed by the computer. Some viruses are playful in intent and effect while others can be quite harmful, erasing data or requiring hard disk reformatting. [FJC] (see also access, access control, application, attack, clean system, code, computer, file, infection, logic bombs, malicious, malicious logic, malware, memory resident, obfuscation technique, overwriting, payload, phage, program, push technology, replicator, security label, signature, system, trigger, users, worm, exploit, malicious code, software, trojan horse) (includes antivirus software, antivirus tools, boot sector virus, compiled viruses, file infector virus, interpreted virus, macro virus, multipartite virus, retro-virus, virus definitions, virus hoax, virus scanner, virus signature, virus-detection tool)

virus definitions

Predefined signatures for known malware used by antivirus detection algorithms. [800-82] (see also algorithm, countermeasures, malware, signature, virus)

virus hoax

An urgent warning message about a nonexistent virus. [800-61] (see also message, virus)

virus scanner

A software program which can search out, locate, and possibly remove a virus. [AFSEC] (see also virus-detection tool, program, risk, software, security software, virus)

virus signature

Alterations to files or applications indicating the presence of a virus, detectable by virus scanning software. [CIAO] (see also application, file, software, attack signature recognition, signature, virus)

virus-detection tool

Software that detects and possibly removes computer viruses, alerting the user appropriately. [RFC2504] (see also virus scanner, computer, risk, software, users, vaccines, security software, virus)

vishing

A method of phishing based on voice-over-Internet- Protocol technology and open-source call center software that have made it inexpensive for scammers to set up phony call centers and criminals to send e-mail or text messages to potential victims, saying there has been a security problem, and they need to call their bank to reactivate a credit or debit card, or send text messages to cell phones, instructing potential victims to contact fake online banks to renew their accounts. [GAO] (see also criminal, internet, message, phishing, protocols, security, exploit)

vision

A description of the optimum environment that the organization is striving to achieve. [SRV]

volatile memory components

Memory components that do not retain data after removal of all electrical power sources and when reinserted into a similarly configured Automated Information System do not contain residual data. [DSS]

voting securities

Securities that presently entitle the owner or holder thereof to vote for the election of directors of the issuer or, with respect to unincorporated entities, individuals exercising similar functions. [DSS]

vulnerability

(1) A security weakness in a Target of Evaluation (e.g. due to failures in analysis, design, implementation, or operation). (2) Weakness in an information system or components (e.g. system security procedures, hardware design, or internal controls) that could be exploited to produce an information-related misfortune. (3) A weakness in system security procedures, system design, implementation, internal controls, and so on, that could be exploited to violate system security policy. [AJP] (I) A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the systems security policy. (C) Most systems have vulnerabilities of some sort, but this does not mean that the systems are too flawed to use. Not every threat results in an attack, and not every attack succeeds. Success depends on the degree of vulnerability, the strength of attacks, and the effectiveness of any countermeasures in use. If the attacks needed to exploit a vulnerability are very difficult to carry out, then the vulnerability may be tolerable. If the perceived benefit to an attacker is small, then even an easily exploited vulnerability may be tolerable. However, if the attacks are well understood and easily made, and if the vulnerable system is employed by a wide range of users, then it is likely that there will be enough benefit for someone to make an attack. [RFC2828] 1) A characteristic of a critical infrastructure's design, implementation, or operation of that renders it susceptible to destruction or incapacitation by a threat. 2) A flaw in security procedures, software, internal system controls, or implementation of an IS that may affect the integrity, confidentiality, accountability, and/or availability of data or services. Vulnerabilities include flaws that may be deliberately exploited and those that may cause failure due to inadvertent human actions or natural disasters [CIAO] 115; FIPS 200 A weakness in a system, application, or network that is subject to exploitation or misuse. [SP 800-61] A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the systems security policy. [800-30][800-37] A flaw that allows someone to operate a computer system with authorization in excess of that which the system owner specifically granted to him or her. [FFIEC] A flaw that may permit a threat to materialize and cause loss of or harm to IT resources [NASA] A physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given hazard. [NIPP] A security weakness in a Target of Evaluation (e.g. due to failures in analysis, design, implementation or operation). [ITSEC] A vulnerability is the existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved. [RFC2504] A weakness in a system, application, or network that is subject to exploitation or misuse. [800-61] A weakness in an information system or components (e.g. system security procedures, hardware design, internal controls) that could be exploited to produce an information-related misfortune. [FCv1] A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [800-115] A weakness in system security procedures, design, implementation, internal controls, etc., that could be accidentally triggered or intentionally exploited and result in a violation of the systems security policy. [800-33] A weakness in system security procedures, system design, implementation, internal controls, etc, that could be accidentally triggered or intentionally exploited and result in a violation of the computer systems security policy. A condition or weakness in (or absence of) security procedures, technical controls, physical controls, or other controls that could be exploited by a threat. [SRV] A weakness in system security procedures, system design, implementation, internal controls, etc., that could be exploited to violate system security policy. [NCSC/TG004] A weakness of an asset or group of assets which can be exploited by a threat. [SC27] A weakness of an asset or group of assets which can be exploited by one or more threats. [SC27] A weakness of an asset or group of assets which can be exploited by one or more threats. [ISO/IEC PDTR 13335-1 (11/2001)] A weakness that can be exploited by one or more threats. [ISO/IEC DTR 15947 (10/2001)] A weakness of an asset or group of assets which can be exploited by a threat. [SC27] A weakness that can be exploited by one or more threats. [SC27] A weakness that can be exploited to develop an attack against the system or the type of protection that a countermeasure is to provide. [IATF] Hardware, firmware, or software flow that leaves a computer processing system open for potential exploitation. A weakness in automated system security procedures, administrative controls, physical layout, internal controls, and so forth, that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing. [AFSEC] Hardware, firmware, or software flow that leaves an AIS open for potential exploitation. A weakness in automated system security procedures, administrative controls, physical layout, internal controls, and so forth, that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing. [NSAINT] Hardware, firmware, or software flow that leaves an AIS open for potential exploitation. A weakness in automated system security procedures, administrative controls, physical layout, internal controls, and so forth, that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing. A weakness in system security procedures, system design, implementation, internal controls, etc., that could be exploited to violate system security policy. (I) A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the systems security policy. (C) Most systems have vulnerabilities of some sort, but this does not mean that the systems are too flawed to use. Not every threat results in an attack, and not every attack succeeds. Success depends on the degree of vulnerability, the strength of attacks, and the effectiveness of any countermeasures in use. If the attacks needed to exploit a vulnerability are very difficult to carry out, then the vulnerability may be tolerable. If the perceived benefit to an attacker is small, then even an easily exploited vulnerability may be tolerable. However, if the attacks are well understood and easily made, and if the vulnerable system is employed by a wide range of users, then it is likely that there will be enough benefit for someone to make an attack. 'A state-space vulnerability is a characterization of a vulnerable state which distinguishes it from all non-vulnerable states. If generic, the vulnerability may characterize many vulnerable states; if specific, it may characterize only one...' [Bishop and Bailey 1996] The Data & Computer Security Dictionary of Standards, Concepts, and Terms [Longley and Shain 1990] defines computer vulnerability as: 1) In computer security, a weakness in automated systems security procedures, administrative controls, internal controls, etc., that could be exploited by a threat to gain unauthorized access to information or to disrupt critical processing. 2) In computer security, a weakness in the physical layout, organization, procedures, personnel, management, administration, hardware or software that may be exploited to cause harm to the ADP system or activity. The presence of a vulnerability does not itself cause harm. A vulnerability is merely a condition or set of conditions that may allow the ADP system or activity to be harmed by an attack. 3) In computer security, any weakness or flaw existing in a system. The attack or harmful event, or the opportunity available to threat agent to mount that attack. [Amoroso 1994] defines a vulnerability as an unfortunate characteristic that allows a threat to potentially occur. A threat is any potential occurrence, malicious or otherwise, that can have an undesirable effect on these assets and resources associated with a computer system. ...a fuzzy vulnerability is a violation of the expectations of users, administrators, and designers. Particularly when the violation of these expectations is triggered by an external object. Software can be vulnerable because of an error in its specification, development, or configuration. A software vulnerability is an instance of an error in the specification, development, or configuration of software such that its execution can violate the security policy. A feature or a combination of features of a system that allows an adversary to place the system in a state that is both contrary to the desires of the people responsible for the system and increases the risk (probability or consequence) of undesirable behavior in or of the system. A feature or a combination of features of a system that prevents the successful implementation of a particular security policy for that system. A program with a buffer that can be overflowed with data supplied by the invoker will usually be considered a vulnerability. A telephone procedure that provides private information about the caller without prior authentication will usually be considered to have a vulnerability. A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the systems security policy. A 'vulnerability' is a characteristic of a piece of technology which can be exploited to perpetrate a security incident. For example, if a program unintentionally allowed ordinary users to execute arbitrary operating system commands in privileged mode, this 'feature' would be a vulnerability. [OVT] Susceptibility of information to exploitation by an adversary. [DSS] The probability that a particular attempted attack will succeed against a particular target or class of targets. [GAO] Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited. [CNSSI] Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. [CNSSI-4009] Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [800-60][800-82][SP 800-53; SP 800-53A; SP 800-37; SP 800-60; SP 800-] (see also security software, IS related risk, IT security incident, IT-related risk, MEI resource elements, RED team, SATAN, TEMPEST, acceptable level of risk, access, access control, acknowledged special access program, active security testing, adversary, analysis, application, assessment, attack, audit, audit/review, authentication, authorization, authorized, availability, blue team, certification agent or certifier, common misuse scoring system, community risk, compromise, computer, computer emergency response team, confidentiality, control, controlled security mode, cost/benefit analysis, countermeasures, critical, critical asset, cross site scripting, cryptosystem evaluation, cyberattack, dangling threat, emergency shutdown controls, exploit, exploit tools, failure, firewall, flow, generic threat, incident, information, information assurance, information assurance product, information security, information sharing and analysis center, information systems security engineering, infrastructure protection, integrity, intelligent threat, kerberos, level of protection, levels of concern, likelihood of occurrence, malicious, mission critical, misuse detection model, national computer security assessment program, network, network service worm, non-technical countermeasure, object, operation, operations security, operations security process, owner, penetration testing, physical security, ping sweep, policy, port scan, privileged, process, program, protocols, qualitative risk assessment, remediation, resource, review techniques, risk analysis, risk assessment, risk identification, risk management, risk value, robustness, rules based detection, security, security audit, security countermeasures, security incident, security threat, software, software assurance, standard, subject, system, system security authorization agreement, target, target identification and analysis techniques, technology, threat agent, threat analysis, threat source, total risk, trojan horse, unacknowledged special access program, unauthorized access, unilateral authentication, users, target of evaluation, threat) (includes areas of potential compromise, common vulnerabilities and exposures, computer security technical vulnerability reporting program, dangling vulnerability, exploitation, exploitation of vulnerability, implementation vulnerability, internal vulnerability, national vulnerability database, operational vulnerability information, target vulnerability validation techniques, technical vulnerability, technical vulnerability information, vulnerability analysis, vulnerability assessment, vulnerability audit, vulnerability scanning)

vulnerability analysis

Examination of information to identify the elements comprising a vulnerability. [CNSSI] Process which examines a friendly operation or activity from the point of view of an adversary, seeking ways in which the adversary might determine critical information in time to disrupt or defeat the operation or activity. [DSS] Systematic examination of an AIS or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation. The systematic examination of systems in order to determine the adequacy of security measures, identify security deficiencies, and provide data from which to predict the effectiveness of proposed security measures. [OVT] Systematic examination of an AIS or product to determine the adequacy of security measures, to identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation. [NSAINT] Systematic examination of an information system or product to determine the adequacy of security measures, to identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation. [AFSEC] The systematic examination of systems in order to determine the adequacy of security measures, to identify security deficiencies, and to provide data from which to predict the effectiveness of proposed security measures. [SRV] The systematic examination of systems to determine the adequacy of security measures, to identify security deficiencies, and to provide data from which to predict the effectiveness of proposed security measures. [AJP][NCSC/TG004] (see also vulnerability assessment, adversary, audit, critical, gap analysis, identify, information, security, system, analysis, risk analysis, vulnerability)

vulnerability assessment

(1) An aspect of the assessment of the effectiveness of a Target of Evaluation, namely, whether known vulnerabilities in that Target of Evaluation could in practice compromise its security as specified in the security target. (2) A measurement of vulnerability which includes the susceptibility of a particular system to a specific attack and the opportunities available to a threat agent to mount that attack. [AJP] 1) An examination of the ability of a system or application, including current security procedures and controls, to withstand assault. A vulnerability assessment may be used to: a) identify weaknesses that could be exploited; and b) predict the effectiveness of additional security measures in protecting information resources from attack. 2) Systematic examination of a critical infrastructure, the interconnected systems on which it relies, its information, or product to determine the adequacy of security measures, identify security deficiencies, evaluate security alternatives, and verify the adequacy of such measures after implementation. [CIAO] A measurement of vulnerability which includes the susceptibility of a particular system to a specific attack and the opportunities available to a threat agent to mount that attack. [NCSC/TG004][OVT][SRV] An aspect of the assessment of the effectiveness of a Target of Evaluation, namely whether known vulnerabilities in that Target of Evaluation could in practice compromise its security as specified in the security target. [ITSEC] Formal description and evaluation of vulnerabilities of an IS. [CNSSI] Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation. [SP 800-53A; CNSSI-4009] The identification of weaknesses in physical structures, personal protection systems, processes or other areas that may be exploited. A vulnerability assessment identifies inherent states and the extent of their susceptibility to exploitation relative to the existence of any countermeasures. [GAO] The results of vulnerability analysis expressed as a degree of probable exploitation by an adversary. [DSS] (see also vulnerability analysis, adversary, analysis, application, attack, compromise, control, countermeasures, critical, identification, identify, information, process, resource, security, security target, system, target, assessment, target of evaluation, vulnerability)

vulnerability audit

The process of identifying and documenting specific vulnerabilities in critical information systems. [CIAO] (see also critical, identify, information, process, system, audit, vulnerability)

vulnerability scanning

A technique used to identify hosts and host attributes, and then identify the associated vulnerabilities. [800-115] (see also vulnerability)

waived special access program

Unacknowledged Special Access Program to which access is extremely limited in accordance with the statutory authority of Section 119e of title 10 of the United States Code. The unacknowledged Special Access Program protections also apply to Waived Special Access Programs. Only the Chairman and the Senior Minority member (and, by agreement, their Staff Directors) of the four Congressional Defense Committees normally have access to program material. [DSS] (see also access)

waiver

Exemption from a specific requirement. [DSS] For the purposes of the GRC IT Security Program, a waiver may be obtained for the technical requirements of this manual if properly documented by GRC line management and approved by the CCSM. A waiver constitutes the acceptance of risk by the appropriate line manager. [NASA] (see also IT security, program, requirements, risk management)

war dialer

(I) A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break into the systems. [RFC2828] A cracking tool, a program that calls a given list or range of numbers and records those which answer with handshake tones (and so might be entry points to computer or telecommunications systems). [AFSEC] A program that dials a given list or range of numbers and records those which answer with handshake tones, which might be entry points to computer or telecommunications systems. [NSAINT] (see also communications, computer, program, system, telecommunications, war dialing, threat)

war dialing

launching a program that automatically dials thousands of telephone numbers in search of a way through a modem connection. [FJC] (see also connection, program, war dialer, threat)

war driving

A method of gaining entry into wireless computer networks using a laptop, antennas, and a wireless network adapter that involves patrolling locations to gain unauthorized access. [GAO] (see also access, authorized, computer, computer network, exploit)

warehouse attack

The compromise of systems that store authenticators. [FFIEC] (see also compromise, system, attack)

warfare

warm site

An environmentally conditioned workspace that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption. [SP 800-34] Backup site which typically contains the data links and preconfigured equipment necessary to rapidly start operations, but does not contain live data. Thus commencing operations at a warm site will (at a minimum) require the restoration of current data. [CNSSI-4009]

Wassenaar Arrangement

(N) The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a global, multilateral agreement approved by 33 countries in July 1996 to contribute to regional and international security and stability, by promoting information exchange concerning, and greater responsibility in, transfers of arms and dual-use items, thus preventing destabilizing accumulations. (C) The Arrangement began operations in September 1996. The participating countries are Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and United States. Participants meet on a regular basis in Vienna, where the Arrangement has its headquarters. Participating countries seek through their national policies to ensure that transfers do not contribute to the development or enhancement of military capabilities that undermine the goals of the arrangement, and are not diverted to support such capabilities. The countries maintain effective export controls for items on the agreed lists, which are reviewed periodically to account for technological developments and experience gained. Through transparency and exchange of views and information, suppliers of arms and dual-use items can develop common understandings of the risks associated with their transfer and assess the scope for coordinating national control policies to combat these risks. Members provide semi-annual notification of arms transfers, covering seven categories derived from the UN Register of Conventional Arms. Members also report transfers or denials of transfers of certain controlled dual-use items. However, the decision to transfer or deny transfer of any item is the sole responsibility of each participating country. All measures undertaken with respect to the arrangement are in accordance with national legislation and policies and are implemented on the basis of national discretion. [RFC2828] (see also control, information, key, operation, risk, security)

water supply system

A critical infrastructure characterized by the sources of water, reservoirs and holding facilities, aqueducts and other transport systems, the filtration, cleaning and treatment systems, the pipelines, the cooling systems and other delivery mechanisms that provide for domestic and industrial applications, including systems for dealing with water runoff, waste water, and fire fighting. [CIAO] (see also application, critical, critical infrastructures, system)

watermarking

(see digital watermarking)

weapons of mass destruction

Chemical, biological, radiological, and nuclear weapons. [DSS] Weapon capable of a high order of destruction and/or of being used in such a manner as to destroy large numbers of people or an amount of property. [NIPP]

weapons system

A combination of one or more weapons with all related equipment, materials, services, personnel, and means of delivery and deployment (if applicable) required for self-sufficiency. [800-60] (see also system)

web browser cache

This is the part of the file system that is used to store web pages and related files. It can be utilized to reload recently accessed files from the cache instead of loading it every time from the network. [RFC2504] (see also access, access control, file, network, system, world wide web)

web browser plug-in

A mechanism for displaying or executing certain types of content through a Web browser. [800-83]

web bug

A tiny graphic on a Web site that is referenced within the Hypertext Markup Language (HTML) content of a Web page or e-mail to collect information about the user viewing the HTML content. [800-83] A tiny image, invisible to a user, placed on Web pages in such a way to enable third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and cookies. [SP 800-28] Malicious code, invisible to a user, placed on Web sites in such a way that it allows third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and Web browser cookie. [CNSSI-4009] (see also information, threat, users)

web content filtering software

A program that prevents access to undesirable Web sites, typically by comparing a requested Web site address to a list of known bad Web sites. [SP 800-69] (see also access, program, software)

web of trust

(O) PGP usage: A trust-file PKI technique used in PGP for building file of validated public keys by making personal judgments about being able to trust certain people to be holding properly certified keys of other people. [RFC2828] A trust network among people who know and communicate with each other. Digital certificates are used to represent entities in the web of trust. Any pair of entities can determine the extent of trust between the two, based on their relationship in the web. [misc] (see also file, key, network, public-key, public-key infrastructure, validate, trust) (includes certificate, pretty good privacy)

web risk assessment

Process for ensuring websites are in compliance with applicable policies. [CNSSI] Processes for ensuring Web sites are in compliance with applicable policies. [CNSSI-4009] (see also process, assessment, risk)

web server

(I) A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers. [RFC2828] (see also computer, internet, process, software, world wide web)

web vs. Web

(I) Capitalized: ISDs SHOULD capitalize 'Web' when using the term (as either a noun or an adjective) to refer specifically to the World Wide Web. (C) Not capitalized: ISDs SHOULD NOT capitalize 'web' when using the term (usually as an adjective) to refer generically to technology--such as web browsers, web servers, HTTP, and HTML -- that is used in the Web or similar networks. (C) IETF documents SHOULD spell out 'World Wide Web' fully at the first instance of usage and SHOULD Use 'Web' and 'web' especially carefully where confusion with the PGP 'web of trust' is possible. [RFC2828] (see also network, technology, trust, world wide web)

weblinking

The use of hyperlinks to direct users to webpages of other entities. [FFIEC] (see also users, world wide web)

website

A location on the World Wide Web, accessed by typing its address (URL) into a Web browser. A Web site always includes a home page and may contain additional documents or pages. [CIAO] A webpage or set of webpages designed, presented, and linked together to form a logical information resource and/or transaction initiation function. [FFIEC] (see also access, access control, function, information, resource, world wide web)

website hosting

The service of providing ongoing support and monitoring of an Internet-addressable computer that stores webpages and processes transactions initiated over the Internet. [FFIEC] (see also computer, internet, process, world wide web)

wedged

To be stuck, incapable of proceeding without help. The system or software is trying to do something but cannot make progress; it may be capable of doing a few things, but not be fully operational. [AFSEC] (see also operation, software, system, threat)

white team

1. The group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of their enterprise's use of information systems. In an exercise, the White Team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender's mission. The White Team helps to establish the rules of engagement, the metrics for assessing results and the procedures for providing operational security for the engagement. The White Team normally has responsibility for deriving lessons-learned, conducting the post engagement assessment, and promulgating results. 2. Can also refer to a small group of people who have prior knowledge of unannounced Red Team activities. The White Team acts as observers during the Red Team activity and ensures the scope of testing does not exceed a predefined threshold. [CNSSI-4009] (see also attack, security)

white-box testing

A method to examine the internal structure of a computer program or module to determine if the logic paths correctly perform the functions required. [SRV] (see also computer, function, module, program, software development, security testing, test)

whitelist

A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system. [SP 800-128] A list of discrete entities, such as hosts or applications, that are known to be benign. [800-94] (see also application)

wi-fi protected access-2

The approved Wi-Fi Alliance interoperable implementation of the IEEE 802.11i security standard. For federal government use, the implementation must use FIPS-approved encryption, such as AES. [CNSSI-4009] (see also security, access)

wide area information service (WAIS)

An Internet service that allows you to search a large number of specially indexed databases. [NSAINT] (see also information, internet)

wide-area network (WAN)

A communications network that connects geographically separated areas. It can cover several sites that are geographically distant. A WAN may span different cities or even different continents. [SRV] A data communications network that spans any distance and is usually provided by a public carrier. Users gain access to the two ends of the circuit and the carrier handles the transmission and other services in between. [IATF] A physical or logical network that provides capabilities for a number of independent devices to communicate with each other over a common transmission-interconnected topology in geographic areas larger than those served by local area networks. [NSAINT] A physical or logical network that provides data communications to a larger number of independent users than are usually served by a local area network (LAN) and that is usually spread over a larger geographic area than that of a LAN. [800-82] Computer network that services a large area. Wide Area Networks typically span large areas (states, counties, and continents) and are owned multiple organizations. [DSS] (see also access, access control, communications, computer network, local-area network, users, network)

wiki

Web applications or similar tools that allow identifiable users to add content (as in an Internet forum) and allow anyone to edit that content collectively. [CNSSI-4009] (see also users)

wimax

A wireless metropolitan area network (WMAN) technology based on the IEEE 802.16 family of standards used for a variety of purposes, including, but not limited to, fixed last-mile broadband access, long-range wireless backhaul, and access layer technology for mobile wireless subscribers operating on telecommunications networks. [800-127] (see also access)

wired equivalent privacy

A security protocol, specified in the IEEE 802.11 standard, that is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. WEP is no longer considered a viable encryption mechanism due to known weaknesses. [SP 800-48] (see also security, privacy)

wireless access point

A device that acts as a conduit to connect wireless communication devices together to allow them to communicate and create a wireless network. [CNSSI-4009] (see also access)

wireless application protocol (WAP)

(WAP) A standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices. [CNSSI-4009] A data transmission standard to deliver wireless markup language (WML) content. [FFIEC] (see also standard, standard generalized markup language, application, protocols)

wireless device

A device that can connect to a manufacturing system via radio or infrared waves to typically collect/monitor data, but also in cases to modify control set points. [800-82] (see also control, system)

wireless gateway server

A computer (server) that transmits messages between a computer network and a cellular telephone or other wireless access device. [FFIEC] (see also access, access control, computer, computer network, message, gateway)

wireless intrusion detection and prevention system

An intrusion detection and prevention system that monitors wireless network traffic and analyzes its wireless networking protocols to identify and stop suspicious activity involving the protocols themselves. [800-94] (see also identify, protocols, intrusion, intrusion detection, system)

wireless local area network

(WLAN) A group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each WLAN component.including client devices, APs, and wireless switches.is secured throughout the WLAN lifecycle, from initial WLAN design and deployment through ongoing maintenance and monitoring. [SP 800-153] (see also security, network)

wireless technology

Permits the active or passive transfer of information between separated points without physical connection. Active information transfer may entail a transmit and/or receive emanation of energy, whereas passive information transfer entails a receive-only capability. Currently wireless technologies use IR, acoustic, RF, and optical but, as technology evolves, wireless could include other methods of transmission. [CNSSI] Technology that permits the transfer of information between separated points without physical connection. Note: Currently wireless technologies use infrared, acoustic, radio frequency, and optical. [CNSSI-4009] (see also connection, information, technology)

wiretapping

(I) An attack that intercepts and accesses data and other information contained in a flow in a communication system. (C) Although the term originally referred to making a mechanical connection to an electrical conductor that links two nodes, it is now used to refer to reading information from any sort of medium used for a link or even directly from a node, such as gateway or subnetwork switch. (C) 'Active wiretapping' attempts to alter the data or otherwise affect the flow; 'passive wiretapping' only attempts to observe the flow and gain knowledge of information it contains. [RFC2828] Interception of communications signals with the intent to gain access to information transmitted over communications circuits. [AFSEC] Monitoring and recording data that is flowing between two points in a communication system. [RFC2828] The collection of transmitted voice or data, and the sending of that data to a listening device. [SRV] The real-time collection of transmitted data, such as dialed digits, and the sending of that data in real time to a listening device. [AJP] (see also access, access control, communications, connection, flow, gateway, information, network, system, attack, threat consequence) (includes active wiretapping, passive wiretapping)

witness

A data item which provides evidence to the verifier. [SC27] A data item which provides evidence to the verifier. NOTE - In the context of this part of ISO/IEC 9796 the witness is based on a hash-token. [SC27] Data item which provides evidence of the claimant's identity to the verifier. [SC27] Data item which provides evidence of the claimant's identity to the verifier. [ISO/IEC 9798-5: 1999] A data item which provides evidence to the verifier. NOTE - In the context of this part of ISO/IEC 9796 the witness is based on a hash-token. [ISO/IEC 9796-3: 2000] A data item which provides evidence to the verifier. [SC27] (see also entity, evidence, hash, identity, tokens)

word

A string of 32 bits in dedicated hash-functions 1, 2, 3 and 4, or a string of 64 bits in dedicated hash functions 5 and 6. [SC27] A string of 32 bits in dedicated hash-functions 1, 2, 3 and 4, or a string of 64 bits in dedicated hash functions 5 and 6. [ISO/IEC CD 10118-3 (11/2001)] String of 32 bits. [SC27] String of 32 bits. [SC27] (see also function, hash)

work breakdown structure (WBS)

work factor

(I) General security usage: The estimated amount of effort or time that can be expected to be expended by a potential intruder to penetrate a system, or defeat a particular countermeasure, when using specified amounts of expertise and resources. (I) Cryptography usage: The estimated amount of computing time and power needed to break a cryptographic system. [RFC2828] An estimate of the effort or time needed by a potential penetrator with specified expertise and resources to overcome a protective measure. [AJP][NCSC/TG004] Estimate of the effort or time needed by a potential perpetrator, with specified expertise and resources, to overcome a protective measure. [CNSSI][CNSSI-4009] (see also countermeasures, cryptographic, cryptography, resource, risk, security, system)

work product

All items (i.e. documents, reports, files, data, etc.) generated in the course of performing any process for developing and supplying the deliverable. [SC27] (see also file, process)

work program

A series of specific, detailed steps to achieve an audit objective. [FFIEC] (see also audit, object, program)

workcraft identity

Synonymous with Tradecraft Identity. [CNSSI-4009] (see also identity)

workflow

A graphic representation of the flow of work in a process and its related subprocesses, including specific activities, information dependencies, and the sequence of decisions and activities. [SRV] (see also automated information system, information, process, flow)

workgroup computing

An application system designed for the use of collaborative work groups (e.g. electronic mail, workflow systems, meeting and conferencing software). [SRV] (see also application, flow, software, system)

working papers

Draft classified document, portion of a classified document and material accumulated or created while preparing a finished document. [DSS] (see also classified)

workload

A collection of logically distinct, identifiable problems on that is management takes action to support business functions, such as payroll. [SRV] (see also automated information system, business process, function)

workstation

A computer used for tasks such as programming, engineering, and design. [800-82] A piece of computer hardware that is operated by a user to perform an application. Provides users with access to the distributed information system or other dedicated systems; input/output via a keyboard and video display terminal; or any method that supplies the user with the required input/output capability. Computer power embodied within the workstation may be used to furnish data processing capability at the user level. [SRV] High-performance, microprocessor-based platform that uses specialized software applicable to the work environment. [DSS] (see also access, access control, application, computer, information, key, process, program, system, users, automated information system)

world class organizations

Organizations that are recognized as the best for at least one critical business process and are held as models for other organizations. [SRV] (see also business process, critical, model, process)

world wide web (W3) (WWW)

(N) The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms. [RFC2828] A system of Internet hosts that support documents formatted in HTML, which contain links to other documents (hyperlinks), and to audio, video, and graphics images. Users can access the Web with special applications called browsers, such as Netscape® Navigator® and Microsoft® Internet Explorer®. [CIAO] (see also access, access control, applet, application, certificate, certificate owner, cookies, hypertext, information, link, pagejacking, plug-in modules, pop-up box, protocols, proxy server, push technology, retrieval, system, users, internet) (includes CGI scripts, browser, common gateway interface, hyperlink, hypertext markup language, hypertext transfer protocol, secure hypertext transfer protocol, secure socket layer, virtual mall, web browser cache, web server, web vs. Web, weblinking, website, website hosting)

worm

(I) A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. [RFC2828] A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. [800-82] A computer program which replicates itself and is self-propagating. Worms, as opposed to viruses, are meant to spawn in network environments. [RFC2504] A computer program which replicates itself and is self-propagating. Worms, as opposed to viruses, are meant to spawn in network environments. Network worms were first defined by Shoch & Hupp of Xerox in ACM Communications (March 1982). The Internet worm of November 1988 is perhaps the most famous; it successfully propagated itself on over 6,000 systems across the Internet. [RFC1983] A program or executable code module which resides in distributed systems or networks. It will replicate itself, if necessary, in order to exercise as much of the computer systems' resources as possible for its own processing. Such resources may take the form of CPU time, I/O channels, or system memory. It will replicate itself from machine to machine across network connections, often clogging networks and computer systems as it spreads. [AFSEC] A self-replicating program that is completely self-contained and self-propagating. [800-83] A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. [800-61] A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. See Malicious Code. [CNSSI-4009] A small, malicious program similar to a virus, except that it cannot self-replicate. [CIAO] An independent computer program that reproduces by copying itself from one system to another across a network. Unlike computer viruses, worms do not require human involvement to propagate. [GAO] An independent computer program that reproduces by copying itself from one system to another while traveling from machine to machine across the network. Unlike computer viruses, worms do not require human involvement to propagate. Most worms and viruses are closely related- they both spread and reproduce and their effects can be identical. [SRV] Independent program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads. [NSAINT] Independent program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads. (I) A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. A computer program which replicates itself and is self- propagating. Worms, as opposed to viruses, are meant to spawn in network environments. Network worms were first defined by Shoch & Hupp of Xerox in ACM Communications (March 1982). The Internet worm of November 1988 is perhaps the most famous; it successfully propagated itself on over 6,000 systems across the Internet. [OVT] Malicious code that infects computers across a network without user intervention. Typically, a worm is a program that scans a system or an entire network for available, unused space in which to run. Worms tend to tie up all computing resources in a system or on a network and effectively shut it down. [FFIEC] Program, originally developed by systems programmers, that allows the user to tap unused network resources to run large computer programs. The worm would search the network for idle computing resources and use them to execute a program in small segments. Built-in mechanisms would be responsible for maintaining the worm, the worm, finding free machines, and replicating the program. Worms can tie up all the computing resources on a network and essentially shut it down. A worm is normally activated every time the system is booted up. This is differentiated from the acronym WORM (write-once, read many) descriptive of optical (compact disk) media with single write capability. [DSS] Propagate itself through memory or networks without necessarily modifying programs. A worm is similar to a virus, because it has the ability to replicate, but differs from a virus in that it does not seek a host. [IATF] See malicious code. [CNSSI] a type of virus or replicative code that situates itself in a computer system in a place where it can do harm. There are viruses that don't worm themselves into a place where they can do much harm and that replicate themselves via e-mail in many computers. Like most computer viruses, worms usually come in trojan horses. [FJC] (see also code, communications, computer, connection, distributed denial-of-service, infection, information, malicious, malware, module, network, process, program, replicator, resource, system, trojan horse, users, version, virus, exploit, internet, malicious code) (includes Internet worm, mass mailing worm, morris worm, network service worm, network worm)

wrap

(O) To use cryptography to provide data confidentiality service for a data object. (D) ISDs SHOULD NOT use this term with this definition because it duplicates the meaning of other, standard terms. Instead, use 'encrypt' or use a term that is specific with regard to the mechanism used. [RFC2828] (see also confidentiality, cryptography, encryption, object, standard)

write

A fundamental operation that results only in the flow of information from a subject to an object. [AJP][NCSC/TG004][TCSEC][TNI] Fundamental operation in an IS that results only in the flow of information from a subject to an object. [CNSSI] Fundamental operation in an information system that results only in the flow of information from a subject to an object. See Access Type. [CNSSI-4009] (see also access, flow, information, operation) (includes object, subject)

write access

Permission to write an object. [AJP][NCSC/TG004][TNI] Permission to write to an object in an IS. [CNSSI] Permission to write to an object in an information system. [CNSSI-4009] (see also access) (includes object)

write protect

Term used to indicate that there is a machine hardware capability, which may be manually used to protect some storage media from accidental or unintentional overwrite by inhibiting the write capability of the system. (For example, write protection of magnetic tapes is accomplished by the physical removal of the 'Write-ring' from the back of the tape. Write protection on three and one half inch floppy diskettes refers to the correct placement of the sliding tab to the open position which inhibits the hardware capability to perform a physical write to the diskette. Write protection includes using optical disks within Compact Disc read-only devices.) [DSS]

write-blocker

A device that allows investigators to examine media while preventing data writes from occurring on the subject media. [SP 800-72]

X.400

(N) An ITU-T Recommendation that is one part of a joint ITU-T/ISO multi-part standard (X.400-X.421) that defines the Message Handling Systems. (The ISO equivalent is IS 10021, parts 1-7.) [RFC2828] (see also email, message, standard, system)

X.500

(see X.500 Directory)

X.500 Directory

(N) An ITU-T Recommendation that is one part of a joint ITU-T/ISO multi-part standard (X.500-X.525) that defines the X.500 Directory, a conceptual collection of systems that provide distributed directory capabilities for OSI entities, processes, applications, and services. (The ISO equivalent is IS 9594-1 and related standards, IS 9594-x.) (C) The X.500 Directory is structured as a tree (the Directory Information Tree), and information is stored in directory entries. Each entry is a collection of information about one object, and each object has a DN. A directory entry is composed of attributes, each with a type and one or more values. For example, if a PKI uses the Directory to distribute certificates, then the X.509 public-key certificate of an end user is normally stored as a value of an attribute of type 'userCertificate' in the Directory entry that has the DN that is the subject of the certificate. [RFC2828] (see also X.509, application, certificate, information, key, object, process, public-key, public-key infrastructure, standard, subject, system, users)

X.509

(N) An ITU-T Recommendation that defines a framework to provide and support data origin authentication and peer entity authentication services, including formats for X.509 public-key certificates, X.509 attribute certificates, and X.509 CRLs. (The ISO equivalent is IS 9498-4.) (C) X.509 describes two levels of authentication: simple authentication based on a password, and strong authentication based on a public-key certificate. [RFC2828] (see also CA certificate, Internet Policy Registration Authority, MISSI user, Open Systems Interconnection Reference model, PKCS #10, PKIX, SET private extension, X.500 Directory, authentication, certificate, certificate policy, certificate policy qualifier, certificate rekey, certificate renewal, certificate revocation, certificate revocation tree, certificate status responder, certificate update, certificate validation, certification authority, certification path, certification request, common name, critical, delta CRL, distinguished name, distribution point, encryption certificate, end entity, entity, extension, indirect certificate revocation list, invalidity date, issuer, key, key lifetime, key material identifier, object identifier, organizational certificate, personality label, policy approving authority, policy certification authority, policy creation authority, privacy enhanced mail, public-key, revocation date, self-signed certificate, signature certificate, slot, tokens, trust, v1 CRL, v1 certificate, v2 CRL, v2 certificate, v3 certificate, public-key infrastructure) (includes X.509 attribute certificate, X.509 authority revocation list, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate)

X.509 attribute certificate

(N) An attribute certificate in the version 1 (v1) format defined by X.509. (The v1 designation for an X.509 attribute certificate is disjoint from the v1 designation for an X.509 public-key certificate, and from the v1 designation for an X.509 CRL.) (C) An X.509 attribute certificate has a subject field, but the attribute certificate is a separate data structure from that subject's public-key certificate. A subject may have multiple attribute certificates associated with each of its public-key certificates, and an attribute certificate may be issued by a different CA than the one that issued the associated public-key certificate. (C) An X.509 attribute certificate contains a sequence of data items and has a digital signature that is computed from that sequence. In addition to the signature, an attribute certificate contains items 1 through 9 listed below:

version Identifies v1.
subject Is one of the following: 2a. baseCertificateID - Issuer and serial number of an X.509 public-key certificate. 2b. subjectName - DN of the subject.
issuer DN of the issuer (the CA who signed).
signature OID of algorithm that signed the cert.
serialNumber Certificate serial number; an integer assigned by the issuer.
attCertValidityPeriod Validity period; a pair of UTCTime values: 'not before' and 'not after'.
attributes Sequence of attributes describing the subject.
issuerUniqueId Optional, when a DN is not sufficient.
extensions Optional.

[RFC2828] (see also algorithm, digital signature, key, public-key, signature, subject, version, X.509, certificate)

X.509 authority revocation list

(N) An ARL in one of the formats defined by X.509--version 1 (v1) or version 2 (v2). A specialized kind of certificate revocation list. [RFC2828] (see also certificate, version, X.509, authority, public-key infrastructure, revocation)

X.509 certificate

(N) Either an X.509 public-key certificate or an X.509 attribute certificate. (C) This Glossary uses the term with the precise meaning recommended here. However, some who use the term may not be aware that X.509 specifies attribute certificates that do not contain a public key. Even among those who are aware, this term is commonly used as an abbreviation to mean 'X.509 public-key certificate'. ISDs MAY use the term as an abbreviation for 'X.509 public-key certificate', but only after using the full term at the first instance. (D) ISDs SHOULD NOT use this term as an abbreviation to mean 'X.509 attribute certificate'. [RFC2828] The X.509 public-key certificate or the X.509 attribute certificate, as defined by the ISO/ITU-T X.509 standard. Most commonly (including in this document), an X.509 certificate refers to the X.509 public-key certificate. [SP 800-57 Part 1] (see also key, public-key, X.509, certificate)

X.509 certificate revocation list

(N) A CRL in one of the formats defined by X.509--version 1 (v1) or version 2 (v2). (The v1 and v2 designations for an X.509 CRL are disjoint from the v1 and v2 designations for an X.509 public-key certificate, and from the v1 designation for an X.509 attribute certificate.) (C) ISDs SHOULD NOT refer to an X.509 CRL as a digital certificate, but note that an X.509 CRL does meet this Glossary's definition of 'digital certificate'. Like a digital certificate, an X.509 CRL makes an assertion and is signed by a CA. But instead of binding a key or other attributes to a subject, an X.509 CRL asserts that certain previously-issued X.509 certificates have been revoked. (C) An X.509 CRL contains a sequence of data items and has a digital signature computed on that sequence. In addition to the signature, both v1 and v2 contain items 2 through 6b listed below. Version 2 contains item 1 and may optionally contain 6c and 7.

version Optional. If present, identifies v2.
signature OID of the algorithm that signed CRL.
issuer DN of the issuer (the CA who signed).
thisUpdate A UTCTime value.
nextUpdate A UTCTime value.
revokedCertificates 3-tuples of 6a, 6b, and (optional) 6c:
1. userCertificate A certificate's serial number.
2. revocationDate UTCTime value for the revocation date.
3. crlEntryExtensions Optional.
crlExtensions Optional.

X.509 public-key certificate

(N) A public-key certificate in one of the formats defined by X.509--version 1 (v1), version 2 (v2), or version 3 (v3). (The v1 and v2 designations for an X.509 public-key certificate are disjoint from the v1 and v2 designations for an X.509 CRL, and from the v1 designation for an X.509 attribute certificate.) (C) An X.509 public-key certificate contains a sequence of data items and has a digital signature computed on that sequence. In addition to the signature, all three versions contain items 1 through 7 listed below. Only v2 and v3 certificates may also contain items 8 and 9, and only v3 may contain item 10.

version Identifies v1, v2, or v3.
serialNumber Certificate serial number; an integer assigned by the issuer.
signature OID of algorithm that was used to sign the certificate.
issuer DN of the issuer (the CA who signed).
validity Validity period; a pair of UTCTime values: 'not before' and 'not after'.
subject DN of entity who owns the public key.
subjectPublicKeyInfo Public key value and algorithm OID.
issuerUniqueIdentifier Defined for v2, v3; optional.
subjectUniqueIdentifier Defined for v2, v2; optional.
extensions Defined only for v3; optional.

[RFC2828] A digital certificate containing a public key for entity and a name for the entity, together with some other information that is rendered unforgeable by the digital signature of the certification authority that issued the certificate, encoded in the format defined in the ISO/ITU-T X.509 standard. [SP 800-57 Part 1; CNSSI-4009 adapted] (see also algorithm, certification, digital signature, entity, signature, subject, version, X.509, certificate, key, public-key)

Yellow book

(D) ISDs SHOULD NOT use this term as a synonym for 'Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments'. Instead, use the full proper name of the document or, in subsequent references, a conventional abbreviation. [RFC2828] (see also computer, computer security, criteria, evaluation, requirements, security, system, trust, rainbow series)

zero fill

To fill unused storage locations in an IS with the representation of the character denoting '0.' [CNSSI] To fill unused storage locations in an information system with the representation of the character denoting '0.' [CNSSI-4009] (see also zeroize)

zero-day exploit

A cyber threat taking advantage of a security vulnerability on the same day that the vulnerability becomes known to the general public and for which there are no available fixes. [GAO] (see also cyberspace, security, exploit)

zero-knowledge password protocol

A password based authentication protocol that allows a claimant to authenticate to a verifier without revealing the password to the verifier. Examples of such protocols are EKE, SPEKE and SRP. [800-63] (see also authentication, verifier, passwords, protocols)

zeroization

A method of erasing electronically stored data by altering the contents of the data storage so as to prevent the recovery of the data. [FIPS140][SRV] A method of erasing electronically stored data, cryptographic keys, and CSPs by altering or deleting the contents of the data storage to prevent recovery of the data. [FIPS 140-2] A method of erasing electronically stored data, cryptographic keys, and Credentials Service Providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data. [CNSSI-4009] (see also zeroize, FIPS PUB 140-1, recovery)

zeroize

(I) Use erasure or other means to render stored data unusable and unrecoverable, particularly a key stored in a cryptographic module or other device. (O) Erase electronically stored data by altering the contents of the data storage so as to prevent the recovery of the data. [RFC2828] Overwrite a memory location with data consisting entirely of bits with the value zero so that the data is destroyed and not recoverable. This is often contrasted with deletion methods that merely destroy reference to data within a file system rather than the data itself. [SP 800-63] To remove or eliminate the key from a cryptographic equipment or fill device. [CNSSI][CNSSI-4009] (see also zeroization, FIPS PUB 140-1, cryptographic, cryptography, key, module, recovery, zero fill)

zombie

A program that is installed on a system to cause it to attack other systems. [800-83][SP 800-83] (see also attack, program, system, threat)

zone of control

Synonymous with inspectable space. [CNSSI] Three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. [CNSSI-4009] (see also control)